[cisco-voip] ODBC Access to Call Manager CCM & CAR DBs

Lelio Fulgenzi lelio at uoguelph.ca
Mon Nov 12 16:41:48 EST 2018 

Too bad there isn’t a CUDLI equivalent. No puppies would have to die.

-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1<x-apple-data-detectors://1/0>
519-824-4120 Ext. 56354<tel:519-824-4120;56354> | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Nov 12, 2018, at 4:38 PM, Pete Brown <jpb at chykn.com<mailto:jpb at chykn.com>> wrote:

Disclaimer - For lab use only.  The following will void your warranty, render your instance unsupportable by TAC and probably cause your favorite pet to spontaneously combust.  There are perfectly legitimate reasons why Cisco keeps the internal databases shielded from direct access by external applications.  That being said, enjoy!

I got tired of going through the APIs to run queries on the CCM DB.  Also got tired of having to have an SFTP server or using more APIs to look at CDR data.  Here are the steps to give yourself direct access to both databases from a remote host.  Keep in mind that they're not just separate databases, but on separate Informix instances.

This method uses the temporary remote support credentials to make the ODBC connection.  You can create a separate OS user and grant rights to that account instead.  Using the remote support account here because this email is long enough as is.


/* Enable remote support */
admin:utils remote_account enable
Successful in enabling RemoteSupport
admin:utils remote_account create myroot 30
Account Successfully created
Account        : myroot
Passphrase     : XXXXXXXXXX03
Expiry         : 12-12-2018:19:00:00 (MM-DD-YYYY:Hr:Min:Sec)
Decode Version : 3
admin:exit

/* Connect as Remote Support */
Use UCOS Password Decrypter to decode passphrase
SSH in using remote support account

/* Get Instance Names */
[root at cucmpub myroot]# grep _ccm /etc/services
...
cucmpub_ccm12_0_1_12000_1   1500/tcp        # IDS on cucmpub
...
[root at cucmpub myroot]# grep _car /etc/services
...
cucmpub_car12_0_1_12000_1   1510/tcp        # CAR IDS instance
...

/* SU to Informix user */
[root at cucmpub myroot]# su - informix

/* Get Database Names */
-bash-4.1$ echo 'select name from sysdatabases' | dbaccess sysmaster at cucmpub_ccm12_0_1_12000_1
...
name  ccm12_0_1_12000_1
...
-bash-4.1$ echo 'select name from sysdatabases' | dbaccess sysmaster at cucmpub_car12_0_1_12000_1
...
name  car
...

/* Grant Informix Access */
-bash-4.1$ echo 'GRANT DBA TO myroot' | dbaccess ccm12_0_1_12000_1 at cucmpub_ccm12_0_1_12000_1
-bash-4.1$ echo 'GRANT DBA TO myroot' | dbaccess car at cucmpub_car12_0_1_12000_1
-bash-4.1$ exit

/* Open ports in firewall */
[root at cucmpub myroot]# iptables -A INPUT -p tcp -m tcp --dport 1510 --tcp-flags SYN SYN -j DROP
[root at cucmpub myroot]# iptables -A INPUT -p tcp -m tcp --dport 1500 --tcp-flags SYN SYN -m hashlimit --hashlimit 35/second  --hashlimit-burst 2000 --hashlimit-mode srcip,dstport --hashlimit-name TCP_1500_DOS -j ACCEPT
[root at cucmpub myroot]# iptables -A INPUT -p tcp -m tcp --dport 1500 --tcp-flags SYN SYN -m limit --limit 1/minute --limit-burst 1 -j LOG --log-prefix " Exceeded hashlimit " --log-level warn
[root at cucmpub myroot]# iptables -A INPUT -p tcp -m tcp --dport 1500 --tcp-flags SYN SYN -j DROP
[root at cucmpub myroot]# iptables -A INPUT -p tcp -m tcp --dport 1510 --tcp-flags SYN SYN -m hashlimit --hashlimit 35/second  --hashlimit-burst 2000 --hashlimit-mode srcip,dstport --hashlimit-name TCP_1510_DOS -j ACCEPT
[root at cucmpub myroot]# iptables -A INPUT -p tcp -m tcp --dport 1510 --tcp-flags SYN SYN -m limit --limit 1/minute --limit-burst 1 -j LOG --log-prefix " Exceeded hashlimit " --log-level warn
[root at cucmpub myroot]# iptables -A INPUT -p tcp -m tcp --dport 1510 --tcp-flags SYN SYN -j DROP


Now you can use the myroot credentials along with the Informix Client SDK to connect directly to Informix.  I loaded the 64 bit Windows client SDK (clientsdk.4.10.FC9DE.WIN.zip) so I could create a linked server in MSSQL and run queries via MS SQL Studio.
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20181112/6f8fe069/attachment.html>

More information about the cisco-voip mailing list