소프트스위치

오늘:
844
어제:
2,074
전체:
2,920,170

고객센타 : 070-7752-2000
팩스 : 070-7752-2001
휴대폰 : 010-9513-0019
email : voipkorea@yahoo.co.kr

국민은행
(주)제이에스솔루션
047101-04-155519

Flag Counter
■ 무료 : 유선 집전화 휴대폰 ( 한국 미국 중국 카나다) ↔ (국내 해외 여행자 상사 주재원 유학생) / 가입무 무제한무료■

https://www.opensips.org/Documentation/Tutorials-TLS-2-1


1.  Introduction

Configuring TLS can sometimes be time consuming, most times because of badly generated or used certificates. What this tutorial is trying to do is providing a basic TLS configuration for OpenSIPS which we know for sure that will work and be the entry point for future, more complicated, TLS setups. At first we will be trying to do the most important thing of all: generating some certificates which we can use to later configure OpenSIPS. If all you want to do is testing the TLS, you can always skip to section 2.4 Using OpenSIPS built-in certificates. The next step will be writing a script for OpenSIPS which will use TLS. After starting OpenSIPS, what we must do is testing that OpenSIPS works fine listening for TLS connections from UACs and creating new connections with UACs and debugging the handshake.

2.  Generating certificates

2.1  Overview

Before configuring OpenSIPS we need to have a CA and be able to sign certificates with this CA. In order to do this, we will configure a new CA and a user certificate signed by this CA. We will use OpenSIPS to achieve these goals, since it offers a very simple way to manage certificate related issues using opensipsctl script. Also, you can always create your own CA or set of certificates using the scripts provided by openSSL or by other means.

2.2  Creating the CA

Creating context

First thing we need to do is setup the context for our certificates to be created. Let’s say that you want to use $OPENSIPS_HOME/tls_cnf ($OPENSIPS_HOME represents the path to your OpenSIPS install). Create this folder (if it doesn’t exist) and inside create a folder named tls. Will explain later why we needed to do this.

cd $OPENSIPS_HOME 
mkdir tls_cnf; cd tls_cnf; mkdir tls



Setting up ca.conf file

Next we need to generate our certificating authority, but first we need a configuration file for this, because based on this configuration file, OpenSIPS will know the details of your request. In this configuration file you can set the paths where the CA will be generated, validity, DN etc. For users who did this before, it looks similar to “openssl.cnf” file. You can find an example in $OPENSIPS_HOME/etc/tls/ca.conf. In this tutorial we only want to make it work, so we will use that file by copying it to our tls_cnf/tls folder.

cp $OPENSIPS_HOME/etc/tls/ca.conf $OPENSIPS_HOME/tls_cnf/tls/



Creating the CA

Now that we set up the context, we can create the CA. Go to your $OPENSIPS_HOME/scripts folder.

cd $OPENSIPS_HOME/scripts



Here you should be able to find the opensipsctl script. Use the following command:

./opensipsctl tls rootCA $OPENSIPS_HOME/tls_cnf/tls



The rootCA parameter specifies to the script that you want to create a new certificating authority (the parameter cannot be changed). The last parameter specifies the folder where we want this CA to be installed, so we will choose the folder we set up earlier. 

After giving the command you will be requested to introduce a passphrase. We will use this passphrase later when we will create the certificates. The server certificate will consist of the certificate found in the new rootCA folder created $OPENSIPS_HOME/tls_cnf/tls/rootCA/cacert.pem, and the private key will be in $OPENSIPS_HOME/tls_cnf/tls/rootCA/private/cakey.pem.

2.3  Creating server and client certificates

To create a user certificate you will need to create request.conf and <user_name>.conf file in order to use opensipsctl. In this tutorial we will simply use the files provided by OpenSIPS in $OPENSIPS_HOME/etc/tls called request.conf and user.conf.

cp $OPENSIPS_HOME/etc/tls/request.conf $OPENSIPS_HOME/tls_cnf/tls/ 
cp $OPENSIPS_HOME/etc/tls/user.conf $OPENSIPS_HOME/tls_cnf/tls/ 



Next we have to go again to $OPENSIPS_HOME/scripts and use opensipsctl.

cd $OPENSIPS_HOME/scripts 
./opensipsctl tls userCERT user $OPENSIPS_HOME/tls_cnf/tls



The third parameter’s meaning is the name of the user which must be the same as the <user_name>.conf file. So, for example, if we wanted the user alice, the file must have had the name alice.conf . The fourth parameter represents the path where you have the configuration files. Now, that we have created the certificates we can move to the following section, a script example to use TLS with OpenSIPS.

