[arm-allstar] IMPORTANT UPDATE - Supermon/Allmon2 security and feature update

Bryan St Clair bryan at k6cbr.us
Fri Feb 16 12:28:53 EST 2018 

Doug,

I processed this update on 3 nodes and 2 worked without issue.

One, however, has lost Asterisk.   After noticing it wasn't connecting I
did a reboot and confirmed it wasn't running.  A manual start, restart
(from admin and command line) all result in error: "asterisk: no process
found"

Any ideas?

Bryan


On Thu, Feb 15, 2018 at 3:19 PM, "Doug Crompton via arm-allstar" <
arm-allstar at hamvoip.org> wrote:

> There has been a major security update to BOTH Allmon2 and Supermon and in
> addition BOTH programs have been updated to the latest versions. The
> current and all past versions have serious security issues when running
> either of these programs exposed to the Internet. Whether or not you run
> theses programs outside of your local LAN ALL allmon2 or Supermon users
> should update and use the new code as soon as possible.
>
> The standard hamvoip update - ADMIN menu item 1 - will update both of these
> programs.
>
> All user password and ini files are preserved in these updates however
> there are a couple of caveats.
>
> In Supermon the global.php file no longer exists. Users need to re-enter
> their call, name, and location into the new global.inc file.
>
> The Allmon2,  allmon.ini.php and Supermon,  allmon.ini files BOTH REQUIRE
> a  'menu=yes' in each stanza to display that stanza. Leaving that out or
> making it 'menu=no' will turn off the display of that stanza. This is
> different than Allmon2 outside of the hamvoip release and prior versions of
> Supermon. We wanted to maintain compatibility between the two programs in
> the hamvoip release.
>
> Allmon2 has been updated to the latest version with the exception that it
> retains the old menu=yes|no and required yes to display as noted above.
>
> The Supermon code has been very much updated!!!  It is now Supermon 6.0+
> There are MANY enhancements and changes.  The howto on the hamvoip.org web
> page has been updated to reflect these enhancements and changes. It is
> *very
> important* for users to read the howto for all updated information. Here is
> a direct link to the howto -
>
> https://hamvoip.org/supermon_howto.pdf
>
> When you load it be sure to refresh your bowser as it may be retaining an
> old version.
>
> PLEASE NOTE that both Allmon2 and Supermon will not work properly with
> Microsoft browsers. Firefox, Chrome, etc. work fine.
>
> Thanks to all who found and helped fix the security bug. Users should still
> employ common sense when it comes to security. Use strong passwords and
> only make pages available to the outside world when necessary.  A future
> release will include user access control which will allow a sysop to
> control access to specific functions on a user by user basis.
>
> I think you will like the new features that both of these programs offer!
> Thanks to Paul, KN2R, Dave, KB4FXC, Tim, WD6AWP, for program updating and
> Neil, M0NFI who pointed out the security issue.
>
>
> *73 Doug*
>
> *WA3DSP*
>
> *http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
> _______________________________________________
>
> arm-allstar mailing list
> arm-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>



-- 
Bryan
K6CBR
Allstar Base: 43918, 43991
Allstar Mobile: 43913
www.k6cbr.us
QRZ <http://www.qrz.com/db/K6CBR>

More information about the arm-allstar mailing list