Merge branch 'master' of https://github.com/fusionpbx/fusionpbx-docs

source/advanced/version_upgrade.rst

@@ -10,7 +10,16 @@ Version 4.2 to 4.4
 ^^^^^^^^^^^^^^^^^^
 
 1. Normal upgrade procedure update the source code, schema, menu and permissions. 
-2. Need to delete the following dialplans user_exists and user_record, call_forward_all, and local_extension dialplans from all domains. Then run Advanced -> Upgrade -> App Defaults to get new up to date diaplans.
+2. The following dialplans need to be updated. Do this by deleting the dialplans on all domains and then run Menu -> Advanced > Upgrade -> App Defaults.
+
+::
+
+ user_exists
+ user_record
+ call_forward_all
+ local_extension
+
+Then run Advanced -> Upgrade -> App Defaults to get new up to date diaplans.
 3. Update old recordings set the record_name and record_path.
 
 ::

source/firewall.rst

@@ -19,5 +19,6 @@ Firewall
   :glob:
 
   firewall/iptables.rst
+  firewall/fail2ban.rst
   firewall/pf.rst
   firewall/firewall_devices.rst

source/firewall/fail2ban.rst

@@ -0,0 +1,55 @@
+#############
+Fail2ban
+#############
+
+
+Fail2ban is also used to protect SSH, FreeSWITCH, the web server as well as other services. You can view the IP addresses blocked by Fail2ban with the following command.
+
+
+::
+ 
+ iptables -L
+ 
+
+To check the status of one of the fail2ban jails
+
+::
+
+ fail2ban-client status freeswitch-ip-tcp
+ 
+This command will show
+
+::
+
+` Status for the jail: freeswitch-ip-tcp
+` |- filter
+` |  |- File list:        /usr/local/freeswitch/log/freeswitch.log
+` |  |- Currently failed: 0
+` |  `- Total failed:     4
+` `- action
+`  |- Currently banned: 3
+`  |  `- IP list:       207.38.90.177 51.15.145.32 207.38.90.197
+`   `- Total banned:     3
+
+To exclude an ip so that it isn't blocked by any filters edit the **jails.conf** file.
+
+::
+
+ nano /etc/fail2ban/jail.conf
+
+
+Find ignoreip = and place domain.tld or 000.000.000.000.  Just put a space between them.
+
+::
+
+ ignoreip = domain.tld 000.000.000.000 192.168.0.0/16
+ 
+
+More about whitelisting can be found at http://www.fail2ban.org/wiki/index.php/Whitelist
+
+
+.. Note::
+
+    You can use a dynamic ip address service like dyndns to whitelist a dynamic ip address.
+
+

source/firewall/iptables.rst

@@ -12,11 +12,13 @@ Basic Rules
 | ``iptables -A INPUT -p tcp --dport 22 -j ACCEPT``
 | ``iptables -A INPUT -p tcp --dport 80 -j ACCEPT``
 | ``iptables -A INPUT -p tcp --dport 443 -j ACCEPT``
-| ``iptables -A INPUT -p tcp --dport 5060:5061 -j ACCEPT``
-| ``iptables -A INPUT -p udp --dport 5060:5061 -j ACCEPT``
-| ``iptables -A INPUT -p tcp --dport 5080:5081 -j ACCEPT``
-| ``iptables -A INPUT -p udp --dport 5080:5081 -j ACCEPT``
+| ``iptables -A INPUT -p tcp --dport 5060:5069 -j ACCEPT``
+| ``iptables -A INPUT -p udp --dport 5060:5069 -j ACCEPT``
+| ``iptables -A INPUT -p tcp --dport 5080 -j ACCEPT``
+| ``iptables -A INPUT -p udp --dport 5080 -j ACCEPT``
 | ``iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT``
+| ``iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT``
+| ``iptables -A INPUT -p udp --dport 1194 -j ACCEPT``
 | ``iptables -P INPUT DROP``
 | ``iptables -P FORWARD DROP``
 | ``iptables -P OUTPUT ACCEPT``
@@ -40,11 +42,15 @@ Rules to block not so friendly scanner
 | *Optional*
 
 
-| ``iptables -I INPUT -j DROP -p tcp --dport 5060 -m string--string "VaxSIPUserAgent" --algo bm``
+| ``iptables -I INPUT -j DROP -p tcp --dport 5060 -m string --string "VaxSIPUserAgent" --algo bm``
 | ``iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "VaxIPUserAgent" --algo bm``
 | ``iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "VaxSIPUserAgent" --algo bm``
 | ``iptables -I INPUT -j DROP -p tcp --dport 5080 -m string --string "VaxIPUserAgent" --algo bm``
 
+| ``iptables -I INPUT -j DROP -p tcp --dport 5060 -m string --string "VaxSIPUserAgent/3.1" --algo bm``
+| ``iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "VaxSIPUserAgent/3.1" --algo bm``
+| ``iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "VaxSIPUserAgent/3.1" --algo bm``
+| ``iptables -I INPUT -j DROP -p tcp --dport 5080 -m string --string "VaxSIPUserAgent/3.1" --algo bm``
 
 Show iptable rules
 ^^^^^^^^^^^^^^^^^^^
@@ -63,11 +69,26 @@ Delete line 2
 
 ``iptables -D INPUT 2``
 
+Flush Out Iptables
+^^^^^^^^^^^^^^^^^^^
+
+| ``iptables -P INPUT ACCEPT``
+| ``iptables -P FORWARD ACCEPT``
+| ``iptables -P OUTPUT ACCEPT``
+| ``iptables -F``
+
 Block IP address
 ^^^^^^^^^^^^^^^^^
 
 ``iptables -I INPUT -s 62.210.245.132 -j DROP``
 
+Flush iptables
+^^^^^^^^^^^^^^^^^
+How to flush iptables without loosing access to ssh.
+
+| ``iptables -P INPUT ACCEPT``
+| ``iptables -F``
+
 Save Changes
 ^^^^^^^^^^^^^
 

source/getting_started/backup.rst

@@ -6,19 +6,17 @@ Backup
 
 It's always good to have a backup method in place.  Here are the steps to a basic backup method with FusionPBX.
 
-Command line settings
-^^^^^^^^^^^^^^^^^^^^^^
+Command Line
+^^^^^^^^^^^^^^
 
-Be sure to change the password by replacing the zzzzzzzz in PGPASSWORD="zzzzzzzz" with your password.
+Be sure to change the password by replacing the zzzzzzzz in PGPASSWORD="zzzzzzzz" with your database password. You can get the password from /etc/fusionpbx/config.php.
 
 
 ::
  
  
- cd /usr/src/fusionpbx-install.sh
- git pull
- cd debian/resources/backup/
- vim fusionpbx-backup.sh
+ cd /etc/cron.daily
+ nano fusionpbx-backup.sh
  
  #!/bin/sh
  now=$(date +%Y-%m-%d)
@@ -32,12 +30,12 @@ Be sure to change the password by replacing the zzzzzzzz in PGPASSWORD="zzzzzzzz
  pg_dump --verbose -Fc --host=$database_host --port=$database_port -U fusionpbx fusionpbx --schema=public -f /var/backups/fusionpbx/postgresql/fusionpbx_pgsql_$now.sql
  echo "Backup Complete";
  
-To save the file press escape then :wq for write and quit.
+To save the file press ctrl + x then y to save it.
 
 
 You should have the script ready to execute. (Default the script will use FreeSWITCH package paths.  If you have an older install using source be sure to change this by commenting the package line #22 and uncomment the source line #25.)
  
-Crontab settings
+Crontab
 ^^^^^^^^^^^^^^^^^
 
 Setting crontab -e
@@ -47,21 +45,15 @@ Setting crontab -e
  crontab -e
  Choose 1 for nano
  Goto the last blank line and paste in the next line.
- 0 0 * * * bash /etc/cron.daily/fusionpbx-backup.sh
+ 0 0 * * * /bin/sh /etc/cron.daily/fusionpbx-backup.sh
  press enter then save and exit.
  
