000034194 - How to Update Java Version in RSA Web Threat Detection 5.1.2

Document created by RSA Customer Support Employee on Dec 13, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000034194
Applies ToRSA Product Set: Web Threat Detection
RSA Product/Service Type: Mitigator
RSA Version/Condition: 5.1.2
Platform: Linux
 
IssueA customer who is using Web Threat Detection may want to know what version is supported and if they may update the Java version (to meet security mandates for Java vulnerabilities, enterprise wide updates, etc.)
 
TasksObtain the release notes for the current version of WTD and look at version specific statements on Java version compatibility.  For this article we are going to provide an example since this was an actual Customer case and question. 
You can ask the Customer to run the following command to get the actual installed version on their WTD system.
# java -version   

Ask the Customer why they need to update the java version.  What is the version to which they want to update?  Is this to meet security vulnerability compliance or for some other purpose?
Resolution
WTD 5.1.2 and Java version: 
See page 23 of the Release Notes for version 5.1.2.  In the release notes Java version 1.8 is already specified.

  • If you want to use the Profile Timeline feature, you will need to install the Cassandra database as part of the installation. The Cassandra database has a dependency on Oracle JRE. If you are working in closed environment, you'll need to install this dependency before you begin installation. Consult the Oracle Java website for specific details about installing dependences.
At the time of this writing, the JRE can be found at the following location: http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html.

-----------------------------------------------------------------------------------------

If you go to the above URLs you will have a choice of JRE 8 downloads.  You should upgrade to the latest build of the 1.8 version, which is 102.  You should make sure to upgrade the JCE policy jar files to ones provided specifically for version 8.

 

At present Cassandra and CProfilerUpdater are the only components using Java.  In future versions, however, the direction for development will convert more components to using Java, as stated by Engineering. 
Installation instructions that are recommended -- 

There are no specific upgrade instructions for upgrading only the Java JRE (or JCE policy jars, if required).   
However, as a good practice this is recommended. 
1.  Stop all the services ,    
2.  Upgrade Java, 
3. Restart the services in the proper order. 
4. Monitor var/log/messages and Cprofilerupdater and Cassandra logs for errors.
5. Make sure the Profiler timeline is working in the Forensics User Interface (FUI). 
NotesThe approach of this article can be applied to other versions of WTD.  It maybe more difficult if the Customer wants to upgrade to a whole new number version (i.e.,  Java 1.7  to Java 1.8).  Test or Development systems from lower environments should be used to test compatibility with Customers WTD implementation. 

Attachments

    Outcomes