-
Notifications
You must be signed in to change notification settings - Fork 0
/
saassist-server_doc.t2t
335 lines (241 loc) · 10.3 KB
/
saassist-server_doc.t2t
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
Security APAR Assistant
Server Installation
%!includeconf: inc/config.t2t
%!include: inc/menu.t2t
The SAAssist Server (saassist-server) is a Python tool.
SAAssist Server will be a server repository for AIX/PowerVM IBM Fixes
SAAssist Server accesses the IBM FLRT website and collects all information
about a specific CVE / IV number. It downloads data from FLRT website and
stores it in a repository to be used by SAAssist Client (saassist-client) upon
request through HTTP or NFS.
The saassist-server includes an HTTP server (saassist-webserver), if a
non-static HTTP server is available it can be used as well.
Security APAR Assistant Server runs on AIX, Linux and *nix based systems.
%%TOC
= SAAssist Server (saassist-server) Installation =
The dependencies to install the saassist-server are Python version 3 and
BeautifulSoup4, a module for Python.
== Installing Python 3 ==
Python version 3 is required by saassist-server and it can runs on Linux, BSD,
AIX and MacOS. For any Unix/Linux based system.
Follow below the instruction for Linux and AIX installation.
=== LINUX ===
To install Python 3 use yum or apt-get from your Linux distribution, do the
same to install pip3
```
yum install python3 pip3
```
or
```
apt-get install python3 pip3
```
=== AIX ===
I have been using this Python3 package to my environment and it can be
installed using ``smitty install``
http://www.aixtools.net/index.php/python3
== Installing BeautifulSoup4 ==
BeautifulSoup is a Python package (module) and it is required for
saassist-server. It can be installed using PIP
```
pip3 install bs4
```
== Installing saassist-server ==
To install saassist-server you need to download the latest version, extract the
content and edit config server_config.py file.
1. Download https://github.com/saassist/saassist-server/releases
2. Extract the file (unzip, tar, etc)
== Configuring saassist-server ==
Please check the comments inside the config file
``vi server_config.py``
SAAssist Server works with two protocols HTTP or NFS that needs to be
configured in ``server_config.py``
=== Using protocol NFS ===
To use NFS is necessary that the system administrator exports the full
repository path (``{saassist-server directory}/saassist/data/repos``).
It needs to be done on ```/etc/exports`` and NFS service needs to be running
properly.
=== Using protocol HTTP ===
The web server is included but we recommend use static HTTP Server
If you want to have a static HTTP Server is recommended install and configure
it, allowing access to repository path
(``{saassist-server directory}/saassist/data/repos``).
If you want to run the included webserver, configure the info on
``server_config.py`` and run:
```
./saassist-webserver.py
SAA Server is running at port 8000
```
= Using saassist-server =
The SAAssist Server is simple to be used. You need to run the saassist-server
with arguments
-h, --help show this help message and exit
-c APAR_DOWNLOAD, --create APAR_DOWNLOAD
create CVE (Common Vulnerabilities and Exposures) or
IV (Interim Fix) repository
-u APAR_UPDATE, --update APAR_UPDATE
update an already existent CVE/IV repository
-l, --list list all available CVE/IV
-cv OS_VERSION_DOWNLOAD, --createversion OS_VERSION_DOWNLOAD
create the repository with all CVE/IV available for an
specific OS version
-uv OS_VERSION_UPDATE, --updateversion OS_VERSION_UPDATE
update the repository with all CVE/IV available for an
specific OS version
-flrt, --flrt Update the FLRT data from FLRT IBM Website.It will
ignore the cache configuration.
== Examples ==
- Updating the FLRT local data
```
./saassist-server -flrt
================================================================================
SAAssist-server (Security APAR Assist Server) - Version 0.2.0
================================================================================
[SERVER] Updating the FLRT data from FLRT IBM Website
[SERVER] Accessing IBM FLRT to retrieve APARs informations.
[SERVER] Download complete
```
- Listing fixes available in repos
```
./saassist-server -l
================================================================================
SAAssist-server (Security APAR Assist Server) - Version 0.2.0
================================================================================
CVE-2012-1667
CVE-2012-2200
CVE-2012-5166
CVE-2013-3005
CVE-2013-3035
CVE-2013-4396
CVE-2013-5211
CVE-2014-0930
CVE-2014-3566
CVE-2015-5477
CVE-2015-5722
CVE-2016-2775
CVE-2016-8972
CVE-2017-6458
CVE-2017-6464
IV13404
IV20880
IV21128
IV26272
IV27680
IV32392
IV33521
IV35680
IV35810
(...)
```
- Creating repos for specific fix
```
./saassist-server -c IV96351
================================================================================
SAAssist-server (Security APAR Assist Server) - Version 0.2.0
================================================================================
[SERVER] Populating repository for Security IV96351
-[REPO] Creating directory IV96351
-[REPO] Creating release directory 2.2
-[REPO] Downloading ASC file IV96351.asc
-[REPO] Downloading APAR file IV96351s9d.170525.61TL09SP09.epkg.Z
-[REPO] Downloading APAR file IV96351s9d.170525.VIOS2.2.3.90.epkg.Z
-[REPO] Downloading APAR file IV96351s9d.170525.VIOS2.2.4.40.epkg.Z
-[REPO] Downloading APAR file IV96351s9d.170525.VIOS2.2.5.20.epkg.Z
-[REPO] Creating file IV96351.info
-[REPO] Creating release directory 6100-09
-[REPO] Downloading ASC file IV96351.asc
-[REPO] Downloading APAR file IV96351s9d.170525.61TL09SP09.epkg.Z
-[REPO] Downloading APAR file IV96351s9d.170525.VIOS2.2.3.90.epkg.Z
-[REPO] Downloading APAR file IV96351s9d.170525.VIOS2.2.4.40.epkg.Z
-[REPO] Downloading APAR file IV96351s9d.170525.VIOS2.2.5.20.epkg.Z
-[REPO] Creating file IV96351.info
[SERVER] Repository for IV96351 tasks finished.
