I am unable to reload through the GUI… I keep getting this error:
Reload failed because retrieve_conf encountered an error: 1
Unable to connect to remote asterisk (does /var/run/asterisk/asterisk.ctl exist?)
Exception: Unable to connect to Asterisk through the CLI in file /var/lib/asterisk/bin/retrieve_conf on line 24
1. Exception->() /var/lib/asterisk/bin/retrieve_conf:24
However, if I reload FreePBX through the terminal, with command amportal a r or fwconsole reload then it succeeds and I simply refresh the GUI and the Apply Config button is gone…
PIAF Installed Version = 188.8.131.52 under KVM
FreePBX Version = 13.0.10 1
Running Asterisk Version = 12.8.1
Asterisk Source Version = 12.8.1
Dahdi Source Version = 184.108.40.206
Libpri Source Version = 1.4.15
Operating System = CentOS release 6.7 (Final)
Kernel Version = 2.6.32-504.12.2.el6.x86_64 - 64 Bit
I know that *12 is EOL, or going to be… so if anybody has an idea on how to upgrade to *13, that would be much appreciated as well. Maybe that would even fix this issue. Thank you in advance for your help!
Thanks for the quick reply. However, that’s simply impossible. If * was not running, then I wouldn’t be able to make any calls, etc… Plus, on both the GUI and the terminal * shows as running. I am just simply now able to make any calls. Is there any more troubleshooting I can do to show you that * is running? Maybe a log or command you would like me to try? Thanks…
Thanks for that… I am working on a new server running FreePBX 13 on CentOS 7 as we speak to migrate over. Question: if how much of my config is transferred using the backup and restore module, as far as trunks, extensions, routes, etc? Thanks for the help…
AFAIK, all config gets transferred or should. CDRs, recorded calls, trunk, route, extensions, voicemail, settings, etc. There is an open issue with regard to custom recordings which may have to be transferred manually until it’s fixed.
This actually means that asterisk is running as root and not the aaterisk user. This is why a cli reload works but the gui doesn’t. PIAF was distributing a version that had asterisk running as root for a good month and didn’t seem to think it was a big deal
For the record @gforceco, you’re running Asterisk 12 which is no longer supported. In evaluating the dangers of various distros, you probably should consider the source of the advice and who acknowledged a root exploit of the FreePBX Distro just three short weeks ago. Then ask yourself how that could happen if the FreePBX Distro weren’t running with root user privileges. The difference is that the FreePBX Firewall not only didn’t protect FreePBX, but it was the actual cause of the root compromise. In contrast, the firewall available for PIAF and Incredible PBX runs INDEPENDENTLY of Apache and its web GUI which is generally a good idea when it comes to firewalls. Otherwise, the whole house of cards comes down (as it did) when any single piece fails.
I should explain that our forum software (Discourse) is highly self-moderating. If your post is flagged (and people can flag it for any reason they want), your post will get hidden until a real human looks at it.
The only way to stop this from happening is to post helpful and useful posts, and have people click on the Like button (the heart). The more hearts you get, the better the forum software treats you, and the more flags you need to get before your post is hidden.
This is one of the (many) awesome things about Discourse, and is why we love it.
I also urge people not to flag posts for ‘Inappropriate’ when they aren’t - this post wasn’t inappropriate, it was just wrong.
Edit: For those that missed it, the Vulnerability was reported and fixed over twitter in the space of about 10 minutes. Here’s the link to the post where I explained what the problem was, and it’s also mentioned in the first and second posts, too.
It’s not like it’s a sky-is-falling issue, it’s a bug, it was responsibly disclosed, and it was fixed. That’s what infosec is all about. We love people reporting bugs.
Please note this exploit was found by a security researcher who was reviewing code with our support and blessing. When calling your stuff secure it is important to “put up or shut up”. When approached by a security researcher who wants to evaluate what you publicly proclaim as secure, you can A: let them and work with them, or B: well there are other ways to deal with them. So yes the exploit was found with our blessing, fixed, announced without any reports of actual compromised systems.
All code has bugs. The point of my post was to note that you were calling out PIAF for running as root. My question went to whether the FreePBX Distro was doing the same. Very difficult to have a root exploit if your code was actually running as the asterisk user. You have again ignored the question. SO… does the FreePBX Firewall running inside the GUI have root privileges or not?? And, if not, how could there possibly be a root exploit because of a firewall bug? Just trying to learn from the masters…
I’ve got the same issue. After running the commands:
chown -R asterisk:asterisk /var/run/asterisk
sed -i ‘/END INIT INFO/a AST_USER=“asterisk”\nAST_GROUP=“asterisk”’ /etc/init.d/asterisk
sed -i ‘s|exit 0|/usr/local/sbin/amportal restart\nexit 0|’ /etc/rc.local
sed -i ‘s|;runuser|runuser|’ /etc/asterisk/asterisk.conf
sed -i ‘s|;rungroup|rungroup|’ /etc/asterisk/asterisk.conf
I notice the /var/run/asterisk/asterisk/ctl is set to root:root 755