Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
This post was updated on Mar 23, 2016; 9:04pm.
This is a start post to keep track of changes to the FW_UPGRADE script. For any updates, please reply to this thread and I will update this first post.
VERSION 7.1 To update: download the fw_upgrade script: fw_upgrade71.fw_upgrade71 copy fw_upgrade.txt to the /sbin folder and rename it to fw_upgrade Job schedule: In LuCI System>Scheduled Job 31 03 * * 0 sh /sbin/fw_upgrade (default settings) Tun manually: In CLI sh /sbin/fw_upgrade Changes below: ---- ################################################################################################ # File name fw_upgrade # # Created by ITUS # # Original version from firmware 1.51 sp1 # # VERSION NUMBER 1.51 - 7.1 # # Last Modified date 15th March 2016 # # Changes - roadrunnere42 - forgot to uncomment webfilter and one snort rule my mistake due to # # testing # # Changes - roadrunnere42 - Checks for duplicate rules and removes, tidy code and bug fixes # # removed drug rule because www.shallalist.de sit is too up and down causing script # # to stall. # # Changes - roadrunnere42 - Only new snort rules are added to the list instead of rewritting # # the whole list, complete new snort list download ever 14 days. Malicious and # # ads list, downloaded in memory and duplicate ip's are removed before writting. # # Drug rules are now updated in memory from http://www.shallalist.de and added to # # original from Itus, only updated if selected in gui. # # # # Changes - Hans run webfilter based on ads/malicious settings in UCI # # Perform DNSMASQ restart / SNORT restart only in case of updates # # Changes - Hans correction in line 17 based on Wisywig error # # Changes - Hans added rules function calls into scripts # # Changes - roadrunnere42 added ramdisk and checks to see if files exist before removing # # Changes - user8446 added option switches to curl commands as follows: added -1 to force # # connections =/> TLS1.0 for IPS, -m to exit if connection drops or host is down to keep script# # from hanging for all curl commands # # # # When changing the script please update WHAT YOU CHANGED OR ADDED, ADD 1 TO THE VERSION # # NUMBER AND DATE CHANGED. # # This will make it easied to time to come to identiy what your you have and who did what. # ################################################################################################ Also my cron job to update these rules are not daily anymore, I've set it to weekly for now.
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
Thank you!!
Will check it out.
Shield Pro v1, Chaos Calmer, FW 1.51 SP1, v8.3.2, Bridge Mode
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
In reply to this post by hans2
Hi Hans
Have made a few change to the fw_upgrade script hope you don't mind, have add more comments but the main thing is now there is a ramdisk created in memory just before downloading the rules, instead of downloading straight to disk, then sorted and put into the correct format (nothing changed there), them copied to the the original place, this will save a little wear on the eMMC memory. The ramdisk is then umount so free the memory back up. Not sure how to do at present as i'm not a linux guy, but i want to compare the file thats downloaded into the ramdisk with the rules on the disk and only add the new rules, also the rules that have been removed from the download rules also. roadrunnere42 |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
In reply to this post by Roadrunnere42
Thanks Andy
I've updated the first post of this topic. cheers,
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
In reply to this post by Roadrunnere42
CONTENTS DELETED
The author has deleted this message.
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
In reply to this post by Roadrunnere42
Thank you all for the improvements. I am running my Shield in Router mode and your fw_upgrade script works great.
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
Worked for me in router mode as well. Thank you!
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
In reply to this post by hans2
why don't we also create a GitHub account to track changes?
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
Running the latest script...
One minor issue - line 17, expecting then The 'then' statement was at the end of the line with the 'if' statement. Moved to next line - all works Thanks again for all the updates!
Shield Pro v1, Chaos Calmer, FW 1.51 SP1, v8.3.2, Bridge Mode
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
Thanks Wisiwyg for finding the syntax error ( just needed to add a space)
updated script to version 1.1 to reflect change. roadrunnere42fw_upgrade.fw_upgrade |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
Administrator
|
This post was updated on Feb 15, 2016; 3:18am.
Nice updates and changes to the script everyone! Just updated mine and worked perfect
Running the latest OpenWrt stable release
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
Updated script to run based on UCI settings for the webfilter (Ads / Malicious only0
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
Administrator
|
This post was updated on Feb 16, 2016; 7:05pm.
Hans - Nice little automation there!!
Also, if anyone is not running the web filter comment out the dnsmasq restart. It'll save more writes and sorting out the lists.
Running the latest OpenWrt stable release
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
In reply to this post by hans2
Nice addition
The command you used ( uci get e2guardian.e2guardian.content_ads) is uci a Linux command or specific to shield? I have another question at looking at the fw_upgrade code the shield gets all the ads and puts then into a single file, so where does all the lists come from in /etc/itus/lists and how do these get updated? |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
this is OpenWRT specific - not sure if it is Linux specific Don't know about the others - good quesiton Good idea - added it already to the script (var do_dnsmasq_restart)
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
Great stuff!! Gone for a day and Bam! good things happen!
Shield Pro v1, Chaos Calmer, FW 1.51 SP1, v8.3.2, Bridge Mode
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
Administrator
|
Nice job as usual!
Running the latest OpenWrt stable release
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
Administrator
|
This post was updated on Feb 26, 2016; 3:37pm.
Update 1.51 - 5
fw_upgrade.fw_upgrade Changelog: Security & stability update 1. Added -1 option switch to cURL for IPS updates to force encrypted connections =/> TLS1.0 and not fallback to SSL 3.0 or lower. Mitigation against SSL downgrade attacks (SSL poodle attack) and help against DNS hijacking. I tried to remove the -k option switch (which allows no cert verification) in the script but cURL can't verify the certificate so it exits. 2. Added -m option switch to all curl commands to exit in 40 seconds if connection drops or the host is down to keep script from hanging
Running the latest OpenWrt stable release
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
In reply to this post by hans2
Hi, Hans where can I find
Job schedule: In LuCI System>Scheduled Job 31 03 * * 0 sh /sbin/fw_upgrade (default settings) Tun manually: In CLI sh /sbin/fw_upgrade I have the file fw-upgrade name changed and copy in sbin |
Free forum by Nabble | Edit this page |