Deploying BigFix Patches for Red Hat

Similar documents
IBM BigFix Relays Part 1

Analyzing Hardware Inventory report and hardware scan files

IBM Security Network Protection

BigFix Query Unleashed!

More on relevance checks in ILMT and BFI

What's new in AppScan Standard/Enterprise/Source version

Introduction to IBM Security Network Protection Manager

Security Support Open Mic: ISNP High Availability and Bypass

Interpreting relevance conditions in commonly used ILMT/BFI fixlets

QRadar Feature Discussion IBM SECURITY SUPPORT OPEN MIC

XGS & QRadar Integration

Disk Space Management of ISAM Appliance

Remote Syslog Shipping IBM Security Guardium

How AppScan explores applications with ABE and RBE

IBM Threat Protection System: XGS - QRadar Integration

IBM Security Support Open Mic

What's new in AppScan Standard version

HTTP Transformation Rules with IBM Security Access Manager

IBM Security Identity Manager New Features in 6.0 and 7.0

Using Buffer Usage Monitor Report & Sniffer must_gather for troubleshooting

IBM BigFix Client Reporting: Process, Configuration, and Troubleshooting

Security Support Open Mic Build Your Own POC Setup

IBM Security Access Manager v8.x Kerberos Part 2

IBM Security Network Protection Open Mic - Thursday, 31 March 2016

XGS: Making use of Logs and Captures

Security Support Open Mic Client Certificate Authentication

IBM Security Access Manager v8.x Kerberos Part 1 Desktop Single Sign-on Solutions

QRadar Open Mic: Custom Properties

IBM BigFix Version 9.5. Patch for Red Hat Enterprise Linux User's Guide IBM

IBM Security Access Manager Single Sign-on with Federation

Understanding scan coverage in AppScan Standard

IBM BigFix Relays Part 2

Configuring your policy to prevent appliance problems

XGS Administration - Post Deployment Tasks

MSS VSOC Portal Single Sign-On Using IBM id IBM Corporation

IBM Security Guardium: Troubleshooting No Traffic Issues

Let s Talk About Threat Intelligence

BigFix 101- Server Pricing

Optimizing IBM QRadar Advisor with Watson

ISAM Advanced Access Control

IBM Security Guardium: : Sniffer restart & High CPU correlation alerts

How to properly deploy, configure and upgrade the NAB

Junction SSL Debugging With Wireshark

SWD & SSA Updates 2018

ISAM Federation STANDARDS AND MAPPINGS. Gabriel Bell IBM Security L2 Support Jack Yarborough IBM Security L2 Support.

IBM Guardium Data Encryption

IBM MaaS360 Kiosk Mode Settings

Let s talk about QRadar 7.2.5

IBM Security Directory Server: Utilizing the Audit.log

Configuring zsecure To Send Data to QRadar

GX vs XGS: An administrator s comparison of the two products

Threat Intelligence to enhance Cyber Resiliency KEVIN ALBANO GLOBAL THREAT INTELLIGENCE LEAD IBM X-FORCE INCIDENT RESPONSE AND INTELLIGENCE SERVICES

IBM Security Access Manager What s in the box : InfoMap Authentication Mechanism IBM SECURITY SUPPORT OPEN MIC. 13 Dec 2017

May the (IBM) X-Force Be With You

ForeScout Extended Module for IBM BigFix

IBM Security. Endpoint Manager- BigFix. Daniel Joksch Security Sales IBM Corporation

Integrated, Intelligence driven Cyber Threat Hunting

IBM Security Network Protection v Enhancements

Patch Management for Solaris

Cybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY

ForeScout Extended Module for IBM BigFix

IBM IBM Tivoli Endpoint Manager V8.1 Implementation.

