Freepbx Exploit

Wow, what a week.  You move data centres and then find of an exploit that you weren't aware of.  Big thanks to freepbx for this one.  Not really sure why this little gem isn't documented in many places, but it's a good one.
When you use database authentication in freepbx the Database user and pass gets admin access to the system.  That sounds a little strange, but what it means is that if you have installed a clean install of freepbx, despite the fact that you have set a root password etc. access to the database asterisk is granted to the default user of:

freepbx - fpbx

Now, if you login to your web administration using those credentials it will grant you full admin access.  thus completely opening your system.  To modify the details you need to edit /etc/amportal.conf and change the following  option... once you have changed that don't forget to give that user/pass the mysql access to get into the asterisk database an example is shown on the second line

AMPDBPASS=SOMENEWPASS

 mysql> grant all on asterisk.* to freepbx@localhost identified by 'SOMENEWPASS'

Please bear in mind that you will still be able to get into the system using freepbx and SOMENEWPASS, so make it secure!!

 

Click to Call from Public Website

It's been a while since we posted, so we are going to get straight into it.

What we want to do here is provide some code that we can use on our public website which will call the person in the office and then call the number they entered. To make it easy on the public web developer what we are going to do is just hand them a small piece of javascript which they can use to put on there website where they want the picture to appear. The rest of the work is done on the asterisk side. It's all from a perspective where you are in control of the asterisk box, but nothing else. Whether it be a trixbox, elastix, pbx in a flash or asterisk, the setup explained here should work. It was designed for elastix and may need changes to the asterisk manager on other systems We are going to make a few assumptions.

• You have some basic understanding of PHP/Asterisk/Javascript


• You know your way around the freepbx layout.


• What we need to do on the Asterisk side is login to web admin section and create a new queue.

With that queue leave all the static agents blank, or else the image will display constantly even when you don't want to take calls.

Then create a directory in web(apache/httpd) directory which we will use for access from the public website. in that directory we are going to have a few files:

• index.php ( the php script to do the calling )


• callingscript.js ( the main chunk of javascript )


• callback.png ( the image to display )

We are only using 1 image, i.e. an online image the code is very easy to change to include an offline image if you want. In this example everything will reference http://call.pracapps.com.au/callback and will live in /var/www/html/callback

First lets start out with index.php

<?
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: POST, GET");
$queue = '7';// change this to the queue you have created on your system
$asterisk_location = '/usr/sbin/asterisk';
$command = "$asterisk_location -rx 'queue show $queue'";
if( !empty($_REQUEST['callback_number']) ) // this is the do the call part
{
require_once('/var/lib/asterisk/agi-bin/phpagi-asmanager.php');
$ami = new AGI_AsteriskManager();
$ami->connect();
$ami->originate("Local/$queue@from-internal", $_REQUEST['callback_number'], "from-internal", "1");
die('Your Call has been placed and your phone should be ringing shortly.');
} else { // display the javascript
exec($command, $output);
if(trim($output[1]) == 'Members:')
{
echo file_get_contents('http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js');
echo file_get_contents('http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/jquery-ui.min.js');
include('callingscript.js');
}
}
?>


In the index.php file you will need to edit line 4:
$queue = '7'; // change this to the queue you have created on your system
Then we have the callingscript.js, and just change line 1

base_url = 'http://call.pracapps.com.au/callback';
$('#callback').append(
$('<div></div>')
.append(
$('<img></img>')
.attr( { src: base_url + '/callback.png' } )
.click(function() { $('#callback-details').dialog('open'); } )
)
.append(
$('<div></div>')
.attr( { id: 'callback-details', title: 'Call Me Now' } )
.append(
$('<span>Please enter your number</span><br>')
)
.append(
$('<input></input>')
.attr( { name : 'callback_number', size : '20', id: 'callback_number' } )
)
)
);
var link = document.createElement('link');
link.type = 'text/css';
link.rel = 'stylesheet';
link.href = 'http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.15/themes/base/jquery-ui.css';
document.head.appendChild(link);

$(function() {
$('#callback-details').dialog({
autoOpen: false,
height: 300,
width: 350,
modal: true,
buttons: {
" Call Me ": function() {
$.ajax({
url: base_url+'/index.php',
data:{ callback_number: $('#callback_number').val() },
dataType: "text",
success: function(data){
$('#callback-details').dialog('close');
$('#callback').append(
$('<div>'+data+'</div>')
.attr( { id: 'callback-response', title: 'Your Call Status' } )
);
$('#callback-response').dialog({
height: 300,
width: 350,
});
}
});
$(this).dialog('close');
},
" Cancel ": function() {
$(this).dialog('close');
}
}
});
});

Then all we need to is log into queue from an extension to make it activate it. in the above example on a standard freepbx system it would be 7* and then 7** when their shift is finished.



**Elastix Specific**

Elastix always redirects to https, which caused issues, so the work around is this, need to create a file /etc/http/conf.d/callback.conf with the following details

<Directory /var/www/html/callback>
RewriteEngine Off
Order deny,allow
allow from all
</Directory>

** end Elastix **

We now just have to insert the code into the public website:

<div id='callback'></div>
<script type='text/javascript' src='http://call.pracapps.com.au/callback'></script>


trixbox 2.8 and cisco 7971

I was handed a cisco 7971 and told, if I can make it work it's mine. So I thought, geez, it can't be that hard. Well, it appears as though I may have been wrong. However, after MANY hours, I finally got the little sucker going. Surprisingly enough I don't want to go through the pain again. I can only hope that someone else finds this useful. I will have to pass credit onto voicecom with whom I found the current xml format. Now I have got mine working perfectly with cisco SIP firmware version 8.5.2 that is because I managed to find that through google (hint) it took me a lot of effort to get the firmware. But for those hunting for the firmware you may have luck searching around for cmterm-7970_7971-sip8-5-2.zip that is how I eventually found it.
That was actually almost he easy part, or at least not confusing. Now once I got that installed, getting the xml file right is a whole new kettle of fish. which is where the voicecom helped me out. Here is a little quote that I can vouch for!!!
"Be careful with the syntax of the .xml files as they will return an error if not correct that may take a bit of time"
The symptom is that your config won't update on your phone, and you can check by going into the settings and then into status and then view the status messages, it lists what the phone went through on boot.

<device xsi:type="axl:XIPPhone" ctiid="203849429" uuid="{96f8508b-10ef-f98c-d20d-0471777ec725}">

<fullConfig>true</fullConfig>

<deviceProtocol>SIP</deviceProtocol>

<sshUserId>user</sshUserId>

<sshPassword>pass</sshPassword>

<devicePool uuid="{a755aa55-089c-2b47-9603-c7d51b9ca4b5}">

<name>Dallas 5.0 Beta</name>

<dateTimeSetting uuid="{9ec4850a-7748-11d3-bdf0-00108302ead1}">

<name>CMLocal</name>

<dateTemplate>D/M/Ya</dateTemplate>

<timeZone>AUS Eastern Standard/Daylight Time</timeZone>

</dateTimeSetting>

<callManagerGroup>

<name>5.0 Beta</name>

<tftpDefault>true</tftpDefault>

<members>

<member priority="0">

<callManager>

<name>192.168.2.161</name>

<description>Your PBX</description>

<ports>

<ethernetPhonePort>2000</ethernetPhonePort>

<sipPort>5060</sipPort>

<securedSipPort>5061</securedSipPort>

<mgcpPorts>

<listen>2427</listen>

<keepAlive>2428</keepAlive>

</mgcpPorts>

</ports>

<processNodeName>ccm-beta-5-1</processNodeName>

</callManager>

</member>

</members>

</callManagerGroup>

<srstInfo uuid="{cd241e11-4a58-4d3d-9661-f06c912a18a3}">

<name>Disable</name>

<srstOption>Disable</srstOption>

<userModifiable>false</userModifiable>

<ipAddr1>192.168.2.161</ipAddr1>

<port1>2000</port1>

<ipAddr2></ipAddr2>

<port2>2000</port2>

<ipAddr3></ipAddr3>

<port3>2000</port3>

<sipIpAddr1>192.168.2.161</sipIpAddr1>

<sipPort1>5060</sipPort1>

<sipIpAddr2></sipIpAddr2>

<sipPort2>5060</sipPort2>

<sipIpAddr3></sipIpAddr3>

<sipPort3>5060</sipPort3>

<isSecure>false</isSecure>

</srstInfo>

<mlppDomainId>-1</mlppDomainId>

<mlppIndicationStatus>Default</mlppIndicationStatus>

<preemption>Default</preemption> <connectionMonitorDuration>120</connectionMonitorDuration>

</devicePool>

<sipProfile>

<sipProxies>

<backupProxy></backupProxy>

<backupProxyPort>5060</backupProxyPort>

<emergencyProxy></emergencyProxy>

<emergencyProxyPort>5060</emergencyProxyPort>

<outboundProxy></outboundProxy>

<outboundProxyPort>5060</outboundProxyPort>

<registerWithProxy>true</registerWithProxy>

</sipProxies>

<sipCallFeatures>

<cnfJoinEnabled>true</cnfJoinEnabled>

<callForwardURI>x-cisco-serviceuri-cfwdall</callForwardURI>

<callPickupURI>x-cisco-serviceuri-pickup</callPickupURI>

<callPickupListURI>x-cisco-serviceuri-opickup</callPickupListURI>

<callPickupGroupURI>x-cisco-serviceuri-gpickup</callPickupGroupURI>

<meetMeServiceURI>x-cisco-serviceuri-meetme</meetMeServiceURI>

<abbreviatedDialURI>x-cisco-serviceuri-abbrdial</abbreviatedDialURI>

<rfc2543Hold>false</rfc2543Hold>

<callHoldRingback>2</callHoldRingback>

<localCfwdEnable>true</localCfwdEnable>

<semiAttendedTransfer>true</semiAttendedTransfer>

<anonymousCallBlock>2</anonymousCallBlock>

<callerIdBlocking>2</callerIdBlocking>

<dndControl>0</dndControl>

<remoteCcEnable>true</remoteCcEnable>

</sipCallFeatures>

<sipStack>

<sipInviteRetx>6</sipInviteRetx>

<sipRetx>10</sipRetx>

<timerInviteExpires>180</timerInviteExpires>

<timerRegisterExpires>3600</timerRegisterExpires>

<timerRegisterDelta>5</timerRegisterDelta>

<timerKeepAliveExpires>120</timerKeepAliveExpires>

<timerSubscribeExpires>120</timerSubscribeExpires>

<timerSubscribeDelta>5</timerSubscribeDelta>

<timerT1>500</timerT1>

<timerT2>4000</timerT2>

<maxRedirects>70</maxRedirects>

<remotePartyID>true</remotePartyID>

<userInfo>None</userInfo>

</sipStack>

<autoAnswerTimer>1</autoAnswerTimer>

<autoAnswerAltBehavior>false</autoAnswerAltBehavior>

<autoAnswerOverride>true</autoAnswerOverride>

<transferOnhookEnabled>true</transferOnhookEnabled>

<enableVad>false</enableVad>

<preferredCodec>none</preferredCodec>

<dtmfAvtPayload>101</dtmfAvtPayload>

<dtmfDbLevel>3</dtmfDbLevel>

<dtmfOutofBand>avt</dtmfOutofBand>

<alwaysUsePrimeLine>false</alwaysUsePrimeLine>

<alwaysUsePrimeLineVoiceMail>false</alwaysUsePrimeLineVoiceMail>

<kpml>3</kpml>

<phoneLabel>Tom Higgins</phoneLabel>

<stutterMsgWaiting>1</stutterMsgWaiting>

<callStats>false</callStats>

<offhookToFirstDigitTimer>15000</offhookToFirstDigitTimer>

<silentPeriodBetweenCallWaitingBursts>10</silentPeriodBetweenCallWaitingBursts>

<disableLocalSpeedDialConfig>true</disableLocalSpeedDialConfig>

<startMediaPort>16384</startMediaPort> <stopMediaPort>32766</stopMediaPort>

<sipLines>



<line button="1">

<featureID>9</featureID>

<featureLabel>221</featureLabel>

<proxy>192.168.2.161</proxy>

<port>5060</port>

<name>221</name>

<displayName>Tom Higgins</displayName>

<autoAnswer>

<autoAnswerEnabled>2</autoAnswerEnabled>

</autoAnswer>

<callWaiting>3</callWaiting>

<authName>221</authName>

<authPassword>pracapps</authPassword>

<sharedLine>false</sharedLine>

<messageWaitingLampPolicy>3</messageWaitingLampPolicy>

<messagesNumber>*97</messagesNumber>

<ringSettingIdle>4</ringSettingIdle>

<ringSettingActive>5</ringSettingActive>

<contact>221</contact>

<forwardCallInfoDisplay>

<callerName>true</callerName>

<callerNumber>false</callerNumber>

<redirectedNumber>false</redirectedNumber>

<dialedNumber>true</dialedNumber>

</forwardCallInfoDisplay>

</line>





<line button="8">

<featureID>2</featureID>

<featureLabel>Pickup</featureLabel>

<speedDialNumber>*8</speedDialNumber>

</line>



</sipLines>

<voipControlPort>5060</voipControlPort>

<dscpForAudio>184</dscpForAudio>

<ringSettingBusyStationPolicy>0</ringSettingBusyStationPolicy>

<dialTemplate>dialplan.xml</dialTemplate>

<softKeyFile>SK50719900-3bee-4594-bc3f-6400e1a33bf0.xml</softKeyFile>

</sipProfile>

<commonProfile>

<phonePassword></phonePassword>

<backgroundImageAccess>true</backgroundImageAccess>

<callLogBlfEnabled>2</callLogBlfEnabled>

</commonProfile>

<loadInformation>SIP70.8-5-2S</loadInformation>

<vendorConfig>

<disableSpeaker>false</disableSpeaker>

<disableSpeakerAndHeadset>false</disableSpeakerAndHeadset>

<pcPort>0</pcPort>

<settingsAccess>1</settingsAccess>

<garp>0</garp>

<voiceVlanAccess>0</voiceVlanAccess>

<videoCapability>0</videoCapability>

<autoSelectLineEnable>0</autoSelectLineEnable>

<webAccess>1</webAccess>

<daysDisplayNotActive>1,2,3,4,5,6,7</daysDisplayNotActive>

<displayOnTime>08:00</displayOnTime>

<displayOnDuration>10:30</displayOnDuration>

<displayIdleTimeout>00:10</displayIdleTimeout>

<displayOnWhenIncomingCall>1</displayOnWhenIncomingCall>

<spanToPCPort>1</spanToPCPort>

</vendorConfig>



<versionStamp>1136931633-57191cee-5ffc-4342-b286-4246b4991890</versionStamp>

<userLocale>

<name>English_United_States</name>

<uid>1</uid>

<langCode>en_US</langCode>

<version>1.0.0.0-1</version>

<winCharSet>iso-8859-1</winCharSet>

</userLocale>

<networkLocale>New_Zealand</networkLocale>

<networkLocaleInfo>

<name>New_Zealand</name>

<version>5.0(2)</version>

</networkLocaleInfo>

<deviceSecurityMode>1</deviceSecurityMode>

<idleTimeout>0</idleTimeout>

<authenticationURL></authenticationURL>

<directoryURL>http://192.168.2.161/xmlservices/directory.xml</directoryURL>

<idleURL></idleURL>

<informationURL>http://192.168.2.161/ccmcip/GetTelecasterHelpText.jsp</informationURL>

<messagesURL></messagesURL>

<proxyServerURL>192.168.2.161</proxyServerURL>

<servicesURL>http://192.168.2.161/xmlservices/service.xml</servicesURL>

<dscpForSCCPPhoneConfig>96</dscpForSCCPPhoneConfig>

<dscpForSCCPPhoneServices>0</dscpForSCCPPhoneServices>

<dscpForCm2Dvce>96</dscpForCm2Dvce>

<transportLayerProtocol>4</transportLayerProtocol>

<capfAuthMode>0</capfAuthMode>



<capfList>

<capf>

<phonePort>3804</phonePort>

<processNodeName>ccm-beta-5-1</processNodeName>

</capf>

</capfList>

<certHash></certHash>

<encrConfig>false</encrConfig>

</device>

You also need to have your extension setup with nat = never in trixbox in order to get the phone to register properly, or else your extension with register with asterisk, but the phone won't think it's registered.
for further reading goto:
http://voicecom.co.nz/7971.pdf

Please feel free to ask questions or post comments!!!

Tom

Setting Up Web Meetme 4.0 with trixbox 2.8

Prerequisites:
Trixbox 2.8 fresh install
Downloaded a copy of web meetme (assumed in home directory)
Procedure
1.Ssh into trixbox then execute the following:

[trixbox1.localdomain ~]# tar zxf Web-MeetMe_v4.0.2.tgz
[trixbox1.localdomain ~]# mv web-meetme/ /var/www/html/
[trixbox1.localdomain ~]# yum -y install mysql-connector-odbc

2.edit /etc/odbcinst.ini and uncomment the MySQL section and change the driver to use /usr/lib/libmyodbc3.so
3.Add following to /etc/odbc.ini

[Asterisk]
Description = ODBC for MySQL
Driver = MySQL
Server = 127.0.0.1
Database = meetme
Port = 3306
Socket = /tmp/mysql.sock
Option =
Stmt =
Trace = yes
TraceFile = /tmp/odbc.log

4.Add following to /etc/asterisk/res_odbc.conf

[meetme]
dsn => Asterisk
username => root
password => passw0rd
pre-connect => yes

5.Change /etc/asterisk/extconfig.conf
from:
;meetme => mysql,conferences
to:

meetme => odbc,meetme,booking

6.For CDR logs create /etc/asterisk/cdr_adaptive_odbc.conf:

[wmm]
connection=meetme ;Note that this matches res_odbc.conf
table=cdr

7.Create /etc/asterisk/cdr.conf

[general]
endbeforehexten=no

8.Modify /etc/asterisk/extensions_custom.conf
from:
exten => s,n,CBMysql()
to:

exten => s,n,MeetMe()

9.Add Following to /etc/asterisk/phpagi.conf

[asmanager]
server=localhost
username=meetme
secret=passw0rd

10.Add Following to /etc/asterisk/manager_custom.conf

[MeetMe]
secret = passw0rd
read = call
write = command,originate

11.Execute the following commands:

[trixbox1.localdomain web-meetme]# mysql -ppassw0rd < /var/www/html/web-meetme/cbmysql/upgrade-db.txt [trixbox1.localdomain web-meetme]# amportal restart [trixbox1.localdomain web-meetme]# chkconfig memcached –add [trixbox1.localdomain web-meetme]# chkconfig memcached on [trixbox1.localdomain web-meetme]# /etc/init.d/memcached restart

12.Modify /var/www/html/web-meetme/lib/defines.php
from:
define ("AUTH_TYPE", "adLDAP"); // adLDAP or sqldb
to:

define ("AUTH_TYPE", "sqldb"); // adLDAP or sqldb

13.In that file there are some other options that you can change to suit the specific server that we are dealing with. But one thing with the outcall defaults is to make sure that the context = from-internal for trixbox as per below
define ("OUT_CONTEXT", "from-internal"); //Select a context to place the call from
14.modify /var/www/html/web-meetme/lib/database.php
from:
$password = '';
to:

