⚠️ Legal Disclaimer

This guide is provided for educational and research purposes only.

Elastix 4.0.76 is an outdated and unsupported version of the Elastix IP PBX platform. The original Elastix project is no longer maintained and has been acquired by 3CX in 2016, which now distributes its own proprietary version.

The download link shared in this article is from a third-party source, not from the official Elastix or 3CX websites.
Therefore, anyone downloading or using this file does so at their own risk.
The author of this blog assumes no responsibility for any damage, data loss, or legal issues arising from the use of unofficial software or links.

It is strongly recommended to use the latest official version of 3CX or other actively supported open-source IP PBX solutions (such as FreePBX, Issabel, or FusionPBX) for production environments.

By continuing to follow this guide or download any linked file, you acknowledge that you understand and accept these terms.

___________________________________________________________________

 

Here is how to prepare your CentOS7 based Elastix (v4)

 

1) Stop Elastix Update

Run the commands in PuTTy

service elastix-updaterd stop
chkconfig elastix-updaterd off

 

2) Make the repository archive compatible for long term use

 

systemctl stop yum-cron
systemctl disable yum-cron
systemctl stop PackageKit
systemctl disable PackageKit

 

rm -f /etc/yum.repos.d/*

 

Create the pre repository file, first;

 

cat <<EOF | tee /etc/yum.repos.d/community-archive.repo
[base]
name=CentOS7 - Base - archive.kernel.org - Community Archive
baseurl=http://archive.kernel.org/centos-vault/7.0.1406/os/\$basearch/
gpgcheck=1
gpgkey=http://archive.kernel.org/centos-vault/RPM-GPG-KEY-CentOS-7
enabled=1

[updates]
name=CentOS7 - Updates - archive.kernel.org - Community Archive
baseurl=http://archive.kernel.org/centos-vault/7.0.1406/updates/\$basearch/
gpgcheck=1
gpgkey=http://archive.kernel.org/centos-vault/RPM-GPG-KEY-CentOS-7
enabled=0

[extras]
name=CentOS7 - Extras - archive.kernel.org - Community Archive
baseurl=http://archive.kernel.org/centos-vault/7.0.1406/extras/\$basearch/
gpgcheck=1
gpgkey=http://archive.kernel.org/centos-vault/RPM-GPG-KEY-CentOS-7
enabled=0
EOF

 

Clean the repository cache

yum clean all

yum repolist

 

Now, update NSS and CURL to fix SSL/TLS error to use https;

yum update nss curl -y

yum update ca-certificates -y

 

reboot

 

Finally, the system is ready to install any new software by yum install command !

 

Install some primary tool;

yum install -y nano wget unzip bind-utils nmap nmap-ncat ntpdate tcpdump traceroute

ntpdate pool.ntp.org

 

 

!!! Never Update the System !!! as we will use the old Elastix for lifetime !

 

3) Install Webmin Minimal for GUI Tools

 

cd /tmp

wget http://frankinternet.s3.us-east-1.amazonaws.com/elastix/webmin-2.610-minimal.tar.gz

gunzip webmin-2.610-minimal.tar.gz

tar xf webmin-2.610-minimal.tar

cd webmin-2.610

./setup.sh /usr/local/webmin

 

* When the setup.sh script is run, it will ask some questions, enter the answers as your desired setup. You can customize your WebminFile Manager panel web port (custom port number as 59152) here.

 

Upload the File Manager and Terminal module;

Login to Webmin panel:

https://server-ip:59152

 

Download the modules to your Local PC;

http://frankinternet.s3.us-east-1.amazonaws.com/elastix/filemin.wbm.gz

http://frankinternet.s3.us-east-1.amazonaws.com/elastix/xterm.wbm.gz

 

Webmin > Webmin Configuration > Webmin Modules > From uploaded file; Choose file; filemin.wbm.gz > Install Module

 

Webmin > Webmin Configuration > Webmin Modules > From uploaded file; Choose file; xterm.wbm.gz > Install Module

 

Adjust Log Rotation;

