000030036 - How to apply patches from the local hard drive for RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jul 26, 2019Last modified by RSA Customer Support Employee on Oct 7, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000030036
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
IssueYou might need to use this method in one of the following situations:
  • The HTTP file upload, Windows Shared Folder or NFS share is not stable for uploading patches.  
  • CD/DVD isn't an option because the system is in a remote location.
  • To limit the time it takes to apply patches by staging the patch files on the Authentication Manager local file system.
ResolutionTo complete the patch process, follow the steps below:
  1. Visit the RSA Authentication Manager download page.
  2. Click the link for the version of Authentication Manager deployed in your environment.  For versions lower than Authentication Manager 8.4, please go to the RSA Authentication Manager product version page and select the correct version. 
  3. Download the am-update-<patch version> *.zip file (for example, am-update- from RSA Link.
  4. Extract the *.zip file contents and move the am-update-<patch version>.iso to the /tmp/ directory on the Authentication Manager primary using WinSCP or a similar tool.
  5. Login to the Authentication Manager primary via SSH, vSphere or direct connection.
  6. Change to root using the following command. 

sudo su -

  1. Change the permissions of the patch ISO file to 777:

chmod 777 /tmp/patchfilename.iso

  1. Make sure that the directory /media isn't missing:

ls -l /media

  1. Make sure it has full permissions:

chmod 777 /media

  1. From /opt/rsa/am/utils/bin/appliance, copy manageMount.sh to manageMount.sh.orig:

cp /opt/rsa/am/utils/bin/appliance/manageMount.sh /opt/rsa/am/utils/bin/appliance/manageMount.sh.orig

  1. Open manageMount.sh in a text edit, such a vi.
  2. Press i to enter Insert mode.
  3. Edit the file to comment out the original mount_cdrom function by adding :<<'END_COMMENT' before the function and END_COMMENT after the function. 

    umount_cdrom > /dev/null 2>&1
    for i in `seq 0 9`
        if [ -b "/dev/sr$i" ]; then
            mount -t auto -r "/dev/sr$i" /media
            if [ "$?" = "0" ]; then
                return 0

    return 1

  1. Add the following new function for mount_cdrom.

mount_cdrom () {
        umount_cdrom > /dev/null 2>&1
        mount -t iso9660 -r /dev/cdrom_am /media

  1. Exit Insert mode by pressing Escape.
  2. Type :wq! to save a copy of the updated file. 
  3. The file is overwritten during the patch process. This saves a step for next time.

cp /opt/rsa/am/utils/bin/appliance/manageMount.sh /opt/rsa/am/utils/bin/appliance/manageMount.sh_hdd

  1. Create a symbolic link for /dev/cdrom to the patch location:

ln -s /tmp/patchfilename.iso /dev/cdrom_am

  1. Login to the Operations Console and select Maintenance > Update & Rollback.
  2. Click Configure Update Source, select Use DVD/CD as the update source and click Save
  3. Click Scan for Updates and Authentication Manager should be able to detect the patch and the option to Apply Update will come up. 
NotesChanges made to the /opt/rsa/am/utils/bin/appliance/ManageMount.sh do not survive the patching process.  

To patch again from the hard drive, copy the manageMount.sh_hdd file from Step 13 above back to the original filename:

cp /opt/rsa/am/utils/bin/appliance/manageMount.sh_hdd  /opt/rsa/am/utils/bin/appliance/manageMount.sh

To remove the symbolic link, run the command below: 

rm /dev/cdrom_am