Forescout. eyeextend for IBM BigFix. Configuration Guide. Version 1.2

Securing global enterprise with innovation

Let's talk about QRadar Apps: Development & Troubleshooting IBM SECURITY SUPPORT OPEN MIC

Identity Governance Troubleshooting

IBM Endpoint Manager. OS Deployment V3.5 User's Guide

IBM Endpoint Manager Version 9.0. Software Distribution User's Guide

Release Notes: Blue Jeans 2.9.5

IBM Endpoint Manager. OS Deployment V3.8 User's Guide - DRAFT for Beta V.1.0 (do not distribute)

IBM Security Identity Governance and Intelligence Clustering and High Availability

IBM Endpoint Manager Version 9.1. Patch Management for AIX User's Guide

MULTI FACTOR AUTHENTICATION USING THE NETOP PORTAL. 31 January 2017

Be effective in protecting against the cybercrime

IBM Exam C IBM Tivoli Endpoint Manager V8.1 Implementation Version: 6.0 [ Total Questions: 180 ]

Modern Realities of Securing Active Directory & the Need for AI

IBM UrbanCode Deploy V6.2 provides the tools needed to automate the application deployment pipeline

IBM BigFix Compliance PCI Add-on Version 9.5. Payment Card Industry Data Security Standard (PCI DSS) User's Guide IBM

McAfee Endpoint Security Threat Prevention Installation Guide - Linux

Fabrizio Patriarca. Come creare valore dalla GDPR

Patch Management for AIX

IBM MaaS360 with Watson Evaluator s Guide. Version 2.2

The New Era of Cognitive Security

Juniper Secure Analytics Patch Release Notes

Tivoli Endpoint Manager for Patch Management - AIX. User s Guide

IBM Security Access Manager for Enterprise Single Sign-On Version AccessStudio Guide IBM SC

BigFix OS Deployment. Windows 7 Migration Guide

Using the Server Automation Red Hat Importer

IBM Endpoint Manager for OS Deployment Linux OS provisioning using a Server Automation Plan

Red Hat Quay 2.9 Deploy Red Hat Quay - Basic

Polycom ContentConnect Quick User Guide

How to Secure Your Cloud with...a Cloud?

McAfee Network Security Platform 8.3

Open Mic Webcast. IBM Sametime Media Manager Troubleshooting Tips and Tricks. Tony Payne Sr. Software Engineer May 20, 2015

IBM Security QRadar. WinCollect User Guide V7.2.7 IBM

IBM United States Software Announcement , dated February 17, 2015

Red Hat Development Suite 2.2

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Red Hat JBoss Developer Studio 11.3

NGFW Security Management Center

Transcription:

Deploying BigFix Patches for Red Hat IBM SECURITY SUPPORT OPEN MIC Reminder: You must dial-in to the phone conference to listen to the panelists. The web cast does not include audio. USA toll-free: 866-803-2141 USA toll: 1-203-607-0460 Participant passcode: 7402573 Slides and additional dial in numbers: https://ibm.biz/bdrqwl Tuesday, 27 September 2016 NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE YOUR IRREVOCABLE CONSENT TO IBM TO RECORD ANY STATEMENTS THAT YOU MAY MAKE DURING THE CALL, AS WELL AS TO IBM S USE OF SUCH RECORDING IN ANY AND ALL MEDIA, INCLUDING FOR VIDEO POSTINGS ON YOUTUBE. IF YOU OBJECT, PLEASE DO NOT CONNECT TO THIS CALL.

Panelists Presenter: Adam McDonald L2 Support Software Engineer for IBM BigFix Panelists: Ashwin Manekar Product Manager for IBM BigFix Patch Kenny Chow Technical Lead for IBM BigFix Patch for Red Hat Chuxin Zhao Software Developer for IBM BigFix Patch for Red Hat Moderator: Kevin Reinstein L2 Support Manager for IBM BigFix 2 IBM Security

Enabling Red Hat Patching Sites The following Red Hat Patching (and supporting) sites are currently supported and should be enabled: Patches for RHEL5 - Native Tools Patches for RHEL6 - Native Tools Patches for RHEL 6 System Z Patches for RHEL 7 Patching Support Linux RPM Patching The following Red Hat Patching sites have been deprecated and are not supported. These should not be enabled: Patches for RedHat Patches for RedHat Enterprise Linux Patches for RHEL 3 Patches for RHEL 4 Patches for RHEL 5/6 Dependency Resolution Note: The designation of Native Tools at the end of the names of sites is going away and it is implicitly understood that RHEL 7 uses native tools (i.e. YUM) as part of its dependency resolution processes Full List of Support Platforms: https://ibm.biz/bd4gwc Site Applicability Matrix: https://ibm.biz/bdrtrt 3 IBM Security