Webmin > Webmin Configuration > Logging

Periodically clear log files?
Yes: 24 hours

Install CSF for security;

systemctl stop firewalld

systemctl disable firewalld

yum remove firewalld -y

 

cd /usr/src

rm -fv csf.tgz

wget http://frankinternet.s3.us-east-1.amazonaws.com/elastix/csf.tgz

tar -xzf csf.tgz

cd csf

sh install.sh

systemctl enable csf

Webmin > Webmin Configuration > Webmin Modules >
From local file > /usr/local/csf/csfwebmin.tgz > Install Module

 

Necessary ports: 80,443,5004:5082,10000:20000,51194,59152
Outgoing: 0:65535

 

Connection test commands;

nc -vz -u 192.168.xx.xx 5060

traceroute -p 5060 192.168.xx.xx

asterisk -rx "core reload" asterisk -rx "sip show registry"

 

Add Webmin Menu in Elastix Panel;

nano /var/www/html/themes/tenant/_common/_menu.tpl

Use File Manager to edit the file.

Search for {$SHORTCUT} in the tpl file, and add some code just after that, look likes below:

 

{/foreach}

{$SHORTCUT}

<br />
<li class="header">System Tools</li>
<li>
<a href="https://server-ip:59152" target="_blank">
<i class="fa fa-plug"></i>
<span>Firewall & FileManager/Terminal</span>
</a>
</li>

</ul>
</div>

 

4) Disable Subscription popup after logging in everytime

nano /var/www/html/modules/registration/index.php

Put a return; at the begining just after php start tag, looks like below:

<?php
return;
/* vim: set expandtab...

 

5) SIP Login Failer Blocking by CSF LFD

nano /etc/csf/csf.conf

Lookup at nearly ending of the file; # Log file locations

Change the (CUSTOM1_LOG = “/var/log/customlog”) to:

CUSTOM1_LOG = "/var/log/asterisk/full"

 

 

Now, add the Regex for identify the culprit;

 

nano /etc/csf/regex.custom.pm

Find the line (# Do not edit beyond this point), and add the regex codes just before that line, that will be looks like below:

###############################################################################

# Custom rule for Asterisk SIP Registration Failures
if (($lgfile eq '/var/log/asterisk/full') and ($line =~ /Registration from '.*' failed for '(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(:[0-9]+)?'\s+-\s+(Wrong password|Username\/auth name mismatch|No matching peer found)/)) {
my $ip = $1;
return ("Failed SIP Registration from $ip", $ip, "SIP_BLOCKER", "3", "5060", "1", "0");
}
# Custom rule for SIP Timeout on Non-Critical Invite (Ghost Calls)
if (($lgfile eq '/var/log/asterisk/full') and ($line =~ /chan_sip\.c: Timeout on [^@]+@(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) on non-critical invite transaction/)) {
my $ip = $1;
return ("SIP Invite Timeout Attack from $ip", $ip, "SIP_TIMEOUT_BLOCK", "3", "5060", "1", "0");
}
# Custom rule for Asterisk AMI Login Failures
if (($lgfile eq '/var/log/asterisk/full') and ($line =~ /manager\.c:\d+ authenticate:\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+(?:tried to authenticate with nonexistent user|failed to authenticate as)/)) {
my $ip = $1;
return ("Failed AMI Login from $ip", $ip, "AMI_BRUTE", "3", "5038", "1", "0");
}

# Do not edit beyond this point

 

Then, restart csf;
csf -r

 

CSF Configuration additional:

CC_ALLOW_FILTER = BD

DENY_IP_LIMIT = 2000

 

6) Customize SIP Configuration

Go to PBX > Tools > Asterisk File Editor, and click show filter

Type sip_general_custom in the filter field and find the configuration file

Click on “sip_general_custom.conf” file

Paste the following script to the end of the file, then save the file

 

allowguest=no
alwaysauthreject=yes
externip=your_public_real_ip
localnet=your_private_ip/24
nat=yes
canreinvite=no
videosupport=yes
maxcallbitrate=384
allow=h261
allow=h263
allow=h263p
allow=h264
allow=vp8
allow=ulaw
allow=gsm

 

7) Restart the System

Finally,  restart

reboot
By Published On: October 11th, 2025Categories: Elastix IP PBX, IP Telephony, Linux Prepare0 Comments on Step 3 – Elastix After Installation – Repository & UpdateTags: , , , , , , Views: 63

Leave A Comment