000028967 - How to recreate the RSA Security Analytics updates repository

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000028967
Applies ToRSA Product Set:  Security Analytics
RSA Product/Service Type:  Security Analytics Server
RSA Version/Condition:  10.3.x, 10.4.x
Platform:  CentOS
O/S Version:  EL6
IssueWhen attempting to upgrade to a version that is not the newest release and inadvertently hitting the 'Synchronize' button, the RPMs from the current version are downloaded.
The yum check-update command lists the latest version updates, even though the download package for another version was manually downloaded in order to be applied to the appliances.
Example: The Updates repository in the Security Analytics UI shows all 10.3.4 RPM files, but when issuing the yum check-update command it shows 10.4 files.
A reset of the Security Analytics repository may also be necessary in version 10.4.x in special circumstances, such as to remove the 2014 Q4 Security Patch from the repository based on the SecurCare Online advisories entitled RSA Security Analytics Q4 Security Patch Issues and Updates for two issues identified with the Security Analytics Q4 2014 Security Patch.
CAUTION:  
If upgrading from version 10.3.x to Security Analytics 10.4.0.2 or 10.4.1 and the Q4 2014 Security Patch has already been applied, the repository should NOT be recreated with the steps below.  
If the repository has already been cleared, follow the instructions in the the article entitled How to upgrade to RSA Security Analytics 10.4.0.2 or 10.4.1 from 10.3.x when the Q4 2014 Security Patch is already installed to resolve the issue.
TasksThis article provides instructions for resetting the Security Analytics repository.
ResolutionThe steps below can be performed to reset the repository data on the RSA Security Analytics server.
  1. Disable auto-sync.
    1. In the Security Analytics UI, navigate to Administration -> System -> Updates and click on the Settings tab.
    2. Uncheck the Enable option for the smcupdate.emc.com repository and click the Apply button.
  2. Remove the Remote RPMs on the Security Analytics server.
    1. Connect to the Security Analytics server appliance via SSH as the root user.
    2. Navigate to the appropriate directory with the following command:  cd /var/netwitness/srv/www/rsa/updates/RemoteRPMs
    3. Issue the following command to remove all files in the directory:  rm -rf *
  3. Remove the user-uploaded RPMs on the Security Analytics server.
    1. Connect to the Security Analytics server appliance via SSH as the root user.
    2. Navigate to the appropriate directory with the following command:  cd /var/netwitness/srv/www/rsa/updates/SAUserUploaded
    3. Issue the following command to remove all files in the directory:  rm -rf *
  4. Recreate the repository.
    1. Navigate to the appropriate directory with the following command:  cd /var/netwitness/srv/www/rsa/updates
    2. Issue the following command to create the repository in the current directory:  createrepo .
  5. Click on the Settings tab, check the Enable option, and click the Apply button.
  6. In the Security Analytics UI, navigate to Administration -> System -> Updates and click on the Synchronize Now button to synchronize the repository with smcupdate.emc.com.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.
NotesIf upgrading to a Security Analytics 10.3 service pack and the yum utility must be used to perform the update as opposed to the Security Analytics UI, do not perform steps 5 and 6 in the above instructions,and instead follow the additional steps below.
  1. In the Security Analytics UI, navigate to Administration -> System -> Updates and click on the Manual Updates tab.
  2. Upload the correct zip file with the RPMs and click the Apply button to upload them.
  3. After a few minutes, return to the SSH session for the applicable appliance(s) and issue the yum clean all command.
  4. Issue the yum check-update command, at which point only the uploaded RPMs should be listed.
  5. The update can then be performed by issuing the command yum update -y on the appropriate appliance(s).

Attachments

    Outcomes