Our website uses cookies. To find out more information on the cookies we use, please head to our privacy policy.OK

Database Task Automation for Asterisk (AsteriskNOW)

Like most sales managers, our internal sales manager needed access to the Call Record Database of our AsteriskNOW implementation. This blog explains how we used our Privileged Task Management module to grant secure access, whilst protecting our privileged credentials.

The challenge

We had a business need for our internal sales manager to access the Call Record Database of our AsteriskNow implementation. The private branch exchange (PBX) is located on its own network with a dedicated internet connection, and is separated from our corporate network by two firewalls.

We wouldn’t expect our internal sales manager to understand the AsteriskCDRDB format or even the tools needed to access it. We also wouldn’t want to dish out the privileged credentials or allow web access to the PBX system.

Looking at the AsteriskNow implementation, it has a well-protected implementation of MySQL. By default, it is limited to access from the local host only. Given that PBX systems are prime hacking targets, it would be prudent not to change this access.

As the creators of the PxM Platform, we recognised that our Privileged Task Management module is ideal for this kind of task.

What we did

We wrote a short Python Program to access the AsteriskCDRDB. The key here is that we didn’t want to embed the credentials in this code, since if the system was compromised any attacker could modify this database to conceal calls made from our PBX.

Here’s the code fragment that we use to connect to MySQL:

The key things to note is that we are using ‘getpass’ to ensure that the passwords are neither echoed or stored in command line history. The other notable technique is that password is set to ‘None’ as soon as the database connection has been tried. This means that it’s not hanging around in memory to be scraped.

Here’s the code that executes the query:

‘execute_query()’ formats the data the way we need it.

On the PxM Platform, we have a task template that is used to drive the Python on the PBX system. The key lines are here:

You can see now the inputs are marshalled, and how timeouts and error conditions are handled.  These are seen from the application perspective since it should not be possible for the user to enter a wrong value. The SysAdmin could configure the wrong values and hence these paths would get triggered.

The other notable action is that the remote file is retrieved to the PxM Platform environment, where it is well secured. This means that there’s no GDPR actionable data hanging around in files on the PBX system.

Here’s the PxM Platform’s SysAdmin interface:

In this case “Caller Names” is a list of our sales staff mapped to extension numbers. The business users interface looks like this (we’ve omitted the dropdown list from the screenshot above for GDPR compliance):

Here’s the results page:

The ‘disk’ icon is a direct link to the download.

Using our analytics module, we can see that our PBX task is very popular:

If you’d like to try this against your own implementation of AsteriskNow, or any other Asterisk based PBX, check out our PxM Express product. A ‘no cost’ offering, PxM Express is a scaled down version of the full PxM Platform, and includes task functionality.

Related Articles

term->name is Task Automation

Gartner’s Top 10 Security Projects for 2018 lists Privileged Account Management at #1

Privileged Account Management has been ranked by leading global research company Gartner as the number one security project for 2018 that CISOs… Read Post

What DevOps need to know about Privileged Account and Credential Security

Working in DevOps, you deal with the credentials needed to access data on applications, systems and devices, so you have a responsibility to… Read Post