I am unable to upgrade the FreePBX frame work module from 13.0.97.22 to 13.0.97.28. It fails on both the GUI and command line. For command line, the output I get is:
fwconsole ma upgrade framework
No repos specified, using: [standard,commercial] from last GUI settings
Starting framework download..
Processing framework
Verifying local module download...Verified
Extracting...Done
Module framework successfully downloaded
[Whoops\Exception\ErrorException]
unlink(/var/www/html/admin/views/config.php): Operation not permitted
ma [-f|--force] [-d|--debug] [--edge] [--color] [--skipchown] [-e|--autoenable] [--skipdisabled] [--snapshot SNAPSHOT] [--format FORMAT] [-R|--repo REPO] [-t|--tag TAG] [--] [<args>]...
Updating Hooks...Done
Apache runs as āasteriskā which is largely not an unprivileged user. It isnāt ārootā, to be sure, but the Asterisk user has a lot of control over a lot of the hardware.
There are exploits that have been fixed that allowed the Web user to access important parts of the system.
The place Iād look first is in the /etc/asterisk/extensions_custom.conf file. If you find anything in there you donāt recognize, strip the system down to bare metal and re-implement with the latest version.
Almost all of the āhackā attempts will leave tell-tale effluvia around. Some will leave code in the extensions_custom.conf file, others will leave extensions you donāt recognize. Others will chop out swathes of your CDR logs. If you arenāt seeing any of that, youāre probably fine. The fact that the Asterisk user wasnāt able to modify the file is odd, but not necessarily suspicious.
I would wager to say that any immutable or append only files in /var/www/html/admin/* is a tell-tale sign, Iāve never had to remove immutable/append only flags from any files on a system running freepbx, but also its not clear to me if OP had immutable files or if they were just copy/pasting something from a post somewhere.