IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Auto update error: Could not verify the authenticity of scripts/AUScripts.tgz

  • 1.  Auto update error: Could not verify the authenticity of scripts/AUScripts.tgz

    Posted Mon June 28, 2021 09:28 AM

    I am facing the issue with auto update keep failing with error msg: Could not verify the authenticity of scripts/AUScripts.tgz

    The the log file at /var/log/autoupdates/ :

    Mon Jun 28 03:20:19 2021 [DEVEL] Validating certificate chain file '/tmp/au_chain'

    Mon Jun 28 03:20:19 2021 [DEVEL] Running: openssl verify -x509_strict -untrusted /tmp/au_chain /tmp/au_cert >> /var/log/autoupdates/AU-1624825202/AU-1624825202.log 2>&1

    Mon Jun 28 03:20:19 2021 [DEVEL] Proceeding to confirm subject identity of cert

    Mon Jun 28 03:20:19 2021 [DEVEL] Proceeding to confirm success of cert verification command

    Mon Jun 28 03:20:19 2021 [DEVEL] Last line of cert verification: OK

    Mon Jun 28 03:20:19 2021 [DEVEL] Cert chain verified, creating pubkey file

    Mon Jun 28 03:20:19 2021 [DEVEL] Running: openssl x509 -in /tmp/au_cert -pubkey -noout > /tmp/au_pub

    Mon Jun 28 03:20:19 2021 [DEVEL] openssl dgst -sha256 -verify /tmp/au_pub -signature /store/autoupdates/scripts/AUScripts.tgz.sig /store/autoupdates/scripts/AUScripts.tgz /var/log/autoupdates/AU-1624825202/AU-1624825202.log >> /var/log/autoupdates/AU-1624825202/AU-1624825202.log 2>&1

    Mon Jun 28 03:20:19 2021 [DEVEL] Output of verification command above: Verification Failure

    Mon Jun 28 03:20:19 2021 [ERROR] Bad signature! Rejecting the manifest, aborting

    Mon Jun 28 03:20:19 2021 [ERROR] Could not verify the authenticity of scripts/AUScripts.tgz.

    Is this a problem on our system or is this a problem with the scripts/AUScripts.tgz file?



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Auto update error: Could not verify the authenticity of scripts/AUScripts.tgz
    Best Answer

    Posted Mon June 28, 2021 11:00 AM

    Hi,

    This seems to be a recent bug found in auto-update. I would suggest you to open up a IBM Support case and mentioned QRWAU-236 in your case to address the issue.

    Thank you.



    #QRadar
    #Support
    #SupportMigration


  • 3.  RE: Auto update error: Could not verify the authenticity of scripts/AUScripts.tgz
    Best Answer

    Posted Tue June 29, 2021 05:56 PM

    tuanht11,

    This is a known issue in this week's auto update where the au-cert.pem file experiences a signature error. The result of this issue is the error message you reported:

    Fri Jun 25 08:51:09 2021 [ERROR] Bad signature! Rejecting the manifest, aborting Fri Jun 25 08:51:09 2021 [ERROR] Could not verify the authenticity of scripts/AUScripts.tgz.

    There is a workaround to remove the pem file, then run the auto update again.

    What to do

    Note: If you are not comfortable removing files, open a case and QRadar Support can assist you with this workaround.

    1. Log in to the QRadar Console as the root user.
    2. Navigate to the /store/autoupdates directory.
    3. Move or rename the au-cert.pem file to /root
    4. Type the following command to run the auto update:
    /opt/qradar/bin/UpdateConfs.pl -runall

    The auto update should complete successfully.



    #QRadar
    #Support
    #SupportMigration