今天主要测试了NM-CIDS模块(当初为什么没有买好一点的呢。。。)
主要就是一探针,里面sig设置还是满复杂的,顺便update了一下;
首先,了解了一下升级包的含义:
比如:
IPS-K9-maj-5.0-1-S149.rpm.pkg
maj代表主要升级
IPS-K9-min-5.1-1g.pkg
min代表次要升级
IPS-K9-sp-5.1-3.pkg
sp代表服务包(更加次要)
IPS-K9-r-1.1-a-5.1-1.pkg
r代表恢复升级(这里的恢复指IDS的系统恢复)
注意,大部分升级都是每年才一次的,自由IPS-SIG的才是每周,不过这次没有弄到
由于手头的IDS已经是5.0,因此做了min升级之后,接下来的sp升级log出来看看:
sensor(config)#:upgrade [url]ftp://10.1.1.100/IPS-K9-sp-5.1-3.pkg[/url]
User: aa
Password: **
Warning: Executing this command will apply a service pack to the application partition. The system may be rebooted to complete the upgrade.
Continue with upgrade? []: yes
Broadcast Message from root@sensor
(somewhere) at 15:07 ...
Applying update IPS-K9-sp-5.1-3.pkg. IPS applications will be stopped and syste
m will be rebooted after upgrade completes .
Broadcast Message from root@sensor
(somewhere) at 15:07 ...
Shutting down IPS applications. Applications will be restarted when update is
complete..
接下来就重启了:
Broadcast Message from root@sensor
(somewhere) at 15:09 ...
Update complete
Sending SIGKILL to all processes.
Please stand by while rebooting the system.
flushing ide devices: hda
Restarting system.
Initializing memory. Please wait. 512 MB SDRAM detected
……………………………………此处省略N内容
实际上就是linux的引导过程,redhat的。
这也是为什么IPS可以装在PC上的原因。
升级完成后我们看看:
sensor# sh ver
Application Partition:
Cisco Intrusion Prevention System, Version 5.1(3)S240.0
Host:
Realm Keys key1.0
Signature Definition:
Signature Update S240.0 2006-07-12
Virus Update V1.2 2005-11-24
OS Version: 2.4.26-IDS-smp-bigphys
Platform: NM-CIDS
Serial Number: FOC09300A19
Trial license, expires: 06-Jan-2007 UTC
Sensor up-time is 2 min.
Using 215048192 out of 509448192 bytes of available memory (42% usage)
system is using 17.4M out of 29.0M bytes of available disk space (60% usage)
application-data is using 42.4M out of 174.7M bytes of available disk space (26% usage)
boot is using 35.0M out of 75.9M bytes of available disk space (49% usage)
application-log is using 49.8M out of 2.8G bytes of available disk space (2% usage)
MainApp 2006_Jun_28_03.30 (Release) 2006-06-28T04:17:58-0500 Running
AnalysisEngine 2006_Jun_28_03.30 (Release) 2006-06-28T04:17:58-0500 Running
CLI 2006_Jun_28_03.30 (Release) 2006-06-28T04:17:58-0500
Upgrade History:
* IPS-K9-min-5.1-1 05:47:00 UTC Tue Nov 15 2005
IPS-K9-sp-5.1-3.pkg 07:07:41 UTC Thu Nov 30 2006
Recovery Partition Version 1.1 - 5.1(1)
好,都已经打上去了;
接下来升级recovery application
sensor# conf t
sensor(config)# upgrade [url]ftp://10.1.1.100/IPS-K9-r-1.1-a-5.1-1.pkg[/url]
User: aa
Password: **
Warning: Executing this command will re-image the recovery partition. The system may be rebooted to complete the upgrade.
Continue with upgrade? []: yes
Broadcast Message from root@sensor
(somewhere) at 15:15 ...
Applying update IPS-K9-r-1.1-a-5.1-1.pkg
主要就是一探针,里面sig设置还是满复杂的,顺便update了一下;
首先,了解了一下升级包的含义:
比如:
IPS-K9-maj-5.0-1-S149.rpm.pkg
maj代表主要升级
IPS-K9-min-5.1-1g.pkg
min代表次要升级
IPS-K9-sp-5.1-3.pkg
sp代表服务包(更加次要)
IPS-K9-r-1.1-a-5.1-1.pkg
r代表恢复升级(这里的恢复指IDS的系统恢复)
注意,大部分升级都是每年才一次的,自由IPS-SIG的才是每周,不过这次没有弄到
由于手头的IDS已经是5.0,因此做了min升级之后,接下来的sp升级log出来看看:
sensor(config)#:upgrade [url]ftp://10.1.1.100/IPS-K9-sp-5.1-3.pkg[/url]
User: aa
Password: **
Warning: Executing this command will apply a service pack to the application partition. The system may be rebooted to complete the upgrade.
Continue with upgrade? []: yes
Broadcast Message from root@sensor
(somewhere) at 15:07 ...
Applying update IPS-K9-sp-5.1-3.pkg. IPS applications will be stopped and syste
m will be rebooted after upgrade completes .
Broadcast Message from root@sensor
(somewhere) at 15:07 ...
Shutting down IPS applications. Applications will be restarted when update is
complete..
接下来就重启了:
Broadcast Message from root@sensor
(somewhere) at 15:09 ...
Update complete
Sending SIGKILL to all processes.
Please stand by while rebooting the system.
flushing ide devices: hda
Restarting system.
Initializing memory. Please wait. 512 MB SDRAM detected
……………………………………此处省略N内容
实际上就是linux的引导过程,redhat的。
这也是为什么IPS可以装在PC上的原因。
升级完成后我们看看:
sensor# sh ver
Application Partition:
Cisco Intrusion Prevention System, Version 5.1(3)S240.0
Host:
Realm Keys key1.0
Signature Definition:
Signature Update S240.0 2006-07-12
Virus Update V1.2 2005-11-24
OS Version: 2.4.26-IDS-smp-bigphys
Platform: NM-CIDS
Serial Number: FOC09300A19
Trial license, expires: 06-Jan-2007 UTC
Sensor up-time is 2 min.
Using 215048192 out of 509448192 bytes of available memory (42% usage)
system is using 17.4M out of 29.0M bytes of available disk space (60% usage)
application-data is using 42.4M out of 174.7M bytes of available disk space (26% usage)
boot is using 35.0M out of 75.9M bytes of available disk space (49% usage)
application-log is using 49.8M out of 2.8G bytes of available disk space (2% usage)
MainApp 2006_Jun_28_03.30 (Release) 2006-06-28T04:17:58-0500 Running
AnalysisEngine 2006_Jun_28_03.30 (Release) 2006-06-28T04:17:58-0500 Running
CLI 2006_Jun_28_03.30 (Release) 2006-06-28T04:17:58-0500
Upgrade History:
* IPS-K9-min-5.1-1 05:47:00 UTC Tue Nov 15 2005
IPS-K9-sp-5.1-3.pkg 07:07:41 UTC Thu Nov 30 2006
Recovery Partition Version 1.1 - 5.1(1)
好,都已经打上去了;
接下来升级recovery application
sensor# conf t
sensor(config)# upgrade [url]ftp://10.1.1.100/IPS-K9-r-1.1-a-5.1-1.pkg[/url]
User: aa
Password: **
Warning: Executing this command will re-image the recovery partition. The system may be rebooted to complete the upgrade.
Continue with upgrade? []: yes
Broadcast Message from root@sensor
(somewhere) at 15:15 ...
Applying update IPS-K9-r-1.1-a-5.1-1.pkg
这个升级是不用重启的;这样,就升级完成了。easy把~~~
本文转自 beansprouts 51CTO博客,原文链接:http://blog.51cto.com/netwalk/66263,如需转载请自行联系原作者