Enabling Red Hat Patching Sites Go to the License Overview Dashboard Click on the Enable link next to the site to enable Under Enabled Sites in the dashboard click on the site link Click the Gather button: The..\BES Server\GatherDBData\GatherDB.log confirms successful gathering Wed, 21 Sep 2016 21:33:01-0700 -- Beginning import of version 104 of site Patches for RHEL 7 Wed, 21 Sep 2016 21:33:42-0700 -- Import of version 104 of site Patches for RHEL 7 completed successfully 4 IBM Security

Subscribing Computers Within the site go to the Computer Subscriptions tab and select All Computers In the Operator Permissions tab select the operators that you want to associate with this site and their level of permission Click Save Site Level Relevance in the site will take care of the rest: 5 IBM Security

Activate analyses within the Patching Support and Linux RPM Patching sites The following analyses are useful for gaining information during the deploying patches for Red Hat systems 6 IBM Security

Network Considerations The following sites will/may be access during Red Hat patching by the BigFix server or BigFix relays. Firewalls and proxies need to allow traffic from these sites through on ports 80 and 443: software.bigfix.com support.bigfix.com sync.bigfix.com sso.redhat.com rhn.redhat.com www.redhat.com Your custom repository site if using a custom repository 7 IBM Security

Two Setup Methods

Download Plug-in Method

Registering the Download Cacher Plug-in Go to the All Content > Sites > Patching Support > Dashboards > Manage Download Plugins dashboard And, choose your primary BigFix server 10 IBM Security

Registering the Download Cacher Plug-in Choose the primary BigFix server and then click Register 11 IBM Security

Registering the Download Cacher Plug-in Enter your Red Hat credentials and your proxy credentials (if needed) and click OK 12 IBM Security

Registering the Download Cacher Plug-in Once the action is completed, you can verify the plug-in is installed on the BigFix server from the following directory: <BES SERVER>\DownloadPlugins\RedHatProtocol 13 IBM Security

Upgrade Download Plug-in 14 IBM Security

Upgrade the Download Plug-in 15 IBM Security

The Download Process Action is taken on a Red Hat patching fixlet Client receives action, evaluates it, and starts to execute it Native tool dependency resolution files are cached to the BigFix server and downloaded by the client to be used in the dependency resolution process on the client endpoint: <BES SERVER>\wwwrootbes\bfmirror\downloads\sha1 The client calculates any needed dependencies on the client endpoint and sends these requests along with request for the payload patch package to Download Cacher plug-in on the server Download Cacher plug-in authenticates to Red Hat site, searches, and requests these items from the Red Hat for download The downloads are retrieved and cached to the BigFix server <BES SERVER>\wwwrootbes\bfmirror\downloads\sha1 Lastly, the client downloads them from the BigFix server (and through the relays) and installs them. 16 IBM Security

Custom Repository Method

Add a New Repository Go to Sites > Patching Support > Dashboards > RHEL Custom Repository Management On the Repositories tab Choose the Repository Type and enter the details 18 IBM Security

Register the Repository to your Endpoints On the Endpoints tab select the Red Hat endpoints to register with the repository and click Register a new repository: Choose the repository and click Next and click Save, then take action: 19 IBM Security

Enable custom Repository Support on your Red Hat Endpoints Take action on: Task # 13 Enable custom repository support - Red Hat Enterprise Linux in the Patching Support site This task adds the following client setting on the endpoints: "_BESClient_RHEL_AllowYumDownloads"="1" You should now be able to take actions on the patching fixlets and have the Red Hat endpoints download the patch packages 20 IBM Security

You can also update specific YUM packages You could also take action on Task # 18 Install packages by using yum in the Patching Support site if there was a specific YUM update you wanted to update on the endpoint. Simply enter the name of the package(s) separated by spaces. Note: If you leave it black, the action will it updates all installed packages on the endpoint. 21 IBM Security

Common Problems

Download Plug-In Problems The Red Hat download plug-in needs to be registered on the server A new Red Hat download plug-in is available and needs to be updated The Red Hat site has changed and a new plug-in needs to be released by IBM BigFix Incorrect or invalid username/password is being used: Test logging in via a browser @ https://sso.redhat.com/ The Red Hat user does not have sufficient subscription privileges on the Red Hat site Try manually searching for and downloading the package via http://access.redhat.com/errata/<errata id> in a browser. Your Internet proxy may be blocking the connection or download from occurring. Consult with your network administrators. Wireshark packet captures. Download Plug-in logs are located at:..\bes Server\DownloadPlugins\RedHatProtocol\logs\RedHatPlugin_YYYY-M-D_HH-MM-SS.log Client logs can help to troubleshoot issues on the client endpoint: https://ibm.biz/bdrtss 23 IBM Security

