<div dir="ltr">Bryan you can run a DD command on a backup hard drive where you store your images to flash your running drive.. Typically speaking most of your os is in the memory so you won't affect much until the reboot.. Better hope you setup the boot manger correctly but it can be done via dtmf and shell script if you really wanted to. Its the same principle as doing a rm -r / command.. But yes this can be technically done via dtmf however i don't recommend it.. #I<3Shellscripts<div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div style="font-size:small;font-family:arial">Loren Tedford (KC9ZHV) </div><div style="font-size:small;font-family:arial">Phone:</div><div style="font-size:small"><font face="arial">Fax: </font><br><font face="arial">Email: </font><a href="mailto:lorentedford@gmail.com" style="color:rgb(17,85,204);font-family:arial" target="_blank">lorentedford@gmail.com</a></div><div style="font-size:small">Email: <a href="mailto:KC9ZHV@KC9ZHV.com" style="color:rgb(17,85,204)" target="_blank">KC9ZHV@KC9ZHV.com</a></div><div style="font-size:small;font-family:arial"><a href="http://www.lorentedford.com/" style="color:rgb(17,85,204)" target="_blank">http://www.lorentedford.com</a></div><div style="font-size:small;font-family:arial"><a href="http://www.kc9zhv.com/" style="color:rgb(17,85,204)" target="_blank">http://www.kc9zhv.com</a></div><div style="font-size:small;font-family:arial"><a href="http://forum.kc9zhv.com/" style="color:rgb(17,85,204)" target="_blank">http://forum.kc9zhv.com</a></div><div style="font-size:small;font-family:arial"><a href="http://hub.kc9zhv.com/" style="color:rgb(17,85,204)" target="_blank">http://hub.kc9zhv.com</a></div><div style="font-size:small"><a href="http://ltcraft.net/" style="color:rgb(17,85,204)" target="_blank">http://Ltcraft.net<span></span><span></span></a></div><div style="font-size:small"><a href="http://voipham.com" target="_blank">http://voipham.com</a></div></div></div></div></div></div>
<br><div class="gmail_quote">On Fri, Jun 16, 2017 at 9:33 AM, Bryan D. Boyle <span dir="ltr"><<a href="mailto:bdboyle@bdboyle.com" target="_blank">bdboyle@bdboyle.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span class="">
<div class="m_1047018391512328270moz-cite-prefix">On 6/16/2017 8:56 AM, DuaneVT . wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div style="font-family:comic sans ms,sans-serif;font-size:small">Good to know about RC1. I had
months ago disabled access to root via ssh. Even I have to ssh
in as SU with a password. I was wondering if this exploit hack
was seen by others, just a heads-up.</div>
<div style="font-family:comic sans ms,sans-serif;font-size:small">Duane KA1LM</div>
</div>
</blockquote>
<br></span>
ANY port that you have open to the outside world is going to add to
the risk you enjoy (!) from being connected to the network. There
are well-known ports; in the U/Lin-UX world, the goldmine ports (ie
those which are reserved to the root group, are those port #s <
1024...and once you have root, all bets are off as to what you can
do.<br>
<br>
That many people have their routers set up to automagically
establish persistent connections when any outbound traffic port is
opened, this means that if your machine is pwned and a rogue daemon
sets up a channel to a command and control system, YOUR machine is
part of a botnet...doing who knows what.<br>
<br>
In 7 years of running an asterisk box, I have NEVER had a reason,
while away from the site, of having to log in to do something. Now,
it may be different if your box is on a mountain top and
inaccessible for 4 months of the year...but, my rule is, if you can
drive there, then I don't enable shell access from the outside. I
turn off, on my router, PnP. I deny ANY to ANY inbound connections
as the default ACL. My boxes have static IPs on the inside of a
NAT, and ports are routed to specific host/ports. Fail2ban is
running, and, as a luxury, my logs are NOT stored on the machines
that ARE accessible; the first thing that a miscreant is going to do
is try and erase system log entries of what they've done. <br>
<br>
So...how to do those things that you have to do administratively?
Think belt and suspenders. <br>
<br>
One of the nice things about asterisk is that you can script almost
anything both inside the application as well as the operating system
to respond to DTMF. Now, I realize that not everyone has this
ability, but, being all my boxes are accessible via the net in some
manner...I have a receive-only node on an oddball frequency in a
second location locally, which also has an echolink node
assigned...and have scripted the admin functions *I* use on a
regular basis. Things like reboot the box...restart asterisk...even
down to connect and disconnect nodes (ie command *node#3 or *node#1
to connect or disconnect node#), etc.<br>
<br>
Add in the fact that you can have control over the GPIO pins on the
DMK and RIM URIs, and you can even do relay-driven (I like
electromechanical stuff) things: turn on fans, turn off fans, turn
on power, turn off power...the possibilities are endless, if you
think through just what it is that you need to when you supposedly
have to log in via a shell. Haven't quite worked out how to mount a
cdrom that has a clonezilla image of a fresh box to restore a system
from a DTMF command...but, I'm sure with some hacking, even that
could be done to remotely restore a system that HAS been trashed. <br>
<br>
In my opinion, we have to get away from thinking that we need to
have terminal access to what is (or should be) essentially an
appliance that controls radios. And, no, I'm not thinking that a
web interface is necessarily the way to go either. <br>
<br>
<br>
</div>
<br>______________________________<wbr>_________________<br>
App_rpt-users mailing list<br>
<a href="mailto:App_rpt-users@lists.allstarlink.org">App_rpt-users@lists.<wbr>allstarlink.org</a><br>
<a href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer" target="_blank">http://lists.allstarlink.org/<wbr>cgi-bin/mailman/listinfo/app_<wbr>rpt-users</a><br>
<br>
To unsubscribe from this list please visit <a href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer" target="_blank">http://lists.allstarlink.org/<wbr>cgi-bin/mailman/listinfo/app_<wbr>rpt-users</a> and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"<br>
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. <br></blockquote></div><br></div></div>