Send system commands from dialplan

bhfisher · July 21, 2016, 11:08pm

I’m trying to send a command to Linux from a dial plan. Basically I want to turn off fail2ban and iptables by dialing some extension for 600 seconds, long enough to to access via SSH and then turn it back on.

Here is what I have now:

exten => 5432,1,Noop()
exten => 5432,n,Read(ext_pwd,S200,4,3,6) ; Please enter your passcode
exten => 5432,n,GotoIf($["${ext_pwd}"=“7777”]?start)
exten => 5432,n,Playback(login-fail)
exten => 5432,n,Goto(1) ; wrong - start again
;
exten => 5432,n(start),Noop()
exten => 5432,n,system(bin/sh -c “service fail2ban stop”)
exten => 5432,n,system(bin/sh -c “service iptables stop”)
exten => 5432,n,Playback(is-set-to&disabled)
exten => 5432,n,Wait(300) ; allow time to SSH into Server
exten => 5432,n,system(bin/sh -c “service fail2ban start”)
exten => 5432,n,system(bin/sh -c “service iptables start”)
exten => 5432,n,Playback(is-set-to&enabled)
exten => 5432,n,Hangup()

I’ve try many different system() formats, but none work - maybe you know what I’m doing wrong?

Bart

dicko · July 21, 2016, 11:38pm

system() runs as the user that runs asterisk and from the home directory of said user , normally asterisk.

su asterisk
cd ~
pwd
echo $PATH

then try over from that shell, you might need a full path, but generally you can’t run such dangerous commands (normally only root can), without elevating the asterisk user’s permission (which would be a very bad idea )

bhfisher · July 22, 2016, 12:29am

OK, I sort of get it… So how would I modify my system command to run all of what you said as root?!

james · July 22, 2016, 1:14am

Please check from:
http://www.voip-info.org/wiki/view/Asterisk+cmd+System

dicko · July 22, 2016, 1:31am

I seriously suggest you just don’t!!

Some folks set up incron to intermediate. But you need to understand the security risks and of course how incron works.