2.4  Using OpenSIPS built-in certificates

If all you want to do is testing, you can always use the certificates located in $OPENSIPS_HOME/etc/tls, but we strongly recommend to you not to use this certificates in real case scenarios, because, as you can imagine, everyone has access to them. Also notice that the passphrase with which the CA is configured is opensips
IMPORTANT: in the following sections we will refer to the folder where the certificates are located as $CERT_DIR, so none of the paths presented above are valid anymore, but we will keep the notations rootCA as the folder where the CA is installed and user where the user certificates are.

3. Script example

3.1 Overview

As you probably discovered, in OpenSIPS 2.1 the tls became a module, so now, every parameter we want to pass to TLS will be a modparam parameter. The scenario is very simple, UAC is trying to send an invite to an UAS by using OpenSIPS as a proxy, and both connections UAC<->OpenSIPS and OpenSIPS<->UAS are using encrypted data transfer, using TLS. So we will try to provide a basic TLS script configuration which tries to use basically all the configurable parameters of the TLS module, from which you can start building your own.

3.2 The listener

In order to accept TLS connections, OpenSIPS must have a TLS listener. In order to do this we have to include the following line in our script:

listen=tls:<your-ip-address>:<port>



When OpenSIPS will start, you should be able to see the listener by entering the following command in your command line

netstat -tlp | grep <port>



where port is the port you gave to listen line in your script.

3.3 Including TLS module and setting the parameters

Since TLS became a module, now we need to insert the following line in the modules section

loadmodule "proto_tls.so"



Since this is a test scenario, we only want to check that the TLS handshake works fine, so we won’t set parameters to enable certificate checking or ciphers. As OpenSIPS enables these checkings by default because a real TLS configuration must check the certificates, we will need to disable them.

modparam("proto_tls", "verify_cert", "0") 
modparam("proto_tls", "require_cert", "0") 



We will need to specify the TLS method which will specify what type of protocol we will use. In this tutorial we will use “TLSv1”, but you can always use another one, see the full list in the module’s documentation section.

modparam("proto_tls", "tls_method", "TLSv1")



Also, in order for OpenSIPS to start, we need to configure some "global" certificates. We need to do this because we need a default match, if no domain is matched, we will need a default case, something to match everything, just like 0.0.0.0 route in routing tables. You can always jump over the following section 3.4 Setting up TLS domains directly to 3.5 Full script example, because they represent a more specific type of scripting, but it is recommended to read about server domains which allow you to use different settings on different listening interfaces.

 modparam("proto_tls", "certificate", "$CERT_DIR/rootCA/cacert.pem")           
 modparam("proto_tls", "private_key", "$CERT_DIR/rootCA/private/cakey.pem")    
 modparam("proto_tls", "ca_list", "$CERT_DIR/rootCA/cacert.pem")                
 modparam("proto_tls", "ca_dir", "$CERT_DIR/rootCA/")                



3.4 Setting up TLS domains

As specified in section 3.1 Overview, our scenario includes two TLS connections, one from the UAC to OpenSIPS and the second one from OpenSIPS to the UAS. Whereas in the first connection OpenSIPS will be the server side of the connection, in the second one it will be the client side so we need to define two different TLS domains.

 #first the  server domain
 modparam("proto_tls", "server_domain", "sv_dom=<your-ip-address>:<port>")           
 modparam("proto_tls", "certificate", "sv_dom:$CERT_DIR/rootCA/cacert.pem")           
 modparam("proto_tls", "private_key", "sv_dom:$CERT_DIR/rootCA/private/cakey.pem")    
 modparam("proto_tls", "ca_list", "sv_dom:$CERT_DIR/rootCA/cacert.pem")                

 #and the client domain                                                               
 modparam("proto_tls", "client_domain", "cl_dom=<UAS-ip-address>:<port>")            
 modparam("proto_tls", "certificate", "cl_dom:$CERT_DIR/user/user-cert.pem")          
 modparam("proto_tls", "private_key", "cl_dom:$CERT_DIR/user/user-privkey.pem")       
 modparam("proto_tls", "ca_list", 'cl_dom:$CERT_DIR/user/user-calist.pem")             



IMPORTANT: The ip address and port from the server domain must be the ones you set in the “listen” script line for OpenSIPS to match that domain. When OpenSIPS acts as client, the ip address and port must be the ones of the server (remote peer) with whom initiates the TLS handshake, so unless you do not know the remote address and port there is no need to define a client domain, default settings will be used.

