这篇文章总结了如何升级IBM Guardium组件以及如何修补系统

2   从Fix Central下载补丁/更新
从中下载服务器/代理修补程序 IBM修复中央

修补程序说明:

3   从CLI安装Patch

此方法通常用于中央管理器(聚合器)。登录Web GUI后,通知图标将显示一个红色数字以通知您有可用修补程序。您可以通过单击下载将其从IBM Fix Center下载。

下载补丁后,修补程序将需要上载到Guardium Manager / Argnator。根据环境,修补程序应将其上载到中央管理器或单个收集器。它始终从顶部(Manager / Aggregator)到底部(收集器)开始。

注意:强烈建议在安装补丁之前拥有完整的系统备份。

升级步骤:

  • 登录申请'Cli'
  • 键入命令'fileserver<<ip_address>> <<duration>>'。这将启用Web服务器
    • 从Web浏览器执行Fileserver命令后,请连接到设备http:// _<<appliance_name_or_ip>>:8445

cm01.51sec.org> fileserver 10.10.10.2 1200

Starting the file server...
The file server is ready at //cm01.51sec.org:8445
The timeout has been set to 1200 seconds and it may timeout during the uploading.

The upload will only be accessible from the IP you are logged in from: 10.10.136.2

Press ENTER to stop the file server.

Stopping process

Register patch files in the directory:
SqlGuard-11.0p100_GPU_Nov_2019_V11.1.tgz.enc.sig
Register succeeded
ok
cm01.51sec.org>

  • 浏览本地文件系统以查找下载的补丁文件(已经解压缩)
  • 单击“上载”按钮以将修补程序文件(* .sig)上传到设备

  • 上传修补程序后,只需击中“Enter”,关闭“文件服务器”
  • 在CLI窗口中,使用“修补程序安装”命令安装修补程序
    • 显示系统修补程序可用:显示可以安装的可用修补程序(由于上传的一些旧错误包,您可能会看到一些错误消息)
    • 存储系统补丁现在安装SYS
  • 这将启动向导安装可用的修补程序。

itprosec-tor-igcm01.51sec.org> store system patch install sys

List the files in the patches directory:

1. SqlGuard-10.0p11000_Upgrade_to_Version_11.0_Jun_2019.tgz.enc.sig
2. SqlGuard-10.0p620_Bundle_Apr_25_2019.tgz.enc.sig
3. SqlGuard-10.0p9997.tgz.enc.sig
4. SqlGuard-11.0p12_Bundle_Nov_05_2019.tgz.enc.sig
5. SqlGuard-11.0p4003_Snif_Oct_24_2019.tgz.enc.sig

Please choose patches to install (1-5, or multiple numbers separated by ",", or q to quit): 5
Install item 5

Patch has been submitted, and will be installed according to the request time,
please check installed patches report or CLI (show system patch installed).

Please don't forget to remove your media if necessary.
ok

itprosec-tor-igcm01.51sec.org> show system patch installed
P#      Who       Description                     Request Time         Status
11000   CLI       Upgrade to Version 11.0 (Jun 07 2019-08-30 11:14:11  Phase 5: Migration completed
4003    CLI       Snif Update (Oct 24 2019)       2019-12-04 17:18:45  STEP: Executing Post Install Actions
12      CLI       SqlGuard-11.0p12_Bundle_Nov_05_ 2019-12-04 17:21:01  Preparing to install patch.
ok

注意:由于缺少依赖项,您的安装可能会失败,就像下面的显示一样:

cm01.51sec.org> store system patch install sys

List the files in the patches directory:

1. SqlGuard-10.0p11000_Upgrade_to_Version_11.0_Jun_2019.tgz.enc.sig
2. SqlGuard-10.0p620_Bundle_Apr_25_2019.tgz.enc.sig
3. SqlGuard-10.0p9997.tgz.enc.sig
4. SqlGuard-11.0p100_GPU_Nov_2019_V11.1.tgz.enc.sig
5. SqlGuard-11.0p12_Bundle_Nov_05_2019.tgz.enc.sig
6. SqlGuard-11.0p4003_Snif_Oct_24_2019.tgz.enc.sig

Please choose patches to install (1-6, or multiple numbers separated by ",", or                                                                                                              q to quit): 4
Install item 4

