Bypass the tampered module warning

jmpg · July 1, 2025, 10:39am

I have filed an issue that is getting no attention, so I would like to use the suggested change on my FreePBX boxes but, when I do that, I get that red warning on the dashboard about tampered files.
Is there a way to bypass that tampered module warning?

jfinstrom · July 1, 2025, 8:28pm

I am guessing it isn’t going anywhere because that is some edge usage that doesn’t have a broader use case. Mind you there are a lot of folks on this platform so two things matter in general.

is this something that benefits the majority of the user-base
is there a bu$iness case that makes money.
if the answer to one or both is yes then it will likely get in.

I would honestly just write your own script that emulates it so you don’t see the error and it isn’t nuked by updates. Use your favorite language it doesn’t have to be PHP. I saw on the ticket you aren’t a PHP guy. Copy the file in to your favorite ai and say replicate this functionality in FOO language, Tweak to your liking and debug the hallucinations and poof good to go.

jfinstrom · July 1, 2025, 8:39pm

Ok this is probably criminal… PHP → Applesoft BASIC via AI

Start

10 REM START.BAS - SIMULATE FREEPBX START COMMAND IN APPLESOFT BASIC
20 REM INITIALIZE VARIABLES
30 SKCH = 0 : REM SKIPCHOWN FLAG (0=NO, 1=YES)
40 PR = 0 : REM PRE-HOOKS ONLY (0=NO, 1=YES)
50 PO = 0 : REM POST-HOOKS ONLY (0=NO, 1=YES)
60 AST = 0 : REM ASTERISK RUNNING (0=NO, 1=YES)
70 BR$ = "FreePBX" : REM BRAND NAME
80 DIM MOD$(10) : REM ARRAY FOR MODULE NAMES
90 NM = 0 : REM NUMBER OF MODULES
100 BO = 0 : REM BOOTED FLAG

110 REM GET USER INPUT FOR OPTIONS
120 HOME : PRINT "START COMMAND OPTIONS"
130 PRINT "RUN PRE-HOOKS ONLY? (Y/N)";
140 INPUT PR$
150 IF PR$ = "Y" OR PR$ = "y" THEN PR = 1
160 PRINT "RUN POST-HOOKS ONLY? (Y/N)";
170 INPUT PO$
180 IF PO$ = "Y" OR PO$ = "y" THEN PO = 1
190 PRINT "SKIP CHOWN? (Y/N)";
200 INPUT SK$
210 IF SK$ = "Y" OR SK$ = "y" THEN SKCH = 1
220 PRINT "ENTER MODULE NAMES (UP TO 10, EMPTY TO STOP):"
230 FOR I = 1 TO 10
240 PRINT "MODULE ";I;": ";
250 INPUT M$
260 IF M$ = "" THEN GOTO 290
270 MOD$(I) = M$
280 NM = NM + 1
290 NEXT I

300 REM DETERMINE ACTIONS
310 IF PR = 1 THEN PRINT "ONLY RUNNING PRE-HOOKS" : RUNPRE = 1 : SA = 0 : RUNPOST = 0 : GOTO 350
320 IF PO = 1 THEN PRINT "ONLY RUNNING POST-HOOKS" : RUNPRE = 0 : SA = 0 : RUNPOST = 1 : GOTO 350
330 RUNPRE = 1 : SA = 1 : RUNPOST = 1

340 REM CHECK MODULES
350 IF NM > 0 THEN SA = 0 : REM NO ASTERISK START IF MODULES SPECIFIED
360 IF NM > 0 THEN GOSUB 700 : REM FILTER HOOKS

370 REM CHECK ASTERISK STATUS
380 IF SA = 1 AND AST = 1 THEN PRINT "ASTERISK ALREADY RUNNING" : SA = 0

390 REM EXECUTE STARTUP
400 PRINT "RUNNING ";BR$;" STARTUP..."
410 IF RUNPRE = 1 THEN GOSUB 500
420 IF SA = 1 THEN GOSUB 600
430 IF RUNPOST = 1 THEN GOSUB 800
440 PRINT "DONE"
450 END

