#!/bin/bash
###############################################
#
# Installation Script to Install FreeSWITCH, FusionPBX, PostgreSQL, PHP, Apache and required
# Supporting software on Centos 6.
#
###############################################
VERSION="0.3"
#get the machine type x86_64
MACHINE_TYPE=`uname -m`
cat <<EOT
This Script will install and create base line configs for FreeSWITCH, FusionPBX, Fail2Ban, Monit and PostgreSQL.
It is designed to run on a Centos6 Minimal Install. EPEL will also be temporarily Enabled to get a few packages
not in the main Centos Repositories.
As with anything you will want to review the configs after the installer to make sure they are what you want.
This is Version $VERSION of this script.
EOT
read -r -p "Are you sure? [Y/n] " response
if [[ $response =~ ^([yY][eE][sS]|[yY])$ ]]
then
echo "Here we go..."
else
echo "Aborting"
exit
fi
# Do a Yum Update to update the system and then install all other required modules
cd /usr/local/src
mkdir fusionpbxinstall
cd fusionpbxinstall
yum update -y
yum -y install git-core pkgconfig which unixODBC-devel postgresql-odbc subversion screen vim php* ntp autoconf automake libtool gcc-c++ ncurses-devel make zlib openssl-devel gnutls-devel libogg-devel libvorbis-devel gettext-devel expat-devel curl-devel zlib-devel bzip2 libjpeg-devel wget perl-ExtUtils-MakeMaker alsa-lib-devel gdbm-devel libX11-devel libtiff-devel python-devel uuid-devel nano libtool-ltdl libtool-ltdl-devel mc ghostscript
ntpdate pool.ntp.org
service ntpd start
chkconfig ntpd on
#configuring odbc for postgesql
cat >> /etc/odbc.ini << EOT
[ODBC Data Sources]
freeswitch = PostgreSQL ODBC Driver
[freeswitch]
Driver = PostgreSQL
Servername = ServerIP
Port = 5432
Database = freeswitch
UserName = freeswitch
Password = password
ServerType = Postgres
Trace = 0
TraceFile = /var/log/PostgreSQL_test_trace.log
Debug = 0
DebugFile = /var/log/PostgreSQL_test_debug.log
[fusionpbx]
Driver = PostgreSQL
Servername = ServerIP
Port = 5432
Database = fusionpbx
UserName = fusionpbx
Password = password
ServerType = Postgres
MaxLongVarcharSize = 65536
Trace = 0
TraceFile = /var/log/PostgreSQL_test_trace.log
Debug = 0
DebugFile = /var/log/PostgreSQL_test_debug.log
[Default]
Driver = /usr/lib64/psqlodbc.so
Description = PostgreSQL Data Source
Server = ServerIP
Port = 5432
UserName = freeswitch
Password = password
EOT
if [ -x /usr/sbin/setenforce ]
then
setenforce 0
/bin/sed -i -e s,'SELINUX=enforcing','SELINUX=disabled', /etc/sysconfig/selinux
fi
git clone git://git.freeswitch.org/freeswitch.git
cd freeswitch
git checkout v1.2.stable
./bootstrap.sh -j
#modify /usr/local/src/freeswitch/modules.conf
/bin/sed -i -e s,'#applications/mod_callcenter','applications/mod_callcenter', /usr/local/src/freeswitch/modules.conf
/bin/sed -i -e s,'#endpoints/mod_rtmp','endpoints/mod_rtmp', /usr/local/src/freeswitch/modules.conf
/bin/sed -i -e s,'#endpoints/mod_dingaling','endpoints/mod_dingaling', /usr/local/src/freeswitch/modules.conf
/bin/sed -i -e s,'#applications/mod_lcr','applications/mod_lcr', /usr/local/src/freeswitch/modules.conf
/bin/sed -i -e s,'#applications/mod_blacklist','applications/mod_blacklist', /usr/local/src/freeswitch/modules.conf
/bin/sed -i -e s,'#applications/mod_cidlookup','applications/mod_cidlookup', /usr/local/src/freeswitch/modules.conf
