1. Symantec/
  2. Security Response/
  3. Security Updates Detail

Symantec Control Compliance Suite - 11.0 Agent Update for UNIX

May 10, 2013

Description

 

Symantec™ Control Compliance Suite (CCS) 11.0 Agent Update for UNIX provides the fix for the following issues:


  • In case an Agent computer has multiple NICs, the CCS Agent got automatically registered to any random IP. If the user re-registers the agent, this would create a different asset with the different IP on CCS. Also the CCS Agent would get automatically registered on the backup IP even if the user may want to register the agent on the primary IP.

    Resolution
    : You can now specify a preferred IP address of the computer during agent registration. The CCS Manager uses the IP address specified while connecting to the Asset. The preferred IP address can be specified using the new switch -I, while registering the CCS agent on UNIX.

  • When multiple agents are registered to the manager at the same time, the GUID used for two consecutive agents during registration is the same. This causes the asset import job to replace one agent with the other and, as a result multiple assets are scoped to a single agent.

    Resolution
    : The guid generation logic is now corrected.

Symantec has released the following files/folders to resolve the issue:


  • patch.sh
  • hf_11_0_546_10000

The hf_11_0_546_10000 folder contains the following files:


  • esmsetup
  • assetinfo
  • register

A script patch.sh is provided to install an Agent and apply the updated binaries.

 

Zip files are available for each of the following platforms:


Platform

Download link

AIX-PPC64

ppc64.zip

HP-UX-ia64

ia64.zip

HP-UX-parisc

parisc.zip

Linux- ia64

ia64.zip

Linux- intel

intel.zip

Linux- ppc64

ppc64.zip

Linux- s390x

s390x.zip

SOLARIS –intel

intel.zip

SOLARIS-sparc

sparc.zip


To update the CCS Agent manually


  1. Download and extract the zip file to a suitable location on the Agent computer.
  2. Ensure that no jobs are running.
  3. Stop the ESM Agent service by using the following command:
    /esm/esmrc stop
  4. Take a backup of the existing binaries esmsetup, assetinfo, registers and then replace the existing binaries with the new binaries extracted in Step 1, at the following location:
    /esm/bin/<platform>
  5. Reszipt the ESM Agent service by using the following command:
    /esm/esmrc szipt
  6. Register the CCS Agent to the Manager using the following command:
    ./register -r -v -m <Manager Name> -N <Agent_IP/Name> -I <Asset IPv4 address>

To install the CCS Agent and apply the update using the patch.sh script


The patch.sh script installs only in silent mode and accepts the same input as the esmsetup binary during silent install. For information on the silent install command-line options see the Installing and registering a CCS Agent on UNIX in silent mode section in the Symantec™ Control Compliance Suite Planning and Deployment Guide version 11.0.


If the CCS Agent is not installed on the computer, the patch.sh script installs and updates the Agent with the new binaries.

 

  1. extract the zip file to the location <Agent installable package>\esm110\ on the Agent computer.
    For example,
           <Agent installable package>\esm110\patch.sh,
           <Agent installable package>\esm110\
    hf_11_0_546_10000

    The CCS Agent installable package is available in the CCS 11.0 product media.
  2. Use the following command to run the patch.sh script file to install the Agent along with the new binaries:
    ./patch.sh -ibaE -p 1,2,3,4,5,6,7,8,9,10,11,12,13,14 -d <Installation Directory> -t <Path of esm.tgz> -M <Manager IP> -U <username> -W <password> -N <Agent_IP/Name> -K <ESM tpk path> -C <CCS tpk path> -I <Preferred IPv4 address>

Note: You can use the same patch.sh script to upgrade pre CCS 11.0 Agent to CCS 11.0 Agent with the update.

 

Last modified on: May 10, 2013
Security Response Blog
The State of Spam