Commercial Modules On Debian

Any idea how soon we can expect to be able to run FreePBX on debian WITH commercial modules? We desperately want to get off of the CentOS FreePBX Distro due to security concerns, but rely on one commercial module. Trying to plan projects for next year,

I wouldn’t hold your breath… It is going to be a while before anything usable will arrive. It has been a few weeks for over a year.

What module do you rely on ?

Parking Pro, so we can have separate parking lots per location.(all our locations connect back to one centralized FreePBX server)

Genuine question, what security concerns are there in the short term?

Maybe I’m doing something wrong, but the only things I’m seeing get updates on the CentOS FreePBX distro are the FreePBX modules and Asterisk. I have no memory in the last 1-2 years of seeing any updates(through package manager “yum”) for apache, php, linux kernel, ssl, etc. any of the common packages that have security CVEs that get patched on other systems I maintain. Which leads me to assume there is a whole slew of unpatched security vulnerabilities on the server.

Hi Team,
We just published a blog post regarding FreePBX 17 and Debian.

Getting this done is our highest priority!
Every module is being updated and its a HUGE amount of work.
We are looking to provide more concrete dates as we near Astricon Feb 2024.
Nenad

3 Likes

Not sure what you might have setup for your system but all of our deployments see OS level updates all the time.

is chan_sip going to officially die with this migration?

2 Likes

Hmmmmmmm, ok, so it does sound like I’m doing something wrong. When I installed the FreePBX distro(years ago) I just left the yum repos at all the default settings. I’m much more familiar with “apt” on debian than yum.

I just looked up and ran the command to list the repos my installed has configured. Attached is a screen shot of what it’s showing.

Either all of the centos repos were disabled by default or somehow got disabled. Should I enable all 4 of those CentOS specific ones?

On a related note, anyone know if PHP 7 works fine with FreePBX 15?

Those are same or similar repos that are enabled on our systems. If you run yum update -y do you get any updates?

No.

chan_SIP needs to be left alone!

Use PJSIP all you want, but leave chan_SIP available

Too late. Asterisk v20 is the last version of Asterisk to have chan_sip. It no longer exists in the master code branch or the current v21 release.

which may give me my answer lol… the instructions on the wiki they give have you build Asterisk 20-latest. Also they still enable app-macro so apparently we still aren’t clear of that.

Attached is a screen shot of the only updates that show when I run a yum check-update. We have a custom mod for asterisk for voice mail that requires us to patch it and build from source. I only install the updated asterisk versions maybe once or twice a year due to that. Packages just like these are all I’ve seen come across as updates for years on this server. Hence, lacking security updates for all of the types of packages I mentioned prior in this thread.

Just for clarification, FreePBX 17 will NOT be available as a distro, and will only be available by installing on Debian? Or will a “Distro” be available as well that will be a “pre configured” complete system like in previous versions?

Yea, I guess maybe they don’t push all updates that a normal CentOS installation would have you install but I guess just the lack of seeing updates doesn’t mean that security updates aren’t being pushed. Feel free to do the leg work to find a package that’s a security concern that hasn’t been updated and report it here.

Otherwise I think 17 is going to fit your needs well as it’s going to be just a vanilla Debian installation that updates just like any Debian server in the world.

Great question!

I had been concerned about the ISO status as well given that it came loaded with security as a focus. For example, SELinux is something that the Sangoma 7 FreePBX distro was using. On Debian, SELinux can be implemented, however, the default equivalent is AppArmor. Currently at a crossroads in deciding which one to go with given that I’ve heard nothing about this yet.

When Sangoma says they have a lot of work to do to get Debian 12 + FreePBX(stable), they aren’t kidding. And you can’t begin to lock the system down until you know you’ve made all the dependency adjustments with things proven to work well in lab scenarios. Afterwards, comes the SELinux or AppArmor to lock down directories, files, and networking elements; followed by more testing before production runs can begin.

I think they just reused old instructions and left that in there by mistake.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.