Security updates¶

Security updates can be run on demand or scheduled to run on a daily basis. The commands to perform the security updates are listed below. Plixer recommends scheduled updates be enabled to ensure maximum protection. The update process will reach out to a plixer repository at files.plixer.com to pull down updates. Those updates have been applied to our QA servers internally and determined to be stable before being posted to our repository.

All patches and updates, including vulnerabilities and major upgrades, are included in the system updates. An audit event will be logged to the Scrutinizer Alarms table whenever the ‘system update’ command is run. Each update will also be listed within the audit event. In the event of a problem with the security updates, yum history can be used to roll back updates. If a proxy server is required, it can be configured within the yum.conf file.

The system update command runs yum update using https. Firewall policies will need to allow traffic to files.plixer.com on TCP port 443 from your Scrutinizer servers. Cryptographic verification of the downloaded update files is provided by yum.

The system update command will need to be run on each server in a distributed environment. It can be run directly from the command line and also from within the Interactive scrut_util utility. If operating system patches are applied, all Scrutinizer services will be restarted. This can cause a minute of missed data.

The following command syntax to be used when running the scrut_util utility directly from the command line:

  scrut_util --system update

- This will pull down updates from plixer.com when run.

  scrut_util --system update --schedule

- This will schedule the updates to be pulled from plixer.com on a daily basis. A random hour/minute

is chosen to run the update. This time is selected outside of the ‘business hours’ set in the Admin > Settings > Reporting page. An alert is sent to Scrutinizer and can be viewed in the Audit Event policy in the Alarms tab.

  scrut_util --system update --unschedule

- This will cancel the daily update schedule.

Interactive scrut_util

The following command syntax is used from within the interactive mode of the scrut_util utility. Running scrut_util from command line will open the interactive prompt.

  **SCRUTINIZER>** system update unschedule

- This will cancel the daily update schedule.