3.5  Full script example

Now that we specified all we need to set in order to be able to use TLS both as a server and as a client we will specify here a full script (only the TLS part) in order to make things more clear. Basically it is all we explained in the previous sections of this chapter put together.

 #define the listener
 listen = tls:<your-ip-address>:<port>

 #set module path
 loadmodule “proto_tls.so”

 #set global tls parameters
 modparam("proto_tls", "verify_cert", "0")
 modparam("proto_tls", "require_cert", "0")
 modparam("proto_tls", "tls_method", "TLSv1")

 modparam("proto_tls", "certificate", "$CERT_DIR/rootCA/cacert.pem")           
 modparam("proto_tls", "private_key", "$CERT_DIR/rootCA/private/cakey.pem")    
 modparam("proto_tls", "ca_list", "$CERT_DIR/rootCA/cacert.pem")                
 modparam("proto_tls", "ca_dir", "$CERT_DIR/rootCA/")                


 #server domain
 modparam("proto_tls", "server_domain", "sv_dom=<your-ip-address>:<port>")
 modparam("proto_tls", "certificate", "sv_dom:$CERT_DIR/rootCA/cacert.pem")
 modparam("proto_tls", "private_key", "sv_dom:$CERT_DIR/rootCA/private/cakey.pem")
 modparam("proto_tls", "ca_list", "sv_dom:$CERT_DR/rootCA/cacert.pem")

 #client domain
 modparam("proto_tls", "client_domain", "cl_dom=<UAS-ip-address>:<port>")
 modparam("proto_tls", "certificate", "cl_dom:$CERT_DIR/user/user-cert.pem")
 modparam("proto_tls", "private_key", "cl_dom:$CERT_DIR/user/user-privkey.pem")
 modparam("proto_tls", "ca_list", "cl_dom:$CERT_DR/user/user-calist.pem")



4.  Troubleshooting

4.1 Overview

Now that we’ve set up OpenSIPS and started it, we need to do some debugging and see if everything works fine. There will be presented two ways to debug your TLS connection. First just verifying the TLS handshake with openSSL s_client and after this a more complex type of debugging which is teaching Wireshark to decrypt messages using the private key of the connection.

4.2 S_client simple testing

A very simple and fast method to see that the handshake works fine is the s_client tool that openSSL provides. The command for the script in the previous chapter looks like this

 openssl s_client -showcerts -debug -connect <your-ip-address>:<port> -no_ssl2 -bugs



The ip address and the port are the ones you have set earlier in the listen section of the script. If you want more advanced debugging, check the following section which tells you how to debug the tls connection using Wireshark.

4.3 Wireshark tracing

Wireshark allows us to catch the TLS handshake and also to decrypt the traffic, but in order to do this we must configure it to know the private keys of the connection. Go to Edit → Preferences → Protocols → SSL. Click the Edit button in RSA keys list section. Click the New button and add the ip address and port on which OpenSIPS is listening, the protocol (in our case sip) and in the Key File section search for the private key OpenSIPS uses for the connection ( for the example above $CERT_DIR/rootCA/private/cakey.pem). Save the configuration and then you can see both the TLS handshakes and the TCP messages that are being sent to and from OpenSIPS listening interface. 
IMPORTANT: Depending on your configuration, it might be necessary to configure both the private key of the server and the client in Wireshark!!!

조회 수 :
1029
등록일 :
2017.09.14
15:06:31 (*.160.88.18)
엮인글 :
http://webs.co.kr/index.php?document_srl=3311888&act=trackback&key=239
게시글 주소 :
http://webs.co.kr/index.php?document_srl=3311888
List of Articles
번호 제목 글쓴이 날짜 조회 수
155 OpenSIPS routing logic admin 2017-12-12 39
154 OpenSIPS example configuration admin 2017-12-12 40
153 opensips log output admin 2017-12-11 22
152 opensips complete configuration example admin 2017-12-10 30
151 Opensips1.6 ebook detail configuration and SIP signal and NAT etc file admin 2017-12-10 28
150 dictionary.opensips radius admin 2017-12-09 80
149 what is record_route() in opensips ? admin 2017-12-09 97
148 what is loose_route() in opensips ? file admin 2017-12-09 94
147 in opensips what is lookup(domain [, flags [, aor]]) admin 2017-12-09 96
146 in opensips db_does_uri_exist() what is admin 2017-12-09 93
145 in opensips what is has_totag() admin 2017-12-09 92
144 opensips exec module admin 2017-12-08 129
143 opensips push notification How to admin 2017-12-07 148
142 OpenSIPS Module Interface admin 2017-12-07 149
141 opensips configuration config explain easy basic 오픈쉽스 컨피그레이션 기본 설명 file admin 2017-12-07 152
140 openssl 을 이용한 인증서 생성 절차를 정리한다. 개인키 CSR SSL 인증서 파일 생성 admin 2017-09-14 1039
» Documentation -> Tutorials -> TLS opensips.cfg admin 2017-09-14 1029
138 Using TLS in OpenSIPS v2.2.x admin 2017-09-14 1012
137 opensips tls cfg admin 2017-09-14 1040
136 How to setup a Jabber / XMPP server on Debian 8 (jessie) using ejabberd admin 2017-09-13 1073
135 SIP to XMPP Gateway + SIP Presence Server opensips admin 2017-09-13 1031
134 OpenSIPS command line tricks admin 2017-09-13 1024
133 Fail2Ban Freeswitch How to secure admin 2017-09-12 1079
132 opensips.cfg. sample admin 2017-09-12 1047
131 Advanced SIP scenarios with Event-based-Routing admin 2017-09-11 1073
130 PUSH SERVER 푸시서버 안드로이드 애플 admin 2017-09-11 1074
129 오픈소스 (사내)메신저 서버 구축, 오픈 파이어(openfire) 설치방법과 세팅(리눅스 기준) admin 2017-09-09 1173
128 rtpengine config basic and opensips configuration and command admin 2017-09-06 1101
127 WebSocket Transport using OpenSIPS configuration 웹 소켓 컨피그레이션 기본 admin 2017-09-06 1086
126 OpenSIPS basic configuration script 기본 컨피그 admin 2017-09-05 1099
125 rtpengine install and config admin 2017-09-05 1132
124 Installing RTPEngine on Ubuntu 14.04 admin 2017-09-05 1148
123 compile only the textops module make modules=modules/textops modules admin 2017-09-05 1089
122 opensips command /sbin/opensipsctl detail admin 2017-09-04 1168
121 2017 08 31 opensips 2.32 install debian8.8 module install compile err modules admin 2017-09-04 1182
120 Build-Depends debian 8.8 opensips 2.3 admin 2017-09-04 1131
119 What is new in 2.3.0 opensips admin 2017-09-04 1272
118 ubuntu 安装配置opensips,rtpproxy,mediaproxy admin 2017-09-04 1155
117 How to install Mediaproxy 2.5.2 on CentOS 6 64 bit admin 2017-09-04 1223
116 Using TLS in OpenSIPS v2.2.x configuration admin 2017-09-04 1182
115 How to 2.3 download , OpenSIPS new apt repository. DEBs for Debian / Ubuntu admin 2017-09-02 1175
114 You can install CDRTool in the following ways: admin 2017-09-01 1204
113 How to Install OpenSIPS 2.1.2 Server on Ubuntu 15.04 admin 2017-09-01 1241
112 Opensips 2.32 download admin 2017-09-01 1180
111 OpenSIPS 2.3 install admin 2017-09-01 1260
110 JsSIP: The JavaScript SIP Library admin 2017-09-01 1222
109 WebSocket Transport using OpenSIPS admin 2017-09-01 1254
108 A2Billing and OpenSIPS – Part 1 admin 2017-08-29 1320
107 A2Billing and OpenSIPS – Part 2 admin 2017-08-29 1328
