000029307 - How to update to the newest kernel and security patches in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000029307
Applies ToRSA Product Set: Security Analytics
RSA Version/Condition: 10.3.x, 10.4.x
Platform: CentOS
O/S Version: EL6
TasksThe purpose of this article is to assist users in upgrading their Security Analytics environment to the latest kernel version as well as applying the RSA security patches.

RSA has created quarterly security updates for enhanced user security on security analytics appliances.
These patches are cumulative, which means you do not have to install each quarterly update incrementally in order to obtain all of the fixes.  
These patches may also install newer kernels with the security fixes.
RSA has written a script that is used to ensure that the latest kernel is installed on the system and is being booted by the appliance.  The latest version of the script, which is called the grubby-wrapper script, can be downloaded from the knowledgebase article entitled The default kernel in the grub boot loader configuration is not the latest on an RSA Security Analytics appliance.
Follow the steps below to install the security updates on the Security Analytics server via YUM.
(NOTE:  If you are utilizing the smcupdate option to install updates, proceed to Step 5.  If you are simply applying a kernel update, proceed to Step 6.)

  1. Download the security update from the RSA SecurCare Online portal.
  2. Transfer the downloaded file to the appliance, placing it in a directory with plenty of space.
  3. Unzip and un-tar the updates file, as shown in the example below.
    [root@SA-Server tmp]# gunzip SA_OS_Update-14Q2.tgz
    [root@SA-Server tmp]# tar -xvf SA_OS_Update-14Q2.tar

  4. From the directory where the RPM files reside, move the files into the Security Analytics YUM repository with the command below.
    [root@SA-Server tmp]# mv *.rpm /srv/www/rsa/updates/RemoteRPMs/sa/

  5. Issue the commands below to clean the repository, check for updates, and apply the security patches.
    [root@SA-Server ~]# yum clean all
    [root@SA-Server ~]# yum check-update
    [root@SA-Server ~]# yum update

  6. Verify the kernel version with the command below.
    [root@SA-Server ~]# uname -a

  7. Identify the latest kernel version installed on the appliance with the command below.  The latest version will have the highest number.
    [root@SA-Server ~]# rpm -qa | grep kernel

  8. Download the grubby-wrapper script from the previously mentioned article and transfer it to the appliance.
  9. Make the script executable with the command below.
    [root@SA-Server ~]# chmod +x grubby-wrapper-<version>.sh

  10. Execute the script with the flags shown below, specifying the latest kernel version.  (The example below uses kernel-2.6.32-431.17.1.el6.x86_64 as the latest kernel.)
    ./grubby-wrapper.<version>.sh -f -k kernel-2.6.32-431.17.1.el6.x86_64

  11. Once the script has finished, reboot the appliance for the update to take effect.  
  12. When the appliance boots, verify that the latest kernel is being used with the command below.
    uname -a

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.