Upgrade to 1.51SP1

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
24 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Upgrade to 1.51SP1

Hans
Administrator
This post was updated on .
Guys,

i've updated the upgrade script to use a dropbox as file storage.

################################################################################################
# Purpose    Updates the factory restore image to the latest version (1.51 SP1)                #
# File name  Upgrade_RC_to_151SP1                                                              #
#                                                                                              #
# VERSION NUMBER 3 - Last Modified date 16th Feb 2016 by Hans                                  #
#                                                                                              #
# Hans       V3 - Changes to the update() function - now updates all images                    #
# Hans       V2 - Updated version using a dropbox account to source the restore image          #
# ITUS       V1 - Original version (Nov 2015) using an ITUS file server                        #
#                                                                                              #
#                                                                                              #
#                                                                                              #
# When changing the script please update WHAT YOU CHANGED OR ADDED, ADD 1 TO THE VERSION       #
# NUMBER AND DATE CHANGED.                                                                     #
# This will make it easier to time to come to identify what your you have and who did what.    #
################################################################################################

Upgrade script: Upgrade_RC_to_SP1.txt
Restore image: https://www.dropbox.com/s/xes9mhm6ylkmdkz/ItusrestoreImage?dl=1
MD5SUM        : https://www.dropbox.com/s/gittxfbuscg838m/md5sum.txt?dl=1

This is the contents of the md5sum.txt file
ItusrestoreImage df253dc31c8001337a537d59dcd5996d 
 

To use it for the first time you need to

1) Connect to shield CLI via serial terminal access or SSH (see page 12 of the AdminGuide how to activate Dropbear SSH Daemon)
2) Go to the tmp folder: cd /tmp
3) Download the upgrade script: curl -o /tmp/Upgrade_RC_to_SP1.sh http://itus.accessinnov.com/file/n10/Upgrade_RC_to_SP1.txt
4) Run the upgrade script: sh /tmp/Upgrade_RC_to_SP1.sh

and let it run until the end.

Make sure to copy&paste the command line instructions without changes!

cd /tmp
curl -o /tmp/Upgrade_RC_to_SP1.sh http://itus.accessinnov.com/file/n10/Upgrade_RC_to_SP1.txt
sh /tmp/Upgrade_RC_to_SP1.sh
Using Shield Pro v1, Chaos Calmer, FW 1.51 SP1, Bridge Mode

2nd Shield as Sandbox, Chaos Calmer, FW 1.51 SP1 + hotfixes
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to 1.51SP1

Jexoteric
Okay, I'm a noob and I don't know how to copy the files over to do the 1.51 SP1 update. Would someone be willing to do a complete step by step guide on how to copy the files over via SSH and then run the script? I imagine I am not/won't be the only one searching for a step by step tutorial on this.
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to 1.51SP1

Hans
Administrator
Jexoteric wrote
Okay, I'm a noob and I don't know how to copy the files over to do the 1.51 SP1 update. Would someone be willing to do a complete step by step guide on how to copy the files over via SSH and then run the script? I imagine I am not/won't be the only one searching for a step by step tutorial on this.
Hi Jexoteric

i've updated the instructions a bit but it does require you to have command line interface (CLI) access to Shield. In the start post I've added a reference to the admin guide.

Before you start, please check if you can access https://www.dropbox.com/s/gittxfbuscg838m/md5sum.txt?dl=1 from your own computer.
Using Shield Pro v1, Chaos Calmer, FW 1.51 SP1, Bridge Mode

2nd Shield as Sandbox, Chaos Calmer, FW 1.51 SP1 + hotfixes
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to 1.51SP1

Roadrunnere42
In reply to this post by Hans
Great work as usual Hans
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to 1.51SP1

user8446
Administrator
Yes, nice work!
Can users run that in their startup and then reboot who aren't familiar with CLI?
Running in bridge mode, 1.51 SP1 fw
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to 1.51SP1

Hans
Administrator
user8446 wrote
Can users run that in their startup and then reboot who aren't familiar with CLI?
Probably it will work if you paste this in System>Command line:


curl -o /tmp/Upgrade_RC_to_SP1.sh http://itus.accessinnov.com/file/n10/Upgrade_RC_to_SP1.txt || sh /tmp/Upgrade_RC_to_SP1.sh


however I haven't tested it myself.
Using Shield Pro v1, Chaos Calmer, FW 1.51 SP1, Bridge Mode

2nd Shield as Sandbox, Chaos Calmer, FW 1.51 SP1 + hotfixes
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to 1.51SP1