```
- Updating repos for specific fix
```
./saassist-server -u CVE-2016-8972
================================================================================
SAAssist-server (Security APAR Assist Server) - Version 0.2.0
================================================================================
[SERVER] Populating repository for Security CVE-2016-8972
-[REPO] Directory CVE-2016-8972 already exist but it will be updated
-[REPO] Release directory 7100-03 already exists but it will be updated.
-[REPO] Downloading ASC file CVE-2016-8972.asc
-[REPO] Downloading APAR file bellmail_fix.tar
-[REPO] Creating file CVE-2016-8972.info
-[REPO] Release directory 7100-04 already exists but it will be updated.
-[REPO] Downloading ASC file CVE-2016-8972.asc
-[REPO] Downloading APAR file bellmail_fix.tar
-[REPO] Creating file CVE-2016-8972.info
-[REPO] Release directory 7200-00 already exists but it will be updated.
-[REPO] Downloading ASC file CVE-2016-8972.asc
-[REPO] Downloading APAR file bellmail_fix.tar
-[REPO] Creating file CVE-2016-8972.info
-[REPO] Release directory 7200-01 already exists but it will be updated.
-[REPO] Downloading ASC file CVE-2016-8972.asc
-[REPO] Downloading APAR file bellmail_fix.tar
-[REPO] Creating file CVE-2016-8972.info
-[REPO] Release directory 6100-09 already exists but it will be updated.
-[REPO] Downloading ASC file CVE-2016-8972.asc
-[REPO] Downloading APAR file bellmail_fix.tar
-[REPO] Creating file CVE-2016-8972.info
-[REPO] Release directory 2.2 already exists but it will be updated.
-[REPO] Downloading ASC file CVE-2016-8972.asc
-[REPO] Downloading APAR file bellmail_fix.tar
-[REPO] Creating file CVE-2016-8972.info
[SERVER] Repository for CVE-2016-8972 tasks finished.
```
- Creating repos for AIX 6100-07
```
./saassist-server -cv 6100-07
================================================================================
SAAssist-server (Security APAR Assist Server) - Version 0.2.0
================================================================================
[SERVER] Downloading 44 fix(es) to create repos for 6100-07 version
[SERVER] Populating repository for Security IV45897
-[REPO] Creating directory IV45897
-[REPO] Creating release directory 6100-07
-[REPO] Downloading ASC file IV45897.asc
-[REPO] Downloading APAR file IV45897p1a.HOT.61TL07SP01.140918.epkg.Z
-[REPO] Downloading APAR file IV45897s5a.130816.61TL07SP05.epkg.Z
-[REPO] Downloading APAR file IV45897s5a.130816.epkg.Z
-[REPO] Downloading APAR file IV45897s6a.130721.61TL07SP06.epkg.Z
-[REPO] Downloading APAR file IV45897s6a.130721.epkg.Z
-[REPO] Downloading APAR file IV45897s7a.130724.61TL07SP07.epkg.Z
-[REPO] Downloading APAR file IV45897s7a.130724.epkg.Z
-[REPO] Downloading APAR file IV45897s8a.130828.61TL07SP08.epkg.Z
-[REPO] Creating file IV45897.info
[SERVER] Repository for IV45897 tasks finished.
[SERVER] Populating repository for Security IV13404
-[REPO] Creating directory IV13404
-[REPO] Creating release directory 6100-07
-[REPO] Downloading ASC file IV13404.asc
-[REPO] Downloading APAR file IV13404s3a.130819.61TL07SP03.epkg.Z
-[REPO] Downloading APAR file IV13404s6a.130625.61TL07SP06.epkg.Z
-[REPO] Downloading APAR file IV13404s7a.130730.61TL07SP07.epkg.Z
-[REPO] Downloading APAR file IV13404s7a.130730.epkg.Z
-[REPO] Creating file IV13404.info
[SERVER] Repository for IV13404 tasks finished.
[SERVER] Populating repository for Security IV35680
-[REPO] Creating directory IV35680
-[REPO] Creating release directory 6100-07
-[REPO] Downloading ASC file IV35680.asc
-[REPO] Downloading APAR file IV35680s6a.epkg.Z
-[REPO] Creating file IV35680.info
[SERVER] Repository for IV35680 tasks finished.
(...)
```
- SAAssist identifies when a IV was replaced by a CVE
```
/saassist-server -c IV96311
================================================================================
SAAssist-server (Security APAR Assist Server) - Version 0.2.0
================================================================================
[INFO] You are trying to search for a IV that has a specific CVE. Please use the CVE instead IV.
CVE reference for IV96311: CVE-2017-6458:4.2 / CVE-2017-6462:1.6 /
CVE-2017-6464:4.2 / CVE-2017-6451:1.8 / CVE-2017-6458:4.2 / CVE-2017-6462:1.6 /
CVE-2017-6464:4.2
```
= Reporting bugs =
SAAssist Server https://github.com/SAAssist/saassist-server/issues
= Contributing =
Please access [contributing contributing.html].