000017205 - How to install the Shellshock Security Patch on RSA NetWitness and Security Analytics appliances

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000017205
Applies ToRSA Security Analytics
RSA NetWitness NextGen
Shellshock Vulnerability

CVE-2014-6271


 

CVE-2014-7169


 

CVE-2014-7186


 

CVE-2014-7187


 

CVE-2014-6277


 

CVE-2014-6278


Bash
IssueHow to install the Shellshock Security Patch on RSA NetWitness and Security Analytics appliances.
How to apply the bash fixes on NetWitness and Security Analytics Linux-based appliances that protect against the known bash vulnerabilities.
How to protect NetWitness and Security Analytics appliances against the Shellshock vulnerability.
Resolution

In order to protect against multiple bash vulnerabilities that have come to light, RSA has provided a Shellshock Security Patch for CentOS-based NetWitness and Security Analytics appliances.  Follow the steps below to download and install the patch.


  1. Download the Shellshock Security Patch from the SecurCare Online (SCOL) portal.
     
  2. Unzip the shellshock.zip file that is downloaded, in which will be two RPM packages:  bash-3.2-33.el5_11.4.x86_64.rpm and bash-4.1.2-15.el6_5.2.x86_64.rpm
     
  3. Verify the CentOS version on the appliance where the patch will be applied by connecting to the appliance via SSH as the root user and issuing the uname -a command. 
         NOTE:  CentOS 5 appliances will display el5 in the version, whereas CentOS 6 appliances will display el6.
     
  4. Install the appropriate CentOS GPG certificate for the CentOS version.
         CentOS 5:  rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
         CentOS 6:  rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6


    If the GPG keys are not present in the location above, use one of the commands below to import the appropriate key from the CentOS repository.
         CentOS 5:  rpm --import http://mirror.centos.org/centos-5/5.11/os/x86_64/RPM-GPG-KEY-CentOS-5
         CentOS 6:  rpm --import http://mirror.centos.org/centos-6/6.5/os/x86_64/RPM-GPG-KEY-CentOS-6
     
  5. After confirming the CentOS version on the appliance, use WinSCP or your preferred FTP client to transfer the appropriate package to the /tmp directory on the appliance.
     
  6. Connect to the appliance via SSH as the root user and navigate to the /tmp directory by issuing the cd /tmp command.
     
  7. Issue the appropriate command below to install the Shellshock Security Patch.
         CentOS 5:  rpm -Fvh bash-3.2-33.el5_11.4.x86_64.rpm
         CentOS 6:  rpm -Fvh bash-4.1.2-15.el6_5.2.x86_64.rpm

     
  8. Verify that the new version has been installed by issuing the following command:  rpm -qa | grep bash
     
  9. Remove the RPM files from the /tmp directory.
         CentOS 5:  rm /tmp/bash-3.2-33.el5_11.4.x86_64.rpm
         CentOS 6:  rm /tmp/bash-4.1.2-15.el6_5.2.x86_64.rpm

     
  10. Reboot the appliance by issuing the reboot command to complete the installation.
         CAUTION:  Ensure that you have stopped aggregation and/or capture prior to rebooting the appliance.

     
  11. Repeat steps 3-10 for all other appliances that require the patch.

 


If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.

NotesFor a comprehensive list of RSA Products and how they are affected by these bash vulnerabilities, along with their remediation status, refer to the knowledgebase article Bash bug Vulnerability (Shellshock) in RSA products.
Legacy Article IDa68107

Attachments

    Outcomes