AIX

View Only

Expand all | Collapse all

Link to dowload latest lssecfixes script

1. Link to dowload latest lssecfixes script

0 Like
Vikas Dabas
Posted Wed January 04, 2023 08:57 AM

Reply
Hey guys...

Does anyone having link to download latest lssecfixes script for AIX ?

------------------------------
Vikas Dabas
------------------------------
2. RE: Link to dowload latest lssecfixes script

0 Like
Jan Harris
Posted Fri January 06, 2023 11:27 AM

Reply
I sent you an internal message in Slack, there are some internal options, it seems.

------------------------------
Jan Harris
AIX Development Support (Liaison to the AIX Toolbox for Open Source)
IBM (Contract)
Austin TX
------------------------------

Original Message
3. RE: Link to dowload latest lssecfixes script

0 Like
IBM Champion

Andrey Klyachkin
Posted Mon January 09, 2023 03:45 AM

Reply
Would it suit?

https://www.ibm.com/docs/en/aix/7.2?topic=e-emgr-check-ifixes-command
https://www.ibm.com/docs/en/aix/7.2?topic=e-emgr-download-ifix-command

------------------------------
Andrey Klyachkin

https://www.power-devops.com
------------------------------

Original Message
4. RE: Link to dowload latest lssecfixes script

1 Like
Juraj Petráš
Posted Tue January 10, 2023 10:08 AM

Reply
Hello Andrey

Did you test links above. Command doesn't work. Dnf command works.
Sample from two aix 7.3 last version lpar. On the second I manually install last ifix on Monday.

emgr_check_ifixes
Gathering system information
+-----------------------------------------------------------------------------+
p0.mtm=8286-42A
p0.fw=SV860_234
p0.parnm=nim
p0.os=aix
p0.aix=7300-01-01-2246
+-----------------------------------------------------------------------------+
Checking interim fixes on the system ...
+-----------------------------------------------------------------------------+
There is no efix data on this system.

Searching for AIX security fixes ...
+-----------------------------------------------------------------------------+
ERROR: SSL connection failed, logs saved in /tmp/ifix/ssl_connection_flrt.log
root@nim: / > cat /tmp/ifix/ssl_connection_flrt.log
00000001:error:10080002:BIO routines:(unknown function):system lib:crypto/bio/bio_addr.c:738:Hostname and service name not provided or found
connect:errno=0

second lpar with last security ifixes vurnerability

emgr_check_ifixes
Gathering system information
+-----------------------------------------------------------------------------+
p0.mtm=9009-42A
p0.fw=VL950_099
p0.parnm=aix73testnim
p0.os=aix
p0.aix=7300-01-01-2246
+-----------------------------------------------------------------------------+
Checking interim fixes on the system ...
+-----------------------------------------------------------------------------+
ID STATE LABEL INSTALL TIME UPDATED BY ABSTRACT
=== ===== ========== ================= ========== ======================================
1 S IJ44594s1a 01/05/23 11:01:47 IJ44594 POTENTIAL SECURITY ISSUE
2 S IJ44595s1a 01/05/23 11:02:52 IJ44595 POTENTIAL SECURITY ISSUE

Searching for AIX security fixes ...
+-----------------------------------------------------------------------------+
ERROR: SSL connection failed, logs saved in /tmp/ifix/ssl_connection_flrt.log
# cat /tmp/ifix/ssl_connection_flrt.log
00000001:error:10080002:BIO routines:(unknown function):system lib:crypto/bio/bio_addr.c:738:Hostname and service name not provided or found
connect:errno=0

------------------------------
Juraj Petráš
------------------------------

Original Message
5. RE: Link to dowload latest lssecfixes script

0 Like
IBM Champion

Andrey Klyachkin
Posted Tue January 10, 2023 10:42 AM

Reply
Hello Juraj,

yes, I tested them and even opened a call at IBM because of the wrong hostname in one of the scripts. It was ca. 6 months ago (August-September?) and I thought it is already fixed. Unfortunately I can't find APAR right now.

------------------------------
Andrey Klyachkin

https://www.power-devops.com
------------------------------

Original Message
6. RE: Link to dowload latest lssecfixes script

0 Like
Juraj Petráš
Posted Tue January 10, 2023 11:04 AM

Reply
Hello

I think it is new different problem. In the past was problem maybe you think this one or
https://www.ibm.com/support/pages/apar/IJ43353
https://www.ibm.com/support/pages/apar/IJ42181

I checked script.

------------------------------
Juraj Petráš
------------------------------

Original Message
7. RE: Link to dowload latest lssecfixes script

0 Like
IBM Champion

Andrey Klyachkin
Posted Wed January 11, 2023 07:17 AM

Reply
Yes, you're right - these is the problem I had. I will check the scripts later again on my test system. Let's see what is wrong this time :-)

------------------------------
Andrey Klyachkin

https://www.power-devops.com
------------------------------

Original Message
8. RE: Link to dowload latest lssecfixes script

0 Like
Chris Gibson
Posted Tue March 07, 2023 07:29 PM

Reply
New APARs for AIX emgr_check_ifixes command (checks the availability for security interim fixes for the current operating system level).

https://lnkd.in/g2qMUbzt

The CRL parsing error (which causes the failure "HTTP/1.0 400 Bad Request ...") will be fixed with

APAR IJ45198 for AIX 7.3 TL 01 -> https://lnkd.in/gXWBiwz3

APAR IJ45359 for AIX 7.3 TL 02 -> https://lnkd.in/gZE2vbpx

APAR IJ45357 for AIX 7.2 TL 05 -> https://lnkd.in/gs6gxyKp

The problem with the Certificate Server (which prevents the correct download of the CRL that causes the failure "HTTP/1.1 404 Not Found ...") is still being investigated - presumably a change needs to be made on esupport.ibm.com.

(Note that this error also happens with older openssl versions.)

------------------------------
Chris Gibson
------------------------------

Original Message
9. RE: Link to dowload latest lssecfixes script

0 Like
Łukasz Czepelski
Posted Sun October 08, 2023 05:20 PM

Reply
Hello,

What is this tool that doesn't work? How to connect via proxy?

------------------------------
Łukasz Czepelski
------------------------------

Original Message
10. RE: Link to dowload latest lssecfixes script

0 Like
Stefan Koller
Posted Fri January 12, 2024 02:40 AM

Reply
I connect via proxy (exported https_proxy) and get the following:

/root # cat /tmp/ifix/ssl_connection_flrt.log
00000001:error:8000004E:system library:(unknown function):Connection timed out:crypto/bio/bio_sock2.c:114:calling connect()
00000001:error:10000067:BIO routines:(unknown function):connect error:crypto/bio/bio_sock2.c:116:

AIX 7.2 TL5 SP6 and the fixes mentioned are installed.

is this command working via proxy?

------------------------------
Stefan Koller
------------------------------

Original Message
11. RE: Link to dowload latest lssecfixes script

0 Like
IBM Champion

José Pina Coelho
Posted Mon December 04, 2023 10:53 AM
Edited by José Pina Coelho Mon December 04, 2023 10:58 AM

Reply
If this is any way related to aix.software.ibm.com, try to use service-dhe.dhe.ibm.com instead.

I think this is because aix.software.ibm.com is a CNAME to service.boulder.ibm.com, which is a CNAME to service-dhe.dhe.ibm.com, while CNAMEs should only point at IN A/AAAA records, not IN CNAME records.

I'm also getting tons of "broken" links from IBM doc pages, that point at aix.software.ibm.com... if I re-write to service-dhe.dhe.ibm.com, they work.

The SOA of dhe.ibm.com changes on Nov 30th (may be related).

Also, www14.software.ibm.com is now a CNAME to www14-software.dhe.ibm.com which has no A record.

