It appears v2.4.5_p1 unattended & autonomously, upgraded to v2.5.1
-
I have a remote site that had v2.4.5_p1 installed on a Dell Optiplex 990 & was intending to go on site to upgrade to 2.5.1 rather than initiate the upgrade remotely. This was because I had observed an issue with upgrades to several Dell Optiplex systems stalling during the upgrade reboot phase, because the CDROM media check halted if no media was present in the drive. So it required a CD be place in the drive to allow the upgrade reboot to successfully complete.
This morning I received a call from this same remote site telling me they had no Internet access. After isolating the problem to the pfSense system, I ask that the Dell PC be powered off then back on. When the system came back up Internet access was restored & everything seems to be working correctly. However when I logged in to checked the pfSense system over, it now shows that is was running v2.5.1.
No one else has admin access to this pfSense system but me at this point. It appears that the upgrade has taken place unattended and autonomously. Has anyone else experienced this behaviour?
This is a concern if pfSense can autonomously perform an upgrade. I have no idea how this might have happened and once you have excluded the obvious reasons, only unobvious reasons remain as an explaination. So does anyone have any feedback on any other vectors that could result in an upgrade event that matches this scenario.
Thanks
-
@maw Someone else reported behaviour like this some time ago but I don't remember how it was resolved if it was at all. Try searching the forums here and you should be able to find it. You're sure that nobody got to the console and upgraded it from there? Anything in the System log from the time that this upgrade happened?
-
@kom Thanks for the reply. I will see if I can find that reference you refer to.
Sorry I should have included clarification on the console aspect. The console is password protected, plus it is a headless system even though anyone could obviously connect a monitor and keyboard is so inclined. If I were asked I would say, the people at the site would not even know where to start anyway.
I am going to look more extensively at the logs when I get a chance this evening.
There will be an answer to this I am sure, I just thought I would check if anyone else has already had the experience.
Thanks again for your input.
-
@kom I found this thread...................
https://forum.netgate.com/topic/81272/automatic-update?_=1621897957915Not so sure those circumstances apply since the thread involves pfSense v2.1 with the heartbleed vulnerability susepcted to be potentially implicated.
But I have changed all admin passwords anyway and will be surveying the logs ASAP and actioning as appropriate.
Thx kom for alerting me that the behaviour had been seen before. I will report back here if I find anything that people should be aware of.
-
-
@serbus Thanks for that Serbus. That thread seems to describe a more plausible potential cause.
I checked the logs but unfortunately they do not go far enough into the past to reveal the actual upgrade point. It appears the system has upgraded to 2.5.x around or before 15th April which is as far back as the logs go.
The problem today was likely a power state/condition problem at the premises, resulting in the pfSense system crashing or locking up, since there is indication in the logs the system stopped working unexpectedly late on the 24/05. The premises do have power disruptions and brown outs sometimes, so this may tie into the content discussed in the thread you referenced. It's long overdue that I install a UPS me thinks.
Thanks to yourself and Kom for responding with helpful info. I have extended the logging capacity, in case an auto upgrade happens again so I hopefully can see what happened. For now I think there is not much else I can do to explore the issue further.
Thanks again for your input.
-
@maw They need to spend $100 for a small UPS and put the router on it. The UFS file system is not very resilient when it comes to sudden power loss.
-
@kom Indeed I agree Kom. There is a site wide network infrastructure upgrade about to commence and I will add the UPS requirement into those works.
Thanks again for your input. Take care.
