This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Knowledge Base Archive
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Java is inadvertently updated in an RSA Security Analytics environment

Article Number

000031618

Applies To

RSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics Server, Security Analytics UI, Reporting Engine, Incident Management, Event Stream Analysis (ESA), Malware Analysis
RSA Version/Condition: 10.4.1.x
Platform: CentOS
Platform (Other): Java
O/S Version: EL6

Issue

A potential issue exists when upgrading from Security Analytics 10.4.1.x to Security Analytics 10.5.1. If appliances are not upgraded immediately after 10.5.1 is retrieved into the Security Analytics updates repository, then the underlying infrastructure automatically applies the newer version of Java from the SA 10.5.1 bundle.

The Java version in SA 10.5.1 bundle is not compatible with SA 10.4.1.x and can result in the Security Analytics UI becoming inaccessible, or may prevent the Security Analytics server from being able to communicate with services such as the Reporting Engine, Incident Management, Malware Analysis, and ECAT.

Workaround

To resolve the issue, follow the instructions below based on the scenario that is being experienced.

Security Analytics UI is inaccessible
  1. Connect to the Security Analytics Server appliance via SSH as the root user.
  2. Navigate to the directory for the updates repository. 
    cd /var/netwitness/srv/www/rsa/updates/RemoteRPMs/sa/
  3. Remove the incompatible packages. 
    rm -rf java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_7.x86_64.rpm
rm -rf java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_7.x86_64.rpm
  4. Navigate to the /var/netwitness/srv/www/rsa/updates directory. 
    cd /var/netwitness/srv/www/rsa/updates
  5. Recreate the updates repository. 
    createrepo .
  6. Verify that the updates repository is enabled and enable it as necessary. 
    [root@SA-Server ~]# cat /etc/yum.repos.d/sa.repo | grep enabled
enabled = 1
  7. Downgrade the Java package. 
    yum downgrade java -y


Security Analytics UI is accessible but Reporting Engine and Incident Management modules are unable to connect
  1. Log in to the Security Analytics UI as an administrative user.
  2. Browse to the Administration -> System page.
  3. Click on Updates in the left menu bar.
  4. Search for java in the search bar in the upper-right corner of the page.
  5. Select the java-1.7.0-openjdk-1.7.0.85-2.6.1.3.el6_7.x86_64.rpm and java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_7.x86_64.rpm packages.
    Image descriptionImage description
  6. Click on the Delete ( - ) button to remove them.
  7. Click on the Synchronize Now button to synchronize with the updates repository.
  8. Connect to the Security Analytics server appliance via SSH as the root user.
  9. Downgrade the Java package. 
    yum downgrade java -y
  10. Reboot the appliance. 
    reboot
  11. Perform steps 8-10 on the Event Stream Analysis (ESA) appliance as well.

Malware Analysis service is not functional
  1. Connect to the Malware Analysis appliance via SSH as the root user.
  2. Uninstall the openjdk-devel package. 
    rpm -e java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_7.x86_64
  3. Downgrade the Java package. 
    yum downgrade java -y
  4. Install the openjdk-devel package again. 
    yum install java-1.7.0-openjdk-devel-1.7.0.85-2.6.1.3.el6_7.x86_64


If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-14 10:06 AM
Updated by:
Administrator Administrator

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.