Thanks for the suggestions but I specifically asked for options OTHER than a second server. Your suggestions about disabling un-needed services are good though. I already do that. I am hoping someone has some suggestions that are not as obvious that I have perhaps not thought of.
> -----Original Message----- > From: Warren (mailing lists) [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 13, 2006 12:36 PM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: Re: [asterisk-users] How do you harden an Asterisk install? > > shadowym wrote: > > > > I remember reading a small write up somewhere. I think it > was on the > > Asterisk Wiki. I can't find it anymore. It's probably a > bit dated by > > now but some of it would still be relevant. > > > > Can anyone recommend a good guide or even some of their own > suggestions. > > > > For clarity, what I mean by hardening is to make an > Asterisk Server or > > network appliance or embedded server or whatever you want > to call it, > > as fail safe, stable, and reliable as possible. Just like an > > expensive traditional PBX. This is for a small business > application > > of 50 extensions or less. It can't be too crazy like redundant > > servers or anything like that. I am looking for ideas like RAID 1, > > redundant power supply, cron job to reboot every night (yuck!), > > disable caching(?), Astlinux on embedded with CF, yada yada! > > > > Anyway to set up automatic failover to a second Network > Card with same > > IP if primary network card fails? That is one point of failure I > > haven't found a way around yet. Failure of the managed switch is > > another one I get a bit paranoid about. Switches generally > don't fail > > but I'd like to have some sort of fail safe plan. > > _______________________________________________ > > --Bandwidth and Colocation provided by Easynews.com -- > > > > asterisk-users mailing list > > To UNSUBSCRIBE or update options visit: > > http://lists.digium.com/mailman/listinfo/asterisk-users > > > You are talking about 2 things: > (1) How to harden a linux box > (2) How to do failover. > > for (1), be sure telnet, ftp and any other service you do not > need is off. Move standard services to non-standard ports, > especially web and ssh. Do not run a name server on the box. > > For (2): You need to have a secondary box that runs a mirror > copy of Asterisk and mysql and pretty much has everything > else configured the same. mysql should be replicated to the > second box. You then run a program on the second box that > pings the first box. If the first box fails the second takes > over the first box's IP and runs with it. There are > heartbeat programs that can help out with this. > > W > > _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
