Search this Blog

Tuesday, October 9, 2012

Do an offline attack update using guiSvrCli.sh when the NSM server does not have internet access?

Attack update can be performed from the CLI using the guiSvrCli.sh script. This tool, by default, uses the HTTP URL https://services.netscreen.com/restricted/sigupdates/nsm-updates/NSM-SecurityUpdateInfo.dat for downloading latest attack DB information.

If the NSM server does not have access to the internet, administrators can follow this procedure to perform attack update via CLI:

1) Obtain the two attack update files (the data file and the attack object database file) from the website.   Copy and paste the content from the URL into a file and name the file as NSMFP3-DI-IDPAttackUpdateInfo.dat or NSM-SecurityUpdateInfo.dat for 2006 and higher. Place these two files (dat file and zip file) on the NSM server under /tmp.
To obtain the dat file:

For Older NSM releases prior to NSM 2006.1t2: NSMFP3-DI-IDPAttackUpdateInfo.dat
For NSM 2006.1 and above: NSM-SecurityUpdateInfo.dat
For the .zip file (that consists of the attack object database), copy both files to /tmp directory on the NSM GUI Server.

For Older NSM releases prior to NSM 2006.1r: NSMFP3-DI-IDP.zip
For NSM 2006.1 (r1 & r2) NSMFP6-DI-IDP.zip
For NSM 2007.1 and 2007.2 NSMFP7-DI-IDP.zip
For NSM 2007.3 NSMFP9-DI-IDP.zip
For NSM 2008.1 NSMFP10-DI-IDP.zip
For NSM 2008.2 NSMFP11-DI-IDP.zip
For NSM 2009.1 NSMFP12-DI-IDP.zip
For NSM 2010.1 NSMFP12-DI-IDP.zip
For NSM 2010.2 NSMFP13-DI-IDP.zip
For NSM 2010.3 NSMFP14-DI-IDP.zip
For NSM 2010.4 NSMFP14-DI-IDP.zip

2) Login to the NSM server (GUI Server) via SSH as root.  If you are using an NSMXpress device, log in as admin and run sudo su - and type in the admin password.  Change to location $NSROOT/GuiSvr/var/svrcli. ($NSROOT in most installs is set to /usr/netscreen).

3) Make a copy of the file updateAttacks.vtl then edit it and replace the https URL found in this file with the directory path as :
  For releases prior to 2006.1 as:   file:///tmp/NSMFP3-DI-IDPAttackUpdateInfo.dat
  For 2006.1 and higher as:   file:///tmp/NSM-SecurityUpdateInfo.dat

4) Run the guiSvrCli.sh script to update attack db:

Change to the utils directory: cd /usr/netscreen/GuISvr/utils

Run one of the following commands for NSM version 2007.1, 2007.2 and 2007.3:
  To perform only the attack update, run the command: ./guiSvrCli.sh --update-attacks --post-action --none
  To perform attack update and device update, run the command: ./guiSvrCli.sh --update-attacks --post-action --update-devices

Run one of the following commands for NSM version 2008.1 and above:
    To perform only the attack update, run the command: ./guiSvrCli.sh --update-attacks --post-action --none
   To perform attack update and device update, run the command: ./guiSvrCli.sh --update-attacks  --post-action --update-devices

5) Once run, you will be prompted for the domain/user; enter : global/super as well as the super user's password (super, the admin user for NSM, not root).

No comments :

Post a Comment

 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */