Sunday, February 23, 2020

enable disable asterisk extensions by time of day

Here's a way you could have extensions be activated/deactivated by a script.  Maybe you want to have an extension only work for a certain time frame. 

Create an bash script that changes modifies extension passwords stored in "SIP_ADDITIONAL.CONF" file in / etc / asterisk and use linux "crontab" to run it at the time you need. This just changes the extension credentials stored in active memory (not the ones stored in the mySQL database).
This script below maintains whatever the current extension password is, pre-pends it with characters of your choice,
HOW IT WORKS:
sip_additional.conf looks SOMETHING like this (I have removed lines to make it easier to understand)
You will see extensions in your system and and their "secret" or passwords for each.
In my example you see extension 1000 and extension 1001
[1000]
deny=0.0.0.0/0.0.0.0
secret=34e9d4179cff8a74259ebb52994bc844
dtmfmode=rfc2833
canreinvite=no
permit=0.0.0.0/0.0.0.0
faxdetect=no

[1001]
deny=0.0.0.0/0.0.0.0
secret=61476817178bc4051dc30de0c429ba29
dtmfmode=rfc2833
canreinvite=no
permit=0.0.0.0/0.0.0.0
faxdetect=no
The SED command will alter the password and update the asterisk .conf file and reload it into memory.
sed -i '/1000]/!b;n;n;s/secret=/secret=DISABLED/' /etc/asterisk/sip_additional.conf
asterisk -rx 'reload'
NOW the config file looks like this.
[1000]
deny=0.0.0.0/0.0.0.0
secret=DISABLED34e9d4179cff8a74259ebb52994bc844
dtmfmode=rfc2833
canreinvite=no
permit=0.0.0.0/0.0.0.0
faxdetect=no

[1001]
deny=0.0.0.0/0.0.0.0
secret=61476817178bc4051dc30de0c429ba29
dtmfmode=rfc2833
canreinvite=no
permit=0.0.0.0/0.0.0.0
faxdetect=no
Notice extension 1000 "SECRET" contains "DISABLED" as part of the password, this will de-register the softphone / SIPphone because the passwords now do not match.
I am adding the text "DISABLED", but you can use any characters you want. You could use 2388NNbbdh784.
You could also customize it for each extension to make it more complicated from being guessed by users.
This SED command would be used to restore the original password.
sed -i '/1000]/!b;n;n;s/secret=DISABLED/secret=/' /etc/asterisk/sip_additional.conf
asterisk -rx 'core reload'
Your conf file will be restored back and will look like this:
[1000]
deny=0.0.0.0/0.0.0.0
secret=34e9d4179cff8a74259ebb52994bc844
dtmfmode=rfc2833
canreinvite=no
permit=0.0.0.0/0.0.0.0
faxdetect=no

[1001]
deny=0.0.0.0/0.0.0.0
secret=61476817178bc4051dc30de0c429ba29
Notice that the secret for extension 1000 no longer has "DISABLED" in it.
So if you wanted to change a whole bunch of extensions, it would look something like this:
This bash script would change extensions 1001, 1015, 2153 and 7009
You'll notice that instead of "disabled" i'm using unique values ​​for some of them.
sed -i '/1001]/!b;n;n;s/secret=/secret=DISABLED/' /etc/asterisk/sip_additional.conf
sed -i '/1015]/!b;n;n;s/secret=/secret=DISABLED/' /etc/asterisk/sip_additional.conf
sed -i '/2153]/!b;n;n;s/secret=/secret=Sp3cilCharact3r$/' /etc/asterisk/sip_additional.conf
sed -i '/7009]/!b;n;n;s/secret=/secret=Sp3cilCharact3rS/' /etc/asterisk/sip_additional.conf
asterisk -rx 'core reload'
Your sip_additional.conf file would look like this:
[1001]
secret=DISABLED34e9d4179cff8a74259ebb52994bc844
[1015]
secret=DISABLEDa74259e179cff8a74252994bc8449ebb
[2153]
secret=Sp3cilCharact3rSff8a7425933479cebb2994bc221
[7009]
secret=Sp3cilCharact3rSb52994bc84434e9d4179cff85ff
And this command would revert them back. Just make sure that you match the secret values
sed -i '/1001]/!b;n;n;s/secret=DISABLED/secret=/' /etc/asterisk/sip_additional.conf
sed -i '/1015]/!b;n;n;s/secret=DISABLED/secret=/' /etc/asterisk/sip_additional.conf
sed -i '/2153]/!b;n;n;s/secret=Sp3cilCharact3rS/secret=/' /etc/asterisk/sip_additional.conf
sed -i '/7009]/!b;n;n;s/secret=Sp3cilCharact3rS/secret=/' /etc/asterisk/sip_additional.conf
asterisk -rx 'core reload'
Now your extensions are back to normal.
There is one thing to remember, if these extensions are disabled, and you make a GUI change, asterisk will rebuild the sip_additional.conf file and re-enable these and you would need to run the script again.
This is also a 'failsafe' for the above script. If you run it, but have problems, all you have to so is press "SUBMIT" and APPLY in the PBX GUI and everything is back to normal. You may have a fail2ban hit on these extensions, easy to clear that out at time of re-enable.
INSTALLATION INSTRUCTIONS!
1> create a file "disable.sh" in linux using NANO or Vi or similar
2> The first value at the top would be:
#!/bin/bash
sed -i '/XXXXX]/!b;n;n;s/secret=/secret=DISABLE/' /etc/asterisk/sip_additional.conf
asterisk -rx 'core reload'
3> Save the file
4> Make the file executable
 chmod u+x disable.sh
5> Now lets create the enable code.
6> create a file "enable.sh"
7> Put this in the script
#!/bin/bash
sed -i '/1000]/!b;n;n;s/secret=DISABLED/secret=/' /etc/asterisk/sip_additional.conf
asterisk -rx 'core reload'
8> Save the file
9> Make the file executable
 chmod u+x enable.sh
10> You can test the file by typing in ./enable.sh or ./disable.sh to test the script
11> Once you confirm your scripts are working, you can activate it with CRONTAB.
There are many articles to better describe crontab, but here is how I tested
12> enter the crontab editer
crontab -e
13> You'll see something like:
25 * * * * /var/lib/asterisk/bin/issabelpbx-cron-scheduler.php
~
15> To make the script run at 8 am add this line:
8 00 * * * /home/enable.sh
15> And to disable it at 10pm, use this line
22 00 * * * /home/disable.sh
16> You'll see something like this when you are done:
You'll note the path. My scripts were created in / home so my path reflects that in the command.
25 * * * * /var/lib/asterisk/bin/issabelpbx-cron-scheduler.php
8 00 * * * /home/enable.sh
22 00 * * * /home/disable.sh
17> Save your changes and you are done!

No comments:

Post a Comment

Feel free to leave a comment! If you have any information that you think should be included, please do so here and I'll get it added in.