Install FreePBX 15 on CentOS 7

---

Step 1:  Prerequisites

Disable SELinux

setenforce 0 sudo sed -i 's/\(^SELINUX=\).*/\SELINUX=disabled/' /etc/selinux/config

Update CentOS system and Install Development Tools.

sudo yum -y update sudo yum -y groupinstall  "Development Tools"

Install other required dependencies:

sudo yum -y install lynx tftp-server ncurses-devel sendmail sendmail-cf sox newt-devel libxml2-devel libtiff-devel audiofile-devel gtk2-devel subversion kernel-devel git crontabs cronie cronie-anacron wget vim php-xml uuid-devel sqlite-devel net-tools gnutls-devel unixODBC mysql-connector-odbc

Step 2:  Install MariaDB Database server:

FreePBX requires a database server. Use the guide on the link below to install and configure MariaDB Database server on CentOS 7.

Install MariaDB 10.x on Ubuntu 18.04 and CentOS 7

Step 3: Installing Node.js 10 LTS

FreePBX has Node.js as a dependency, install it on your system by using our guide below:

Installing Node.js 10 LTS on CentOS 7 / Fedora 29 / Fedora 28

Once installed, confirm version using:

$ node -v v10.13.0

Step 4: Install and configure Apache Web Server

Install httpd package using yum package manager:

sudo yum -y install httpd

Then change Apache user to asterisk and turn on AllowOverride option :

sudo cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf_orig sudo sed -i 's/^\(User\|Group\).*/\1 asterisk/' /etc/httpd/conf/httpd.conf sudo sed -i 's/AllowOverride None/AllowOverride All/' /etc/httpd/conf/httpd.conf

Remove default index.html page

sudo rm -f /var/www/html/index.html

Step 5: Install PHP and required extensions

FreePBX is dependent on PHP, run the following commands to install php and required extensions.

sudo yum -y install epel-release sudo yum -y install wget php php-pear php-cgi php-common php-curl php-mbstring php-gd php-mysql php-gettext php-bcmath php-zip php-xml php-imap php-json php-process php-snmp

Change php maximum file upload size:

sudo sed -i 's/\(^upload_max_filesize = \).*/\120M/' /etc/php.ini

Step 6: Download and Install FreePBX 15 on Ubuntu 18.04 / 16.04 / Debian 9

Download the latest version of FreePBX 15:

sudo yum -y install wget wget http://mirror.freepbx.org/modules/packages/freepbx/freepbx-15.0-latest.tgz

Extract the file:

tar xfz freepbx-15.0-latest.tgz rm -f freepbx-15.0-latest.tgz

Install FreePBX 15 on CentOS 7

cd freepbx sudo ./start_asterisk start sudo ./install -n

If you have a root password for database server, use:

./install -n --dbuser root --dbpass password

Replace password with the root database password.

Sample installation output:

Done. All modules installed. Updating Hooks...Done Done installing modules Taking too long? Customize the chown command, See http://wiki.freepbx.org/display/FOP/FreePBX+Chown+Conf Setting Permissions... Setting base permissions...Done Setting specific permissions... 32451 [============================] Finished setting permissions Generating default configurations... Finished generating default configurations You have successfully installed FreePBX

Start  and enable httpd service.

sudo systemctl start httpd sudo systemctl enable httpd

If you have an active firewalld firewall service, open http & https ports

sudo firewall-cmd --add-service={http,https} --permanent sudo firewall-cmd --reload

You have successfully installed FreePBX 15 on CentOS 7.

Step 7: Access FreePBX 15 Web Interface

Open your web browser and connect to the IP address or hostname of your new FreePBX server.

1. Create the first admin account

When done providing admin user details, click “Create Account” to create the account. On the next page, you’ll get a login console.

You’ll get to FreePBX dashboard where you can manage your Asterisk PBX.

You should now have FreePBX 15 running on your CentOS 7 server. Visit our VOIP pae

secure Asterisk and FreePBX from VoIP Fraud and Brute force attacks

How VoIPBL secure?

VoIPBL Geolocation feature allows you to block all network traffic from countries that a network does not need to communicate with, or that are known originators of malicious activity. From their site, you can check if your IP address is on the blacklist.

