Hello!
I want to remove/disable Endpoint Manager. You know why…
I can’t upgrade it to the fixed version, because my licence expired. And I don’t need it anyway.
But I don’t know how to disable it, without getting in a dependancy hell.
Do disable the Endpoint Manager, I have to disable adv_recovery and restapps.
To disable these, I have to disable asteriskinfo, pms, sangomaconnect, sangomartapi, …
I don’t know If I have a functional PBX left after all that.
What ist the best way here?
Open a ticket with Sangoma, ask them to remove the commercial license for EPM and revert to the free module.
I would recomend you to Disable, Don’t Delete it
Instead of force-removing with dependencies, the safest way is to disable the module only.
Please run below in cli i will recommend
fwconsole ma disable endpoint
If you’re not using Phone Apps, Sangoma, phone, etc., you can also disable them safely:
fwconsole ma disable restapps sangomaconnect pms sangomartapi
Your core PBX (Core, Asterisk Info, Extensions, Trunks, IVR, Ring Groups, queues.) will work fine.
If you want to delete it entirely:
fwconsole ma delete endpoint
this may complain about dependencies. In that case, disable those first, then delete.
I just disabled modules until all dependancies were gone. I hope there wasn’t something important.
Guess it’s solved now.
Oh Ok that perfect!
Disabling the module leaves all the files installed on the system. The system internally just doesn’t use the module for anything. That means the RCE code still exists in the system and could be exploited.
Ah, thanks! I now removed Endpoint Manager completely.
Since we have no real details on the exploit, we don’t know what will and won’t work and honestly I doubt they do either. If they had a full understanding they’d be able to answer these questions and not “further research”. That’s the thing about calling an exploit as fixed it. Either is or isn’t but I guess it is until it isn’t. Thanks Mr. Schrodinger. In any case, you can probably add to the endpoint folder a .htaccess file with
Deny from all
That should not trigger a tamper warning as a new file wouldn’t be in the signature file. Also, this assumes that the issue is with code inside of that folder related to Apache and not something in a running node app.
A lot of good it does. Certainly doesn’t seem to help prevent exploits which was supposed to be the whole point. That whole signature system causes more problems than it solves imo and just makes things more complicated than they need to be.