1. The Symantec Control
Compliance Suite for
Vulnerability Manager (CCSVM)
no longer updates to the latest
Rapid 7 updates
Article:TECH214212 | Created: 2014-
01-21
| Updated: 2014-
02-19
| Article URL http://www.symantec.com/docs/TECH214212
(http://www.symantec.com/docs/TECH214212)
Article Type
Technical Solution
Product(s)
Show all (javascript:;)
Languages
Show all (javascript:;)
Issue
Customers have reported that their CCSVM installation no longer
updates to the latest Rapid 7 updates distributed from December 12,
2013 datetime stamp and onward.
2. Error
The nsc.log contains an error similar to:
2013-12-16T07:06:49 [INFO] Checking for new updates for product ID
xxx.
2013-12-16T07:06:50 [WARN] Failed to auto-update console.
Licensing data from the CCS VM Console may show a last update of:
Last content update 4253160994 (Wednesday, December 4, 2013
1:04:19 AM GMT)
Last product update 3368350286 (Wednesday, December 4, 2013
2:59:19 AM GMT)
Environment
Symantec CCSVM 10.0.x.
Redhat Enterprise Linux 64-bit
Microsoft Windows 2008 R2 Server 64-bit
Cause
Rapid 7 had an error with the Rapid 7 update server and a patch had to
be applied to get the update server operational. However, this fix may
require a repair installation from a later installation of Symantec
CCSVM in order to continue using the Rapid 7 update server. Note that
the repair installation does not require re-entering a license.
3. Solution
Potential Workarounds:
First off, there are two work-arounds that can be looked at prior to
running the installation:
1.) Check that a connection to updates.rapid7.com (port 80) can be
established using the telnet command:
telnet updates.rapid7.com 80
If this command returns with connection refused then it indicates that
there is a network issue and the firewall should be checked to make sure
that updates.rapid7.com is white listed. Further, some products may
block the connection as well such as Websense. These types of
applications need to have an exception for updates.rapid7.com. If the
issue continues to be a problem, a Wireshark log from the CCSVM
console to updates.rapid7.com will need to be analyzed to determine the
failure. If the command is run and a blank screen is returned, the results
indicate a successful connection to updates.rapid7.com. Although in the
case of Websense, a telnet connection can work but the downloads are
truncated (the truncation will be self-evident in the nsc.log file displaying
a download of for example, 20kb of 1000kb and will then state the
connection aborted or disconnected).
2.) Try modifying the proxy setting. From CCSVM Console, choose:
Administration -> Global and Console Settings -> Console ->
Administer -> Proxy Settings
and modify the Response timeout (ms) from 30000 to 120000. Try re-
running the update feature from the CCSVM Console or running the
command update now from the CCSVM command line utility.
3.) Contact the Licensing Department and have the Licensing
4. Representative run a "refresh update data" option on the License. After
the license is refreshed, try re-running the update feature from the
CCSVM Console or running the command update now from the
CCSVM command line utility.
Solution:
The current solution for this problem is to run a CCSVM repair
installation from a newer build of the CCSVM installation (To verify the
newer build, the nsc.log will state the Local Engine version is 5.8.5 after
installation). The repair build can be obtained by either contacting
Symantec Technical Support or retrieving the binary installations from the
Symantec FTP site (Tuscon, AZ ftp location) using the iosupport and
password as listed in the following KB Article:
As a customer, which FTP servers and services can I use to upload
evidence to Symantec Technical Support?
http://www.symantec.com/business/support/index?page=content&id=tech66995
(http://www.symantec.com/business/support/index?page=content&id=tech66995)
Location for the CCSVM binary is: FTP.entsupport.Symantec.com
(ftp://ftp.entsupport.Symantec.com) (user: iosupport, password: see above)
/pub/support/outgoing/CCSVM-Repair-Installation.zip
(file size: 635M)
Once the CCSVM Repair Installation is retrieved, uncompress and use
the repair install for the correct OS (Microsoft Windows 64-bit and/or
Linux 64-bit).
Another recommendation prior to running the repair-installer is to make
sure that the CCSVM installation has a backup copy of its database
(from under the CCSVM Administration -> Maintenance, Storage, and
Troubleshooting section).
Alternate Location
Rapid 7 releases a new build of the CCSVM installer that can be used in
the following location. As this link is not controlled by Symantec, results
cannot be guaranteed that the builds will always be available at this
5. location. If the builds are not available, please contact Symantec
Technical Support for availability and location. Here are the links:
CCSVM Windows Installer:
http://download2.rapid7.com/download/CCSVM-v4/CCSVMSetup-Windows64.exe
(http://download2.rapid7.com/download/CCSVM-v4/CCSVMSetup-Windows64.exe)
CCSVM UNIX Installer:
http://download2.rapid7.com/download/CCSVM-v4/CCSVMSetup-Linux64.bin
(http://download2.rapid7.com/download/CCSVM-v4/CCSVMSetup-Linux64.bin)
Windows Installer Repair Instructions
1.) If open, close the CCSVM Console and make sure no scan jobs are
running.
2.) In Control Panel -> Services, stop all CCSVM-related services
(including PostgreSQL).
Note: Before running the repair installer binary it is recommended
to back up the userdb.xml file located at:
dn:Program FilesSymantecCCSVMnscconfuserdb.xml
3.) Copy the CCSVM Windows 64 binary to the CCSVM target server
and run its executable.
4.) When prompted, a pop-up may appear stating that a previous
installation has been detected. Click OK and follow through
the installation wizard to completion as normal.
If the installer does not recognize that it is running a repair (by stating
that an existing installation has been detected) please contact Symantec
Technical Support for further assistance.
Linux Installer Repair Instructions
1.) Turn off CCSVM services:
sudo -i /etc/init.d/nexposeconsole.rc stop or
6. sudo -i service nexposeconsole.rc stop
2.) Change Permissions on the installer:
For Linux, changing execute permissions may be required. E.g.,: #
chmod +x CCSVMSetup-Linux64.bin
Note: Before running the installer it is recommended to back up the
userdb.xml file in the following location:
/opt/Symantec/CCSVM/nsc/conf/userdb.xml
3.) Run the installer:
# ./CCSVMSetup-Linux64.bin
When the installer begins it should state it is running a repair. Following
the default settings. However, if the installer does not recognize that it is
running a repair follow the defaults but after the install, do not start
the CCSVM server. First, replace the userdb.xml file that will have been
overwritten with the backup copy in step 2. Lastly, start the
CCSVM server as normal.
Article URL http://www.symantec.com/docs/TECH214212
Terms of use for this information are found in Legal Notices
(http://www.symantec.com/about/profile/policies/legal.jsp)
Email this article
Print
Subscribe via email
Bookmark this article