Hylafax-IAXModem-Elastix-Avantfax Slow reloading fix

This is one that plagued me for a while. Unfortunately the fix was not found anywhere that I could locate.

We run eFax servers that utilize Elastix (Build on top of FreePBX), Hylafax, IAXModem, and Avantfax for a front end. This allows us to send SIP trunks to the box and utilize virtual IAX modems to send and receive fax.

The issue we were seeing was when a change was made to the eFax users delete/edit/add and it would initiate the reload of Hylafax and IAXModem it would take upwards of 30 minutes for all modems to come back up registered and ready to go. It originally took around a few minutes to reload the modems. Keep in mind we have around 380 virtual modems per box (there seems to be a hard limit somewhere in the software).

30 minutes is an unacceptable downtime for a eFax server so I dove into every config file I could find. Nothing seemed to provide any indication that things were incorrectly configured.

Finding nothing and watching all the logs I noticed that the Faxgetty process from Hylafax logs every step for each modem using syslog from de-initialization to initialization and finally the ready state. It had always done this. Because it would take time to write to the file if something is also reading the file we would see an issue like this, similar to when you have a script processing a file if you have it echo to the terminal it will take 2-3 times longer to execute (usually).

This thought that the log could be the issue led me to the fix for this issue.

Running Ubuntu or Elastix (Cent OS) vi /etc/syslog.conf

You will see a section that looks like this

# Log anything (except mail) of level info or higher.

# Don’t log private authentication messages!

*.info;mail.none;authpriv.none;cron.none             /var/log/messages

Change that to look like this (adding the bold section)

*.info;mail.none;authpriv.none;cron.none;debug.none             /var/log/messages

Save the file and restart syslog

/etc/init.d/syslog restart

Now my modems restart in 30-45 SECONDS down from 30 plus MINUTES! Seems that something is reading the file as the Faxgetty process was writing the file exponentially increasing the time it took to execute a simple reload command for a virtual modem.

Hopefully this helps someone with the same issues it was a rather annoying one :)

Posted in Linux How-To | Tagged , , , | Leave a comment

USB Rubber Ducky | USB Rubber Ducky

I want one of these :)

Posted in Networking, News and Security | Leave a comment

Netstat – Examples used for finding DDOS

netstat -na

This display all active Internet connections to the server and only established connections are included.

netstat -an | grep :80 | sort

Show only active Internet connections to the server on port 80, this is the http port and so it’s useful if you have a web server, and sort the results. Useful in detecting a single flood by allowing you to recognize many connections coming from one IP.

netstat -n -p|grep SYN_REC | wc -l

This command is useful to find out how many active SYNC_REC are occurring on the server. The number should be pretty low, preferably less than 5. On DoS attack incidents or mail bombs, the number can jump to pretty high. However, the value always depends on system, so a high value may be average on another server.

netstat -n -p | grep SYN_REC | sort -u

List out the all IP addresses involved instead of just count.

netstat -n -p | grep SYN_REC | awk '{print $5}' | awk -F: '{print $1}'

List all the unique IP addresses of the node that are sending SYN_REC connection status.

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

Use netstat command to calculate and count the number of connections each IP address makes to the server.

netstat -anp |grep 'tcp|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

List count of number of connections the IPs are connected to the server using TCP or UDP protocol.

netstat -ntu | grep ESTAB | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr

Check on ESTABLISHED connections instead of all connections, and displays the connections count for each IP.

netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

Show and list IP address and its connection count that connect to port 80 on the server. Port 80 is used mainly by HTTP web page request.

Posted in Linux How-To, News and Security | Leave a comment

Hak5 – Building a high performance home router

This was a pretty cool setup.

Posted in Networking | Leave a comment

Apple Releases Security Updates for QuickTime, Safari, Mac EFI, OS X Yosemite, and iOS

Apple has released security updates for QuickTime, Safari, Mac Extensible Firmware Interface (EFI), OS X Yosemite, and iOS. Exploitation of some of these vulnerabilities may allow an attacker to obtain elevated privileges or crash applications.

Available updates include:

  • QuickTime 7.7.7 for Windows 7 and Windows Vista
  • Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3
  • Mac EFI for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5
  • OS X Yosemite 10.10.4 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10 to v10.10.3
  • iOS 8.4 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later

US-CERT encourages users and administrators to review Apple security updates HT204947(link is external), HT204950(link is external),HT204934(link is external), HT204942(link is external), HT204941(link is external) and apply the necessary updates.

Posted in News and Security | Leave a comment

ISC Releases Security Updates for BIND

The Internet Systems Consortium (ISC) has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial of service condition.

Updates available include:

  • BIND 9-version 9.9.7-P1
  • BIND 9-version 9.10.2-P2

Users and administrators are encouraged to review ISC Knowledge Base Article AA-01267 and apply the necessary updates.

Posted in News and Security | Leave a comment

Adobe Releases Security Update for Shockwave Player

Adobe has released a security update to address critical vulnerabilities in Shockwave Player for Windows and Macintosh. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-17(link is external) and apply the necessary update.

Posted in News and Security | Leave a comment

Microsoft Releases July 2015 Security Bulletin

Microsoft has released 14 updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow remote code execution or elevation of privileges.

US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-058 and MS15-065 through MS15-077(link is external) and apply the necessary updates.

Posted in News and Security | Leave a comment

Oracle Releases July 2015 Security Advisory

Oracle has released security fixes to address 193 vulnerabilities as part of its quarterly Critical Patch Update. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Oracle July 2015 Critical Patch Update(link is external) and apply the necessary updates.

Posted in News and Security | Leave a comment

OpenSSL Releases Security Advisory

OpenSSL has released updates to address a vulnerability that could impact proper certificate verification. A remote attacker could ‘issue’ invalid certificates that pass validation by affected versions.

Updates available include:

  • OpenSSL 1.0.2d for 1.0.2b/1.02c users
  • OpenSSL 1.0.1p for 1.0.1n/1.0.1o users

Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.

Posted in News and Security | Leave a comment