Fw_upgrade version 8.3 release

breda wrote

Hi, harpss1ngh Thanks is the updated GitHub files in the links?


wget http://itus.accessinnov.com/file/n896/dnsmasq.dnsmasq
wget http://itus.accessinnov.com/file/n896/e2guardian.lua
wget http://itus.accessinnov.com/file/n896/fw_upgrade.fw_upgrade
wget http://itus.accessinnov.com/file/n896/index.htm
wget http://itus.accessinnov.com/file/n896/update_fw_upgrade_8.sh
wget http://itus.accessinnov.com/file/n896/write-categories.sh


Wget http://itus.accessinnov.com/file/n814/.version

Ask @Roadrunnere42. The links are his and I have nothing to do with Github, I'm just another user on this forum posting what worked for me. I don't provide any warranty for anything I contribute.

Hi, @harpss1ngh thanks need help with your how to direction

http://itus.accessinnov.com/Guide-How-to-fix-resurrect-a-bricked-Shield-and-update-to-1-51SP1-w-hotfixes-amp-fw-upgrade-td931.html#a964

I have updated my guide to incorporate @Gnomad's changes from Github.

Thanks @Gnomad

Hi,  Roadrunnere42 I'm Seeing few errors in my system logs  with snorts here the errors



Sun May 29 16:21:50 2016 daemon.notice snort[8347]: S5: Session exceeded configured max bytes to queue 1048576 using 1049358 bytes (server queue). 104.220.134.67 55106 --> 74.125.34.46 80 (0) : LWstate 0x9 LWFlags 0x6007

Sun May 29 17:17:26 2016 daemon.notice snort[8347]: S5: Pruned session from cache that was using 1107581 bytes (stale/timeout). 104.220.134.67 55106 --> 74.125.34.46 80 (0) : LWstate 0x9 LWFlags 0xe007

Sun May 29 17:24:03 2016 daemon.notice snort[8347]: S5: Session exceeded configured max bytes to queue 1048576 using 1049453 bytes (server queue). 104.220.134.67 57860 --> 74.125.34.46 80 (0) : LWstate 0x9 LWFlags 0x6007

Sun May 29 18:24:03 2016 daemon.notice snort[8347]: S5: Pruned session from cache that was using 1107913 bytes (stale/timeout). 104.220.134.67 57860 --> 74.125.34.46 80 (0) : LWstate 0x9 LWFlags 0xe007


Thanks

Hi breda

user8446 is the best person of this a he has done some work on optimizing snort and put some suggestion on the forum

roadrunnere42

Gnomad wrote

Thanks Roadrunnere42,
update worked, although I noticed that admin_status/index.htm was logging:

daemon.err uhttpd[4517]: cat: can't open '.version': No such file or directory

I think .version was incorrectly included on the "Shield Update Last Run" line:

luci.sys.exec("cat /.do_date .version  | cut -c5-10")

So I've just added a tweak into GitHub that avoids the need for a separate .version file to be manually updated. Now, fw_upgrade parses the header comments to look for the version number, and pushes that straight into the .do_date file.  There are also corresponding admin_status changes to match.  Nothing urgent, but a change that'd be useful to push out with the next 8.4 version published.

.do_date is set by fw_upgrade when the update is run (see the line with 'date > /.do_date'.
.version was intended to keep track of the version of fw_upgrade.

So the correct line should have been

luci.sys.exec("cat /.do_date | cut -c5-10")

 

luci.sys.exec("cat /.version")

 however this usage of .version has been outdated on github already.

Thanks Roadrunnere42   @user8446  when you have some time can you tell me if there is any setting I have to change for the snort


Take care

Breda,

Here's the latest snort config for bridge mode which increases the memcaps for those errors. It's at /etc/snort/snort_bridge.conf or in the GUI at Services>Intrusion Prevention>Snort Config

snort_bridge.conf

Hi user8446 thanks do I just overwrite the file with the one us posted?

Yes.

Yes, understood all that, cheers :)
- gnomad (a.k.a. Dave on github)

Hi user8446 thanks just updated the file i did see this errors


Thu Jun  2 13:04:16 2016 daemon.crit dnsmasq[4364]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf
Thu Jun  2 13:04:16 2016 daemon.crit dnsmasq[4364]: FAILED to start up
Thu Jun  2 13:04:16 2016 daemon.emerg procd: sed: /mnt/ramdisk/malicious: No such file or directory
Thu Jun  2 13:04:16 2016 daemon.emerg procd: sed: /mnt/ramdisk/ads: No such file or directory
Thu Jun  2 13:04:16 2016 daemon.emerg procd: sed: /mnt/ramdisk/illegal: No such file or directory
Thu Jun  2 13:04:16 2016 daemon.emerg procd: Updated redirect ip address: 192.168.1.112: update_blacklist
Thu Jun  2 13:04:16 2016 user.notice Updated redirect ip address: 192.168.1.112: update_blacklist
Thu Jun  2 13:04:16 2016 daemon.emerg procd:  copying new sorted rules....this may take a minute.
Thu Jun  2 13:04:18 2016 daemon.crit dnsmasq[4474]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf
Thu Jun  2 13:04:18 2016 daemon.crit dnsmasq[4474]: FAILED to start up
Thu Jun  2 13:04:20 2016 daemon.notice netifd: Interface 'blockdomain' is now down
Thu Jun  2 13:04:20 2016 daemon.notice netifd: Interface 'blockdomain' is setting up now
Thu Jun  2 13:04:20 2016 daemon.notice netifd: Interface 'blockdomain' is now up
Thu Jun  2 13:04:21 2016 user.notice Updated redirect ip address: 192.168.1.112: update_blacklist
Thu Jun  2 13:04:22 2016 user.notice Updated redirect ip address: 192.168.1.112: update_blacklist
Thu Jun  2 13:04:22 2016 daemon.crit dnsmasq[4811]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf
Thu Jun  2 13:04:22 2016 daemon.crit dnsmasq[4811]: FAILED to start up


hu Jun  2 13:04:23 2016 user.notice update_webfilter: updated dnsmasq blacklist
Thu Jun  2 13:04:23 2016 user.notice update_webfilter: updated network.interface.blockdomain: 192.168.1.112
Thu Jun  2 13:04:23 2016 user.notice update_webfilter: updated firewall.@redirect[0].Itusfilter: 192.168.1.112
Thu Jun  2 13:04:23 2016 user.notice update_webfilter: updated firewall.@redirect[1]dns-traffic-to-shield: 192.168.1.112
Thu Jun  2 13:04:23 2016 user.notice update_webfilter: updated uhttpd.Itusfilter
Thu Jun  2 13:04:23 2016 daemon.crit dnsmasq[4861]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf
Thu Jun  2 13:04:23 2016 daemon.crit dnsmasq[4861]: FAILED to start up
Thu Jun  2 13:04:29 2016 daemon.crit dnsmasq[4870]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf
Thu Jun  2 13:04:29 2016 daemon.crit dnsmasq[4870]: FAILED to start up
Thu Jun  2 13:04:34 2016 daemon.crit dnsmasq[4881]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf
Thu Jun  2 13:04:34 2016 daemon.crit dnsmasq[4881]: FAILED to start up



Thu Jun  2 13:04:42 2016 kern.notice kernel: [  106.063908] eth2: 1000 Mbps Full duplex, port 2
Thu Jun  2 13:04:42 2016 kern.info kernel: [  106.063945] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready
Thu Jun  2 13:04:42 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2)
Thu Jun  2 13:04:42 2016 daemon.notice snort[5105]: WARNING: /etc/snort/rules/snort.rules(1120) threshold (in rule) is deprecated; use detection_filter instead.