Example: A Change to Red Hat s Download Site A change in the Red Hat site can cause a break in the download cacher plugin process. Entries in the Red Hat plugin log:..\bes Server\DownloadPlugins\RedHatProtocol\logs\RedHatPlugin_YYYY-M-D_HH-MM-SS.log Which look similar to: Indicate either a problem with the Red Hat username/password or the Red Hat site has updated and broken the plug-in download process. Test your username and password credentials via a browser @ https://sso.redhat.com/ 24 IBM Security

Custom Repository Problems A custom repository or satellite server for Red Hat has not been setup or configured properly in your deployment The custom repository has not been added to your BigFix deployment Your Red Hat endpoints have not been registered to your custom repository Client setting "_BESClient_RHEL_AllowYumDownloads"="1 has not been set on your client endpoints Client logs can help to troubleshoot issues on the client endpoint: https://ibm.biz/bdrtss 25 IBM Security

Problems with Dependency Resolution Check the /var/opt/besclient/edrdeploydata/edr_deploymentresults.txt file on the endpoint for issues. Certain kernel drivers and third party libraries may need to be updated ahead of deployment of a specific patch You may need to take a secondary action, and remove the delete commands in the //Cleanup section at the bottom of the fixlet s Action Script. This will preserve all the EDR files which can be collected from the endpoint for troubleshooting. Steps: https://ibm.biz/bdrkuz Example: Dependency resolution fails because of third party dependency libraries https://ibm.biz/bdrkuj 26 IBM Security

You can use the RPM Deployment Wizard You can use the RPM Deployment Wizard in the Linux RPM Patching site to deploy an RPM to the endpoint via an action. You must have downloaded the RPM already. Note: This will process will not perform dependency resolution for the RPM 27 IBM Security

Other Potential Problems Problem with decompression of packages on the endpoint: Ensure latest bzip2 application is installed on the endpoints. GPG error message on the endpoint during patch deployment: Error in the EDRDeploymentResults file: rpmts_hdrfromfdno: Header V3 DSA signature: NOKEY, key ID 37017186 Public key for <RPM files> is not installed. Ensure gpg keys are installed and enabled on the endpoints or set the gpgcheck to 0 Use rpm --import /etc/pki/rpm-gpg/rpm-gpg-key-redhat-release. Or, set gpgcheck=0 in /etc/yum.conf. This option only for the native tools sites. Important Note about the RHEL 7: The BigFix patching process is similar among the versions and flavors for Red Hat Enterprise Linux. However, the change in the management services for Red Hat Enterprise Linux 7 might have an impact on how the patches are retrieved. Please see the following article for some additional steps you may need to take to ensure RHEL 7 downloads are accessible RHEL 7 Patching: https://ibm.biz/bdhnfu 28 IBM Security

Resources Patch for Red Hat Enterprise Linux Guide: https://ibm.biz/bdrkuy Patch for Red Hat FAQ s: https://ibm.biz/bdrku2 Best Practices for Patching Red Hat Linux: https://ibm.biz/bdrgjp Additional Troubleshooting: https://ibm.biz/bdrtjc 29 IBM Security

Questions for the panel Now is your opportunity to ask questions of our panelists. To ask a question now: Press *1 to ask a question over the phone or Type your question into the IBM Connections Cloud Meeting chat To ask a question after this presentation: You are encouraged to participate in the dw Answers forum on this topic: https://developer.ibm.com/answers/questions/304559/openmic-deploying-bigfix-patches-forredhat-septem/ 30 IBM Security

Where do you get more information? Questions on this or other topics can be directed to the product forum: https://developer.ibm.com/answers/topics/bigfix/ Useful links: Get started with IBM Security Support IBM Support Portal Sign up for My Notifications Follow us: 31 IBM Security

THANK YOU FOLLOW US ON: https://www.facebook.com/ibm-security-support-221766828033861/ youtube/user/ibmsecuritysupport @askibmsecurity securityintelligence.com xforce.ibmcloud.com Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback