Loading...

Knowledge Center


How to upgrade the MLOS Kernel and packages in Threat Intelligence Exchange Server to apply the latest security updates
Technical Articles ID:   KB90843
Last Modified:  3/14/2019
Rated:


Environment

McAfee Threat Intelligence Exchange (TIE) Server 2.3.x

Summary

Vulnerabilities have been detected in the Linux kernel, which require a kernel upgrade. For more information, see https://www.mcafee.com/enterprise/en-us/threat-center/product-security-bulletins.html.

To apply the latest security updates, upgrade the MLOS kernel and application packages manually on the TIE Server appliance by following the steps mentioned in the sections below:


IMPORTANT: This procedure has been tested with the packages specified. Implementation of this fix with other versions might fail and is not supported.

Upgrade the MLOS kernel to the latest version:

NOTE: Schedule a down time for the MLOS kernel upgrade process.

  1. Download the mkinitrd package from the MLOS repository:

    https://mcafeelinux.org/mlos/mlosrepo/2/updates/x86_64/mkinitrd-6.1-36.mlos2.x86_64.rpm
     
  2. Download the kernel packages from the MLOS repository:

    https://mcafeelinux.org/mlos/mlosrepo/2/updates/x86_64/kernel-4.9.132-1.mlos2.x86_64.rpm

    For upgrades on XenServer or bare metal, download the kernel-virt package from:

    https://mcafeelinux.org/mlos/mlosrepo/2/updates/x86_64/kernel-virt-4.9.132-1.mlos2.x86_64.rpm
     
  3. Copy the RPMs downloaded in the previous step to the TIE Server appliance.
  4. Connect to the appliance using SSH and switch to the root user with the following command:

    $ su -
     
  5. Change the directory to the location where the RPMs were copied.
  6. To install them, type the following commands:

    NOTE: Ensure that you use the correct kernel package that you downloaded:
     
    1. Check if mkinitrd is already upgraded:

      # rpm -qa mkinitrd
       
    2. If the downloaded mkinitrd version is not installed, upgrade it:

      # rpm -Uvh mkinitrd-6.1-36.mlos2.x86_64.rpm
       
    3. Check if the downloaded kernel, or a newer one, is already installed:

      # rpm -qa | grep kernel
       
    4. If the downloaded kernel, or a newer one, is not installed, type the following command to install it: 

      NOTE: Depending on the current MLOS kernel in use, you might see some harmless warnings.

      # rpm -ivh kernel-4.9.132-1.mlos2.x86_64.rpm

      For XenServer or bare metal, type the following command to install the kernel-virt package instead:

      # rpm -ivh kernel-virt-4.9.132-1.mlos2.x86_64.rpm
       
  7. After upgrade is complete, verify that the new kernel is installed and selected as the default with the following command:

    # cat /boot/grub/grub.conf

    Example of the output you see: ​
default=0
[...]
title McAfee TIE Platform Server (vmlinuz-4.9.132-1.mlos2.x86_64)

[...]
 
If the default does not match the entry associated with the installed kernel, update the value using an editor such as vi.
  1. To complete the process, reboot the appliance with the following command:

    # reboot


Upgrade the OpenSSL library to the latest version:

  1. To check which version of the package is installed, type the following command:

    $ rpm -qa openssl
     
  2. If an upgrade is required, download the latest packages from the MLOS repository: 

    https://mcafeelinux.org/mlos/mlosrepo/2/updates/x86_64/openssl-1.0.2r-1.mlos2.x86_64.rpm

    https://mcafeelinux.org/mlos/mlosrepo/2/updates/x86_64/openssl-libs-1.0.2r-1.mlos2.x86_64.rpm
     
  3. Copy the RPMs downloaded in the previous step to the TIE Server appliance.
  4. Connect to the appliance using SSH and switch to the root user with the following command:

    $ su -
     
  5. Change the directory to the location where the RPMs were copied.
  6. To install them, type the following command:

    # rpm -Uvh --checksig openssl-1.0.2r-1.mlos2.x86_64.rpm openssl-libs-1.0.2r-1.mlos2.x86_64.rpm
     
  7. Reboot the TIE Server with the following command:

    # reboot
     
  8. Verify that the TIE services are healthy:
    1. Open the ePO console.
    2. Click Menu, Configuration, and select Server Settings.
    3. Select the TIE Server Topology Management section.
    4. Verify the DXL, ATD, and GTI connectivity status of each TIE Server instance.
Upgrade the OpenSSH library to the latest version:
  1. To check which version of the package is installed, type the following command:

    $ rpm -qa openssh
     
  2. If an upgrade is required, download the latest packages from the MLOS repository: 
     
  3. Copy the RPMs downloaded in the previous step to the TIE Server appliance.
  4. Connect to the appliance using SSH and switch to root user with the following command:

    $ su –
     
  5. Change the directory to the location where the RPMs were copied.
  6. To install them, run the following command:

    # rpm -Uvh --checksig openssh-7.4p1-17.mlos2.x86_64.rpm openssh-server-7.4p1-17.mlos2.x86_64.rpm openssh-clients-7.4p1-17.mlos2.x86_64.rpm
     
  7. Reboot the TIE Server using the following command:

    # reboot
     
  8. Verify that the packages were updated successfully by restarting the SSH connection.

Troubleshooting

If the TIE Server fails to boot after the MLOS kernel upgrade:

  1. Reboot the system. In the boot menu, select the previous MLOS kernel.
  2. After you boot the TIE Server with the old MLOS kernel, collect a MER and contact Technical Support.


Install the Intel® microcode package on the TIE Server running on bare metal

For TIE Servers installed on bare metal, the Intel microcode package must be installed along the latest kernel for enhanced security and performance.
  1. Download the package from the MLOS repository:

    https://mcafeelinux.org/mlos/mlosrepo/2/updates/x86_64/intel-ucode-20180807-2.mlos2.x86_64.rpm
     
  2. Copy the RPM downloaded to the TIE Server appliance.
  3. Connect to the appliance using SSH and switch to root user with the following command:

    $ su –
     
  4. Change directory to the location where the RPM was copied. To install, type the following command:

    # rpm -Uvh intel-ucode-20180807-2.mlos2.x86_64.rpm
     
  5. To complete the process, reboot the appliance with the following command:

    # reboot

Booting failed in XenServer or bare metal
If the boot fails because you installed the kernel package instead of kernel-virt, and after you booted with the previous MLOS kernel:

  1. Remove the kernel package with the following command:

    # rpm -ev kernel-4.9.132
     
  2. Install the kernel-virt package with the following command:

    # rpm -ivh kernel-virt-4.9.132-1.mlos2.x86_64.rpm
     
  3. To complete the process, reboot the appliance with the following command:

    # reboot

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.