Server Management Suite

 View Only

  • 1.  Fingerprint Lists updates

    Posted Sep 23, 2016 12:42 PM

    Hello All,

    I hope everyone is doing fine.

     

    I have about 200 hosts and I created a fingerprint for each of those hosts. Now, every month, I deactivate system lockdown to enable the vendor patches and then I reconfigure the fingerprint lists for each of the hosts to keep up with the changes.

    1. Do I need to delete the previous fingerprint list and recalculate a new fingerprint list for each of the hosts?

    2. Can i enable some sort of "trusted installer" so that I do not have to disable system lockdown and allow vendor patching to update the hosts withouth any interuption? AND if so, does the fingerprint list for that host gets updated with the recent vendor updates?

     

    Any feedback is greatly appreciated!

    Thanks!

     

     



  • 2.  RE: Fingerprint Lists updates

    Posted Sep 24, 2016 09:45 AM

    You don't need to delete it, but, you can merge them after re-running:

    Automatically updating whitelists or blacklists for system lockdown

    Also, have you excluded the location of where the patches get installed? You shouldn't have to disable System Lockdown every time.



  • 3.  RE: Fingerprint Lists updates

    Posted Sep 29, 2016 12:40 PM

    Hi Brian,

    Can you explain more on the exclusions? And how would system lockdown work with patches being installed?

    Wouldn't I have to disable system lockdown and re-run "collect fingerprint" command after each patch cycle for the fingerprint list to be "updated"?

     

    Thanks,

    JoPeSupra