/bin/sed -i -e s,'#applications/mod_voicemail_ivr','applications/mod_voicemail_ivr', /usr/local/src/freeswitch/modules.conf
/bin/sed -i -e s,'#formats/mod_shout','formats/mod_shout', /usr/local/src/freeswitch/modules.conf
/bin/sed -i -e s,'#asr_tts/mod_tts_commandline','asr_tts/mod_tts_commandline', /usr/local/src/freeswitch/modules.conf
/bin/sed -i -e s,'#asr_tts/mod_flite','asr_ttsmod_flite', /usr/local/src/freeswitch/modules.conf
/bin/sed -i -e s,'#say/mod_say_ru','say/mod_say_ru', /usr/local/src/freeswitch/modules.conf
#/bin/sed -i -e s,'#event_handlers/mod_snmp','event_handlers/mod_snmp', /usr/local/src/freeswitch/modules.conf
./configure --without-libcurl -C
make -j `cat /proc/cpuinfo |grep processor |wc -l`
make install
make moh-install
make sounds-install
make sounds-ru-install
make cd-sounds-ru-install && make uhd-sounds-ru-install && make hd-sounds-ru-install
make cd-sounds-install
make cd-moh-install
#add a user for freeswitch
useradd freeswitch
#set ownership, perms, and install init scripts
cd /usr/local/
chown -R freeswitch:freeswitch freeswitch
chmod -R g+w freeswitch
cd /usr/local/src/freeswitch/build
cp freeswitch.init.redhat /etc/init.d/freeswitch
chmod +x /etc/init.d/freeswitch
cp freeswitch.sysconfig /etc/sysconfig/freeswitch
#Add Settings to freeswitch sysconfig file
cat >> /etc/sysconfig/freeswitch <<EOT
PID_FILE=/var/run/freeswitch/freeswitch.pid
FS_USER=freeswitch
FS_FILE=/usr/local/freeswitch/bin/freeswitch
FS_HOME=/usr/local/freeswitch
EOT
#add sofia_recovery script
cat >> /etc/init.d/FSSofia <<EOT
#!/bin/sh
#
# Description: Starting / stopping FreeSWITCH Sofia SIP profiles
# and send a 'sofia recover' after all profiles are started
#
# Author: Leon de Rooij <leon@scarlet-internet.nl>
# License: BSD
# Copyright: (C) 2010 Leon de Rooij
#set -x
FS_CLI_PROG='/usr/local/freeswitch/bin/fs_cli'
FS_CLI_HOST='127.0.0.1'
FS_CLI_PORT='8021'
FS_CLI_PASS='ClueCon'
PROFILES='internal external'
usage() {
echo "Usage: $0 profile1[,profile2[,etc]] {start|stop|status}"
exit 1
}
fs_cli() {
$FS_CLI_PROG -H $FS_CLI_HOST -P $FS_CLI_PORT -p $FS_CLI_PASS -x "$1"
}
sofia_profile_started() {
fs_cli "sofia xmlstatus" | grep "<name>$1</name>" | wc -l
}
if [ $# != 1 ]; then
usage
fi
#PROFILES=`echo $1 | tr ',' ' '`
CMD=$1
#was $2
case "$CMD" in
'start')
fs_cli "sofia recover"
exit 0
;;
'stop')
exit 0
;;
'status')
for p in $PROFILES; do
if [ `sofia_profile_started "$p"` -eq 0 ]; then
echo "$p DOWN"
exit 3
fi
done
echo "OK"
exit 0
;;
*)
usage
;;
esac
EOT
cat >> /usr/local/freeswitch/conf/autoload_configs/cidlookup.conf.xml <<EOT
<configuration name="cidlookup.conf" description="cidlookup Configuration">
<settings>
<param name="cache" value="true"/>
<param name="cache-expire" value="86400"/>
<param name="odbc-dsn" value="fusionpbx:fusionpbx:password"/>
<param name="sql" value="
SELECT p.contact_name_family ||', '|| p.contact_name_given as name
FROM v_contact_phones n INNER JOIN v_contacts p ON n.contact_uuid = p.contact_uuid
WHERE n.phone_number = '${caller_id_number}'
LIMIT 1
"/>
</settings>
</configuration>
EOT
chown apache:apache /usr/local/freeswitch/conf/autoload_configs/cidlookup.conf.xml
# sym link fs_cli into /usr/local/bin so we don't have to adjust paths
cd /usr/local/bin/
ln -s /usr/local/freeswitch/bin/fs_cli fs_cli
#start installing FusionPBX From Subversion
cd /var/www/html
mkdir fusionpbx
svn co http://fusionpbx.googlecode.com/svn/trunk/fusionpbx fusionpbx
cat > /var/www/html/index.php <<EOT
<?php header( 'Location: /fusionpbx/index.php' ) ;?>
EOT
#fix FusionPBX Ownership and Perms
chown -R apache:apache fusionpbx
cd /usr/local/freeswitch/conf/
chmod 770 `find . -type d`
chmod 660 `find . -type f`
# add apache to the freeswitch Group
usermod -a -G freeswitch apache
usermod -a -G apache freeswitch
cd /usr/local/src
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
sudo rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm
/bin/sed -i -e s,'enabled=0','enabled=1', /etc/yum.repos.d/epel.repo
/bin/sed -i -e s,'enabled=0','enabled=1', /etc/yum.repos.d/remi.repo
#Install Monit, Fail2Ban, and ngrep
yum install -y monit ngrep fail2ban
cat > /etc/monit.d/freeswitch <<EOT
check process freeswitch with pidfile /usr/local/freeswitch/run/freeswitch.pid
group voice
start program = "/etc/init.d/freeswitch start"
stop program = "/etc/init.d/freeswitch stop"
if failed port 5060 type UDP then restart
if 5 restarts within 5 cycles then timeout
depends on freeswitch_bin
depends on freeswitch_rc
check file freeswitch_bin with path /usr/local/freeswitch/bin/freeswitch
group voice
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid freeswitch then unmonitor
check file freeswitch_rc with path /etc/init.d/freeswitch
group voice
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor
EOT
cat > /etc/fail2ban/filter.d/freeswitch.conf << EOT
# Fail2Ban configuration file
#
# Author: Rupa SChomaker
#
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
[Definition]
failregex = ^\.\d+ \[WARNING\] sofia_reg\.c:\d+ SIP auth failure \((REGISTER|INVITE)\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>
^\.\d+ \[WARNING\] sofia_reg\.c:\d+ Can't find user \[\d+@\d+\.\d+\.\d+\.\d+\] from <HOST>
ignoreregex =
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
EOT
#This part may be overwritten
cat >> /etc/fail2ban/jail.local << EOT
[freeswitch]
enabled = true
port = 5060,5061,5080,5081
filter = freeswitch
logpath = /usr/local/freeswitch/log/freeswitch.log
maxretry = 10
action = iptables-allports[name=freeswitch, protocol=all]
# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org]
cat > /etc/fail2ban/filter.d/fusionpbx.conf << EOT
# Fail2Ban configuration file
#
# Author: soapee01
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
#failregex = [hostname] FusionPBX: \[<HOST>\] authentication failed
#[hostname] variable doesn't seem to work in every case. Do this instead:
failregex = .* FusionPBX: \[<HOST>\] authentication failed for
= .* FusionPBX: \[<HOST>\] provision attempt bad password for
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
EOT
cat >> /etc/fail2ban/jail.local << EOT
[fusionpbx]
enabled = true
port = 80,443
protocol = tcp
filter = fusionpbx
logpath = /var/log/messages
action = iptables-allports[name=fusionpbx, protocol=all]
# sendmail-whois[name=FusionPBX, dest=root, sender=fail2ban@example.org]
EOT
cat >> /etc/fail2ban/jail.local << EOT
[freeswitch-tcp]
enabled = true
port = 5060,5061,5080,5081
protocol = tcp
filter = freeswitch
logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=freeswitch-tcp, protocol=all]
# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org]
[freeswitch-udp]
enabled = true
port = 5060,5061,5080,5081
protocol = udp
filter = freeswitch
logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=freeswitch-udp, protocol=all]
# sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org]
EOT
# start up some services and set them to run at boot
service freeswitch start
service httpd restart
chkconfig freeswitch on
chkconfig httpd on
service monit start
chkconfig monit on
#Make the Prompt Pretty and add a few aliases that come in handy
cat >>~/.bashrc <<EOT
export LESSCHARSET="latin1"
export LESS="-R"
export CHARSET="ISO-8859-1"
export PS1='\n\[\033[01;31m\]\u@\h\[\033[01;36m\] [\d \@] \[\033[01;33m\] \w\n\[\033[00m\]<\#>:'
export PS2="\[\033[1m\]> \[\033[0m\]"
export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/lib/pkgconfig
export VISUAL=vim
umask 022
alias vi='vim'
alias fstop='top -p \`cat /usr/local/freeswitch/run/freeswitch.pid\`'
alias fsgdb='gdb /usr/local/freeswitch/bin/freeswitch \`cat /usr/local/freeswitch/run/freeswitch.pid\`'
alias fscore='gdb /usr/local/freeswitch/bin/freeswitch \`ls -rt core.* | tail -n1\`'
EOT
#Add a screenrc with a status line, a big scroll back and ^\ as the metakey as to not screw with emacs users
cat >> ~/.screenrc <<EOT
hardstatus alwaysignore
startup_message off
escape ^\b
defscrollback 8000
# status line at the bottom
hardstatus on
hardstatus alwayslastline
hardstatus string "%{.bW}%-w%{.rW}%f%n %t%{-}%+w %=%{..G}[%H %l] %{..Y} %m/%d %c "
termcapinfo xterm \'is=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;4;6l\'
EOT
# and finally lets fix up IPTables so things works correctly
#Block 'friendly-scanner' AKA sipvicious
iptables -I INPUT -p udp --dport 5060 -m string --string "friendly-scanner" --algo bm -j DROP
iptables -I INPUT -p udp --dport 5080 -m string --string "friendly-scanner" --algo bm -j DROP
#rate limit registrations to keep us from getting hammered on
iptables -I INPUT -m string --string "REGISTER sip:" --algo bm --to 65 -m hashlimit --hashlimit 4/minute --hashlimit-burst 1 --hashlimit-mode srcip,dstport --hashlimit-name sip_r_limit -j ACCEPT
# FreeSwitch ports internal SIP profile
iptables -I INPUT -p udp -m udp --dport 5060 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 5060 -j ACCEPT
# FreeSwitch Ports external SIP profile
iptables -I INPUT -p udp -m udp --dport 5080 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 5080 -j ACCEPT
# RTP Traffic 16384-32768
iptables -I INPUT -p udp -m udp --dport 16384:32768 -j ACCEPT
# Ports for the Web GUI
iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
#Ports for Posgres
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 5432 -j ACCEPT
iptables -I OUTPUT -m state --state NEW -m tcp -p tcp --dport 5432 -j ACCEPT
#save the IPTables rules for later
service iptables save
LOCAL_IP=`ifconfig eth0 | head -n2 | tail -n1 | cut -d' ' -f12 | cut -c 6-`
cat <<EOT
As long as you didnt see errors by this point, PostgreSQL, FreeSWITCH, FusionPBX, Fail2Ban, and Monit should in installed.
Point your browser to http://$LOCAL_IP/ and let the FusionPBX installer take it from there.
EOT
No comments:
Post a Comment