Our vBulletin migration is complete.
Welcome vBulletin users! All content and user information from the Micro Focus Forums (vBulletin) site has been migrated to this site. READ MORE.
Mark Payne
Frequent Visitor.
375 views

Impact of updating packages on Software Logger or ARCMC

Security scans and remediation are becoming a regular task at our company. We recently scanned our software based Arcsight Logger and ArcMC VM's with Nexpose. These are VM's based on CentOS 7.4. I was suprised by some of the installed packages, such as Firefox and Thunderbird. Others, such as Java I expected, as i believe these are used and updated by the Arcsight installers. So the question is, how far can i get away with updating (via Yum) some of these packages that I don't believe to be releated to the core product, such as Firefox, Thunderbird, I know better than to touch Java. Has anyone been in a similar situation? This started because of this bulletin that was brought to our attention: https://www.tenable.com/plugins/nessus/121192

Labels (2)
0 Likes
4 Replies
dkuehner Super Contributor.
Super Contributor.

Re: Impact of updating packages on Software Logger or ARCMC

Hi,

 

recently there was a post regarding the support for minor releases:

https://community.softwaregrp.com/t5/Discussions/Support-for-Patched-and-Upgraded-Operating-Systems/m-p/1679066#M278%2Fjump-to%2Ffirst-unread-message

So if those are your own VMs (no appliances, no images from MicroFocus), you should be allowed to update the whole OS to the latest MINOR release (Not to centOS 8 that means... when that gets released)

 

However I am not aware of any firefox installed by the ArcSight installer!?

 

Regards,

David

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Impact of updating packages on Software Logger or ARCMC

Logger and ArcMC can be installed on a CentOS/RHEL minimal install with the packages listed in the install guides. Firefox or Thunderbird are not required, so these must have been installed by your Linux admins.

0 Likes
Mark Payne
Frequent Visitor.

Re: Impact of updating packages on Software Logger or ARCMC

I appreciate the responses. Turns out that the vulnerabilities titled Thundrbird actually listed updating FireFox as a remediation. I was tempted to just remove FireFox, but I just updated it for now. I'm still hesitant to arbitrarily update packages presumably installed by the Arcsight installer. Is there a list anywhere outlining which packages are provided by Arcsights installer? I dont see anything in the Install Guide. One last question. Anyone updated their kernel for Spectre/Meltdown/L1TF on a software Logger or ArcMC?

0 Likes
Honored Contributor.. gcrespo1 Honored Contributor..
Honored Contributor..

Re: Impact of updating packages on Software Logger or ARCMC

Hi Mark,

ArcSight does not install any Linux packages (maybe tzdata). Any packages installed in your system have been manually installed by your linux admins. You can safely use a minimal CentOS installation + zip package to run ArcSight Logger, ArcMC o ESM.

Regarding Firefox or Thunderbird, you can safely remove them.

 

Regards,

Gabriel Crespo

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.