To whom it may concern,
My boss use nexpose to scan for our SuSE Linux 11 Sp2 servers and finds lots of risks there.
According to the remediations provided, upgrade to latest version of Apache Tomcat is recommended.
I’ve patched the server to SP3 and installed JAVA as ApacheTomcat needs JAVA after version 5.x.
I’ve also downloaded the ApacheTomcat 6.x and 7.x, as I have 1st upgrade from 5.x to 6.x then 7.x.
However, the steps for install them are not clear. Even I can extract them, how can I run the startup.sh which will overwrite the version 5.x.
Thanks & Regards,
Agnes
On 02/04/2014 10:24, ayeungied wrote:
[color=blue]
My boss use nexpose to scan for our SuSE Linux 11 Sp2 servers and finds
lots of risks there.
According to the remediations provided, upgrade to latest version of
Apache Tomcat is recommended.
I’ve patched the server to SP3 and installed JAVA as ApacheTomcat needs
JAVA after version 5.x.
I’ve also downloaded the ApacheTomcat 6.x and 7.x, as I have 1st upgrade
from 5.x to 6.x then 7.x.
However, the steps for install them are not clear. Even I can extract
them, how can I run the startup.sh which will overwrite the version
5.x.[/color]
Most software that check for vulnerabilities do so by simply checking
the version strings rather than actually try and exploit the various
vulnerabilities they’re looking for (which makes sense because that
could trigger bad things).
As such, scanning SLES servers doesn’t provide accurate results since
SUSE backport security fixes from later versions of software into
earlier versions that have proved to be stable for a particular release
of SLES. So when scanned, a software package reports the earlier version
number (because it is) even though it’s not vulnerable due to having a
later fix backported.
Another thing to be aware of is that SUSE only support packages that
they provide (either via patch channel or from SUSE download site) so
installing a later version from source could leave you unsupported.
I’m not sure if the reference you make to SP3 is that you’ve now
upgraded the server from SLES11 SP2 to SLES11 SP3 but if you haven’t
then that would be my first step. That should in itself give you Tomcat 6.x.
HTH.
Simon
SUSE Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
Thank Simon.
Yes, I have patched the SUSE 11 SP2 to SLES11 SP3, but I cannot find Tomcat 6.x.
It is still kept pointing to the Tomcat 5.x default page when I run http://hostname.abc.com:8080.
Some settings should be set to point to Tomcat 5.x , but as I am a new comer for Linux, I have no idea for how to find the related links / batches to point the new startup.sh to point to the latest version Apache Tomcat.
Besides, the upgrade path for Apache Tomcat is 5.x to 6.x then 6.x to 7.x.
Grateful if anyone can point my nose to set the related links / batches to the new startup.sh and any new environment variables.
Thanks & Regards,
Agnes
On 03/04/2014 04:44, ayeungied wrote:
[color=blue]
Yes, I have patched the SUSE 11 SP2 to SLES11 SP3, but I cannot find
Tomcat 6.x.
It is still kept pointing to the Tomcat 5.x default page when I run
http://hostname.abc.com:8080.[/color]
Checking my network install sources for both SLES11 SP2 and SP3 I’m now
a little puzzled why you had/have Tomcat 5.x since both SLES11 SP2 and
SP3 come with Tomcat 6.x.
What does “rpm -qa | grep tomcat” report?
HTH.
Simon
SUSE Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
Thank Simon,
rpm -qa | grep tomcat
novell-tomcat5-5.5.35-1
novell-tomcat5-webapps-5.5.35-1
I upgrade the SLES11 SP2 to SP3 by referring to
Patch SLES 11 sp2 to sp3
Online Migration with zypper
-
When all requirements are met (see Requirements), the products needed for the online migration are added to /etc/products.d. Get a list of these products by running the following command:
zypper se -t product | grep -h – “-migration” | cut -d’|’ -f2
This command should at least return SUSE_SLES-SP3-migration. Depending on the scope of your installation, more products may be listed.
-
Install the migration products retrieved in the previous step with the command zypper in -t product LIST_OF_PRODUCTS, for example
zypper in -t product SUSE_SLES-SP3-migration
-
Register the products installed in the previous step in order to get the respective update channels:
suse_register -d 2 -L /root/.suse_register.log
-
Refresh the repositories and services:
zypper ref -s
-
Check the list of repositories you can retrieve with zypper lr.
If any of these repositories is not enabled (the SP3 ones are not enabled by default when following this workflow), enable them with zypper modifyrepo --enable REPOSITORY ALIAS, for example:
Check the repositories according to result of 4.
zypper modifyrepo --enable SLES11-SP3-Core SLES11-SP3-Updates
zypper modifyrepo --enable SLES11-SP3-Pool SLES11-SP3-Updates
zypper modifyrepo --enable SLES11-SP2-Extension-Store SLES11-SP3-Pool SLES11-SP3-Updates
If your setup contains third-party repositories that may not be compatible with SP3, disable them with zypper modifyrepo --disable REPOSITORY ALIAS.
-
Now everything is in place to perform the distribution upgrade with zypper dup --from REPO 1 --from REPO 2 … Make sure to list all needed repositories with --from, for example:
zypper dup --from SLES11-SP3-Pool --from SLES11-SP3-Updates
or , according to repositories result in part 4
zypper dup --from SLES11-SP2-Extension-Store --from SLES11-SP3-Pool --from SLES11-SP3-Updates
Confirm with y to start the upgrade.
7. Upon completion of the distribution upgrade from the previous step, run the following command:
zypper update -t patch
8. Now that the upgrade to SP3 has been completed, you need to re-register your product:
suse_register -d 2 -L /root/.suse_register.log
9. Lastly, reboot your system.
10. Your system has been successfully updated to Service Pack 3.
Thanks & Regards,
Agnes
Hi Simon,
I finally get it done by installing the iManager 2.7.7.
rpm -qa | grep tomcat
novell-tomcat7-webapps-7.0.42-1
novell-tomcat7-7.0.42-1
Thank you very much,
Agnes