Re: Help. Cannot Upgrade to IDS-sig-4.1-2-S60

s-beavers · ‎12-01-2003

I am attempting to upgrade an IDS-4235 to IDS-sig-4.1-2-S60 from 4.1(2)S58. I have attempting to use the upgrade ftp:// command which failed, so I copied the files on to the local user account and did an upgrade via to local SCP server. The first (service pack) upgrade was successful, but I cannot perform the signature upgrade. I have re-downloaded the package several times. Each time I always get the error: Error: download file does not exist: /usr/cids/idsRoot/var/updates/IDS-sig-4.1-2-S60.rpm.pkg.

From what I can tell there is plenty of space.

Thanx

csailer · ‎12-01-2003

What directory on the sensor did you copy the upgrade packages to?

You can determine the available disk space by running a "sho ver" from the cli:

4215# sho ver

Application Partition:

Cisco Systems Intrusion Detection Sensor, Version 4.1(3)S62

OS Version 2.4.18-5smpbigphys-4215

Platform: IDS-4215

Sensor up-time is 10 days.

Using 248975360 out of 459202560 bytes of available memory (54% usage)

****************

Using 606M out of 17G bytes of available disk space (4% usage)

****************

MainApp 2003_Nov_21_11.18 (Release) 2003-11-21T10:58:47-0600 Running

I have surrounded the entry you need to be concerned about with ******. The update requires no more than 10 MB.

s-beavers · ‎12-01-2003

the files were copied to the /home directory of the local user. The device shows:

IDS-4235# sh ver

Application Partition:

Cisco Systems Intrusion Detection Sensor, Version 4.1(2)S58

OS Version 2.4.18-5smpbigphys

Platform: IDS-4235

Using 909631488 out of 921522176 bytes of available memory (98% usage)

Using 3.2G out of 15G bytes of available disk space (22% usage)

7dallen · ‎12-02-2003

Are you using the absolute path to the file in your SCP:// statement or relative path.

Scp://username@(IP)//usr/home/(account name)/(File) = absolute

scp://username@(IP)/(File) = relative

If the file is under a subdirectory for the user account, specify /(dir)/(file)

This is a common mistake that I have seen when using unix paths.

jamesand · ‎12-02-2003

Can you provide some more info please:

- log into service acct

- run "ls -l" in home directory (where you manually ftp'd the update file)

- run "ls -l /usr/cids/idsRoot/var/updates"

s-beavers · ‎12-02-2003

bash-2.05a$ ls -l

total 14096

-rw-r--r-- 1 netrangr cids 12243162 Dec 1 19:58 IDS-K9-sp-4.1-3-S61.rpm.pkg

-rw-r--r-- 1 netrangr cids 2163363 Dec 1 19:58 IDS-sig-4.1-3-S62.rpm.pkg

bash-2.05a$ ls -l /usr/cids/idsRoot/var/updates

total 24

drwxrwxr-x 2 cids cids 4096 Nov 27 11:53 backups

drwxrwxr-x 6 cids cids 4096 Nov 27 11:53 files

drwxrwxr-x 2 cids cids 4096 Nov 27 11:53 logs

-rwxrwxr-x 1 cids cids 185 Nov 27 11:53 package

drwxrwxr-x 2 cids cids 4096 Nov 27 11:53 scripts

drwxrwxr-x 2 cids cids 4096 Nov 27 11:53 sigupdate

bash-2.05a$

jamesand · ‎12-03-2003

Thanks for the information. Can you also send the exact cli scp upgrade command you used. Also, did you try the command more than once? Did it fail each time?

We suspect that there may be an SCP error that we are not catching. So, need to get as much information as possible to try and reproduce.

jamesand · ‎12-04-2003

We worked through a problem here that has the same scp upgrade error message that you are getting. The problem is that the ssh key of the host referenced in the upgrade command changed. We are not catching the error correctly so the generic "download file does not exist" error is given.

The workaround:

conf t

ssh host

NOTE: if the ssh host key never existed on the sensor then the user is given a meaningful message about the authenticity of the host failing, but in this case the ssh host key changed making it invalid.