wiki

User Tools

Site Tools

Trace: aix_vios_trouble windows_rufus tsm_container_cloud
aix:aix_internet_updates

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
aix:aix_internet_updates [2024/09/06 13:40]
manu 		aix:aix_internet_updates [2025/09/22 17:00] (current)
manu [FLRTVC.ksh (generate security reports)]
Line 6: Line 6:
   * **emgr_check_ifixes**   * **emgr_check_ifixes**
   * **emgr_download_ifix**   * **emgr_download_ifix**
 +  * **emgr_sec_patch**
 +
 +FIXME currently (02-2025) you can't set a proxy to download ! Only direct connections to internet are supported
 +
 <cli prompt='#'>​ <cli prompt='#'>​
 # emgr_check_ifixes # emgr_check_ifixes
Line 57: Line 61:
 </​cli>​ </​cli>​
  
-==== Efix detailed info ====+===== Efix detailed info =====
  
 View the content of an efix package View the content of an efix package
Line 209: Line 213:
 ============ ============
 invscout fix - CVE-2024-27260 invscout fix - CVE-2024-27260
 +</​cli>​
 +
 +===== FLRTVC.ksh (generate security reports) =====
 +
 +The [[https://​esupport.ibm.com/​customercare/​sas/​f/​flrt3/​FLRTVC-0.8.12.zip|FLRTVC]] script can generate multiple kind of output
 +
 +Flags for this script:
 +<​code>​
 +-d = Change delimiter for compact reporting
 +-f = File selection for *.csv file
 +-q = Quiet mode, hide compact reporting header
 +-s = Skip download, use default apar.csv file
 +-v = Verbose, full report (for piping to email)
 +-g = Grep for filesets with phrase, useful for verbose mode
 +-t = Type of APAR [hiper | sec]
 +-l = Enter a custom LSLPP output file, must match lslpp -Lqc
 +-e = Enter a custom EMGR output file, must match emgr -lv3
 +-x = Skip EFix processing
 +-a = Show all fixed and non-fixed HIPER/​Security vulnerabilities
 +-p = Convert FTP protocol to HTTP for bulletin and efix download links
 +-r = Enter PROXY URL to be used by wget or curl, the same can be provided through HTTP_PROXY environment variable. This option value takes precedence over environment variable. Ex: http://​user:​password@hostIPorName:​port or http://​hostIPorName:​port
 +</​code>​
 +
 +Example, create 2 files whith the output of the following commands, and compare to the latest [[https://​esupport.ibm.com/​customercare/​flrt/​doc?​page=aparCSV|apar file]]
 +  emgr -lv3 > /​tmp/​emgr.txt
 +  lslpp -Lcq > /​tmp/​lslpp.txt
 +  flrtvc.ksh -a -l /​tmp/​lslpp.txt -e /​tmp/​emgr.txt -f /​path_to_aparcsv/​shared_data/​APAR.csv
 +  ​
 +The **-a** flag, give an output for what is fixed, and what is note, output can be imported in excel.
 +
 +===== Efix DB location =====
 +
 +Efix inventory is stored in a text file: “/​usr/​emgrdata/​DBS/​efix.db” and “/​usr/​emgrdata/​DBS/​pkglck.db”
 +<cli prompt='#'>​
 +[root@aix01]/​root#​ cat /​usr/​emgrdata/​DBS/​efix.db
 +IJ36810s3a|:​|IJ36810 Potential security issue|:​|.|:​|.|:​|.|:​|.|:​|0|:​|1|:​|00F7CD554C00121710122121|:​|1|:​|05/​02/​22 12:​21:​09|:​|S|:​|0|:​|7|:​|.|:​|.|:​|.|:​|0|:​|1|:​|1|:​|.
 +1022103a|:​|Ifix for Openssl CVE-2022-0778|:​|.|:​|.|:​|.|:​|.|:​|0|:​|1|:​|00F787C74C00042206045322|:​|5|:​|06/​30/​22 08:​52:​53|:​|S|:​|0|:​|7|:​|.|:​|.|:​|.|:​|0|:​|1|:​|1|:​|.
 +
 +[root@aix01]/​root#​ cat /​usr/​emgrdata/​DBS/​pkglck.db
 +IJ36810s3a|:​|1|:​|/​usr/​bin/​lscore|:​|bos.rte.security|:​|1|:​|1|:​|050212051122|:​|7.2.5.101
 +1022103a|:​|1|:​|/​usr/​lib/​libcrypto.a|:​|openssl.base|:​|1|:​|5|:​|063008060322|:​|1.0.2.2103
 +1022103a|:​|2|:​|/​usr/​lib/​libssl.a|:​|openssl.base|:​|1|:​|5|:​|063008060422|:​|1.0.2.2103
 +1022103a|:​|3|:​|/​usr/​lib/​libcrypto.a.min|:​|openssl.base|:​|1|:​|5|:​|063008060422|:​|1.0.2.2103
 +1022103a|:​|4|:​|/​usr/​bin/​openssl|:​|openssl.base|:​|1|:​|5|:​|063008060422|:​|1.0.2.2103
 +1022103a|:​|5|:​|/​usr/​bin/​openssl64|:​|openssl.base|:​|1|:​|5|:​|063008060522|:​|1.0.2.2103
 +</​cli>​
 +
 +===== Efix TAR installation =====
 +
 +To install an efix based on TAR efix package, use the following command
 +<cli prompt='#'>​
 +# /​usr/​sbin/​emgr_sec_patch kernext_fix.tar
 +...
 +Efix State
 ++-----------------------------------------------------------------------------+
 +Setting efix state to: STABLE
 +
 ++-----------------------------------------------------------------------------+
 +Operation Summary
 ++-----------------------------------------------------------------------------+
 +Log file is /​var/​adm/​ras/​emgr.log
 +
 +EPKG NUMBER ​      ​LABEL ​              ​OPERATION ​             RESULT
 +=========== ​      ​============== ​     ================= ​     ==============
 +1                 ​IJ52610m2a ​         INSTALL ​               SUCCESS
 +
 +Return Status = SUCCESS
 +Done
 +em+-----------------------------------------------------------------------------+
 +Checking System Level Prerequisites
 ++-----------------------------------------------------------------------------+
 +calling emgr -p -e /​tmp/​emgr_12321112/​kernext_fix/​IJ52977s2a.241113.epkg.Z
 +gr -PSkipping ifix
 +See /​var/​adm/​ras/​emgr.log for more details
 +
 ++-----------------------------------------------------------------------------+
 +Checking System Level Prerequisites
 ++-----------------------------------------------------------------------------+
 +calling emgr -p -e /​tmp/​emgr_12321112/​kernext_fix/​IJ52977s3a.241113.epkg.Z
 +Skipping ifix
 +See /​var/​adm/​ras/​emgr.log for more details
 </​cli>​ </​cli>​
aix/aix_internet_updates.1725622833.txt.gz · Last modified: 2024/09/06 13:40 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki