[Spce-user] Stale Nonce Workarround in 4.5.1

Matthias Hohl matthias.hohl at telematica.at
Thu Sep 8 11:37:51 EDT 2016


Other Things we doing with customtt files, which would be nice to have the option to edit this in the config.yml file:

1.) Extend the Failover Routing Filter:
# cp /etc/ngcp-config/templates/etc/kamailio/proxy/proxy.cfg.tt2 /etc/ngcp-config/templates/etc/kamailio/proxy/proxy.cfg.customtt.tt2
# nano /etc/ngcp-config/templates/etc/kamailio/proxy/proxy.cfg.customtt.tt2
Suchen nach:
	route[ROUTE_FILTER_FAILOVER]
	{
		xlog("L_INFO", "Filter reply code - [% logreq -%]\n");
		if(!t_check_status("408|500|503"))

Und editieren nach:
	route[ROUTE_FILTER_FAILOVER]
	{
		xlog("L_INFO", "Filter reply code - [% logreq -%]\n");
		if(!t_check_status("403|408|488|500|502|503|504"))


2. Auto generated passwords without special characters:
# nano /usr/share/perl5/NGCP/Panel/Utils/Subscriber.pm
	on lines ~ 188 and 195 (mr 3.8.1) you will find something like this:

    	if($c->config->{security}->{password_sip_autogenerate}
    	&& !$params->{password}) { $params->{password} = String::MkPasswd::mkpasswd(
            	-length => $passlen,
            	-minnum => 1, -minlower => 1, -minupper => 1, -minspecial => 0,
            	-distribute => 1, -fatal => 1,
        	);
    	}

3.) Fraud Prevention interval
Monatslimit:
# cp /etc/ngcp-config/templates/etc/cron.d/ngcp-fraud-auto-lock.tt2 /etc/ngcp-config/templates/etc/cron.d/ngcp-fraud-auto-lock.customtt.tt2
# nano /etc/ngcp-config/templates/etc/cron.d/ngcp-fraud-auto-lock.customtt.tt2
	[% IF !is_db -%]#[% END -%]*/30 * * * *  root  if /usr/sbin/ngcp-check_active -q; then /usr/sbin/ngcp-fraud-auto-lock; fi

Tageslimit:
# cp /etc/ngcp-config/templates/etc/cron.d/ngcp-fraud-daily-lock.tt2 /etc/ngcp-config/templates/etc/cron.d/ngcp-fraud-daily-lock.customtt.tt2
# nano /etc/ngcp-config/templates/etc/cron.d/ngcp-fraud-daily-lock.customtt.tt2
	[% IF !is_db -%]#[% END -%]*/5 * * * *  root  if /usr/sbin/ngcp-check_active -q; then /usr/sbin/ngcp-fraud-daily-lock; fi


4.) automated invoice generation and sending
# nano /etc/ngcp-config/templates/etc/cron.d/ngcp-invoice-gen.customtt.tt2
Kontrollieren ob die Cronjobs alle mit "#" davor sind.
	# 5  3 1 * *   root    perl /usr/share/ngcp-panel/tools/generate_invoices.pl --prevmonth 2>&1 >/dev/null
	# 5  3 2 * *   root    perl /usr/share/ngcp-panel/tools/generate_invoices.pl --prevmonth --sendonly 2>&1 >/dev/null




-----Ursprüngliche Nachricht-----
Von: Spce-user [mailto:spce-user-bounces at lists.sipwise.com] Im Auftrag von Alex Lutay
Gesendet: Donnerstag, 8. September 2016 10:20
An: spce-user at lists.sipwise.com
Betreff: Re: [Spce-user] Stale Nonce Workarround in 4.5.1

Dear Matthias,

Can you please share "why" do you need this workaround here.

Also to all: feel free to share the reason of customtt you are using.
We do understand that customtt is an "necessary evil" which creates a lot of the issues during upgrades. So we would like to know the weak parts we have to focus on them one day and allow you work without customtt.

Tnx!

On 09/08/2016 01:37 AM, Matthias Hohl wrote:
...
> the stale nonce work-a-round in 4.5.1 is not possible:
...

--
Alex Lutay
_______________________________________________
Spce-user mailing list
Spce-user at lists.sipwise.com
https://lists.sipwise.com/listinfo/spce-user



More information about the Spce-user mailing list