Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

AIX security patches

Posted on 2011-04-29
9
Medium Priority
?
1,553 Views
Last Modified: 2013-11-17
Hi All,

We have upgraded our systems to AIX systems to TL12 SP2 in February. Now, we need to apply only security patches on the systems which we will be ongoing process. How can I check what security patches are available for the AIX 5.3 TL12, what is the process, how can I download the same and from where I can download. I know using SUMA we can do it, but would apprecite if someone can provide the steps for the same.

Thanks
virgo
0
Comment
Question by:virgo0880
  • 5
  • 3
9 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 1000 total points
ID: 35492068
Use Fix Central:

http://www-933.ibm.com/support/fixcentral/

Select Power -> AIX -> 5.3 -> Security -> Continue

On the next page you can see all bulletins for the past 12 months.

Click the links. The bulletins contain in most cases a download URL, which you should copy and paste into your browser's address field. Don't ask why the URL's are not clickable, I don't know.

Install the downloaded fixes according to the instructions given in the bulletin or on the download page.

SUMA is quite easy. Issue

"smitty suma_easy_fixtype", select "Security" and Go!

Once the fixes are downloaded install them from /usr/sys/inst.images using "smitty update_all".

wmp

0
 
LVL 5

Expert Comment

by:balasundaram_s
ID: 35493100
To Clarify,

SP  means "SERVICE PACK" and NOT "security patch", I know some people think like that.

IBM sometimes releases the e-fix as a security fix as mentioned in those security advisories.   All those e-fixes and other updates are part of the next SP (Service Pack).   OS should be updated regularly as soon as the next SP released by IBM.

Its the same link as above, and select "fix pack" to continue to download the SP(Service Pack).
0
 

Author Comment

by:virgo0880
ID: 35494039
Ok. I will check the same and revert.

Thanks
virgo
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 

Author Comment

by:virgo0880
ID: 35506348
I created and execute a suma task wherein before downloading it is showing me this message :

The download list contains one or more fixes known to cause a regression:
        U840447, U840445

What does this mean. Also, let me know whether the task which I created is fine :

10:
        DisplayName=Q2_Security_2011
        Action=Download
        RqType=Security
        RqName=
        RqLevel=
        PreCoreqs=y
        Ifreqs=y
        Supersedes=n
        ResolvePE=IfAvailable
        Repeats=y
        DLTarget=/export/suma/q2_security_2011
        NotifyEmail=root
        FilterDir=
        FilterML=5300-12
        FilterSysFile=localhost
        MaxDLSize=-1
        Extend=y
        MaxFSSize=-1

virgo
0
 

Author Comment

by:virgo0880
ID: 35506458
Also the downloads are getting failed :

Download FAILED:    X11.motif.mwm.5.3.12.1.bff
Download FAILED:    bos.acct.5.3.12.1.bff
Download FAILED:    bos.64bit.5.3.12.2.bff
Download FAILED:    X11.motif.lib.5.3.12.1.bff
Download FAILED:    X11.compat.lib.X11R5.5.3.12.1.bff
Download FAILED:    bos.adt.base.5.3.12.2.bff
Download FAILED:    bos.adt.insttools.5.3.12.1.bff
Download FAILED:    bos.adt.include.5.3.12.2.bff
Download FAILED:    bos.adt.debug.5.3.12.2.bff
Download FAILED:    bos.adt.prof.5.3.12.2.bff
Download FAILED:    bos.alt_disk_install.rte.5.3.12.2.bff
Download FAILED:    bos.cifs_fs.rte.5.3.12.1.bff
Download FAILED:    bos.aixpert.cmds.5.3.12.1.bff
Download FAILED:    bos.alt_disk_install.boot_images.5.3.12.1.bff
Download FAILED:    bos.adt.syscalls.5.3.12.1.bff
Download FAILED:    bos.diag.util.5.3.12.1.bff
Download FAILED:    bos.ecc_client.rte.5.3.12.1.bff
Download FAILED:    bos.diag.rte.5.3.12.2.bff
Download FAILED:    bos.diag.com.5.3.12.1.bff
Download FAILED:    bos.clvm.enh.5.3.12.1.bff
Download FAILED:    bos.loc.adt.iconv.5.3.12.1.bff
Download FAILED:    bos.iocp.rte.5.3.12.1.bff
Download FAILED:    bos.iconv.ucs.com.5.3.12.1.bff
Download FAILED:    bos.iconv.com.5.3.12.2.bff
Download FAILED:    bos.esagent.6.5.12.3.bff

What can be done in this case.

Virgo
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 35507744
Your SUMA task is OK.

Regression means that a previously functional feature might no longer work.
Carefully check if this would affect you.
Look up the APARs by their numbers in the IBM database
http://www14.software.ibm.com/webapp/set2/psearch/search?domain=aixfix&new=y&os=53

In your case I found this:
https://www-304.ibm.com/support/docview.wss?q1=U840447&dc=DB550&rs=1209&uid=isg1IZ90625&context=SG11P&cs=UTF-8&lang=en&loc=en_US

Download FAILED: Is your machine able to access the internet? Do you have to specify a (possibly authenticated) proxy?

Check "man suma", particularly HTTP_PROXY, HTTPS_PROXY, FTP_PROXY depending on DOWNLOAD_PROTOCOL.

Use "suma -c" to view all settings, "suma -c -a parameter=value" to change.

wmp
0
 

Author Comment

by:virgo0880
ID: 35507861
So, what is to be done in this case. We recently applied TL12 SP2 in feb 2011 on our AIX systems. Now I have to apply security fixes on the systems on a monthly basis. So, when I started downloaded the patches, it shown me this warning message. My question is "what has to be done in this case". I am not sure what I have to do now ? Do I need to download the fixes also for this ?

By the way, the downloads was failing coz ftp was blocked. Now the download is working and the patches has been downloaded.

Virgo
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 35508015
Do I need to download the fixes also for this ?

SUMA downloads the fixes for you, despite of the warning.

"what has to be done in this case"

It depends. Check whether the security gain is of greater importance for you than a possible (small) loss in functionality. This loss will be healed in a follow-up fix anyway, in almost any case.

I fear I will not be able to give you universally valid instructions. Decide for yourself in every individual case, or grit your teeth and get to it regardless.

wmp
0
 

Author Comment

by:virgo0880
ID: 35508664
Ok, I will open a call with IBM. Thanks for the comments.

virgo
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses
Course of the Month21 days, 1 hour left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question