Jexoteric
In reply to this post by Hans
Thanks for the extra steps Hans, it worked great!
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to 1.51SP1

Roadrunnere42
In reply to this post by Hans
Han

is this line correct in the script

update(){
        echo "Updating ...."
        [[ -f ${MOUNT}/updates/ItusrestoreImage ]] && cp -v /overlay/updates/ItusrestoreImage /overlay/ItusrestoreImage && cp -v /overlay/updates/ItusrestoreImage /overlay/ItusrouterImage

as it's coping  to the same location twice.

roadrunnere42
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to 1.51SP1

Hans
Administrator
Roadrunnere42 wrote
Hans

is this line correct in the script

update(){
        echo "Updating ...."
        [[ -f ${MOUNT}/updates/ItusrestoreImage ]] && cp -v /overlay/updates/ItusrestoreImage /overlay/ItusrestoreImage && cp -v /overlay/updates/ItusrestoreImage /overlay/ItusrouterImage

as it's coping  to the same location twice.

roadrunnere42
That is part of the original code, I've not changed it. What should it be?

I am using the < RAW > ... </ RAW > tag for codes:

update(){
        echo "Updating ...."
        [[ -f ${MOUNT}/updates/ItusrestoreImage ]] && cp -v /overlay/updates/ItusrestoreImage /overlay/ItusrestoreImage && cp -v /overlay/updates/ItusrestoreImage /overlay/ItusrouterImage
Using Shield Pro v1, Chaos Calmer, FW 1.51 SP1, Bridge Mode

2nd Shield as Sandbox, Chaos Calmer, FW 1.51 SP1 + hotfixes
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to 1.51SP1

Roadrunnere42
I'm not a script expert , but doesn’t the script reads at present

 [[ -f ${MOUNT}/updates/ItusrestoreImage ]] && cp -v /overlay/updates/ItusrestoreImage /overlay/ItusrestoreImage && cp -v /overlay/updates/ItusrestoreImage /overlay/ItusrouterImage

which means if the itusrestoreimage  is true then copy (cp -v /overlay/updates/ItusrestoreImage ) to ( /overlay/ItusrestoreImage) it then repeats the same command, which i don't think should be there.

roadrunnere42
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to 1.51SP1

Hans
Administrator
Roadrunnere42 wrote
I'm not a script expert , but doesn’t the script reads at present

 [[ -f ${MOUNT}/updates/ItusrestoreImage ]] && cp -v /overlay/updates/ItusrestoreImage /overlay/ItusrestoreImage && cp -v /overlay/updates/ItusrestoreImage /overlay/ItusrouterImage

which means if the itusrestoreimage  is true then copy (cp -v /overlay/updates/ItusrestoreImage ) to ( /overlay/ItusrestoreImage) it then repeats the same command, which i don't think should be there.

roadrunnere42
Hi Roadrunner

Rights, I've made it a bit more readable (for me):

update(){
        echo "Updating ...."
		if [ -f ${MOUNT}/updates/ItusrestoreImage ]; then
			cp -v ${MOUNT}/updates/ItusrestoreImage /overlay/ItusrestoreImage		# local backup
			cp -v ${MOUNT}/updates/ItusrestoreImage /overlay/ItusrouterImage		# updates router image
			cp -v ${MOUNT}/updates/ItusrestoreImage /overlay/ItusbridgeImage		# updates bridge image
			cp -v ${MOUNT}/updates/ItusrestoreImage /overlay/ItusgatewayImage		# updates gateway image
		fi
        echo "FIRMWARE DOWNLOAD COMPLETE, PLEASE RUN A FACTORY RESET TO COMPLETE UPGRADE" >> /tmp/snort/alert.fast
}

This removes the router.tar.gz check - not used anymore.

I've updated the start post as well
Using Shield Pro v1, Chaos Calmer, FW 1.51 SP1, Bridge Mode

2nd Shield as Sandbox, Chaos Calmer, FW 1.51 SP1 + hotfixes
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to 1.51SP1

Wisiwyg
Cool beans!!

Thank you Hans!
Shield Pro v1, Chaos Calmer, FW 1.51 SP1, v8.3.2, Bridge Mode
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to 1.51SP1

Gryphon33W
In reply to this post by Hans
Hans wrote
Guys,

i've updated the upgrade script to use a dropbox as file storage.

...