500 REM PRE-ASTERISK HOOKS
510 IF PR <> 1 AND AST = 1 THEN PRINT "UNABLE TO RUN PRE-HOOKS, ASTERISK RUNNING" : SA = 0 : RETURN
520 IF PR <> 1 AND SKCH = 0 THEN PRINT "RUNNING CHOWN..." : REM SIMULATE CHOWN
530 IF NM = 0 THEN PRINT "RUNNING PRE-HOOKS FOR ALL MODULES" : RETURN
540 FOR I = 1 TO NM
550 PRINT "RUNNING ASTERISK PRE FROM ";MOD$(I);" MODULE"
560 NEXT I
570 RETURN

600 REM START ASTERISK
610 PRINT "STARTING ASTERISK..."
620 FOR I = 1 TO 10 : REM SIMULATE STARTUP DELAY
630 PRINT ".";
640 FOR J = 1 TO 1000 : NEXT J : REM DELAY LOOP
650 NEXT I
660 AST = 1 : BO = 0
670 FOR I = 1 TO 30 : REM SIMULATE CONNECTION ATTEMPTS
680 IF BO = 1 THEN GOTO 710
690 BO = INT(RND(1)*2) : REM RANDOMLY SET BOOTED
700 NEXT I
710 PRINT ""
720 IF BO = 1 THEN PRINT "ASTERISK STARTED" : RETURN
730 PRINT "UNABLE TO START ASTERISK!"
740 END

800 REM POST-ASTERISK HOOKS
810 IF NM = 0 THEN PRINT "RUNNING POST-HOOKS FOR ALL MODULES" : RETURN
820 FOR I = 1 TO NM
830 PRINT "RUNNING ASTERISK POST FROM ";MOD$(I);" MODULE"
840 NEXT I
850 RETURN

900 REM SIMULATE HOOK FILTERING
910 IF RUNPRE = 1 THEN PRINT "FILTERING PRE-HOOKS FOR MODULES"
920 IF RUNPOST = 1 THEN PRINT "FILTERING POST-HOOKS FOR MODULES"
930 RETURN

Stop

10 REM STOP.BAS - SIMULATE FREEPBX STOP COMMAND IN APPLESOFT BASIC
20 REM INITIALIZE VARIABLES
30 IMM = 0 : REM IMMEDIATE FLAG (0=NO, 1=YES)
40 PR = 0 : REM PRE-HOOKS ONLY (0=NO, 1=YES)
50 PO = 0 : REM POST-HOOKS ONLY (0=NO, 1=YES)
60 AST = 1 : REM ASTERISK RUNNING (0=NO, 1=YES)
70 BR$ = "FreePBX" : REM BRAND NAME
80 DIM MOD$(10) : REM ARRAY FOR MODULE NAMES
90 NM = 0 : REM NUMBER OF MODULES
100 MW = 30 : REM MAXWAIT IN SECONDS

110 REM GET USER INPUT FOR OPTIONS
120 HOME : PRINT "STOP COMMAND OPTIONS"
130 PRINT "IMMEDIATE SHUTDOWN? (Y/N)";
140 INPUT IM$
150 IF IM$ = "Y" OR IM$ = "y" THEN IMM = 1
160 PRINT "RUN PRE-HOOKS ONLY? (Y/N)";
170 INPUT PR$
180 IF PR$ = "Y" OR PR$ = "y" THEN PR = 1
190 PRINT "RUN POST-HOOKS ONLY? (Y/N)";
200 INPUT PO$
210 IF PO$ = "Y" OR PO$ = "y" THEN PO = 1
220 PRINT "MAX WAIT TIME (SECONDS, 5-3600, DEFAULT 30):";
230 INPUT MW
240 IF MW < 5 THEN MW = 30
250 IF MW > 3600 THEN MW = 3600
260 PRINT "ENTER MODULE NAMES (UP TO 10, EMPTY TO STOP):"
270 FOR I = 1 TO 10
280 PRINT "MODULE ";I;": ";
290 INPUT M$
300 IF M$ = "" THEN GOTO 330
310 MOD$(I) = M$
320 NM = NM + 1
330 NEXT I