How to install VoIPBL

VoIP Blacklist depends on Fail2ban to effect blacklisting on your PBX server. Ensure you have a fail2ban package installed and service running:

sudo yum install epel-release sudo yum install fail2ban fail2ban-systemd

For Ubuntu and other Debian families, run:

sudo apt-get -y install fail2ban ufw

If you’re running CentOS 6 or any other RHEL 6 family, install  iptables-services and fail2ban without fail2ban-systemd

sudo yum install iptables-services fail2ban

Default settings for Fail2ban are configured on./etc/fail2ban/jail.conf

A basic fail2ban configuration will have ssh monitoring. Let’s add this to /etc/fail2ban/jail.local file.

$ sudo vim /etc/fail2ban/jail.local

Add the following content:

[postfix] enabled  = true port     = smtp filter   = postfix logpath  = /var/log/mail.log maxretry = 3  [ssh] enabled = true port    = ssh filter  = sshd logpath  = /var/log/auth.log maxretry = 3  [vsftpd] enabled = false port = ftp filter = vsftpd logpath = /var/log/auth.log maxretry = 5  [pure-ftpd] enabled = true port = ftp filter = pure-ftpd logpath = /var/log/syslog maxretry = 3 

Then start and enable fail2ban service

sudo systemctl enable fail2ban.service sudo systemctl start fail2ban.service

Download voipbl.sh script and place it under /usr/local/bin/

wget http://www.voipbl.org/voipbl.sh -O /usr/local/bin/voipbl.sh

Make the script executable:

chmod +x /usr/local/bin/voipbl.sh

The above uses iptables. If your system support ipset, you can use the following script instead:

#!/bin/bash  URL="http://www.voipbl.org/update/"set -e echo "Downloading rules from VoIP Blacklist"wget -qO - $URL -O /tmp/voipbl.txt  echo "Loading rules..."# Check if rule set exists and create one if requiredif ! $(/usr/sbin/ipset list voipbl > /dev/null 2>&1); then   ipset -N voipbl iphash fi    #Check if rule in iptablesif ! $(/sbin/iptables -w --check INPUT -m set --match-set voipbl src -j DROP > /dev/null 2>&1); then  /sbin/iptables -I INPUT 1 -m set --match-set voipbl src -j DROP fi   # Create temporary chain ipset destroy voipbl_temp > /dev/null 2>&1 || true ipset -N voipbl_temp iphash   cat /tmp/voipbl.txt |\   awk '{ print "if [ ! -z \""$1"\" -a \""$1"\"  != \"#\" ]; then /usr/sbin/ipset  -A voipbl_temp \""$1"\" ;fi;"}' | sh   ipset swap voipbl_temp voipbl ipset destroy voipbl_temp || true   echo "Done! Rules loaded"

Then add a new Fail2ban Jail on /etc/fail2ban/jail.conf:

[asterisk-iptables] action = iptables-allports[name=ASTERISK, protocol=all]          voipbl[serial=XXXXXXXXXX]

Now define the VoIP Blacklist actions for Fail2ban on /etc/fail2ban/action.d/voipbl.conf.

sudo vim  /etc/fail2ban/action.d/voipbl.conf

Add:

# Description: Configuration for Fail2Ban  [Definition]  actionban   = <getcmd> "<url>/ban/?serial=<serial>&ip=<ip>&count=<failures>" actionunban = <getcmd> "<url>/unban/?serial=<serial>&ip=<ip>&count=<failures>"  [Init]  getcmd = wget --no-verbose --tries=3 --waitretry=10 --connect-timeout=10 \               --read-timeout=60 --retry-connrefused --output-document=- \       --user-agent=Fail2Ban  url = http://www.voipbl.org

We can now  create cron job file to update rules every 3 hours:

$ sudo vim /etc/cron.d/voipbl  # update blacklist each 4 hours 0 */4 * * * * root /usr/local/bin/voipbl.sh

When done, restart fail2ban daemon to get protected against VoIP Fraud:

sudo systemct restart fail2ban

You can also do advanced configurations like:

• • Filter by Country

  • Filter by Network

For further reading, check the  Asterisk Security document by VOIP-info.

----------------------------------