- cd /usr/src/fusionpbx-install.sh/debian/resources/backup/
- cp fusionpbx-backup.sh /etc/cron.daily
- chmod 755 fusionpbx-backup.sh
 
 
 Once this is complete you will have the backup ready to execute by ./fusionpbx-backup.sh or from the daily cron job. 
 
-Gui settings
-^^^^^^^^^^^^^
-
-**From the Gui.**
-
+Web Interface (optional)
+^^^^^^^^^^^^^^^^^^^^^^^^
 
 **FreeSWITCH Package install paths.**
 
@@ -79,7 +71,7 @@ Gui settings
  path		array  /var/www/fusionpbx	             	 	True 	fusionpbx
  path		array  /var/lib/freeswitch/storage	          	True 	storage
  path		array  /var/lib/freeswitch/recordings			True 	recordings
- path		array  /etc/freeswitch/conf 				True 	conf 
+ path		array  /etc/freeswitch 				True 	conf 
  
  Click "Reload" at the top of the page.
 
@@ -93,7 +85,7 @@ Gui settings
  
  Settings for FreeSWITCH source backup paths.
  
- path           array   /var/backups/fusionpbx/postgresql       True    postgresql
+ path  array   /var/backups/fusionpbx/postgresql       True    postgresql
  path		array  	/usr/local/freeswitch/scripts 		True 	scripts  	 	
  path		array  	/usr/local/freeswitch/recordings 	True 	recordings  	
  path		array  	/var/www/fusionpbx 		        True 	fusionpbx  	
@@ -105,7 +97,7 @@ Gui settings
 Download Backups
 ^^^^^^^^^^^^^^^^^
 
-From Advanced > Backup you can download the backup also. 
+From Advanced > Backup you can download the backup from the web interface this is optional. You would need to make sure that PHP doesn't timeout while compressing your backup and that it has enough access to RAM to do the work.
 
 **FreeSWITCH Source install paths.**
 

source/getting_started/installation_recommended_new.rst

@@ -1,10 +1,57 @@
 *************
-New Install
+OLD Install
 *************
 .. image:: ../_static/images/logo_right.png
         :scale: 85% 
 
 |
+|
+|
+|
+|
+**Please follow the link below for the newest install guide**
+
+http://docs.fusionpbx.com/en/latest/getting_started/quick_install.html 
+
+
+
+|
+|
+|
+|
+|
+|
+|
+|
+|
+|
+|
+|
+|
+|
+|
+|
+|
+|
+|
+|
+|
+|
+|
+|
+|
+|
+|
+|
+
+
+
+
+
+
+
+
+
 
 New Install Video https://www.youtube.com/embed/oioW1i8bieM
 

source/getting_started/security.rst

@@ -10,7 +10,7 @@ FusionPBX
 The latest Debian install script configures IPTables firewall for you. FusionPBX extensions set strong passwords for you by default. You can increase the password complexity using settings in Advanced -> Default Settings to increase the length of the passwords that are generated by default.
 
 
-Firewall
+`Firewall`_
 ^^^^^^^^
 Although the new install script configured IPTables for you it is recommended that you review the settings. On Debian and Ubuntu you can check your firewall with the following command.
 
@@ -62,7 +62,7 @@ XML RPC is secure by default for 2 reasons.
 
 If you were to start the module and open port 8787 on the firewall you would want to set a really good password for it under Advanced -> Settings. It would be recommended to use a VPN to like OpenVPN to access XML RPC over port 8787 instead of opening port 8787 on the firewall.
 
