Home / FreePBX / Sangoma Security Breach Dec 2020

Sangoma Security Breach Dec 2020




Remove Support SSH Keys

  • You can do this from the FreePBX GUI by going to Admin --> Sys Admin --> Support and clicking ‘Remove’ on the SSH Keys Package.

  image

  • You can optionally use CLI command below to remove the keys
    • yum -y remove ssh_keys

Disconnect Sangoma Support VPN

  •  You can do this from the FreePBX GUI by going to Admin > Sys Admin > Support VPN and make sure the status shows Stopped and Unconfigured


  • If you are on FreePBX version 15 or higher you can also stop this from the CLI with the following command
    • /var/www/html/admin/modules/sysadmin/hooks/support-vpn-stop

Verify all Whitelisted IPs in FreePBX Firewall

  • From your FreePBX GUI go to Connectivity > Firewall > Network tab at the top

  • By default this will only show non-hidden trusted IPs. From the command line you can add in IPs that are hidden from the GUI so to truly see all IPs you need to paste at the end of the URL for the network tab 
    • &showhidden=true
    • Example URL would be https://192.168.0.1/admin/config.php?display=firewall&page=about&tab=networks&showhidden=true

  • This will show you a list of all the IPs that are whitelisted on the firewall. Carefully review these and make sure you recognize all of the trusted IPs and subnets.


  • Remove any IPs that you are unsure of.

Move to Clearly Mirrors with all modules pinned to versions before Oct 1st 2020 release dates.

  • From your FreePBX 13 or newer system login as root to the Linux CLI.  You can learn more about Clearly IP Mirrors for FreePBX based systems here


  • Run the below command and it should show you are currently using freepbx.org mirrrr

   fwconsole setting MODULE_REPO
   

  • To Switch to Clearly IP Mirrors run the following command
   fwconsole setting MODULE_REPO https://mirror.clearlyip.com 
    

  • We can now verify that the mirror servers have been changed by running the command from earlier again and we should see the Clearly IP mirrors now
   fwconsole setting MODULE_REPO
      

  • Now that we have verified you are using the Clearly Mirror servers we want to pin the server to a special master version we have created that will only provide modules that were published before Oct 13th 2020 with the following command.
    • For FreePBX Version 14 
      • fwconsole setting MIRROR_BRAND_VERSION 14.19.12.002
      • fwconsole reload
    • For FreePBX Version 15
      • fwconsole setting MIRROR_BRAND_VERSION 15.19.12.002
      • fwconsole reload
  • At anytime in the future you can move back to the latest Pin which will give you all the latest modules for FreePBX with the command below.
    • fwconsole setting MIRROR_BRAND_VERSION latest
    • fwconsole reload





     RSS of this page