NetWitness Community

Yes

Article Number

000003229

Applies To

RSA Product Set: NetWitness Platform
RSA Product/Service Type: Security
RSA Version/Condition: 12.4.0
Platform: Alma Linux
O/S Version: EL8

Issue

Some core services are showing offline in the GUI after upgrade to 12.4.0. Services are running on the CLI without issue. The Investigate UI sometimes shows "is this a NextGen device?", and investigations are unable to be run.

Task

Download and install the hotfix from this KB
Follow the instructions below, the salt commands are appended with >> to write the output of the commands to a file, if this KB doesn't fix your issue, please include these .out files when opening a NetWitness Support case.

Resolution

Save the RPM to the Admin Server under /root/, using SCP or other means available to your environment.
SSH to the Admin Server

Copy the RPM from /root/ to /var/netwitness/common/repo:


# cp /root/safelogic-openssl-3.0.13b-1.el8.x86_64.rpm /var/netwitness/common/repo/.

Use the salt cmd.run to check the currently installed version of the Safelogic RPM:
```
# salt '*' cmd.run "openssl3 version" >> safelogic_prehotfix.out
```

Use the salt cmd.run to copy the RPM from the Admin Server to all the hosts:


# salt "*" cmd.run "wget --no-check-certificate https://nw-node-zero/nwrpmrepo/safelogic-openssl-3.0.13b-1.el8.x86_64.rpm" >> safelogic_download.out

Use the salt cmd.run to uninstall the old version of of the Safelogic RPM. IGNORE WARNING - "warning: file /usr/local/bin/openssl: remove failed: No such file or directory"
```
# salt '*' cmd.run "rpm -e safelogic-openssl-3.0.12d-1.el8.x86_64 --nodeps" >> safelogic_removal.out
```

Use the salt cmd.run to install the new RPM on all hosts:


# salt '*' cmd.run "rpm -Uvh safelogic-openssl-3.0.13b-1.el8.x86_64.rpm" >> safelogic_install.out

Use the salt cmd.run to verify the OpenSSL3 version is OpenSSL 3.0.13+SL_CCS-2.1.2+b 30 May 2024:
```
# salt '*' cmd.run "openssl3 version" >> safelogic_version.out
```
Once everything shows OpenSSL 3.0.13+SL_CCS-2.1.2+b 30 May 2024 from the openssl3 version command, reboot the devices or restart core services on all devices.

Notes

If your output file for Step 7 has lines such as:


error: open of <!DOCTYPE failed: No such file or directory
error: open of html> failed: No such file or directory
error: open of <html> failed: No such file or directory
error: open of <head> failed: No such file or directory
error: open of <link failed: No such file or directory

then the wget command ran and shows successful, but it was blocked in some way.

AND/OR

The output of Step 8 does not show a May 2024 date, the commands and RPM will need to be copied manually to the hosts and run locally:

Copy the RPM from the Admin Server to the Host:


# scp /root/safelogic-openssl-3.0.13b-1.el8.x86_64.rpm root@<IP> /root/

SSH to the Host and uninstall the RPM:
```
# rpm -e safelogic-openssl --nodeps
```

Install the new RPM:


# rpm -Uvh safelogic-openssl-3.0.13b-1.el8.x86_64.rpm

Verify the OpenSSL3 version has a May 2024 build date:
```
# openssl3 version
```

NetWitness Community

12.4 - Hotfix for Intermittent Service Communication Issues - SafeLogic SSL patch

Article Number

Applies To

Issue

Task

Resolution

Notes

In this article

NetWitness Community

12.4 - Hotfix for Intermittent Service Communication Issues - SafeLogic SSL patch

Article Number

Applies To

Issue

Task

Resolution

Notes

In this article

Related Content