000030036 - How to apply patches from the local hard drive for RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jul 26, 2019Last modified by RSA Customer Support Employee on Aug 15, 2019
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030036
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
IssueYou might need to use this method in one of the following situations:
  • The HTTP file upload, Windows Shared Folder or NFS share is not stable for uploading patches.  
  • CD/DVD isn't an option because the system is in a remote location.
  • To limit the time it takes to apply patches by staging the patch files on the Authentication Manager local file system.
ResolutionTo complete the patch process, follow the steps below:
  1. Download the patch *.zip file from RSA Link.
  2. Extract the *.zip file contents and move the patch ISO to the /tmp/ directory in Authentication Manager using WinSCP or a similar tool.
  3. Login to the Authentication Manager primary via SSH, vSphere or direct connection.
  4. Change to root using the following command. 

    sudo su -

  5. Change the permissions of the patch ISO file to 777. 

    chmod 777 /tmp/patchfilename.iso

  6. Create a symbolic link for /dev/cdrom to the patch location:

    ln -s /home/rsaadmin/patchfilename.iso /dev/cdrom

  7. From /opt/rsa/am/utils/bin/appliance, copy manageMount.sh to manageMount.sh.orig.

    cp /opt/rsa/am/utils/bin/appliance/manageMount.sh /opt/rsa/am/utils/bin/appliance/manageMount.sh.orig

  8. Edit manageMount.sh to comment out the original mount_cdrom function by adding :<<'END_COMMENT' before the function and END_COMMENT after the function. 

        umount_cdrom > /dev/null 2>&1
        for i in `seq 0 9`
            if [ -b "/dev/sr$i" ]; then
                mount -t auto -r "/dev/sr$i" /media
                if [ "$?" = "0" ]; then
                    return 0

        return 1

  9. Add the following new function for mount_cdrom.

    mount_cdrom () {
            umount_cdrom > /dev/null 2>&1
            mount -t iso9660 -r /dev/cdrom /media

  10. Save a copy of the updated file.  The file is overwritten during the patch process. This saves a step for next time.

    cp /opt/rsa/am/utils/bin/appliance/manageMount.sh /opt/rsa/am/utils/bin/appliance/manageMount.sh_hdd

  11. Go to Operations Console > Maintenance > Update & Rollback.
  12. Click Configure Update Source, select Use DVD/CD as the update source and click Save. 
  13. Click Scan for Updates and Authentication Manager should be able to detect the patch and the option to Apply Update will come up. 
NotesChanges made to the /opt/rsa/am/utils/bin/appliance/ManageMount.sh do not survive the patching process.  

To patch again from the hard drive, copy the manageMount.sh_hdd file from Step 5 above back to the original filename:

cp /opt/rsa/am/utils/bin/appliance/manageMount.sh_hdd  /opt/rsa/am/utils/bin/appliance/manageMount.sh

To remove the symbolic link, run the command below: 

rm /dev/cdrom