When we have our basic DACLs in order, we can consider a number of other methods for keeping the Asterisk system secure.
There are several tools that can be installed and used to improve security on Asterisk, and describing the options for many of them would take up entire bookshelves of their own. Here, we will discuss some of the simpler tools for keeping you informed on how secure your system is.
We could install Tripwire or another file integrity checker to monitor the checksums (hash values calculated from a file's contents) in order to ensure that the contents of a file haven't changed. This helps by informing us whenever a file changes; more specifically, it focuses on binary files. Hence, if an attacker succeeded in altering the Asterisk binary or one of the modules, you would know about it. You can also monitor other operating system files (netstat, ps, top
, and so on) in order to ensure that they haven't been tampered with....