-Fail2ban
+`Fail2ban`_
 ^^^^^^^^
 
 Fail2ban is also used to protect SSH, FreeSWITCH, the web server as well as other services. 
@@ -84,9 +84,11 @@ Use strong passwords with SSH or even better use SSH keys for better protection
 .. _Upgrades: /en/latest/advanced/upgrade.html
 .. _link: https://www.nginx.com/blog/free-certificates-lets-encrypt-and-nginx
 .. _paid support: http://www.fusionpbx.com
-.. _firewall: /en/latest/getting_started/iptables.html#iptables
+.. _firewall-: /en/latest/getting_started/iptables.html#iptables
 .. _Firewall page: /en/latest/firewall.html
+.. _Firewall: /en/latest/firewall.html
 .. _iptables: /en/latest/getting_started/iptables.html#iptables
 .. _Verto Communicator: https://freeswitch.org/confluence/display/FREESWITCH/Verto+Communicator
 .. _Setup Let's Encrypt with FusionPBX: /en/latest/getting_started/lets_encrypt.html
 .. _Let's Encrypt: https://letsencrypt.org/docs
+.. _Fail2ban: /en/latest/firewall/fail2ban.html

source/index.rst

@@ -17,7 +17,7 @@ An open source project that provides a customizable and
 flexible web interface to the very powerful and highly scalable
 multi-platform voice switch called `FreeSWITCH`_.
 
-FusionPBX will run on a variety of operating systems (Optimized for Debian 8) and
+FusionPBX will run on a variety of operating systems (Optimized for Debian 8+) and
 hardware of your choice. FusionPBX provides a GUI for unlimited
 extensions, voicemail-to-email, music on hold, call parking, analog
 lines or high density T1/E1 circuits, and many other features. FusionPBX

source/iptables.rst

@@ -1,74 +0,0 @@
-.. image:: _static/images/logo.png
-   :width: 40px
-   :alt: Fusionpbx
-   :target: https://github.com/fusionpbx/fusionpbx-docs
-
-Basic Rules
-~~~~~~~~~~~~
-
-| ``iptables -A INPUT -i lo -j ACCEPT``
-| ``iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT``
-| ``iptables -A INPUT -p tcp --dport 22 -j ACCEPT``
-| ``iptables -A INPUT -p tcp --dport 80 -j ACCEPT``
-| ``iptables -A INPUT -p tcp --dport 443 -j ACCEPT``
-| ``iptables -A INPUT -p tcp --dport 5060:5069 -j ACCEPT``
-| ``iptables -A INPUT -p udp --dport 5060:5069 -j ACCEPT``
-| ``iptables -A INPUT -p tcp --dport 5080 -j ACCEPT``
-| ``iptables -A INPUT -p udp --dport 5080 -j ACCEPT``
-| ``iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT``
-| ``iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT``
-| ``iptables -A INPUT -p udp --dport 1194 -j ACCEPT``
-| ``iptables -P INPUT DROP``
-| ``iptables -P FORWARD DROP``
-| ``iptables -P OUTPUT ACCEPT``
-
-
-Friendly Scanner
-~~~~~~~~~~~~~~~~~
-
-Rules to block not so friendly scanner
-
-| ``iptables -I INPUT -j DROP -p tcp --dport 5060 -m string --string "friendly-scanner" --algo bm``
-| ``iptables -I INPUT -j DROP -p tcp --dport 5080 -m string --string "friendly-scanner" --algo bm``
-| ``iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "friendly-scanner" --algo bm``
-| ``iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "friendly-scanner" --algo bm``
-
-Show iptable rules
-~~~~~~~~~~~~~~~~~~~
-
-| ``sudo iptables -L -v``
-
-Show line numbers
-~~~~~~~~~~~~~~~~~~
-
-| ``iptables -L -v --line-numbers``
-
-Delete a line
-~~~~~~~~~~~~~~
-
-| Delete line 2
-| ``iptables -D INPUT 2``
-
-Flush out iptables
-~~~~~~~~~~~~~~~~~~~
-
-| ``iptables -P INPUT ACCEPT``
-| ``iptables -P FORWARD ACCEPT``
-| ``iptables -P OUTPUT ACCEPT``
-| ``iptables -F``
-
-
-Block IP address
-~~~~~~~~~~~~~~~~~
-
-| ``iptables -I INPUT -s 62.210.245.132 -j DROP``
-
-Save Changes
-~~~~~~~~~~~~~
-
-Debian & Ubuntu
-
-| ``apt-get install iptables-persistent``
-| ``service iptables-persistent save``
-|
-| ``dpkg-reconfigure iptables-persistent``