-
Notifications
You must be signed in to change notification settings - Fork 0
/
upgrade_ubnt
executable file
·186 lines (179 loc) · 9.23 KB
/
upgrade_ubnt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
#!/bin/bash
# https://community.ui.com/questions/airOS-5-6-with-Custom-Script-Support-/4bd71c6b-7e9c-43ee-9d9d-666a7a9708fd
# https://community.ui.com/questions/airOS-v8-7-4-w-Custom-Script-Support/526da62b-d770-4e9e-b38f-cd3df08b92fa#comment/1fc55b49-8f26-40b1-a0f4-42afc85598f1
uid=$(id -u)
app=$(basename $0)
tmpfile=$(mktemp)
tmpdir=$(mktemp -d)
basedir=$(pwd)
defaultinterface=$(ip route | grep default | awk '{print $5}')
ipv4interface=$(ifconfig $defaultinterface | awk 'FNR == 2 {print}' | awk '{print $2}')
localdomainname=$(dig -x $ipv4interface +short | sed "s/$(hostname).//" | sed 's/.$//')
uid=$(id -u)
userna=$(id -nu $uid)
BACKUP="/home/$userna/Backup/ubigator"
datarelease=$(date +"%d%m%Y%H%m%S")
if [[ $# -eq 0 ]]; then
echo -e $0 "have to be used with the following options \
\n \
\n-I -> interface where the ubiquiti devices is connected \
\n-E -> EdgeOS upgrade \
\n"
exit 1
fi
if [[ ! -d $BACKUP ]]; then
mkdir $BACKUP
fi
case $1 in
"-I")
if [[ $uid -ne 0 ]]; then
echo -e "you've got to run $0 as UID=0"
exit 1
fi
echo -e "running tcpdump for 1 minutes and 20 seconds searching for CDP packets...\n"
timeout 45 tcpdump -nvi $2 -s 1500 ether dst 01:00:0c:cc:cc:cc 1> $tmpfile
devicefound=$(cat $tmpfile | head -n 10 | grep Device | awk '{print $7" "$8}' | sed "s/'//g")
if [[ ! -z $devicefound ]]; then
if [[ $(grep -c "192.168.1.20" /root/.ssh/known_hosts) -ge 1 ]]; then
ssh-keygen -f "/root/.ssh/known_hosts" -R "192.168.1.20"
fi
interfacectrl=$(ping -c 1 192.168.1.20 | grep [Ff]rom | grep time)
if [[ -z $interfacectrl ]]; then
ifconfig "$2:1" 192.168.1.21/24 up
fi
addressfound=$(cat $tmpfile | grep Address | awk '{print $9}')
if [ "$addressfound" != "192.168.1.20" ]; then
echo -e "we didn't found default ubiquiti device \
\nplease reset it pressing the black button on the right"
sleep 60
./$0 -I $2
exit 1
fi
firmwarefound=$(cat $tmpfile | awk 'NR==6' | sed 's/^[[:space:]]*//g')
echo -e "\nfound a $devicefound with IPv4 $addressfound and firmware $firmwarefound \n"
typeoffirmware=$(echo $firmwarefound | cut -d . -f1)
typeset -i versionoffirmware=$(echo $firmwarefound | awk -F"$typeoffirmware.v" '{print $2}' | cut -f1 -d - | sed 's/\.//g')
echo -e "the type of ubiquiti board is $typeoffirmware and the version of firmware installed is $versionoffirmware \
\ncheck new compliance test firmware onto https://community.ui.com/questions/airOS-5-6-with-Custom-Script-Support-/4bd71c6b-7e9c-43ee-9d9d-666a7a9708fd for XM, XW and TI\
\nand onto https://community.ui.com/questions/airOS-v8-7-4-w-Custom-Script-Support/526da62b-d770-4e9e-b38f-cd3df08b92fa#comment/1fc55b49-8f26-40b1-a0f4-42afc85598f1 for 2WA, 2XC, XC and WA boards \n"
downloadedfirmware=$(ls firmware/ | grep $typeoffirmware)
typeset -i versionofdownloadedfirmware=$(echo $downloadedfirmware | awk -F"$typeoffirmware.v" '{print $2}' | cut -f1 -d - | sed 's/\.//g')
if [[ $versionoffirmware < $versionofdownloadedfirmware ]]; then
echo -e "upgrading firmware..."
cp "firmware/$downloadedfirmware" "$tmpdir/fwupdate.bin"
sshpass -p "ubnt" scp -o StrictHostKeyChecking=no "$tmpdir/fwupdate.bin" "ubnt@$addressfound:/tmp"
checkfirm=$(sshpass -p ubnt ssh -o StrictHostKeyChecking=no ubnt@192.168.1.20 ls /tmp | grep fwupdate)
if [[ ! -z $checkfirm ]]; then
echo -e "firmware upload successfull, now doing the upgrade. Please wait 90 seconds"
nohup sshpass -p ubnt ssh -o StrictHostKeyChecking=no ubnt@192.168.1.20 /sbin/fwupdate -m > /tmp/nohup.out
sleep 120
echo -e "firmwware upgrade done running tcpdump to verify"
timeout 80 tcpdump -nvi $2 -s 1500 ether dst 01:00:0c:cc:cc:cc 1> $tmpfile
devicefound=$(cat $tmpfile | head -n 10 | grep Device | awk '{print $7" "$8}' | sed "s/'//g")
if [[ ! -z $devicefound ]]; then
addressfound=$(cat $tmpfile | grep Address | awk '{print $9}')
firmwarefound=$(cat $tmpfile | awk 'NR==6' | sed 's/^[[:space:]]*//g')
echo -e "\nfound a $devicefound with IPv4 $addressfound and firmware $firmwarefound \n"
else
echo -e "firmware upgrade failed \n"
exit 1
fi
else
echo -e "error uploading firmware"
exit 1
fi
else
echo -e "couldn't upgrade firmware version is the same or above \
\ngoing ahead with license unlock"
sshpass -p "ubnt" ssh -o StrictHostKeyChecking=no ubnt@192.168.1.20 enable_ct
sshpass -p "ubnt" ssh -o StrictHostKeyChecking=no ubnt@192.168.1.20 reboot
sleep 70
echo -e "changing default password to temporary 123456789xyz4 and disable https "
sshpass -p "ubnt" ssh -o StrictHostKeyChecking=no ubnt@192.168.1.20 "echo -e \"123456789xyz4\n123456789xyz4\" | passwd"
systemcfgpassline=$(sshpass -p "123456789xyz4" ssh -o StrictHostKeyChecking=no ubnt@192.168.1.20 "cat /tmp/system.cfg | grep users.1.password")
salt=$(echo $systemcfgpassline | sed 's/users.1.password=//' | cut -d \$ -f3)
systemcfgnewpass=$(openssl passwd -1 -salt $salt 123456789xyz4)
oldpwd=$(echo $systemcfgpassline | sed 's/users.1.password=//' | cut -d \$ -f4)
newpwd=$(echo $systemcfgnewpass | cut -d \$ -f4)
br0line=$(sshpass -p "123456789xyz4" ssh -o StrictHostKeyChecking=no ubnt@192.168.1.20 "ifconfig br0 |grep HWaddr")
typeset -u firstcookie=$(echo $br0line | sed "s/://g")
echo -e "Device ID: $firstcookie\n"
sshpass -p "123456789xyz4" ssh -o StrictHostKeyChecking=no ubnt@192.168.1.20 "sed -i \"s/$oldpwd/$newpwd/\" /tmp/system.cfg"
sshpass -p "123456789xyz4" ssh -o StrictHostKeyChecking=no ubnt@192.168.1.20 "sed -i \"s/httpd.https.status=enabled/httpd.https.status=disabled/\" /tmp/system.cfg"
sshpass -p "123456789xyz4" ssh -o StrictHostKeyChecking=no ubnt@192.168.1.20 "sed -i \"s/radio.countrycode=511/radio.countrycode=368/\" /tmp/system.cfg"
sshpass -p "123456789xyz4" ssh -o StrictHostKeyChecking=no ubnt@192.168.1.20 "sed -i \"s/radio.1.subsystemid=0xe1b5/radio.1.subsystemid=0xe6b5/\" /tmp/system.cfg"
sshpass -p "123456789xyz4" ssh -o StrictHostKeyChecking=no ubnt@192.168.1.20 "cfgmtd -f /tmp/system.cfg -w"
sshpass -p "123456789xyz4" ssh -o StrictHostKeyChecking=no ubnt@192.168.1.20 reboot
fi
else
echo -e "we didn't found any ubiquiti device \
\nplease reset it pressing the black button on the right"
sleep 60
./$0 -I $2
exit 1
fi
;;
"-E")
edgehost=
while [ -z $edgehost ]
do
echo 'Type the EdgeOS internal hostname '
read edgehost
done
currentfirmware=$(ssh -q $edgehost cat /etc/version)
currenthardware=$(ssh -q $edgehost /opt/vyatta/bin/vyatta-op-cmd-wrapper show version | awk 'FNR == 5 {print}' | awk '{print $3" "$4}' | tr -d '[:blank:]')
echo -e "Current firmware is $currentfirmware over a $currenthardware"
isupgradable=$(ssh -q $edgehost sudo /usr/sbin/ubnt-fw-latest --refresh | sed -e "s/{//" -e "s/}//" | tr , '\n' | awk 'FNR == 4 {print}' | sed "s/\"state\"://" | sed "s/\"//g" | tr -d '[:blank:]')
if [[ "$isupgradable" -eq "can-upgrade" ]]; then
firmwareupgrade=$(ssh -q $edgehost sudo /usr/sbin/ubnt-fw-latest --refresh | sed -e "s/{//" -e "s/}//" | tr , '\n' | awk 'FNR == 1 {print}' | sed "s/\"version\"://" | sed "s/\"//g" | tr -d '[:blank:]')
ctrl=
echo -e "It is possible to upgrade $currentfirmware to $firmwareupgrade, procede to download? "
read ctrl
case $ctrl in
"yes")
md5firmware=$(ssh -q $edgehost sudo /usr/sbin/ubnt-fw-latest --refresh | sed -e "s/{//" -e "s/}//" | tr , '\n' | awk 'FNR == 3 {print}' | sed "s/\"md5\"://" | sed "s/\"//g" | tr -d '[:blank:]')
urlfirmware=$(ssh -q $edgehost sudo /usr/sbin/ubnt-fw-latest --refresh | sed -e "s/{//" -e "s/}//" | tr , '\n' | awk 'FNR == 2 {print}' | sed "s/\"url\"://" | sed "s/\"//g" | tr -d '[:blank:]')
tmpdir=$(mktemp -d)
wget "$urlfirmware" -O "$tmpdir/edgeos_firmware.rar"
md5downloaded=$(md5sum "$tmpdir/edgeos_firmware.rar" | awk '{print $1}')
if [[ $md5firmware == $md5downloaded ]]; then
echo -e "MD5 verified locally proceding with international verification..."
for vpnc_host in $(dig openbsd.$localdomainname TXT +short | sed "s/\"//g" | tr \; '\n' | sed '$d'); do
echo -e "Connecting to $vpnc_host to comprobe MD5"
a=$(ssh $vpnc_host.$localdomainname "ftp -o /tmp/edgeos_firmware.rar $urlfirmware; md5 /tmp/edgeos_firmware.rar ; rm -rf /tmp/edgeos_firmware.rar")
b=$(echo $a | awk '{print $4}')
if [[ $b == $md5downloaded ]]; then
echo -e "$vpnc_host OK \n"
else
echo -e "###########################ALT MD5 FAILED IN $vpnc_host ###########################\n"
exit 1
fi
done
else
echo -e "###########################ALT MD5 FAILED IN $vpnc_host ###########################\n"
exit 1
fi
echo -e "Backing up /config directory into"
ssh -q $edgehost "sudo tar -czvf /tmp/backupconfig$datarelease.tar.gz /config"
scp -q "$edgehost:/tmp/backupconfig$datarelease.tar.gz" $BACKUP
ssh -q $edgehost "sudo rm -rf /tmp/backupconfig$datarelease.tar.gz"
rm -rf "$tmpdir/"
;;
"no")
;;
*)
echo -e "type yes or no"
exit 1
;;
esac
fi
;;
*)
echo -e $0 "have to be used with the following options \
\n \
\n-I -> interface where the ubiquiti devices is connected \
\n-E -> EdgeOS upgrade \
\n"
exit 1
;;
esac