Just use the FreePBX Distro instead.

http://www.powerpbx.org/content/rhel-asterisk-freepbx-install-guide-rhel-v6-asterisk-v18-freepbx-v29

Do a Minimal Install of Centos 6.

After the reboot:

yum update -y

then reboot again.

If installing on XenServer (skip otherwise):

1. Mount the XenServer Tools virtual CD into the VM

2. mount /dev/xvdd /mnt/

3. /mnt/Linux/install.sh

4. reboot

yum -y groupinstall base core

yum -y install gcc gcc-c++ wget bison mysql-devel mysql-server php php-mysql php-pear php-pear-DB php-mbstring php-process nano tftp-server httpd make ncurses-devel libtermcap-devel sendmail sendmail-cf caching-nameserver sox newt-devel libxml2-devel libtiff-devel php-gd audiofile-devel gtk2-devel subversion nano kernel-devel

yum clean all

Disable the built-in firewall for now. We assume your PBX is in a protected, private environment.

See Security section below.

service iptables stop
chkconfig iptables off
service ip6tables stop
chkconfig ip6tables off

Disable selinux:

vim /etc/selinux/config

SELINUX=disabled

setenforce 0

http://www.php.net/manual/en/timezones.php

ln -sf /usr/share/zoneinfo/America/Phoenix /etc/localtime

vim -c 946 /etc/php.ini

Uncomment and set PHP timezone:

date.timezone = America/Phoenix

vim -c 878 /etc/php.ini

upload_max_filesize = 20M

wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.8-current.tar.gz
tar zxvf asterisk-1.8-current.tar.gz
cd /usr/src/asterisk-1.8*
make clean
./configure && make menuselect

Select all addons. I believe these are all needed or recommended for FreePBX. Select base and addon sounds. I suggest ulaw as they sound better than gsm especially if you are using ulaw as your default codec. I usually just check both. Then make sure to press the “save” button afterwards.

If upgrading Asterisk on an already running FreePBX system do NOT run make samples.

make && make install && make samples

Create an 'asterisk' user. The user may already exist but this won't hurt:

useradd -c "Asterisk PBX" -d /var/lib/asterisk asterisk

The following directory may already exist but just to make sure:

mkdir /var/run/asterisk

Set ownership of various folders:

chown -R asterisk /var/run/asterisk
chown -R asterisk /var/log/asterisk
chown -R asterisk /var/lib/asterisk/moh
chown -R asterisk /var/lib/php/session

Adjust the manager interface username and password:

vim /etc/asterisk/manager.conf

Add a stanza like:

[admin]
secret = your-manager-password
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.0
read = system,call,log,verbose,command,agent,user
write = system,call,log,verbose,command,agent,user

Here we create a symbolic link so that both FreePBX and Asterisk will find and store MOH files in the same place:

ln -s /var/lib/asterisk/moh /var/lib/asterisk/mohmp3

Asterisk and FreePBX now only use .wav files for MOH so install mpg123 for converting uploaded mp3's to wav's:

cd /usr/src
wget http://sourceforge.net/projects/mpg123/files/mpg123/1.13.4/mpg123-1.13.4.tar.bz2/download
tar -xjvf mpg123-1.13.4.tar.bz2

cd mpg123-1.13.4
./configure && make && make install

ln -s /usr/local/bin/mpg123 /usr/bin/mpg123

Here we set the web server to run as the user 'asterisk' and group 'asterisk'.

sed -i "s/User apache/User asterisk/" /etc/httpd/conf/httpd.conf
sed -i "s/Group apache/Group asterisk/" /etc/httpd/conf/httpd.conf

service mysqld start

cd /usr/src/freepbx-2.10.0                       # adjust version if necessary
mysqladmin create asterisk
mysqladmin create asteriskcdrdb
mysql asterisk < SQL/newinstall.sql
mysql asteriskcdrdb < SQL/cdr_mysql_table.sql

mysql

Run these MySQL commands and adjust for your own password:

GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO asteriskuser@localhost IDENTIFIED BY 'your-password';

GRANT ALL PRIVILEGES ON asterisk.* TO asteriskuser@localhost IDENTIFIED BY 'your-password';

flush privileges;

exit

Finally, we set the MySQL root password. Don't forget it!

mysqladmin -u root password 'your-mysql-root-password'

Get the latest released version.

cd /usr/src
wget http://mirror.freepbx.org/freepbx-2.10.0.tar.gz     # adjust version if necessary
tar zxvf freepbx-2.10.0.tar.gz

MySQL should still be running…

Start asterisk. You can ignore warnings, errors, and notices for now:

/usr/sbin/safe_asterisk

cd /usr/src/freepbx-2.10.0
./install_amp

You will be asked various questions which will be used to populate /etc/amportal.conf.

Use the defaults, mostly, but change:

Now we delete a few configuration files that may interfere with FreePBX:

rm -f /etc/asterisk/{sip_notify.conf,iax.conf,logger.conf,features.conf,sip.conf,extensions.conf,ccss.conf,chan_dahdi.conf}

vim /etc/asterisk/cdr_mysql.conf

loguniqueid=yes             # add to [Global] section which you may need to also un-comment

cat << EOF >> /etc/logrotate.d/asterisk
/var/log/asterisk/messages /var/log/asterisk/*log /var/log/asterisk/full {
   missingok
   notifempty
   sharedscripts
   create 0640 asterisk asterisk
   postrotate
   /usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null
   endscript
}
EOF

kill -HUP $(pidof rsyslogd)

Enable Apache, MySQL and FreePBX to autostart on boot:

chkconfig httpd on
chkconfig mysqld on
echo /usr/local/sbin/amportal start >> /etc/rc.local

Reboot now!

Before using FreePBX, you have to visit the configuration page at: http://IP.of.PBX

Click “Apply Configuration Changes”

Reboot again

The FreePBX administration console: http://IP.of.PBX

Save each change and click Apply Configuration after done making changes.

FreePBX → Admin → Administrators → admin →

• Password → your-freepbx-admin-password

FreePBX → Settings → Advanced Settings → Asterisk Manager →

• Asterisk Manager Password → your-asterisk-manager-password

FreePBX → Settings → Advanced Settings → System Setup →

• User Portal Admin Username → your-ari-admin-username
• User Portal Admin Password → your-ari-admin-password

FreePBX → Admin → Module Admin → Check Online → Upgrade All → Process

Now continue your configuration here:

FreePBX Configuration

See also FreePBX Firewall

The following ports may need to be opened:

Firewall options:

system-config-firewall-tui

Arno's Firewall

See Fail2Ban.

For a base CentOS 6.2 box, after installing Fail2Ban via the EPEL repo, you can just copy and paste the following in one go to get a basic Fail2Ban installation set up for your PBX:

cat << EOF >> /etc/fail2ban/fail2ban.local
# Fail2Ban local configuration file
#
# This file overrides the fail2ban.conf file

[Definition]
logtarget = /var/log/fail2ban.log

EOF

cat << EOF >> /etc/fail2ban/jail.local
# Fail2Ban local configuration file
#
# This file overrides the jail.conf file

[DEFAULT]
ignoreip = 127.0.0.1 209.193.64.0/24 70.176.57.141
bantime  = 600
findtime  = 600
maxretry = 3
backend = auto


[asterisk-iptables]
enabled  = true
filter   = asterisk
action   = iptables-allports[name=SIP, protocol=all]
#           sendmail-whois[name=SIP, dest=none@yourpbx.com, sender=none@yourpbx.com]
logpath  = /var/log/asterisk/fail2ban
maxretry = 5
bantime = 600

[ssh-iptables]
enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
#           sendmail-whois[name=SSH, dest=none@yourpbx.com, sender=none@yourpbx.com]
logpath  = /var/log/secure
maxretry = 3