$password = 'passw0rd';

15.Modify /var/www/html/web-meetme/conf_actions.php
from:
include (dirname(__FILE__)."/phpagi/phpagi-asmanager.php");
to:

include ("/var/lib/asterisk/agi-bin/phpagi-asmanager.php");

16.goto maint section of trixbox via a web browswer
17.Make sure module Custom Destinations is installed
18.Create a Custom Destination as per image below:

trixbox as voicemail system on cisco call manager

Recently I had a customer asked how to connect a trixbox to cisco call manager for use as a voicemail system.  It's actually not too hard to achieve, although it does require some manual customizations.  Here only the trixbox side will be covered, as far as I am aware, all the you need to do on the cisco side is to add a voicemail "pilot" number and the IP address of our trixbox, in our case we will be using 6199.   This setup does have some security concerns as there are no logins.  With that said as long as you don't have any outbound routes setup then they can't make any calls, but they could potentially access the voicemail.
Ok lets get down to the setup.  Login to the admin area of your trixbox webpanel.
What we need to do is create a custom context for the handling of the calls.  to do this we goto pbx->config file editor.   Then select extensions_custom.conf on the left hand side in that file we are going to create our custom context for handling calls.

[cisco-voicemail]
exten => _6199,1,Set(DEST=${CALLERID(number)})
exten => _6199,n,Macro(exten-vm,${DEST},${DEST})

the _6199 means 6199 is the number dialed. Then in the first line I get the callerid number and create a variable called DEST.  Then I use a predefined macro to call the voicemail in line 2

Ok... So that seems straight forward enough, but you need to create all the extensions in such a way so that they go into this context and goto the voicemail.

To do that you create a basic sip extension by putting the extension number in and then just put the voicemail information in.  Save it.  You will probably get an error about not having a sip password, just accept that.  Then you need to click on the extension you have just created to edit it.  The parts you need to change are this:

context = cisco-voicemail
qualify = no

From there you should be able to use the voicemail :)

that's great, but what about MWI ( Message Waiting Indicator ).  So in order to get that going we need to do a little more configuration.  That configuration is a custom notification command to the phone using the SIP notify.  below is the script I have used, it has some very basic parts and doesn't give a total of the old messages, as the cisco handsets didn't have the ability to display that information, so I removed a whole bunch of code from the original script and modified it slightly to make it fast and simple.  Below is the script, but in order to make that script work you need to tell asterisk to use it.  in voicemail.conf

externnotify = /var/lib/asterisk/script/notify-sip.sh

Here is the actual script used, if you are to use it all that will be require to change are the SIP_SERVER and the DOMAIN

#!/bin/bash
 
# This script send the SIP NOTIFY message to UA. The NOTIFY message
# can either enable or disable the UA message indicator. The script
# looks for any file in $VM_HOME and creates the NOTIFY message
#
# The actual NOTIFY message is sent to the SIP proxy by the sipsak
# utilty.  This script can be called from Asterisk when a voice mail
# is left to notify immediately, and it can also be called from a cron
# job to send out message notifications to all users with voicemail
#
# Adapted from the script found on [Serusers] mailing list:
# http://lists.iptel.org/pipermail/serusers/2005-May/019684.html
# 
# Adaptations by Josh Mahonin (jmahonin@cbnco.com), with credit to the 
# original creator.

