WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

RUT230 - Script in "user script"

0 votes
937 views 3 comments
by anonymous
Hello,

We have some RUT9230 installed as 4g modem (firmware version : RUT2XX_R_00.00.89)
For some needs their sim card has a public IP.

And I want to know if the two lines below in User Scripts are normal or not :

"/sbin/keepaliver/"
"exit 0"

Regards,

Stephane

2 Answers

0 votes
by anonymous

Hello,

If the goal is to run /sbin/keepaliver on router start up, then yes, looks normal. Just lose the quotation marks ("").

Also, judging from the name /sbin/keepaliver looks like a custom file. So you might need to give it executable rights for this to work:

chmod +x /sbin/keepaliver

Best answer
by anonymous

Thanks,

The quotation marks are not in User Scripts. It was a way for me to distinguish it from the rest of the text. And I now see it is a wysiwyg editor !!! blush

In fact, I don't know what is this file. And I suspect a malware. Your answer shows me that it is not "normal".

Regards.

by anonymous

So, you didn't add the /sbin/keepaliver part yourself? I'm asking because it's definitely not the default value, as /sbin/keepaliver does not exist. If you didn't add it yourself, then yes, it's possibly malware. The default, untouched User Scripts file should look like this.

I recommend resetting the router and setting up a strong password (especially if you're using remote access). Also, the firmware is 2.5 years old, I recommend upgrading it as well. Firmware downloads RUT2xx routers are stored here.

by anonymous
I removed the script (via ssh) and reseted User Script as the default value.
The suspicious connections did not reappear. Great.

But, you are right : we have to upgrade our router and reinforce the security. We are gathering recommendations.

Thank you for all.
0 votes
by
Update your Firmware Version asap. It looks like your Router was owned due to a bug in firmware <= 00.03.265.

Search for "CVE-2017-8116: Teltonika router unauthenticated remote code execution" and update the firmware asap and check if WAN HTTP(S) access is activated in Administration --> Access Control Menu.

BR, Ronald