TDC3303e Time Code Distribution Chassis
Free Lifetime Technical Support
We support our products for as long as you own them with FREE technical support by phone or email and free software upgrades as they become available. No maintenance contract required.
Product Bulletins
| 240228 Feb 28, 2024 | Security Vulnerability Announcements re: c_rehash script CVE-2022-1292 CVE-2022-2068 EndRun products are not vulnerable. |
Field Service Bulletins: None
Frequently Asked Questions (FAQs)
I've had my unit for 1 year already, can I get an extended warranty?
As long as your unit is still under its current warranty then yes, you can purchase an extended warranty. Contact EndRun Sales for information.
My product is 12 years old and out-of-warranty. Can I get it repaired?
Yes - we will try. The problem may be that we no longer have parts for the old models. But, if we can still get the needed parts then we will repair your unit and charge for time and materials.
What is the EOL on my EndRun product?
At EndRun, End-of-Life (EOL) means end of the production life cycle. We continue to provide free technical support (by phone or email) for as long as you own an EndRun product. In fact, we are still providing free support for products that we shipped in 2001.
How are upgrades handled and what do they cost?
Software upgrades for all our products are freely available for download from our website at: www.endruntechnologies.com/support/software-upgrades.
I haven't upgraded my firmware for a long time. Can I upgrade straight to the latest version without installing subsequent versions first?
Current products (Sonoma, Meridian II, Tycho II, RTM3205) can be upgraded to the latest version of firmware straight from any older version. However, if you have modified either /etc/profile or /etc/rc.d/rc.M and your Linux Root File System (RFS) is prior to version 2.20 then please contact Support (support@endruntechnologies.com).
Legacy products (Tempus LX, Unison, Meridian, Tycho, RTM3204) can also be upgraded to the latest version of firmware straight from any older version. However, if your RFS is prior to version 2.60 then please read this.
When I log into my unit from the CLI, a time string displays that does not match the current UTC. What is wrong?
This string:
Sonoma_D12 GPS 6010-0065-000 v 2.40 - Tue Sep 19 02:19:38 UTC 2017
which is displayed immediately after login simply means that firmware 6010-0065-000 version 2.40 was released on Tuesday September 16, 2017 at 02:19:38 UTC. It has nothing to do with current UTC.
Do I have root access to the Linux file system via the command line interface?
Yes.
Do I need to be familiar with Linux in order to use your equipment?
No. To see a list of EndRun's product commands that you can easily use, type:
help
To get help on a particular command type "help EndRun-command-name". For example:
help gpsstat
This will show you details regarding the gpsstat command.
How can the default prompt be changed?
Edit the file /etc/profile and modify the definition of PS1. After making the change, copy the file to the non-volatile area:
cp /etc/profile /boot/etc
Our security guys did a scan on the EndRun unit and found a few vulnerabilities. Is there going to be a firmware update soon to address this?
Serious vulnerabilities that cannot be mitigated with a reasonable workaround will be addressed with a new firmware update as soon as possible. For remaining vulnerabilities, please see Network Security Bulletins for mitigation steps.
Also, we recommend reading this: Best Practices to Secure Your Time Server. Taking the steps outlined in this paper will eliminate most, if not all, vulnerabilities. It was written for the Sonoma Time Servers but the same general steps apply to our other Linux-based products.
Is there a way to set a timeout for ssh sessions?
Yes. Follow these instructions:
1. Open the sshd_config file for editing.
For current models (Sonoma, Meridian II, Tycho II, RTM3205) open this file:
/etc/ssh/sshd_config
For legacy models open this file:
/etc/sshd_config
2. Uncomment and edit the lines in sshd_config with ClientAliveInterval and ClientAliveCountMax settings as follows:
ClientAliveInterval <session timeout in seconds>
ClientAliveCountMax 0
3. Don't forget to make the modified file persistent, by copying it to FLASH:
For current models (Sonoma, Meridian II, Tycho II, RTM3205):
cp -p /etc/ssh/sshd_config /boot/etc/ssh
For legacy models:
cp -p /etc/sshd_config /boot/etc/
4. Reboot the unit using this command:
reboot
I am using WinSCP to upload files for upgrading and the upgrade keeps failing. What do I do?
If you are uploading via SSH, do not use WinSCP! WinSCP does not work well with a raw flash partition. We have had great success using PuTTY's pscp utility, which is executed from the Windows command line and uses the same syntax as the Linux-based scp utility. You can download pscp from putty.org.
How can I serve time on two different networks?
You will need to configure a gateway for both the Ethernet ports. The user manual indicates that only one port can be configured with a default gateway (using the front panel or netconfig). However, with advanced routing you can configure a gateway for both ports (eth0 and eth1). You must add commands to set up static routes in the /etc/rc.d/rc.M startup script. There is an easily spotted comment in the rc.M file showing where to add the commands. For more information, read this Product Note or contact EndRun Technical Support.
Are any products manufactured by EndRun affected by the CVE-2021-44228 Apache Log4j vulnerability?
No. Products manufactured by Endrun Technologies are not affected because none of them include any version of Apache Log4j.
How are restrictions for subnet access with SSH/SNMP and telnet achieved? For example, how do I set restriction for access to 192.168.1.0/24 subnet?
For our third-generation units such as Sonoma, Meridian II, Tycho II, Ninja, RTM3205 and e-Series Distribution Chassis run the command below to invoke interactive script:
accessconfig
Then, when prompted enter a hostname, host address or range of host addresses to be given telnet/ssh/snmp access (name, IP address or IP address range, 0 to quit). You enter:
192.168.1.0/255.255.255.0
