AIX

 View Only

  • 1.  Link to dowload latest lssecfixes script

    Posted Wed January 04, 2023 08:57 AM
    Hey guys...

    Does anyone having link to download latest lssecfixes script for AIX ?

    ------------------------------
    Vikas Dabas
    ------------------------------


  • 2.  RE: Link to dowload latest lssecfixes script

    Posted Fri January 06, 2023 11:27 AM
    I sent you an internal message in Slack, there are some internal options, it seems.

    ------------------------------
    Jan Harris
    AIX Development Support (Liaison to the AIX Toolbox for Open Source)
    IBM (Contract)
    Austin TX
    ------------------------------

    Original Message


  • 3.  RE: Link to dowload latest lssecfixes script

    IBM Champion
    Posted Mon January 09, 2023 03:45 AM
    Would it suit?

    https://www.ibm.com/docs/en/aix/7.2?topic=e-emgr-check-ifixes-command
    https://www.ibm.com/docs/en/aix/7.2?topic=e-emgr-download-ifix-command

    ------------------------------
    Andrey Klyachkin

    https://www.power-devops.com
    ------------------------------

    Original Message


  • 4.  RE: Link to dowload latest lssecfixes script

    Posted Tue January 10, 2023 10:08 AM
    Hello Andrey

    Did you test links above. Command doesn't work. Dnf command works.
    Sample from two aix 7.3 last version lpar. On the second I manually install last ifix on Monday.

    emgr_check_ifixes
    Gathering system information
    +-----------------------------------------------------------------------------+
    p0.mtm=8286-42A
    p0.fw=SV860_234
    p0.parnm=nim
    p0.os=aix
    p0.aix=7300-01-01-2246
    +-----------------------------------------------------------------------------+
    Checking interim fixes on the system ...
    +-----------------------------------------------------------------------------+
    There is no efix data on this system.

    Searching for AIX security fixes ...
    +-----------------------------------------------------------------------------+
    ERROR: SSL connection failed, logs saved in /tmp/ifix/ssl_connection_flrt.log
    root@nim: / > cat /tmp/ifix/ssl_connection_flrt.log
    00000001:error:10080002:BIO routines:(unknown function):system lib:crypto/bio/bio_addr.c:738:Hostname and service name not provided or found
    connect:errno=0

    second lpar with last security ifixes vurnerability

    emgr_check_ifixes
    Gathering system information
    +-----------------------------------------------------------------------------+
    p0.mtm=9009-42A
    p0.fw=VL950_099
    p0.parnm=aix73testnim
    p0.os=aix
    p0.aix=7300-01-01-2246
    +-----------------------------------------------------------------------------+
    Checking interim fixes on the system ...
    +-----------------------------------------------------------------------------+
    ID STATE LABEL INSTALL TIME UPDATED BY ABSTRACT
    === ===== ========== ================= ========== ======================================
    1 S IJ44594s1a 01/05/23 11:01:47 IJ44594 POTENTIAL SECURITY ISSUE
    2 S IJ44595s1a 01/05/23 11:02:52 IJ44595 POTENTIAL SECURITY ISSUE


    Searching for AIX security fixes ...
    +-----------------------------------------------------------------------------+
    ERROR: SSL connection failed, logs saved in /tmp/ifix/ssl_connection_flrt.log
    # cat /tmp/ifix/ssl_connection_flrt.log
    00000001:error:10080002:BIO routines:(unknown function):system lib:crypto/bio/bio_addr.c:738:Hostname and service name not provided or found
    connect:errno=0

    ------------------------------
    Juraj Petráš
    ------------------------------

    Original Message


  • 5.  RE: Link to dowload latest lssecfixes script

    IBM Champion
    Posted Tue January 10, 2023 10:42 AM
    Hello Juraj,

    yes, I tested them and even opened a call at IBM because of the wrong hostname in one of the scripts. It was ca. 6 months ago (August-September?) and I thought it is already fixed. Unfortunately I can't find APAR right now.

    ------------------------------
    Andrey Klyachkin

    https://www.power-devops.com
    ------------------------------

    Original Message


  • 6.  RE: Link to dowload latest lssecfixes script

    Posted Tue January 10, 2023 11:04 AM
    Hello

    I think it is new different problem. In the past was problem maybe you think this one or 
    https://www.ibm.com/support/pages/apar/IJ43353
    https://www.ibm.com/support/pages/apar/IJ42181

    I checked script.

    ------------------------------
    Juraj Petráš
    ------------------------------

    Original Message


  • 7.  RE: Link to dowload latest lssecfixes script

    IBM Champion
    Posted Wed January 11, 2023 07:17 AM
    Yes, you're right - these is the problem I had. I will check the scripts later again on my test system. Let's see what is wrong this time :-)

    ------------------------------
    Andrey Klyachkin

    https://www.power-devops.com
    ------------------------------

    Original Message


  • 8.  RE: Link to dowload latest lssecfixes script

    Posted Tue March 07, 2023 07:29 PM

    New APARs for AIX emgr_check_ifixes command (checks the availability for security interim fixes for the current operating system level).

    https://lnkd.in/g2qMUbzt

    The CRL parsing error (which causes the failure "HTTP/1.0 400 Bad Request ...") will be fixed with

    APAR IJ45198 for AIX 7.3 TL 01 -> https://lnkd.in/gXWBiwz3

    APAR IJ45359 for AIX 7.3 TL 02 -> https://lnkd.in/gZE2vbpx

    APAR IJ45357 for AIX 7.2 TL 05 -> https://lnkd.in/gs6gxyKp


    The problem with the Certificate Server (which prevents the correct download of the CRL that causes the failure "HTTP/1.1 404 Not Found ...") is still being investigated - presumably a change needs to be made on esupport.ibm.com.

    (Note that this error also happens with older openssl versions.)



    ------------------------------
    Chris Gibson
    ------------------------------

    Original Message