Readme file for IBM® Spectrum Conductor 2.3.0 Interim Fix 516093  

Readme file for: IBM Spectrum Conductor
Product/Component Release: 2.3.0
Fix ID: sc-2.3.0.0-build516093

Publication date: August 15, 2019

This interim fix upgrades Logstash within the Elastic Stack in IBM Spectrum Conductor 2.3.0 to version 5.6.6 to address security vulnerabilities CVE-2018-3817 (Logstash) and CVE-2017-5645 (Apache Log4j).

Contents

1.      List of fixes

2.      Download location

3.      Products or components affected

4.      Installation and configuration

5.      Uninstallation

6.      List of files

7.      Product notifications

8.      Copyright and trademark information

1.    List of fixes

APAR: P102889

2.    Download location

Download interim fix 516093 from the following location: http://www.ibm.com/eserver/support/fixes/.

3.    Products or components affected

Component Name, Platform, Fix ID:

conductorspark_core, elk, sc-2.3.0.0-build516093

4.    Installation and configuration

Follow the instructions in this section to download and install this interim fix on all hosts in your cluster.

a.      Create a backup directory and back up the following files:

$EGO_TOP/integration/elk/1.4.1/elasticsearch-5.4.2/plugins/search-guard-5/search-guard-5-5.4.2-12.jar

$EGO_TOP/integration/elk/1.4.1/scripts/startindexer.sh

$ELK_CONFDIR/indexer/*.conf

b.      Log on to the management host as CLUSTERADMIN and source the environment.

c.      Stop the ascd, plc, and Elastic services:

$ egosh service stop ascd

$ egosh service stop plc

$ egosh service stop elk-shipper

$ egosh service stop elk-indexer

$ egosh service stop elk-elasticsearch-master elk-elasticsearch elk-elasticsearch-data

$ egosh service stop elk-manager

d.      Move the logstash-5.4.2 folder up one level:

$ cd $EGO_TOP/integration/elk

$ mv ./1.4.1/logstash-5.4.2 .

e.      Replace ../grok-pattern with @GROK_PATTERN_DICTIONARY_PATH@:

$ cd $ELK_CONFDIR/indexer

Open and edit each .conf file to replace ../grok-pattern with @GROK_PATTERN_DICTIONARY_PATH@.

f.       Extract the contents of the sc-2.3.0.0_build516093.tgz package to a backup directory:

$ tar zoxf sc-2.3.0.0_build516093.tgz

g.      Untar the logstash-5.6.6.tar.gz package extracted from step f. to the elk top-level directory:

$ tar zoxf logstash-5.6.6.tar.gz -C $EGO_TOP/integration/elk/1.4.1

h.      Replace files extracted from step f.:

$ cp -f startindexer.sh $EGO_TOP/integration/elk/1.4.1/scripts/startindexer.sh

$ cp -f indexer.conf $ELK_CONFDIR/indexer/indexer.conf

$ cp -f search-guard-5-5.4.2-12.jar $EGO_TOP/integration/elk/1.4.1/elasticsearch-5.4.2/plugins/search-guard-5/search-guard-5-5.4.2-12.jar

i.        Start the ascd, plc, and Elastic services:

$ egosh service start elk-manager

$ egosh service start elk-elasticsearch-master elk-elasticsearch elk-elasticsearch-data

$ egosh service start elk-indexer

$ egosh service start elk-shipper

$ egosh service start ascd

$ egosh service start plc

j.        Clear your browser cache and log in to the cluster management console as usual.

5.    Uninstallation

If required, follow the instructions in this section to uninstall this interim fix on hosts in your cluster.

a.      Log in to the management host as CLUSTERADMIN and source the environment.

b.      Stop the ascd, plc, and Elastic services:

$ egosh service stop ascd

$ egosh service stop plc

$ egosh service stop elk-shipper

$ egosh service stop elk-indexer

$ egosh service stop elk-elasticsearch-master elk-elasticsearch elk-elasticsearch-data

$ egosh service stop elk-manager

c.      Restore the files that you backed up during installation.

d.      Restore the logstash-5.4.2 folder that you backed up during installation:

$ cd $EGO_TOP/integration/elk

$ mv ./1.4.1/logstash-5.6.6 .

$ mv ./logstash-5.4.2 ./1.4.1

e.      Start the ascd, plc, and Elastic services:

$ egosh service start elk-manager

$ egosh service start elk-elasticsearch-master elk-elasticsearch elk-elasticsearch-data

$ egosh service start elk-indexer

$ egosh service start elk-shipper

$ egosh service start ascd

$ egosh service start plc

f.       Clear your browser cache and log in to the cluster management console.

6.    List of files

$EGO_TOP/integration/elk/1.4.1/logstash-5.6.6

$EGO_TOP/integration/elk/1.4.1/elasticsearch-5.4.2/plugins/search-guard-5/search-guard-5-5.4.2-12.jar

$EGO_TOP/integration/elk/1.4.1/scripts/startindexer.sh

$ELK_CONFDIR/indexer/*.conf

7.    Product notifications

To receive information about product solution and patch updates automatically, subscribe to product notifications on the My Notifications page http://www.ibm.com/support/mynotifications/ on the IBM Support website (http://support.ibm.com). You can edit your subscription settings to choose the types of information you want to get notification about, for example, security bulletins, fixes, troubleshooting, and product enhancements or documentation changes.

8.    Copyright and trademark information

© Copyright IBM Corporation 2019

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo and ibm.com® are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml