Hi; I want to remove all plain text usernames an passwords from kamailio.cfg file. Like modparam("auth_db", "db_url", "dbdriver://username:password @dbhost/dbname") or this modparam("sqlops","sqlcon","ca=>dbdriver://username:password @dbhost/dbname") Can you help me with some ideas of how can I handle that? Thank you.
Don't use databases. Create an API and use it to access the data you need. Won't work for every possible usage, but in general API-driven SIP-routing is very possible with Kamailio, especially with KEMI.
ср, 18 нояб. 2020 г. в 11:32, Ahmed Marsou amarsou1988@gmail.com:
Alternative way is to use unixodbc, but it just means you put the password into another file.
ср, 18 нояб. 2020 г. в 14:35, Alexandru Covalschi 568691@gmail.com:
I just get the params from AWS Parameter Store and pass it to Kamailio on startup. Downsize is you can see them in “ps”.
On Wed, 18 Nov 2020 at 12:40, Alexandru Covalschi 568691@gmail.com wrote:
Thank you so much, David and Alexandru. I'm not sure but i read something about reading the config from my.cnf
http://www.kamailio.org/docs/modules/5.0.x/modules/db_mysql.html#idp419
The problem is that my.cnf, have 600 permission and I'm running kamailio with user kamailio, so the question is, There is a way to read this file as root on startup but run kamailio as kamailio? The option AWS Parameter Store, is something related to amazon, right?
Tank you so much.
El mié., 18 nov. 2020 a las 15:29, David Villasmil (< david.villasmil.work@gmail.com>) escribió:
Sure, as root, read the file and start Kamailio with -u kamailio -g kamailio
On Wed, 18 Nov 2020 at 14:50, Ahmed Marsou amarsou1988@gmail.com wrote:
Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
Yes, in fact using API is the better way, but I need time to do it. Finaly I add on kamailio.service a post and pre execution task that give rights just on strat process. Thank you so much to evrybody.
El jue, 19 nov 2020 a las 12:13, Olle E. Johansson (oej@edvina.net) escribió:
One alternative is to pass user/password via environment variables and then use #!substdef in configuration file, with the replacement using the corresponding $env(...) variables.
If the goal is protecting the configuration file content in long term against being read in the future, two other options:
- remove kamailio.cfg after starting kamailio, it is not needed at runtime
- encrypt kamailio.cfg and pipe its decrypted content to kamailio at startup, like:
decryptapp kamailio-encrypted.cfg | kamailio -f - ...
Cheers, Daniel
On 18.11.20 15:27, David Villasmil wrote:
On 18.11.20 16:45, Daniel-Constantin Mierla wrote:
Obviously, instead of removing, the permissions kamailio.cfg can be changed after starting kamailio -- adding this after seeing in another message being mentioned the option with mysql my.cfg, user/password is in a local file anyhow.
Cheers, Daniel
Yes, Im agree that anyhow it will be on local, but only root user have the right to read this file. So how can I change the permission of my.cnf file to be able to read it from kamailio only when I start or reboot? Thank you.
El mié., 18 nov. 2020 17:18, Daniel-Constantin Mierla miconda@gmail.com escribió:
-
Ahmed Marsou -
Alexandru Covalschi -
Daniel-Constantin Mierla -
David Villasmil -
Olle E. Johansson