340 REM DETERMINE ACTIONS
350 IF PR = 1 THEN PRINT "ONLY RUNNING PRE-HOOKS" : RUNPRE = 1 : SA = 0 : RUNPOST = 0 : GOTO 390
360 IF PO = 1 THEN PRINT "ONLY RUNNING POST-HOOKS" : RUNPRE = 0 : SA = 0 : RUNPOST = 1 : GOTO 390
370 RUNPRE = 1 : SA = 1 : RUNPOST = 1

380 REM CHECK MODULES
390 IF NM > 0 THEN SA = 0 : GOSUB 800

400 REM CHECK ASTERISK STATUS
410 IF SA = 1 AND AST = 0 THEN PRINT "ASTERISK NOT CURRENTLY RUNNING" : SA = 0

420 REM EXECUTE SHUTDOWN
430 PRINT "RUNNING ";BR$;" SHUTDOWN..."
440 PRINT ""
450 IF RUNPRE = 1 THEN GOSUB 500
460 IF SA = 1 THEN GOSUB 600
470 IF RUNPOST = 1 THEN GOSUB 900
480 PRINT ""
490 PRINT "DONE"
500 END

510 REM PRE-ASTERISK HOOKS
520 IF NM = 0 THEN PRINT "RUNNING PRE-HOOKS FOR ALL MODULES" : RETURN
530 FOR I = 1 TO NM
540 PRINT "RUNNING ASTERISK PRE FROM ";MOD$(I);" MODULE"
550 NEXT I
560 RETURN

600 REM STOP ASTERISK
610 IF IMM = 1 THEN PRINT "SHUTTING DOWN ASTERISK IMMEDIATELY..." : GOSUB 700 : RETURN
620 PRINT "SHUTTING DOWN ASTERISK GRACEFULLY. WILL FORCEFULLY KILL AFTER ";MW;" SECONDS."
630 PRINT "PRESS C TO CANCEL, N TO SHUT DOWN NOW"
640 FOR I = 1 TO MW
650 PRINT ".";
660 FOR J = 1 TO 1000 : NEXT J : REM DELAY LOOP
670 INPUT "";K$ : REM NON-BLOCKING INPUT SIMULATION
680 IF K$ = "C" OR K$ = "c" THEN PRINT "ABORTING SHUTDOWN. ASTERISK IS STILL RUNNING" : RETURN
690 IF K$ = "N" OR K$ = "n" THEN PRINT "KILLING ASTERISK FORCEFULLY." : GOSUB 700 : RETURN
700 NEXT I
710 PRINT ""
720 PRINT "KILLING ASTERISK FORCEFULLY."
730 GOSUB 700
740 IF AST = 1 THEN PRINT "ASTERISK IS STILL RUNNING AND WE CAN'T STOP IT!" : END
750 RETURN

760 REM STOP ASTERISK SUBROUTINE
770 IF IMM = 1 THEN AST = 0 : RETURN
780 AST = INT(RND(1)*2) : REM RANDOMLY SET ASTERISK STOPPED
790 RETURN

800 REM SIMULATE HOOK FILTERING
810 IF RUNPRE = 1 THEN PRINT "FILTERING PRE-HOOKS FOR MODULES"
820 IF RUNPOST = 1 THEN PRINT "FILTERING POST-HOOKS FOR MODULES"
830 RETURN

