Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EOL/EOE] How to perform offline attack update using guiSvrCli.sh if the NSM server does not have internet access

0

0

Article ID: KB10092 KB Last Updated: 28 Oct 2020Version: 13.0
Summary:

Note: A product listed in this article has either reached hardware End of Life (EOL) OR software End of Engineering (EOE).  Refer to End of Life Products & Milestones for the EOL, EOE, and End of Support (EOS) dates.


How to perform offline attack update using guiSvrCli.sh if the NSM server does not have internet access

Solution:

Attack update can be performed from the CLI using the guiSvrCli.sh script. This tool, by default, uses the HTTP URL https://services.netscreen.com/restricted/sigupdates/nsm-updates/NSM-SecurityUpdateInfo.dat for downloading latest attack DB information.

If the NSM server does not have access to the internet, administrators can follow this procedure to perform attack update via CLI:

  1. Obtain the two attack update files (the data file and the attack object database file) from the website.   Copy and paste the content from the URL into a file and name the file as NSMFP3-DI-IDPAttackUpdateInfo.dat or NSM-SecurityUpdateInfo.dat for 2006 and higher. Place these two files (dat file and zip file) on the NSM server under /tmp.
    To obtain the dat file:
       

    For the .zip file (that consists of the attack object database), copy both files to /tmp directory on the NSM GUI Server.

  2. Login to the NSM server (GUI Server) via SSH as root.  If you are using an NSMXpress device, log in as admin and run sudo su - and type in the admin password.  Change to location $NSROOT/GuiSvr/var/svrcli. ($NSROOT in most installs is set to /usr/netscreen).
     
  3. Make a copy of the file updateAttacks.vtl then edit it and replace the https URL found in this file with the directory path as :
     
    • For releases prior to 2006.1 as:   file:///tmp/NSMFP3-DI-IDPAttackUpdateInfo.dat 
    • For 2006.1 and higher as:   file:///tmp/NSM-SecurityUpdateInfo.dat 
  4. Run the guiSvrCli.sh script to update attack db:
     
    • Change to the utils directory: cd /usr/netscreen/GuISvr/utils
       
    • Run one of the following commands for NSM version 2007.1, 2007.2 and 2007.3:
      To perform only the attack update, run the command: ./guiSvrCli.sh --update-attacks --post-action --none

      To perform attack update and device update, run the command: ./guiSvrCli.sh --update-attacks --post-action --update-devices
    • Run one of the following commands for NSM version 2008.1 and above:
      To perform only the attack update, run the command: ./guiSvrCli.sh --update-attacks --post-action --none

      To perform attack update and device update, run the command: ./guiSvrCli.sh --update-attacks  --post-action --update-devices
  5. Once run, you will be prompted for the domain/user; enter : global/super as well as the super user's password (super, the admin user for NSM, not root).
Modification History:
2020-10-23: Removed broken link.
2020-10-18: Tagged article for EOL/EOE.
 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search