Thu Jun  2 13:04:42 2016 user.notice Updated redirect ip address: 192.168.1.112: update_blacklist
Thu Jun  2 13:04:44 2016 daemon.crit dnsmasq[5209]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf
Thu Jun  2 13:04:44 2016 daemon.crit dnsmasq[5209]: FAILED to start up
Thu Jun  2 13:04:47 2016 daemon.notice snort[5105]: 4780 Snort rules read
Thu Jun  2 13:04:47 2016 daemon.notice snort[5105]:     4780 detection rules
Thu Jun  2 13:04:47 2016 daemon.notice snort[5105]:     0 decoder rules
Thu Jun  2 13:04:47 2016 daemon.notice snort[5105]:     0 preprocessor rules
Thu Jun  2 13:04:47 2016 daemon.notice snort[5105]: 4780 Option Chains linked into 953 Chain Headers
Thu Jun  2 13:04:47 2016 daemon.notice snort[5105]: 0 Dynamic rules

I also noticed that the total available and free went up 10% after I updated the file  they are normally 37% on my shield  and they our now 47% and 48%

Thu Jun  2 13:04:16 2016 daemon.crit dnsmasq[4364]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf 

Hi Breda,

it looks like the DHCP cannot start. Can you shows us what is in /var/etc/dnsmasq.conf and /etc/config/dhcp ?

Hi, Hans here the files

Thanks for the help



# auto-generated config file from /etc/config/dhcp
conf-file=/etc/dnsmasq.conf
dhcp-authoritative
domain-needed
log-queries
localise-queries
read-ethers
bogus-priv
expand-hosts
local-service
domain=lan
server=/lan/
dhcp-leasefile=/tmp/dhcp.leases
resolv-file=/tmp/resolv.conf.auto
addn-hosts=/tmp/hosts
conf-dir=/tmp/dnsmasq.d
stop-dns-rebind
rebind-localhost-ok
dhcp-broadcast=tag:needs-broadcast




no-dhcp-interface=br-lan

------------------------------------------


config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'
        option logqueries '1'

config dhcp 'lan'
        option interface 'lan'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'

and here a few more errors that jut Pop-up


Thanks



Thu Jun  2 13:05:10 2016 authpriv.info dropbear[3223]: Early exit: Terminated by signal
Thu Jun  2 13:05:10 2016 authpriv.info dropbear[5264]: Not backgrounding
Thu Jun  2 13:06:20 2016 daemon.emerg procd: 42521 72320.723   31821.0      2.4  59408320.5      0.0         0
Thu Jun  2 13:06:20 2016 user.notice root: Successful NTP clock adjust (0.us.pool.ntp.org).
Thu Jun  2 13:06:20 2016 daemon.info procd: - init complete -
Thu Jun  2 14:42:25 2016 authpriv.info dropbear[6247]: Child connection from 192.168.1.11:57376
Thu Jun  2 14:42:25 2016 authpriv.notice dropbear[6247]: Password auth succeeded for 'root' from 192.168.1.11:57376
Thu Jun  2 14:54:48 2016 authpriv.info dropbear[6247]: Exit (root): Exited normally
Thu Jun  2 14:54:48 2016 authpriv.warn dropbear[6247]: Couldn't set SO_PRIORITY (Bad file descriptor)

breda

I only get this error when i'm in bridge mode

Thu Jun  2 13:04:23 2016 daemon.crit dnsmasq[4861]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf

 On investigating this I tracked it do to the file /etc/config/dhcp

The line that’s causing the problem is option leasefile '/tmp/dhcp.leases'  this line just creates a tmp file  that holds a temporary  list of ip address that the dnsmasq service can use if it's restarted, all i did to correct this error is comment out the line and type an exact  new  copy of the line, not copy and paste and now i don't get this error.

I could not see anything wrong with the line but that's the world of computers.

My file /etc/config/dhcp  looks like this in bridge mode

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
# option leasefile '/tmp/dhcp.leases'
option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'
        option logqueries '1'

config dhcp 'lan'
        option interface 'lan'
        option ignore '1'

config dhcp 'wan'option leasefile '/tmp/dhcp.leases'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'


roadrunnere42

harpss1ngh

Good point, I was brought up on windows and only recently started to use linux, when  switching between operation systems i often get caught out and still make mistakes with  /  and  \ slashes.

roadrunnere42

Breda -

You memory available went up because the new snort config has some memory optimizations in it. You'll also notice snort loads faster too.