# If Asterisk called us, save its parameters
VM_CONTEXT=$1
EXTENSION=$2
VM_COUNT=$3


# Voice mail file type
VM_TYPE=wav

# SIP settings
SIP_SERVER=ASTERISK_IP
SIP_PORT=5060
SIP_FROM=voicemail
user=${EXTENSION}
DOMAIN=DESTINATION_IP


SEQUENCE=$( printf "%06d" $RANDOM )
if [ $VM_COUNT -gt 0 ]
then
 HAS_NEW="yes"
else
 HAS_NEW="no"
fi

NEW_MESSAGES=$VM_COUNT
OLD_MESSAGES=0
CONTENT_LENGTH=$(( 34 + ${#HAS_NEW} + ${#NEW_MESSAGES} + ${#OLD_MESSAGES} ))

(
        cat <<-EOM
NOTIFY sip:${user}@${DOMAIN} SIP/2.0
From: 
To: 
Contact: 
Call-ID: ${SEQUENCE}@${SIP_SERVER}
CSeq: ${SEQUENCE} NOTIFY
Event: message-summary
Content-Type: application/simple-message-summary
Content-Length: ${CONTENT_LENGTH}

Messages-Waiting: ${HAS_NEW}
Voicemail: ${NEW_MESSAGES}/${OLD_MESSAGES}
 
EOM
) > out.msg
cat out.msg | /usr/bin/sipsak -s sip:${user}@${DOMAIN} -f -

        if [ $? -ne 0 ] ; then
            logger -t notify-script "Error: sipsak was not successful sending to $user"
        fi
 
exit 0

Montioring trixbox via snmp

One of the hard things when you have a system out there is how to make sure that you know when something goes wrong.  There are a number of ways this can be achieved, but Seeing that it's not likely to be the only system you need to monitor you will want to setup a monitoring server somewhere.  After much deliberation I decided to go with monitoring it via snmp because it's an general standard that works well for monitoring and most monitoring systems that use snmp collect some good data that I can use at a glance.  Personally I use opennms to monitor, but you probably already have your own, or else you wouldn't be here.
Let's get down to business, trixbox systems have the snmp support built in, they just need to be told how to do it.  To make sure that you have all the packages

yum -y install net-snmp net-snmp-devel net-snmp-utils bzip2-devel newt-devel lm_sensors-devel

Now that we have everything we need we just need to tell snmp how to get the info... The info I have is for snmp version 3,  which is the most secure.

echo "#trixbox user
rwuser trixboxsnmp priv
createUser trixboxsnmp SHA !ChangemE! AES" >> /etc/snmp/snmp.conf

This command adds the trixboxsnmp user to the snmp, don't forget to change the password.
Now we need to setup the snmp agent for asterisk:

echo "# trixbox configuration
master agentx
agentXSocket /var/agentx/master
agentXPerms 0660 0550 asterisk asterisk" >> /etc/snmp/snmpd.conf

Now we need to configure asterisk to use the snmp agent.  To do that we need to configure the asterisk file res_snmp.conf.  Below is the configuration you need in there, it's the whole file, so you can make sure that your file looks like this /etc/asterisk/res_snmp.conf

;
; Configuration file for res_snmp
;

[general]
; We run as a subagent per default -- to run as a full agent
; we must run as root (to be able to bind to port 161)
subagent = yes
; SNMP must be explicitly enabled to be active
enabled = yes

Now we are ready to go. all we have to do is restart asterisk and snmp

/etc/init.d/snmpd restart
/etc/init.d/snmptrapd restart
amportal restart

That is pretty much it, although there is a little permission issue with the agentx dir so we need to do the following so that asterisk can update the agent file, this is how to fix it and get it all

chmod 755 /var/agentx

Now we just need to setup our monitoring server to collect the data.  If you are using opennms, here is a link to get it going on there
http://www.opennms.org/blog/?p=227

Welcome to Open Source Your Life

Welcome to my new blog, Open Source Your Life.
As a small business owner working with OSS ( Open Source Software ) I work hard to find ways in which I can help the community understand the benefits of such technology and their uses, here you will find tidbits that I find interesting and tips/techniques that I have picked up along the way.  I hope that you find that this useful and share the information along the chain.

Enjoy
Tom