Maintenance

Update FM when you have upgraded to 5.0.63+ version

Please note that this version of file manager enhances the overall google cloud storage capabilities. The exact procedure is provided in the following document. Please ignore when the file manager is already running this version out of the box without any upgrades. In that case the changes are already present.

Fix: Apache Log4j2 Remote Code Execution Vulnerability

  • Security vulnerabilities in the Apache Log4j 2 version 2.15 (or below) are described in CVE-2021-44228 and CVE-2021-45046
  • These vulnerabilities have been mitigated by adding -Dlog4j2.formatMsgNoLookups=true to the JVM args of every file manager container.
  • From now onwards (Dec 23, 2021), every new installation will be using the latest containers. In case If you're using the previous version then update the application using the procedure provided below in the 'Application Updates'​

Application Updates

The applications update is manual. You will need to SSH into the VM and run following commands in sequence. Once updated, you will have to clear browser cache so that new contents can be shown (Follow this link to reload application in the browser - https://fabricdigital.co.nz/blog/how-to-hard-refresh-your-browser-and-clear-cache)
sudo su
gcloud auth --quiet configure-docker
cd /opt/trillo
./update.py​

Update SSH Config (if coming from old version)

The following steps are needed to be done only once (if missing)

  1. 1.
    On the VM, edit the following file (/etc/ssh/sshd_config) and change a line "ChrootDirectory %h" to "ChrootDirectory %h/gcs" (see below). finally, save and exit.
nano /etc/ssh/sshd_config
...
...
ChrootDirectory %h/gcs
...
...
2. Restart the ssh server using the command
/etc/init.d/ssh restart

Upgrade SFTP server for read-only users

  • ssh into the VM.
  • Create a new shell script “setup-sftp-viewer.sh”
  • Copy the value of BUCKET_NAME from above and add to the script at the end of line#3 (below).
  • Make it executable and run as sudo e.g., sudo ./setup-sftp-viewer.sh
  • Save the output of the script for troubleshooting (if needed).
# !/usr/bin/env bash
set -x
BUCKET_NAME=
# create read-only folder
mkdir /gcs-r
# add a line to fstab
groupId=$(cut -d: -f3 < <(getent group sftpusers))
tee -a /etc/fstab << END
${BUCKET_NAME} /gcs-r gcsfuse ro,allow_other,uid=65534,gid=${groupId},implicit_dirs
END
cat /etc/fstab
# mount -a
mount -a
# copy latest script to the /gcs/system folder
TRILLO_GA_SCRIPTS="gs://trillo-public/fm/ga/scripts/*"
gsutil -m cp -r ${TRILLO_GA_SCRIPTS} gs://${BUCKET_NAME}/system

Update docker-compose.yaml (if coming from the old version)

On old versions, the following line may be missing from /opt/trillo/docker-compose.yml
sudo su
cd /opt/trillo
nano docker-compose.yml
If missing then create this line and paste the value as shown below. Once done, save the file.
Once changes are saved then restart the application with the following command
cd /opt/trillo
./dcr
Last modified 5mo ago