106 A2Billing and OpenSIPS – Part 3 admin 2017-08-29 1351
105 OpenSIPS 2.3 philosophy admin 2017-08-17 1439
104 The timeline for OpenSIPS 2.3 is admin 2017-08-17 1690
103 OpenSIPS Control Panel and Homer integration admin 2017-08-17 1432
102 Opensips sip capture re designed admin 2017-07-16 1590
101 WebRTC with OpenSIPS WebSocket is a protocol provides full-duplex admin 2015-04-04 6281
100 WebSocket Support in OpenSIPS 2.1 admin 2015-04-04 6831
99 OpenSIPS 2.1 (rc) is available, download now! admin 2015-03-22 6416
98 Service Provision Using Asterisk & OpenSIPS - AstriCon 2014 admin 2015-02-25 7978
97 SIP Signaling-Messages OpenSIPS Running On Multicore Server file admin 2014-11-02 15652
96 opensips.cfg for Asterisk admin 2014-10-20 17775
95 A2Billing and OpenSIPS config admin 2014-10-20 17135
94 Jitsi Videobridge meets WebRTC admin 2014-10-18 17222
93 A Survey of Open Source Products for Building a SIP Communication Platform admin 2014-10-18 16823
92 Script Function , Module Index v1.11 함수 모듈 opensips admin 2014-10-14 17028
91 Opensips TM module enables stateful processing of SIP transactions admin 2014-10-04 14733
90 kamailio.cfg configuration Example admin 2014-10-04 16884
89 opensips NAT Traversal Module admin 2014-10-02 16273
88 UAC Registrant Module admin 2014-09-28 17770
87 MediaProxy 2.3.x & OpenSIPS 1.5.x Integration admin 2014-08-24 16864
86 RTPPROXY Admin Guide admin 2014-08-24 17228
85 CANCEL MESSAGE not handled correctly admin 2014-08-23 17057
84 [Sipdroid] SIP data collection study tour admin 2014-08-23 17671
83 [OpenSIPS-Users] Opensips 1.10 NAT radius aaa admin 2014-08-23 17665
82 OpenSIPS Consultancy Pricing module install Server 판매 또는 설치및 컨설팅 가이드 admin 2014-08-23 17506
81 ICE: The ultimate way of beating NAT in SIP admin 2014-08-23 17308
80 Many OPENSIPS Configuration Examples This will Help you admin 2014-08-23 16997
79 Real-time Charging System for Telecom & ISP environments admin 2014-08-23 17599
78 OPENSIPS EBOOK admin 2014-08-21 17593
77 Opensips Documentation Function admin 2014-08-21 17783
76 Presence Tutorial OpenXCAP setup admin 2014-08-18 16815
75 Opensips Modules Documentation admin 2014-08-18 17654
74 A lightweight RPC library based on XML and HTTP admin 2014-08-18 17183
73 opensips Nat script with RTPPROXY - English Good perfect admin 2014-08-15 15291
72 OpenSIPS Control Panel (OCP) Installation Guide Good admin 2014-08-13 15175
71 Installation and configuration process record opensips opensips-cp admin 2014-08-13 27193
70 OpenSIPS as Homer Capture server admin 2014-08-13 15040
69 OpenSIPS , default script , Types of Routs , Routing in SIP, Video lecture admin 2014-08-13 16942
68 Configuracion de Kamailio 3.3 con NAT Traversal y XCAP. admin 2014-08-12 17347
67 Under RHEL6.5 install OpenSIPS 1.11.1 tls admin 2014-08-12 16253
66 OpenSIPS/OpenSER-a versatile SIP Server cfg admin 2014-08-11 17698
65 Kamailio Nat Traversal using RTPProxy admin 2014-08-11 17293
64 MediaProxy wiki page install configuration admin 2014-08-11 17299
63 오픈소스 (사내)메신저 서버 구축, 오픈 파이어(openfire) 설치방법과 세팅 admin 2014-08-11 26117
62 MediaProxy Installation Guide admin 2014-08-10 16893
61 RTPProxy 1.2.x Installation & Integration with OpenSIPS 1.5x admin 2014-08-10 18048
60 Opensips Installation, How to. Good guide wiki page admin 2014-08-10 14897
59 OpenSIPS Installation Notes admin 2014-08-09 14200
58 Installation and configuration process record opensips 1.9.1 admin 2014-08-09 16751
57 opensips 1.11.2 install Good Giide admin 2014-08-09 16759
