Maintenance

CVE-2024-6387: Advisory Notice

Kindly take action to migitate this vulnerability. Please following this link to take further actions. https://ubuntu.com/security/CVE-2024-6387

Application Updates

The applications update is manual. You will need to SSH into the VM and run following commands in sequence. Once updated, you will have to clear browser cache so that new contents can be shown (Follow this link to reload application in the browser - https://fabricdigital.co.nz/blog/how-to-hard-refresh-your-browser-and-clear-cache)

sudo su
gcloud auth --quiet configure-docker
cd /opt/trillo
./update.py​

Update SSH Config (if coming from old version)

The following steps are needed to be done only once (if missing)

  1. On the VM, edit the following file (/etc/ssh/sshd_config) and change a line "ChrootDirectory %h" to "ChrootDirectory %h/gcs" (see below). finally, save and exit.

nano /etc/ssh/sshd_config

...
...
   ChrootDirectory %h/gcs
...
...

2. Restart the ssh server using the command

/etc/init.d/ssh restart

Upgrade SFTP server for read-only users

  • ssh into the VM.

  • Create a new shell script “setup-sftp-viewer.sh”

  • Copy the value of BUCKET_NAME from above and add to the script at the end of line#3 (below).

  • Make it executable and run as sudo e.g., sudo ./setup-sftp-viewer.sh

  • Save the output of the script for troubleshooting (if needed).

# !/usr/bin/env bash
set -x
BUCKET_NAME=

# create read-only folder
mkdir /gcs-r

# add a line to fstab
groupId=$(cut -d: -f3 < <(getent group sftpusers))

tee -a /etc/fstab << END
${BUCKET_NAME} /gcs-r gcsfuse ro,allow_other,uid=65534,gid=${groupId},implicit_dirs
END

cat /etc/fstab

# mount -a
mount -a

# copy latest script to the /gcs/system folder
TRILLO_GA_SCRIPTS="gs://trillo-public/fm/ga/scripts/*"
gsutil -m cp -r ${TRILLO_GA_SCRIPTS} gs://${BUCKET_NAME}/system

Update docker-compose.yaml (if coming from the old version)

On old versions, the following line may be missing from /opt/trillo/docker-compose.yml

sudo su
cd /opt/trillo
nano docker-compose.yml

If missing then create this line and paste the value as shown below. Once done, save the file.

Once changes are saved then restart the application with the following command

cd /opt/trillo
./dcr
PreviousSFTPNextTroubleshooting

Last updated