------------------------------
José Pina Coelho
IT Specialist at Kyndryl
------------------------------

Original Message
12. RE: Link to dowload latest lssecfixes script

0 Like
Chris Gibson
Posted Tue February 27, 2024 10:25 PM
Edited by Chris Gibson Tue February 27, 2024 10:39 PM

Reply
Using emgr_check_ifixes on AIX 7.3
https://community.ibm.com/community/user/power/blogs/chris-gibson1/2024/02/27/using-emgr-check-ifixes-aix-73?CommunityKey=daa942cb-b783-4fd3-ba27-a2d7462f9530

------------------------------
Chris Gibson
------------------------------

Original Message
13. RE: Link to dowload latest lssecfixes script

0 Like
Russell Adams
Posted Wed February 28, 2024 03:37 AM

Reply
Any idea if these tools are doing proper signature validation? There
have been recent changes to those signatures and validation
procedures for fixes.

On Wed, Feb 28, 2024 at 03:25:32AM +0000, Chris Gibson via IBM TechXchange Community wrote:
> Using emgr_check_ifixes on AIX 7.3
> http://gibsonnet.net/blog/cgaix/html/emgr_check_ifixes_blog.html <http: gibsonnet.net/blog/cgaix/html/emgr_check_ifixes_blog.html="">
>
>
> ------------------------------
> Chris Gibson
> ------------------------------
> -------------------------------------------
> Original Message:
> Sent: Wed January 04, 2023 01:40 AM
> From: Vikas Dabas
> Subject: Link to dowload latest lssecfixes script
>
> Hey guys...
>
> Does anyone having link to download latest lssecfixes script for AIX ?
>
> ------------------------------
> Vikas Dabas
> ------------------------------
>
>
> Reply to Sender : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=399541&SenderKey=3238300f-fd2d-405b-82d8-69662c0eb70e
>
> Reply to Discussion : https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6049&MID=399541
>
>
>
> You are subscribed to "AIX" as Russell.Adams@AdamsSystems.nl. To change your subscriptions, go to http://community.ibm.com/community/user/preferences?section=Subscriptions. To unsubscribe from this community discussion, go to http://community.ibm.com/HigherLogic/eGroups/Unsubscribe.aspx?UserKey=c23dfccc-9910-40ae-beeb-fdcbced5bf1f&sKey=KeyRemoved&GroupKey=7b554d78-d4dc-417a-b4dc-017e309e5c91.

------------------------------------------------------------------
Russell Adams Russell.Adams@AdamsSystems.nl
Principal Consultant Adams Systems Consultancy
https://adamssystems.nl/

Original Message

IBM Power

Connect, learn, share, and engage with IBM Power.

AIX

Link to dowload latest lssecfixes script

Vikas DabasWed January 04, 2023 08:57 AM

Jan HarrisFri January 06, 2023 11:27 AM

Andrey KlyachkinMon January 09, 2023 03:45 AM

Juraj PetrášTue January 10, 2023 10:08 AM

Andrey KlyachkinTue January 10, 2023 10:42 AM

Juraj PetrášTue January 10, 2023 11:04 AM

Andrey KlyachkinWed January 11, 2023 07:17 AM

Chris GibsonTue March 07, 2023 07:29 PM

Łukasz CzepelskiSun October 08, 2023 05:20 PM

Stefan KollerFri January 12, 2024 02:40 AM

José Pina CoelhoMon December 04, 2023 10:53 AM

Chris GibsonTue February 27, 2024 10:25 PM

Russell AdamsWed February 28, 2024 03:37 AM

1. Link to dowload latest lssecfixes script

2. RE: Link to dowload latest lssecfixes script

3. RE: Link to dowload latest lssecfixes script

4. RE: Link to dowload latest lssecfixes script

5. RE: Link to dowload latest lssecfixes script

6. RE: Link to dowload latest lssecfixes script

7. RE: Link to dowload latest lssecfixes script

8. RE: Link to dowload latest lssecfixes script

9. RE: Link to dowload latest lssecfixes script

10. RE: Link to dowload latest lssecfixes script

11. RE: Link to dowload latest lssecfixes script

12. RE: Link to dowload latest lssecfixes script

13. RE: Link to dowload latest lssecfixes script