SARK Debian Accidental Lockouts

From sailpbx
Revision as of 14:01, 29 April 2017 by Adminwiki (talk | contribs) (SARK V5.0.0 Debian accidental lockouts and how to deal with them)
Jump to: navigation, search

back to SARK v4.0.0 contents

SARK V5.0.0 Debian accidental lockouts and how to deal with them

SARK V5 has both strong login security and an onboard firewall. It is possible to lock yourself out of the system in a couple of ways. Here is a guide to unlocking the system if you should find yourself in that situation. You cannot unlock the system remotely. You must have the box physically in your possession to perform these procedures. It's supposed to be hard to do!

Firewall Lockout

You've set the firewall in such a way that it will no longer allow you access on HTTPS and/or SSH

HTTPS only

You can still login with SSH. ssh to the box (or you can use WinSCP if you prefer) and find the SARK shorewall rules here


lcat /etc/shorewall/sark_rules 

ACCEPT net:$LAN $FW tcp 5060 - - # TCP SIP
ACCEPT net:$LAN $FW tcp 5061 - - # TCP SIP
ACCEPT net:$LAN $FW tcp 80 - - # HTTP
ACCEPT net:$LAN $FW tcp 22 - - # SSH
ACCEPT net:$LAN $FW udp 123 - - # NTP
ACCEPT net:$LAN $FW tcp 389 - - # LDAP
ACCEPT net:$LAN $FW udp 389 - - # LDAP
ACCEPT net $FW udp 4569 - -  # IAX2
ACCEPT net:$LAN $FW udp 5060 - - 4/min:5 # SIP
ACCEPT net:$LAN $FW udp 10000:20000 - - # RTP

Add back or correct the rules and either reboot the box or, if you are using ssh, you can simply restart the firewall with

shorewall restart