Dependent patches not installed successfully or not available: 9997

Please don't forget to remove your media if necessary.
ok

在上图中,未首先安装最新的Health_Check修补程序。您需要转到Fix Center以下载此最新的Health_Check补丁。
安装最新的健康检查修补程序与安装其他修补程序相同:
一种。上传提取的.sig healtch_check修补程序通过fileserver命令
湾存储系统补丁安装系统:选择您刚上传的那个
C。安装了系统修补程序:检查安装过程

注意:对于嗅闻,它通常需要10分钟才能完成。但对于捆绑包,它需要30 - 60分钟才能完成。有时,安装后,已安装的包不会从列表中删除。在选择选择时,您必须清楚地知道您安装了哪一个,现在需要安装哪一个。

4  从Web GUI安装修补程序进行数据库

从Central Manager(聚合器)推出STAP

对于GIM,您需要取消选中一些过滤器以显示它。

从Central Manager分发Patch / Install Patch到收集器

要将COMP从Central Manager分发到管理单元,必须发生以下之一:


该修补程序安装在中央管理器上

  • 通过运行以下CLI命令,在中央管理器上提供了修补程序: store system patch available
使用介绍将补丁分发到管理单元 中央管理 在中央经理的页面。

  1. 导航 管理 > 中央管理 > 中央管理.
  2. 来自 中央管理 页面,选择托管单位以接收修补程序并单击 补丁分发 button.
  3. 来自 补丁分发 页面,选择要分发的修补程序。
    • 点击 立即安装补丁 立即安装修补程序。
    • 点击 安排补丁 安排未来的补丁安装。


5  监控和验证修补程序安装

您可以通过以下方式监视和验证修补程序的安装:

  • Issue the following CLI command: show system patch install.
  • 使用cm上的中央管理页面: 管理 > 中央管理 > 中央管理 > 补丁安装状态.

安装DPS更新

升级或还原过程后,您需要更新Guardium DPS文件。下载最新的DPS文件,然后使用 硬化 > 漏洞评估 > 客户上传 上载和导入新DPS文件的工具。


单击绿色复选标记以导入上传的DPS文件。

删除卡住补丁安装

修补程序安装可能会卡在某些阶段。在我这个情况下,它已被困在“准备安装补丁”几个小时。

guardium-v11.yourcompany.com> show system patch install
P#      Who       Description                     Request Time         Status
200     CLI       Guardium Patch Update (GPU) for 2020-08-16 10:25:16  DONE: Patch installation Succeeded.
4009    CLI       SqlGuard-11.0p4009_Snif_Jul_09_ 2020-08-18 09:14:58  Preparing to install patch.
ok
guardium-v11.yourcompany.com>


guardium-v11.yourcompany.com> delete scheduled-patch
P#      Who       Description                     Request Time         Status
200     CLI       Guardium Patch Update (GPU) for 2020-08-16 10:25:16  DONE: Patch installation Succeeded.
4009    CLI       SqlGuard-11.0p4009_Snif_Jul_09_ 2020-08-18 08:17:40  Preparing to install patch.

Please enter patch number (or q to quit): 4009
Remove the patch number 4009 to install
ok
guardium-v11.yourcompany.com> show system patch inst
P#      Who       Description                     Request Time         Status
200     CLI       Guardium Patch Update (GPU) for 2020-08-16 10:25:16  DONE: Patch installation Succeeded.
ok
guardium-v11.yourcompany.com> store system patch install sys

List the files in the patches directory:

1. SqlGuard-11.0p4009_Snif_Jul_09_2020.tgz.enc.sig

Please choose patches to install (1-1, or multiple numbers separated by ",", or q to quit): 1
Install item 1


Patch has been submitted, and will be installed according to the request time,
please check installed patches report or CLI (show system patch installed).

Please don't forget to remove your media if necessary.
ok
guardium-v11.yourcompany.com> 

为修补程序安装问题生成支持日志:


guardium-v11.yourcompany.com> support must_gather patch_install_issues


This operation may take several minutes to complete.

11.2.0_r108847_v11_2_1-el76-20200529_1309
    BUILD_ID_APPLIANCE="appliance-v11_2-20200529_1309"
Please check notes in /var/IBM/Guardium/log/must_gather/patch_install_logs/ANALYZE_RESULTS.txt file.
Created file /var/IBM/Guardium/log/must_gather/patch_install_logs/patch_install.20200818092518.tgz.
ok
guardium-v11.yourcompany.com>fileserver 192.168.2.70 3600

参考

1   

来自Blogger. http://blog.fabiandinkins.com/2020/08/ibm-guardium-upgrade-patch-installation.html

经过 Jon.

发表评论