RSA has created quarterly security updates for enhanced user security on security analytics appliances.
These patches are cumulative, which means you do not have to install each quarterly update incrementally in order to obtain all of the fixes.
These patches may also install newer kernels with the security fixes.
RSA has written a script that is used to ensure that the latest kernel is installed on the system and is being booted by the appliance. The latest version of the script, which is called the grubby-wrapper script, can be downloaded from the knowledgebase article entitled The default kernel in the grub boot loader configuration is not the latest on an RSA Security Analytics appliance.
Follow the steps below to install the security updates on the Security Analytics server via YUM.
(NOTE: If you are utilizing the smcupdate option to install updates, proceed to Step 5. If you are simply applying a kernel update, proceed to Step 6.)
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.
- Download the security update from the RSA SecurCare Online portal.
- Transfer the downloaded file to the appliance, placing it in a directory with plenty of space.
- Unzip and un-tar the updates file, as shown in the example below.
[root@SA-Server tmp]# gunzip SA_OS_Update-14Q2.tgz
[root@SA-Server tmp]# tar -xvf SA_OS_Update-14Q2.tar
- From the directory where the RPM files reside, move the files into the Security Analytics YUM repository with the command below.
[root@SA-Server tmp]# mv *.rpm /srv/www/rsa/updates/RemoteRPMs/sa/
- Issue the commands below to clean the repository, check for updates, and apply the security patches.
[root@SA-Server ~]# yum clean all
[root@SA-Server ~]# yum check-update
[root@SA-Server ~]# yum update
- Verify the kernel version with the command below.
[root@SA-Server ~]# uname -a
- Identify the latest kernel version installed on the appliance with the command below. The latest version will have the highest number.
[root@SA-Server ~]# rpm -qa | grep kernel
- Download the grubby-wrapper script from the previously mentioned article and transfer it to the appliance.
- Make the script executable with the command below.
[root@SA-Server ~]# chmod +x grubby-wrapper-<version>.sh
- Execute the script with the flags shown below, specifying the latest kernel version. (The example below uses kernel-2.6.32-431.17.1.el6.x86_64 as the latest kernel.)
./grubby-wrapper.<version>.sh -f -k kernel-2.6.32-431.17.1.el6.x86_64
- Once the script has finished, reboot the appliance for the update to take effect.
- When the appliance boots, verify that the latest kernel is being used with the command below.