[opensuse] Looking for that perfect compliment to hylafax -- AvantFax
List, Hylafax is a fantastic fax server included with openSuSE whether using a single modem on an old 486 or running a corporate pbx with multi-line modem attachments. One issue has always been the clients for the hylafax server in a mixed windows/linux environment and fax distribution after the fax comes in. I just stumbled across avantfax based on an earlier thread today. AvantFax is a php, mysql compliment to hylafax that has some fantastic, long looked for features. (at least looked for by me) If you deal with faxes, this is definitely worth a look. AvantFAX is open source and is released under the GNU General Public License: http://www.avantfax.com/ http://www.avantfax.com/fax-processing.php Perhaps someone that is adept with building packages for opensuse would consider packaging avantfax. One cool tool. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 12 Feb 2009 18:49:57 David C. Rankin wrote:
List,
Hylafax is a fantastic fax server included with openSuSE whether using a single modem on an old 486 or running a corporate pbx with multi-line modem attachments. One issue has always been the clients for the hylafax server in a mixed windows/linux environment and fax distribution after the fax comes in.
I just stumbled across avantfax based on an earlier thread today. AvantFax is a php, mysql compliment to hylafax that has some fantastic, long looked for features. (at least looked for by me) If you deal with faxes, this is definitely worth a look. AvantFAX is open source and is released under the GNU General Public License:
http://www.avantfax.com/fax-processing.php
Perhaps someone that is adept with building packages for opensuse would consider packaging avantfax. One cool tool.
Whilst it does look promising, I have a couple of concerns with this app that lead me to believe that I would *only* run it on a dedicated machine that was carefully firewalled from the outside world and the rest of the network and had no other critical systems running on it: 1. Their install script disable SELinux for apache (in fact the app requires this to be so - I suspect that this would also be the case for apparmour). 2. The install script messes with the /etc/sudoers file and adds priveleges to the apache user that I might not necessarily want it to have. To be fair, exactly what the install script does (and manual steps required for installation) are well documented on their web site. Nevertheless, any application that requires a lessening of security level on a machine to run raises question marks for me. Having said that, I'm not likely to need to worry about that because a) I don't run a networked fax server and b) I'm not a network adminstrator for any network that matters (only my home network) but I can only imagine how near to impossible it would be for me to convince the network admins at work that it would be a good idea to try it... -- =================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au ===================================================
Rodney Baker wrote:
Whilst it does look promising, I have a couple of concerns with this app that lead me to believe that I would *only* run it on a dedicated machine that was carefully firewalled from the outside world and the rest of the network and had no other critical systems running on it:
1. Their install script disable SELinux for apache (in fact the app requires this to be so - I suspect that this would also be the case for apparmour).
2. The install script messes with the /etc/sudoers file and adds priveleges to the apache user that I might not necessarily want it to have.
To be fair, exactly what the install script does (and manual steps required for installation) are well documented on their web site. Nevertheless, any application that requires a lessening of security level on a machine to run raises question marks for me.
Having said that, I'm not likely to need to worry about that because a) I don't run a networked fax server and b) I'm not a network adminstrator for any network that matters (only my home network) but I can only imagine how near to impossible it would be for me to convince the network admins at work that it would be a good idea to try it...
Rodney, Thanks for the heads up, but they must need to update their site for the current version because that install doesn't mess with SELinux for apache at all. The setup with regard to sudoers simply add the ability of the apache2 user 'wwwrun' to command /usr/sbin/faxdeluser, /usr/sbin/faxadduser and to /sbin/reboot, or /sbin/halt the server in case of problems. # SETUP SUDO PERMISSIONS cat /etc/sudoers | grep -v requiretty > /tmp/sudoers echo "$HTTPDUSER ALL= NOPASSWD: /sbin/reboot, /sbin/halt, /usr/sbin/faxdeluser, /usr/sbin/faxadduser -u * -p * *" >> /tmp/sudoers if [ ! -f /etc/sudoers.orig ]; then mv /etc/sudoers /etc/sudoers.orig fi mv /tmp/sudoers /etc/sudoers chmod 0440 /etc/sudoers chown root.root /etc/sudoers The original change made to /etc/sudoers was to add: wwwrun ALL= NOPASSWD: /sbin/reboot, /sbin/halt, /usr/sbin/faxdeluser, /usr/sbin/faxadduser -u * -p * * Which all I did was to remove the reboot and halt to prevent the server from being shot-in-the-head by the web server: wwwrun ALL= NOPASSWD: /usr/sbin/faxdeluser, /usr/sbin/faxadduser -u * -p * * I agree, that without the removal, your recommendation of it only being run on a standalone box hits the nail on the head. I didn't see to much of a security concern about having wwwrun control the faxadduser and faxdeluser script. Additionally, the control is limited by user and password. I'm still working with it to get it tweaked, but for the amount of faxes we get to already have the date and time of arival databased so that the assistants just have to provide the to: from: and case no.: info is a big help. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
David C. Rankin
-
Rodney Baker