9.1.0 not upgrading.

[Nathan Weyer]

I am hoping someone can at least point me in the right direction here.

I inherited a FreeNAS box running 9.1.0 and am trying to update it so it is not vulnerable to the NTP issue. Unfortunately the updates are just quietly not happening.

I have been using the GUI method (the DVD drive does not seem to want to boot anymore) and the firmware seems to upload fine. It goes through the process, no errors, and reboots. However when it comes back up it is still 9.1.0. When I go try to look in /var/log for potential errors, all the log files start at the most recent boot.

I have tried upgrading to 9.1.1, 9.2.0, and 9.2.1, all with the same results.

Any thoughts? Thanks!

 

[joeschmuck]

Have you used the users manual at all? You are not pressing F1 or F2 while booting, right? Also have you made a backup of your configuration file? If not, do so before continuing, it will save you time if you screw it up by accident.

 

[Nathan Weyer]

I have been following the upgrade guide, but have not looked into other manuals yet.
I have not been hitting F1 or F2 during bootup. I do know the spot you are talking about though.
Yep, configuration is backed up. First thing I did.

Unfortunately I am kinda starting from scratch here. I have been handed this box and given a pretty limited amount of time to lock down ntp. I have also tried editing /etc/ntp.conf (and /conf/base/etc/ntp.conf) manually, but have not worked out how the /etc/ntp.conf gets reset on reboot yet.

 

[joeschmuck]

I don't believe you can edit those files manually. You should read the users manual section 2.6 on how to upgrade using the GUI. Here is the link to the pdf users guide: http://www.freenas.org/images/resources/freenas9.2.1/freenas9.2.1_guide.pdf

 

[Nathan Weyer]

I was originally using these directions: http://doc.freenas.org/index.php/Upgrading_FreeNAS® which do not appear to have changed from the page to the user manual.

I was finally able to change ntp.conf by editing /conf/base/etc/rc.d/ix-ntpd, which buys me some time at least.

 

[cyberjock]

To be honest Nathan Weyer, if you are trying to lock down the NTP side because of the vulnerability, that kind of hints that you aren't putting FreeNAS behind a firewall. That configuration is strongly recommend against. FreeNAS was not designed to be put on the internet in that fashion. I'd bet there are other vulnerabilities 9.2.1 is susceptible to, but if you don't have a firewall you probably are unwittingly asking for your box to be pwned. We've had lots of pwned boxes. Love the guy that got emails from his ISP about his "high internet usage" and he shutdown his server for a week and noticed his internet was "so much faster". Didn't take a rocket scientist to put 2 and 2 together.

If you are behind a firewall, then you aren't susceptible to this attack anyway, so you shouldn't be worried about it.

 

[Nathan Weyer]

Unfortunately you are indeed correct, it is not behind a firewall and also unfortunately in the short run putting it behind one is not an option. Though this might bolster my argument for finding another solution.

 

[cyberjock]

Yeah. Emergency actions has a way of... clarifying.. things.

 

[Nathan Weyer]

That they do.
If I can not get the upgrade to work at all, that clarifies it even more ^_^