Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
152 posts
|
This post was updated on Feb 12, 2016; 4:31pm.
i've received this hotfix on Jan 9th from Jabari. Not 100% sure if this works for everybody as we were working on a bridge issue. My recommendation would be to make a backup first (double check that the mentioned files are included in the backup list)
File: hotfix_160210.tgz Installation Instructions 1) secure copy hotfix_160210.tgz to the root directory of the Shield 2) tar -zxvf hotfix_160210.tgz 3) reboot -f Here are some notes regarding all the changes in the hotfix: ############################################################ Changes on/before 160109 by ITUS: 1) ituswebfilter.sh - Fix for increment into the broadcast address. 2) itus-setup.sh - - bridge mode users cannot replace the x.x.x.111 address in the web UI. If a static IP address is assigned to br-lan it will add the address to the interface, but will not remove x.x.x.111. The user ends up with multiple address on the interface. - added a line to setup a DNS server to the static interface because I notice /tmp/resolve.conf.auto didn't have a dns server. 3) log-gen.sh - updated /etc/itus/lists/log-gen.sh to generate logs with blocked domains and changed the format to be more readable. 4) dhcp - Removed the DHCP server options from the lan interface 5) /etc/init.d/snort - Ensure eth0 and eth2 are in promiscuous mode. - Added ifconfig eth0 up promisc - Added ifconfig eth2 up promisc 6) /etc/itus/factory_reset.sh - Removed umount -a from them beginning of the file because it makes the entire file system read-only and the following commands in the script cannot successfully execute. 7) /etc/rc.local - Removed the first 5 or 6 lines of code that copies the /etc/config/network.br to /etc/config/network and /etc/init.d/snort.br to /etc/init.d/snort - This prevents the system from reverting back to the default settings between reboots. 8) /etc/config/network - This is the default networking file for bridge mode and no changes were made. I added it to ensure itus-setup.sh and ituswebfilter would run correctly on the first run. 9) /etc/snort/snort_bridge.conf - Setup whitelist and blacklist for snort but the settings are commented out by default. Users can uncomment the lines, add an ip address to the whitelist or blacklist, and restart snort. - Setup blacklisting - I discovered snort has a blacklist of ip addresses in /etc/snort/rules that we aren't using. - Setup whitelisting - Snort will not process the rules for packets destined for ip addresses in the whitelist. This would be a good work around for the PS4. 10) /etc/snort/rules/L2.whitelist - Users can add ip addresses to the whitelist Changes on/before 160210 by HANS 11) Hans: solved the ownership of the files - no longer need to chown root.root of these files. ############################################################
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
Administrator
288 posts
|
Thanks Hans!
We're these hotfixes pushed out via the nightly updates to everyone or did Jabari send them to you for beta testing?
Running the latest OpenWrt stable release
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
152 posts
|
I had a bug with my bridge settings in combination with an OpenWRT router. He sent me this hotfix via email, this is not a nightly hotfix. However it does include some elements (like the IP address assignment) that was not part of my issue.
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
6 posts
|
In reply to this post by hans2
Can you give step by step instructions for us newbies? :) I tried to figure out exactly what to type in the command line and now the shield is giving off a couple dozen errors when updates are attempted
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
152 posts
|
I am using Putty and WinSCP to do this work. WinSCP to copy files from my computer from/to Shield and Putty for the CLI (Command LIne) work.
Use WINSCP to copy hotfix_160210.tgzto the root directory of the Shield. Check WinSCP documentation for instructions Use Putty to connect to Shield Go to the root cd/ The CLI should now say root@Shield:/# Unpack & overwrite existing files tar -zxvf hotfix_160210.tgz Reboot Shield reboot -f A couple of important notes: 1) I have NOT fully tested this update 2) I got this file to solve a BRIDGE issue, I have not tested it in router/gateway. 3) If you do a factory reset it will go back to the default settings, this script will NOT update the restore image. 4) For factory reset, see the Admin guide or in CLI run command sh /etc/itus/factory_reset.sh If you are still encountering issues, please do in CLI dmesg > /tmp/dmesg_log.txt and use WinSCP to copy /tmp/dmesg_log.txt to your local computer. If you share this file then we may be able to figure out what you are doing.
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
6 posts
|
I am receiving a "invalid tar magic error." I am using a Mac and get this error no matter what program I use to login to the shield. I didn't get this error when I accidentally installed 160209 (i.e. The previous hotfix posted in this thread) in router mode yesterday
... [show rest of quote]
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
Administrator
288 posts
|
This post was updated on Feb 15, 2016; 12:35am.
In reply to this post by hans2
As mentioned, these we're not tested. I personally have only had time to test:
/etc/config/dhcp - removes the dhcp server option from the LAN general setup /etc/init.d/snort - I noticed ETH0 and ETH2 now go into promiscuous mode earlier where as before they did at the very end of snort starting /etc/rc.local - I already had those first few lines commented out and it works fine and does not revert to default settings on reboot so this new one should be used or comment out those lines. It looks like this is done automatically in the new /etc/itus-setup.sh at the very end of the script. Also, I would add: sleep 30 /etc/init.d/dropbear restart rc.local right before the exit 0. I've attached it or you can even do it in the GUI. A fix for many users who have the issue where you have to click "save and apply" every time on a reboot to get Dropbear SSH back.
Running the latest OpenWrt stable release
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
6 posts
|
I noticed an error preventing 'dnsmasq' from starting, but I couldn't track down the ultimate cause of it. I factory restored and I'm back at square one.
Is there any way we could get a hold of the earlier nightly hot fixes to compare it to? |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
6 posts
|
Any way to get this working? or completely disable webfilter?
Thanks |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
152 posts
|
In reply to this post by amateur user
1.51SP1 is the latest image from ITUS themselves Hotfix 160210 is a patch I recevied from ITUS but (originally) it had the wrong file ownership (504.40 vs root.root). so both are from ITUS themselvs. The 160301 has updates based on dicussions on this forum - this one is not yet fully tested
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
6 posts
|
Thanks for the info I really appreciate it. Any chance that itus reported any bugs regarding the web filter not working/dnsmasq not starting? I'm stuck on that and not sure what to do to get things going so Im just checking (with fingers crossed !!)
... [show rest of quote]
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
152 posts
|
There were many issues with dnsmasq but i dont have the details. Check the backup file that breda made - you can find it in this http://itus.accessinnov.com/Can-t-access-Apple-s-iCloud-iTunes-etc-td168.html#a180
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
94 posts
|
In reply to this post by hans2
n00b question:
I have PuTTY and SSH enabled on the Shield (1.51 SP1, currently Gateway mode). Attempting to connect with WINSCP results in "ash: /usr/libexec/sftp-server: not found" and "Cannot initialize SFTP protocol. Is the host running a SFTP server?" Couldn't find SFTP in the admin interface - any tips to enable it?
OpenWrt SNAPSHOT, r10391-3d8d528939
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
152 posts
|
Gateway mode was never fully tested by ITUS. Please share with us your results/findings. in WinSCP I use the SCP protocol, not the SFTP/FTP/WebDav. If Dropbear works fine, SCP should work too.
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
94 posts
|
Perfect, thanks. I switched to Router mode as I noticed that 1.51SP1 remained stuck saying "Bridge" even with the switch at G, and have just installed the March 4 beta hotfix. Will certainly supply test results - cheers!
OpenWrt SNAPSHOT, r10391-3d8d528939
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
344 posts
|
Hi, Hans is the correct? not seeing any updates on IPS Last Updated root@Shield:~# tar -zxvf hotfix_160210.tgz tar: can't open 'hotfix_160210.tgz': No such file or directory root@Shield:~# tar -zxvf hotfix_160210.tgz etc/ etc/rc.local etc/itus-setup.sh etc/snort/ etc/snort/snort_bridge.conf etc/snort/rules/ etc/snort/rules/L2.whitelist etc/config/ etc/config/network etc/config/dhcp etc/init.d/ etc/init.d/snort etc/itus/ etc/itus/upgrade_to_151SP1/ etc/itus/upgrade_to_151SP1/upgrade_to_151SP1.sh etc/itus/upgrade_to_151SP1/md5sum_RestoreImage.txt etc/itus/ituswebfilter.sh etc/itus/factory_reset.sh etc/itus/lists/ etc/itus/lists/log-gen.sh etc/dnsmasq.conf sbin/ sbin/fw_upgrade tmp/ tmp/deploy_hotfix_160210.sh root@Shield:~# root@Shield:~# |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
152 posts
|
the "~" means you're in your home folder. Try "cd /" or "cd /tmp" to get to the root or temp folder.
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
344 posts
|
Hi, Hans I can't see to change folders i'm using Username: root
root@Shield:~# cd/ -ash: cd/: not found root@Shield:~# cd/tmp -ash: cd/tmp: not found root@Shield:~# cd/ -ash: cd/: not found root@Shield:~# win -ash: win: not found root@Shield:~# list -ash: list: not found root@Shield:~# cd/tmp -ash: cd/tmp: not found root@Shield:~# |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
152 posts
|
cd <space> /foldername
The are some usefull commands like ls, cd, mkdir, rmdir etc listed here: http://linuxcommand.org/learning_the_shell.php
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
344 posts
|
Thanks Hans I was thinking of the old MS DOS commands and not Linux
|
Free forum by Nabble | Edit this page |