DescriptionThis
document provides the details for applying the Meltdown/Spectre
vulnerability patch to your instance of CyOPs™. The updated and new
kernel of Linux CentOS version 3.10.0-693.17, as well as CyOPs™ 4.10.3
and later, will already contain the patch.
Important: Ensure that you take a snapshot of the VM in both ESXI and AWS before making any changes or applying any patches. DO NOT SKIP THIS STEP.
Notes in case of CyOPs™ 4.10.3
- If
you are performing a fresh installation of CyOPs™, i.e., importing the
CyOPs™ 4.10.3 OVA, then the OVA already contains the Meltdown/Spectre
vulnerability patch and you do not require to perform any of additional
steps.
- If you are upgrading your CyOPs™ instance to
4.10.3 from an older version of CyOPs™, then you must perform the
following additional commands apply the Meltdown/Spectre vulnerability
patch to your CyOPs™ instance.
SolutionRun the following commands from the command prompt of your CyOPs™ instance. Note that you need to use sudo if you are trying to run the commands as the csadmin user:
- wget https://update.cybersponse.com/other/update-cyops-os.sh
- chmod +x update-cyops-os.sh
- ./update-cyops-os.sh
- reboot
The 'update-cyops-os.sh' script performs the following tasks:
- Creates a new repository file: /etc/yum.repos.d/cs-libselinux.repo.
- Disables the cs-app and cs-connectors repositories.
- Moves the /boot/*3.10.0-514* files to /temp_kernel_files.
- Stops the required services using the /opt/cyops/configs/scripts/services.sh script.
- Installs the OS and kernel updates.
- Re-enables the cs-app and cs-connectors repositories.
- Requests the user to reboot the instance.
Once
your CyOPs™ instance is rebooted, run the 'uname -r' command to ensure
that your system is using the newly upgraded kernel. The command should
display the kernel version as 3.10.0-693.17.
The following messages are seen on AWS
instances post upgrade. You can ignore these errors during the cleanup
stage. These messages come from the uninstallation of the previous
kernel:
usr/lib/dracut/modules.d/40network/module-setup.sh:
line 31:
/lib/modules/3.10.0-514.21.2.el7.x86_64///lib/modules/3.10.0-514.21.2.el7.x86_64/kernel/drivers/net/wan/hdlc.ko:
No such file or directory
/usr/lib/dracut/modules.d/40network/module-setup.sh:
line 31:
/lib/modules/3.10.0-514.21.2.el7.x86_64///lib/modules/3.10.0-514.21.2.el7.x86_64/kernel/drivers/net/wan/hdlc_raw.ko:
No such file or directory
/usr/lib/dracut/modules.d/50drm/module-setup.sh:
line 26:
/lib/modules/3.10.0-514.21.2.el7.x86_64///lib/modules/3.10.0-514.21.2.el7.x86_64/kernel/drivers/gpu/drm/nouveau/nouveau.ko:
No such file or directory
/usr/lib/dracut/modules.d/50drm/module-setup.sh:
line 26:
/lib/modules/3.10.0-514.21.2.el7.x86_64///lib/modules/3.10.0-514.21.2.el7.x86_64/kernel/drivers/gpu/drm/udl/udl.ko:
No such file or directory
/usr/lib/dracut/modules.d/90kernel-modules/module-setup.sh:
line 14:
/lib/modules/3.10.0-514.21.2.el7.x86_64///lib/modules/3.10.0-514.21.2.el7.x86_64/kernel/drivers/gpio/gpio-ich.ko:
No such file or directory
/usr/lib/dracut/modules.d/90kernel-modules/module-setup.sh:
line 14:
/lib/modules/3.10.0-514.21.2.el7.x86_64///lib/modules/3.10.0-514.21.2.el7.x86_64/kernel/drivers/gpio/gpio-viperboard.ko:
No such file or directory
