Cannot upgrade framework from 13.0.197.22 to 13.0.197.28

ekane · September 22, 2020, 3:39pm

I am unable to upgrade the FreePBX frame work module from 13.0.97.22 to 13.0.97.28. It fails on both the GUI and command line. For command line, the output I get is:

fwconsole ma upgrade framework
No repos specified, using: [standard,commercial] from last GUI settings

Starting framework download..
Processing framework
Verifying local module download...Verified
Extracting...Done
Module framework successfully downloaded


  [Whoops\Exception\ErrorException]
  unlink(/var/www/html/admin/views/config.php): Operation not permitted


ma [-f|--force] [-d|--debug] [--edge] [--color] [--skipchown] [-e|--autoenable] [--skipdisabled] [--snapshot SNAPSHOT] [--format FORMAT] [-R|--repo REPO] [-t|--tag TAG] [--] [<args>]...

Updating Hooks...Done

ekane · September 22, 2020, 4:00pm

I was able to solve this, the fact that fwconsole chown also failed on that file was a clue.

chattr -i -a /var/www/html/admin/views/config.php
chmod ug+w /var/www/html/admin/views/config.php

It’s also a good idea to confirm the directory in which the file lives has the correct permissions.

lgaetz · September 22, 2020, 4:37pm

Permissions for FreePBX files are fixed by running:

fwconsole chown

ekane · September 24, 2020, 8:10pm

I tried that first. It failed. So did running it as root, and several other methods. My solution post mentioned that fwconsole chown failed.

mvogel4949 · September 28, 2020, 7:21pm

Do you think your system was compromised?

ekane · September 29, 2020, 2:17pm

I would love to know, but it seems unlikely. apache does not run as a privileged user. SSH is completely blocked from the outside world.

cynjut · September 29, 2020, 6:17pm

Apache runs as “asterisk” which is largely not an unprivileged user. It isn’t ‘root’, to be sure, but the Asterisk user has a lot of control over a lot of the hardware.

There are exploits that have been fixed that allowed the Web user to access important parts of the system.

The place I’d look first is in the /etc/asterisk/extensions_custom.conf file. If you find anything in there you don’t recognize, strip the system down to bare metal and re-implement with the latest version.

ekane · September 29, 2020, 8:19pm

I guess my day just got more exciting…but I do not see anything unusual there, or in any other extension. Asterisk reports look normal too.

The asterisk user was not able to delete that file or run chattr on it, for what it’s worth. sudo was required.

cynjut · September 29, 2020, 8:37pm

Almost all of the “hack” attempts will leave tell-tale effluvia around. Some will leave code in the extensions_custom.conf file, others will leave extensions you don’t recognize. Others will chop out swathes of your CDR logs. If you aren’t seeing any of that, you’re probably fine. The fact that the Asterisk user wasn’t able to modify the file is odd, but not necessarily suspicious.

scristopher71 · October 5, 2020, 8:24pm

I would wager to say that any immutable or append only files in /var/www/html/admin/* is a tell-tale sign, I’ve never had to remove immutable/append only flags from any files on a system running freepbx, but also its not clear to me if OP had immutable files or if they were just copy/pasting something from a post somewhere.

ekane · October 5, 2020, 9:02pm

Not sure what you mean by “just copy and paste”, I described the steps I took to resolve the problem.

system · November 5, 2020, 9:02pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.