[apache-tcpwrapper]
enabled  = true
filter   = apache-auth
action   = iptables-allports[name=PBX-GUI, port=http, protocol=tcp]
#           sendmail-whois[name=PBX-GUI, dest=none@yourpbx.com, sender=none@yourpbx.com]
logpath  = /var/log/httpd/error_log
maxretry = 3

[vsftpd-iptables]
enabled  = true
filter   = vsftpd
action   = iptables[name=FTP, port=ftp, protocol=tcp]
#           sendmail-whois[name=FTP, dest=none@yourpbx.com, sender=none@yourpbx.com]
logpath  = /var/log/vsftpd.log
maxretry = 3
bantime  = 600

[apache-badbots]
enabled  = true
filter   = apache-badbots
action   = iptables-multiport[name=BadBots, port="http,https"]
#           sendmail-whois[name=PBX GUI, dest=none@yourpbx.com, sender=none@yourpbx.com]
logpath  = /var/log/httpd/*access_log
bantime  = 600
maxretry = 1

EOF

cat << EOF >> /etc/fail2ban/filter.d/asterisk.conf
# Fail2Ban configuration file
#
# Asterisk Filter - /etc/fail2ban/filter.d/asterisk.conf

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
#before = common.conf

[Definition]

#_daemon = asterisk

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S+)
# Values:  TEXT
#

failregex = Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Wrong password
	    Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - No matching peer found
	    Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Device does not match ACL
	    Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Username/auth name mismatch
	    Registration from '.*' failed for '<HOST>(:[0-9]{1,5})?' - Peer is not supposed to register
	    NOTICE.* <HOST> failed to authenticate as '.*'$
	    NOTICE.* .*: No registration for peer '.*' (from <HOST>)
	    NOTICE.* .*: Host <HOST> failed MD5 authentication for '.*' (.*)
	    VERBOSE.* logger.c: -- .*IP/<HOST>-.* Playing 'ss-noservice' (language '.*')

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

EOF

service fail2ban restart

Verify that the username and password in /etc/asterisk/manager.conf and /etc/amportal.conf match.

http://www.freepbx.org/support/documentation/faq/changing-the-asterisk-manager-password

If you see an error during FreePBX installation like:

Checking for PEAR DB..FAILED

try:

pear install DB

then re-run:

./install_amp

If you enable remote access to your PBX, secure it!

NAT is a real hurdle for SIP. The best way to deal with NAT issues is to not use NAT if at all possible. NAT on both ends may not be worth attempting if using SIP, it's just not a NAT-friendly protocol like IAX.

Using phones with IAX protocol support is a good alternative if the PBX is behind NAT.

IAX protocol is pretty much Asterisk-specific.

If your PBX is behind NAT, forward the single UDP port 4569 from your NAT firewall in to the PBX.

http://www.freepbx.org/support/documentation/howtos/howto-setup-a-remote-sip-extension

If your PBX is behind NAT and you'd still like to try getting remote SIP extensions to work:

vim /etc/asterisk/sip_nat.conf

localnet=192.168.1.0/255.255.255.0      #your local network
externhost=your.fqdn.hostname           #your resolvable host name
fromdomain=your.fqdn.domain.name        #your domain mane
nat=yes
qualify=yes
externrefresh=10
canreinvite=no

asterisk -rx reload                     #reload Asterisk configuration

This should be the default:

vim -c 457 /etc/php.ini

memory_limit = 128M

amportal stop

rm -f /etc/asterisk/{sip_notify.conf,iax.conf,logger.conf,features.conf,sip.conf,extensions.conf,ccss.conf,chan_dahdi.conf}

/usr/sbin/safe_asterisk

cd /usr/src/freepbx-2.10.0
./install_amp

Visit the configuration page at: http://IP.of.PBX

Click “Apply Settings”

Reboot