900 REM POST-ASTERISK HOOKS
910 IF NM = 0 THEN PRINT "RUNNING POST-HOOKS FOR ALL MODULES" : RETURN
920 FOR I = 1 TO NM
930 PRINT "RUNNING ASTERISK POST FROM ";MOD$(I);" MODULE"
940 NEXT I
950 RETURN

jmpg · July 1, 2025, 10:38pm

It may be an edge case, but personally I don’t like the idea of not being able to start/stop Asterisk independently of FreePBX. I always used Asterisk packages from Debian in my installations, even on the past, when FreePBX was CentOS biased. If the goal of Sangoma is, somewhere in the future, to supply FreePBX (the open-source core) as an official Debian package it would need to decouple Asterisk start/stop from FreePBX start/stop.

Regarding using AI to generate code that suit my needs, I could do that, but I’m not comfortable in doing this on a language that I don’t master. AI tools are wonderful, but, in the current stage, I found that you need to have some critical assessment on they’re results to find the mistakes and hallucinations that I currently find when I use it in languages/frameworks that I master.

I also think that there should be an easy way to disable the tampering detection code for a specific module (and/or file). I think this should be a common scenario for a developer that wants to test some change in a specific module without being annoyed with that warnings, that are pointless in that case.

jfinstrom · July 1, 2025, 10:55pm

I absolutely do not recommend it but this will put you on the right track
https://www.voip-info.org/forum/resources/removing-freepbx-12-module-signature-checking.47/
tl;dr he patches the GPG class… I haven’t looked at the changes but he has a “gui-fix” command that to do it. When you update framework your changes will be nuked. So ultimately you will want something to apply a patch everytime a changed module updates…

Alternative, pehaps better alternative to nuking signature checks is modify and self sign. Either way you have to patch every update. BUT if anything you haven’t done custom is modified you are still alerted.

jmpg · July 1, 2025, 10:59pm

Thank you for the pointers… I will take a look.

jfinstrom · July 1, 2025, 11:04pm

Note before you manually strart asterisk you want to run fwconsole start --pre then start asterisk fwconsole start --post this makes sure node services etc are running. Same flow with stop

Add ExecStartPre/ExecStartPost ExecStopPre/ExecStopPost

jmpg · July 1, 2025, 11:19pm

Currently I have the Asterisk service that starts on boot before the FreeePBX service and it works just fine.

jmpg@st-3:~$ journalctl -b -o short-precise -u asterisk.service
jul 02 00:10:31.516394 st-3 systemd[1]: Starting asterisk.service - Asterisk PBX...
jul 02 00:10:33.393612 st-3 systemd[1]: Started asterisk.service - Asterisk PBX.
jmpg@st-3:~$ journalctl -b -o short-precise -u freepbx.service 
jul 02 00:10:31.519028 st-3 systemd[1]: Starting freepbx.service - FreePBX VoIP Server...
jul 02 00:10:32.174944 st-3 fwconsole[836]: Asterisk already running
jul 02 00:10:32.174944 st-3 fwconsole[836]: Running FreePBX startup...
jul 02 00:10:32.178662 st-3 fwconsole[836]: Taking too long? Customize the chown command, See https://sangomakb.atlassian.net/wiki/spaces/FP/pages/10289397/FreePBX+Chown+Conf
jul 02 00:10:32.178662 st-3 fwconsole[836]: Setting Permissions...
jul 02 00:10:35.740153 st-3 fwconsole[836]: Setting base permissions...Done in 3 seconds
jul 02 00:10:35.740153 st-3 fwconsole[836]: Setting specific permissions...
jul 02 00:10:35.791902 st-3 fwconsole[836]:     0 [>---------------------------]
...
jul 02 00:10:37.358536 st-3 fwconsole[836]: Finished setting permissions
jul 02 00:10:37.373266 st-3 fwconsole[836]: Unable to run Pre-Asterisk hooks, because Asterisk is already running on PID 835 and has been running for 5 seconds
jul 02 00:10:37.373266 st-3 fwconsole[836]: Running Asterisk post from Core module
...