56 fusionPBX install debian wheezy admin 2014-08-09 17165
55 opensips 1.11.2 install guide good 인스톨 가이드 admin 2014-08-09 16677
54 SigIMS IMS Platform admin 2014-05-24 17918
53 2013 2012년 분야별 최고의 오픈소스 소프트웨어 124선 admin 2014-04-05 18107
52 Video conference server OpenMCU-ru - Introduction admin 2014-04-01 20050
51 SIPSorcery admin 2014-03-18 18159
50 Ekiga (formely known as GnomeMeeting) is an open source SoftPhone admin 2014-03-12 18548
49 telepresence: Open Source SIP Telepresence/MCU admin 2014-03-12 20515
48 SIP PBX - OpenSIPS and Asterisk configuration admin 2014-03-12 16296
47 Conference Support in Kamailio (OpenSER) admin 2014-03-12 18869
46 OpenSIPS configuration for 2 or more FreeSWITCH installs admin 2014-03-12 16174
45 The Impact of TLS on SIP Server Performance file admin 2014-03-12 18395
44 book-opensips-101 / content / 3.2. SIP TLS Secure Calling.mediawiki admin 2014-03-12 17307
43 Where to check OpenSIPS does not start? admin 2014-03-09 17845
42 opensips-1.10.0_src.tar.gz experimental source code documentation admin 2014-03-09 18771
41 Kamailo OpenSIPs installation on Debian admin 2014-03-09 17144
40 Using the openSIPS Registrant Module admin 2014-03-09 18730
39 RTPproxy Frequentry Asked Questions (FAQ) ¶ admin 2014-03-07 16732
38 Building Telephony Systems with OpenSIPS 1.6 RTPProxy + OpenSIPS 1.7 admin 2014-03-07 18274
37 Installing RTPproxy Start RTPproxy in Bridged mode very good admin 2014-03-07 22287
36 OpenSIPS Control Panel (OCP) Installation Guide admin 2014-03-06 16633
35 OpenSIPS Control Panel install guide admin 2014-03-06 17482
34 rtpproxy Module admin 2014-03-06 18259
33 MediaProxy Installation Guide admin 2014-03-06 19133
32 How to install OpenSIPS on CentOS debian module add xcap admin 2014-03-06 18823
31 Problem with presence_xml module Opensips 1.9 admin 2014-03-06 18380
30 Building Telephony Systems with OpenSIPS 1.6 books file admin 2014-03-06 19220
29 Multimedia Service Platform admin 2014-03-06 17671
28 How to install OpenSIPS on CentOS Debian etc admin 2014-03-05 18669
27 Opensips Installation, How to. admin 2014-03-05 15060
26 100% CPU usage opensips admin 2014-03-05 17967
25 A2Billing and OpenSIPS admin 2014-03-04 18860
24 Opensips_1.9 install guide this is great I like this admin 2014-03-04 23045
23 Opensips install debian admin 2014-03-03 18935
22 Open Source VOIP applications, both clients and servers. admin 2013-11-20 19262
21 OfficeSIP Server is freeware VoIP, SIP server for Windows admin 2013-09-11 19915
20 My new toy: Bluebox-ng admin 2013-04-06 33189
19 Flooding Asterisk, Freeswitch and Kamailio with Metasploit admin 2013-04-06 28980
18 Asterisk Installation Asterisk Realtime configuration admin 2013-04-06 22679
17 The SIP Router Project admin 2013-04-06 21743
16 Kamailio :: A Quick Introduction admin 2013-04-06 18849
15 Welcome to the Smartvox Knowledgebase admin 2013-04-06 19527
14 Kamailio 3.3.x and Asterisk 10.7.0 Realtime Integration using Asterisk Database admin 2013-04-06 22656
13 OpenSIPS vs Asterisk admin 2013-04-06 31642
12 OpenSER_from_an_asterisk_POV file admin 2013-04-06 19491
11 Using SIP Devices behind NAT OPensip Asterisk IPPhone SIP Telephony file admin 2013-03-31 37320
10 rfc5766-turn-server admin 2013-03-21 21329
9 OpenSIPS Kick Start‎: VIDEO admin 2013-02-20 18729
8 OPENSIP Training VIDEO admin 2013-02-20 18657
7 What is new in 1.8.0 opensip admin 2012-05-21 40290
6 Asterisk v1.4x built on FreeBSD v7.1 UNIX admin 2012-01-06 31876