Lesen Sie den Gartner Magic Quadrant 2021 für SAM Managed Services. Hier die Ergebnisse

Linux ILMT Upgrade Path for Log4j Vulnerability

Software Prices

ILMT Server versions 9.2.18 through 9.2.25 can be upgraded to version 9.2.26 via the BigFix Console directly. ILMT versions older than 9.2.18 require a manual upgrade to an intermediate ILMT version and then another upgrade to the latest version, which is outside the scope of this article.

BFI Server versions 9.2.14 through 10.0.6 can be upgraded to 10.0.7 via the BigFix Console as well. BFI versions older than 9.2.14 can be upgraded to 10.0.2 and then to 10.0.7 using the below method, replacing the “Upgrade to the latest version of IBM License Metric Tool (9.2.26)” fixlet with “Upgrade to the interim version 10.0.2 of BigFix Inventory if version older than 9.2.14” in step 3 of the “Upgrade BFI/ILMT Server Using Fixlet” section below.

The below instructions walk through how to prepare for and complete the upgrade using this method. Please ensure you meet the required operating system and database prerequisites before attempting a server upgrade. BFI 10.0.7/ILMT 9.2.26 require the following:

OS: 

  • RHEL 6.3 or newer 
  • RHEL 7.x 
  • RHEL 8.1 or newer for ILMT, 8.2 or newer for BFI 

Database: 

  • DB2 10.5.0.6 (BFI only)
  • DB2 11.1 (BigFix does not support DB2 11.1, so a shared database between BigFix and ILMT should use DB2 11.5) 
  • DB2 11.5 

 Check Database Version 

1. To check your current database version from the database server, switch user to the DB2 instance owner. By default, this user is db2inst1. The command to switch from root user to db2inst1, for example, is: 

    2. Run one of the following commands to check your database version:

    3. To check the databases hosted by the database instance, run the following command:
    db2 list db directory

    4. Note the name of the database that says, “IEM for BFI/ILMT database,” by default TEMADB or SUADB

    Take Necessary Backups/Snapshot

    1. Prior to taking backups, run the following commands to stop the BigFix and BFI/ILMT services (replace LMTserver with BFIserver for BFI):
    service besclient stop
    service beswebreports stop
    service besgatherdb stop
    service besfilldb stop
    service besserver stop
    service LMTserver stop

      2. Switch to the database user, db2inst1 by default:
      su – db2inst1

      3. Terminate any lingering connections between db2 and the stopped BigFix and BFI/ILMT services:
      db2 terminate

      4. Identify or create a directory into which you would like to save the database backups. In this example, I will save them under /home/db2inst1/backups

      5. Run the following commands to back up the BFI/ILMT database found in steps 3-4 above
      db2 backup db TEMADB to /home/db2inst1/backups

      6. You can further validate the backups were successful by running a db2ckbkp command against the location of each backup file:

      7. Prepare for the VM snapshot/checkpoint by stopping the DB2 service:
      db2stop

      8. Now that the BigFix, BFI/ILMT, and DB2 services have been stopped, take a VM snapshot/checkpoint of the database server. This may require reaching out to your VM Manager team.

      Upgrade BFI/ILMT Server Using Fixlet

      1. Log in to the BigFix console

      2. Click on Sites > External Sites > IBM License Reporting (ILMT) v9 > Fixlets and Tasks (replace “IBM License Reporting (ILMT) v9” with “BigFix Inventory v10” for BFI)

      3. Find the Upgrade to the latest version of IBM License Metric Tool (9.2.26) fixlet – Upgrade to the latest version of BigFix Inventory (10.0.7.0) for BFI  and review the prerequisites in the bottom-right section carefully

      4. Click Take Action

      5. Select the computer on which the server is installed and click OK

      6. The fixlet will begin to run

      7. When the fixlet finishes, the status will update to Fixed. Click on the Computers tab to verify the exit code of the fixlet. The exit code 0 means the fixlet was successful

      8. Log in to the BFI/ILMT website by accessing its Web UI through a web browser, such as Chrome or Firefox. The default URL for the WebUI is https://hostname:9081

      In this example, the URL is https://RHEL-ilmt:9081

      The web page will likely throw a security error. Ignore the error or add it as an exception and continue to the website. It may also take the server a few minutes to start after an upgrade before the webpage is accessible

      9. When the page loads, you will be presented with a screen asking you to update the database schema. Click Update Schema

      10. When the schema update completes, you may be directed to the login page. If so, log in. Otherwise, you will be brought to the BFI/ILMT dashboard. The BFI/ILMT server has now been successfully upgraded. The new version number will show on the left side of the login screen for ILMT.

      Alternatively, for BFI or ILMT, you can log in and click the Info icon in the top-right and then click About to see the version number

      The ILMT Server has now been upgraded. For instructions on how to upgrade the VM Manager Tool, which is also impacted by log4j, you can visit our Log4j Remediation Steps for ILMT and BigFix Inventory Vulnerability here.