Use the procedure in this document if you cannot update the signature level from the network (if it fails). This procedure downloads the update to the Sensor and then upgrades from the local file system.
There are no specific requirements for this document.
The information in this document is based on the Intrusion Detection System (IDS) MC.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Refer to the Cisco Technical Tips Conventions for more information on document conventions.
An error is sometimes generated when one cannot update the signature level from the network (if it fails). The procedure this document describes in order to help you resolve the error downloads the update to the Sensor and then upgrades from the local file system. A sample of the error you receive can look like this output:
Error when attempting to install /usr/cids/idsRoot/var/updates/IDS-sig-4.1-4-S146.rpm.pkg Error when attempting to install /usr/cids/idsRoot/var/updates/IDS-sig-4.1-4-S146.rpm.pkg
Note: Not all the steps in this document are required. However, follow them in the order listed.
Important: It is important that you do not change the file name upon download.
One quick way to identify whether the package you have downloaded is truly corrupted is to verify the MD5 hash of the file. This can be done two ways. If you download the file to a UNIX/Linux system, you can type:
This outputs the hash that you can compare to the hash listed at the IDS signature download site. Since you are installing the updates using the IDS MC, you are probably downloading IDS-sig-X.X-X-XXXX.zip from the Cisco IDS Management Center - Version 4.x Signature Updates (registered customers only) software download site.
For example, when you click the filename IDS-sig-4.1-4-S146.zip to download, you see a field on the next page called 'MD5'. This is an example:
Use a tool such as WinMD5Sum to verify the M5Sum on Windows. Compare the hash of the file you downloaded to the 80cfe7f34eaedcd9f22518b30f4e2b3 hash. If the hashes are different, then something has happened to the file.
Use an alternate FTP server or HTTP to upgrade the IDS signatures if possible. If this is not possible, try a manual download of the file using a service account.
Complete these steps in order to perform a manual download using a service account:
You must first create a service account in order to proceed with a manual download. Complete these steps:
Log into the Sensor using the "cisco" account:
Enter configure terminal mode:
Create the service account:
sensor(config)#username <service_account_user_name> privilege service password cisco12345
Note: You can only configure one service account.
Complete these steps:
Log in using the service account. This output shows an example of the prompt:
Connect to the FTP server.
Setup the FTP client to use a binary mode to get the file.
Check that the file is in the FTP server.
ftp>ls Sample output: * 227 Entering Passive Mode . * 125 Data connection already open; Transfer starting. * -rwxrwxrwx 1 owner group 13280279 Aug 28 14:44 IDS-K9-min-4.1-1-S47.rpm.pkg * -rwxrwxrwx 1 owner group 2061291 Aug 28 14:47 IDS-sig-4.0-2-S47.rpm.pkg * -rwxrwxrwx 1 owner group 2120589 Oct 20 18:26 IDS-sig-4.1-1-S53.rpm.pkg * -rwxrwxrwx 1 owner group 2124411 Oct 20 19:43 IDS-sig-4.1-1-S54.rpm.pkg * -rwxrwxrwx 1 owner group 2125132 Oct 20 20:15 IDS-sig-4.1-1-S55.rpm.pkg * -rwxrwxrwx 1 owner group 2127802 Oct 20 20:15 IDS-sig-4.1-1-S56.rpm.pkg * -rwxrwxrwx 1 owner group 2143144 Oct 20 20:22 IDS-sig-4.1-1-S57.rpm.pkg * 226 Transfer complete.
Retrieve the file (you can copy and paste the filename from the output in step 4).
Close the FTP connection and quit the FTP client.
# ftp>close # ftp>quit
Check to see if you can see the file.
# bash-2.05a$ls # <upgrade_file>
Log out of the service account.
Complete these steps:
Log into the Sensor using the cisco account. This output shows an example of the prompt:
Enter configure terminal mode.
Create the key.
sensor(config)#ssh host-key <sensor_ip_address>
Type yes to accept the key.
Apply the upgrade.
# sensor(config)#upgrade scp:// # User: <service_account_user_name> # Server's IP Address: <sensor_ip_address> # Port: # File name: <upgrade_file> # Password: ********** # Warning: Executing this command will apply a signature update to the application partition. # Continue with upgrade? : yes
There is currently no verification procedure available for this configuration.
There is currently no specific troubleshooting information available for this configuration.
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.