Upgrade script: Upgrade_RC_to_SP1.txt
Restore image: https://www.dropbox.com/s/xes9mhm6ylkmdkz/ItusrestoreImage?dl=1
MD5SUM        : https://www.dropbox.com/s/gittxfbuscg838m/md5sum.txt?dl=1

This is the contents of the md5sum.txt file
ItusrestoreImage df253dc31c8001337a537d59dcd5996d 
 
...
Hans, Thank you so much for pulling this together!

However, I am concerned as I pulled down the ItusrestoreImage from dropbox and scanned with my ESAT NOD32 Antivirus it reports "C:\\ITUS Shield\Shield_FW_1.51\router.tar.gz » GZIP » router.tar » TAR » ./usr/lib/ettercap/ec_dos_attack.so - a variant of Linux/Flooder.Agent.AK trojan"

My thought was this was a false positive initially, but since downloading it ESAT has been reporting more folders unable to be scanned.

Thoughts?
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to 1.51SP1

Hans
Administrator
Gryphon33W wrote
However, I am concerned as I pulled down the ItusrestoreImage from dropbox and scanned with my ESAT NOD32 Antivirus it reports "C:\\ITUS Shield\Shield_FW_1.51\router.tar.gz » GZIP » router.tar » TAR » ./usr/lib/ettercap/ec_dos_attack.so - a variant of Linux/Flooder.Agent.AK trojan"

My thought was this was a false positive initially, but since downloading it ESAT has been reporting more folders unable to be scanned.
I am not 100% sure, maybe someone else can shed some light on this topic. This update is as-is coming from ITUS.

As Shield is intended to be an IPS/WF solution, in between your WAN and LAN, that actually scans connections I would assume this is OK. Likewise a KALI distribution (link)would create a lot of similar issues through a scan.
If the software was found on your laptop as part of a normal distribution I would be more concerned as it is normally used for MITM attacks.

I've googled this file, this is what I got:
https://www.virustotal.com/en/file/1db508d19c98d1d14a082467653274c48e5466572ce2803cdaa3d416d2741939/analysis/1435362387/
http://lewiscomputerhowto.blogspot.com/2014/03/perform-man-in-middle-attack-with-kali.html
https://pentestmag.com/ettercap-tutorial-for-windows/
Using Shield Pro v1, Chaos Calmer, FW 1.51 SP1, Bridge Mode

2nd Shield as Sandbox, Chaos Calmer, FW 1.51 SP1 + hotfixes
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to 1.51SP1

breda
Hi, Hans if we do the Upgrade to 1.51SP1  will that apply the Hotfix 160210 also? will your update  have  IPS Last Updated? i'm showing Nov 18

Thanks
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to 1.51SP1

Hans
Administrator
Hi Breda

1.51SP1 is a seperate upgrade from the 160210 patch.

the IPS Last updated will start to run as soon as the fw_upgrade script is updated - this is part of the patch.
Using Shield Pro v1, Chaos Calmer, FW 1.51 SP1, Bridge Mode

2nd Shield as Sandbox, Chaos Calmer, FW 1.51 SP1 + hotfixes
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to 1.51SP1

Gnomad
In reply to this post by Hans
Just registered - thank you very much for this Hans!

Noticed that the curl command downloads the accessinnov captcha page rather than the upgrade script, so I had to manually use vi to create it.  You may want to place this in a route that isn't protected by the captcha.
Router 1.51 SP1, fw_upgrade v8.3.3
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to 1.51SP1

Hans
Administrator
Gnomad wrote
Just registered - thank you very much for this Hans!

Noticed that the curl command downloads the accessinnov captcha page rather than the upgrade script, so I had to manually use vi to create it.  You may want to place this in a route that isn't protected by the captcha.
Welcome to the club!

I've tried the CURL command just now and I got the required file just fine. Not sure what is going on - maybe the frequency of downloads triggers the captcha? The alternative is to use WINSCP or VI in putty as you mentioned.

cheers
Using Shield Pro v1, Chaos Calmer, FW 1.51 SP1, Bridge Mode

2nd Shield as Sandbox, Chaos Calmer, FW 1.51 SP1 + hotfixes
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to 1.51SP1

breda
In reply to this post by Hans
Hi, does the shield need to be in router mode for the Upgraded for Hotfix or 1.51SP1?

Thanks

Reply | Threaded
Open this post in threaded view
|

Re: Upgrade to 1.51SP1

user8446
Administrator
I've done everything from bridge mode with no problems. However, I remember someone saying on the old forum that router mode was preferred for the upgrade to 1.51SP1. I'm not sure why though.
Running in bridge mode, 1.51 SP1 fw
12