Cannot upgrade framework from 13.0.197.22 to 13.0.197.28

ekane · 2020-09-22 15:39:00 UTC

I am unable to upgrade the FreePBX frame work module from 13.0.97.22 to 13.0.97.28. It fails on both the GUI and command line. For command line, the output I get is:

fwconsole ma upgrade framework
No repos specified, using: [standard,commercial] from last GUI settings

Starting framework download..
Processing framework
Verifying local module download...Verified
Extracting...Done
Module framework successfully downloaded


  [Whoops\Exception\ErrorException]
  unlink(/var/www/html/admin/views/config.php): Operation not permitted


ma [-f|--force] [-d|--debug] [--edge] [--color] [--skipchown] [-e|--autoenable] [--skipdisabled] [--snapshot SNAPSHOT] [--format FORMAT] [-R|--repo REPO] [-t|--tag TAG] [--] [<args>]...

Updating Hooks...Done

ekane · 2020-09-22 16:00:03 UTC

I was able to solve this, the fact that fwconsole chown also failed on that file was a clue.

chattr -i -a /var/www/html/admin/views/config.php
chmod ug+w /var/www/html/admin/views/config.php

It’s also a good idea to confirm the directory in which the file lives has the correct permissions.

lgaetz · 2020-09-22 16:37:32 UTC

Permissions for FreePBX files are fixed by running:

fwconsole chown

ekane · 2020-09-24 20:11:36 UTC

I tried that first. It failed. So did running it as root, and several other methods. My solution post mentioned that fwconsole chown failed.

mvogel4949 · 2020-09-28 19:21:12 UTC

Do you think your system was compromised?

ekane · 2020-09-29 14:17:26 UTC

I would love to know, but it seems unlikely. apache does not run as a privileged user. SSH is completely blocked from the outside world.

cynjut · 2020-09-29 18:17:19 UTC

Apache runs as “asterisk” which is largely not an unprivileged user. It isn’t ‘root’, to be sure, but the Asterisk user has a lot of control over a lot of the hardware.

There are exploits that have been fixed that allowed the Web user to access important parts of the system.

The place I’d look first is in the /etc/asterisk/extensions_custom.conf file. If you find anything in there you don’t recognize, strip the system down to bare metal and re-implement with the latest version.

ekane · 2020-09-29 20:19:50 UTC

I guess my day just got more exciting…but I do not see anything unusual there, or in any other extension. Asterisk reports look normal too.

The asterisk user was not able to delete that file or run chattr on it, for what it’s worth. sudo was required.

cynjut · 2020-09-29 20:37:09 UTC

Almost all of the “hack” attempts will leave tell-tale effluvia around. Some will leave code in the extensions_custom.conf file, others will leave extensions you don’t recognize. Others will chop out swathes of your CDR logs. If you aren’t seeing any of that, you’re probably fine. The fact that the Asterisk user wasn’t able to modify the file is odd, but not necessarily suspicious.

scristopher71 · 2020-10-05 20:43:34 UTC

I would wager to say that any immutable or append only files in /var/www/html/admin/* is a tell-tale sign, I’ve never had to remove immutable/append only flags from any files on a system running freepbx, but also its not clear to me if OP had immutable files or if they were just copy/pasting something from a post somewhere.

ekane · 2020-10-05 21:02:26 UTC

Not sure what you mean by “just copy and paste”, I described the steps I took to resolve the problem.