Updates and upgrades¶
As part of Plixer’s commitment to continuously delivering better and more secure user experiences through our products, updates to Plixer Scrutinizer will regularly be made available to customers. These updates may improve existing functionality, expand system definitions (algorithms, Report types, reputation lists, etc.), and/or patch new security vulnerabilities. All patches and updates will have been applied to and extensively tested on Plixer’s own QA servers.
To streamline the process, new features, security patches, and other optimizations can all be delivered via the same system update package, which will be pulled from Plixer.com.
Note
Firewall policies will need to be configured to allow traffic to files.plixer.com on TCP port 443 from your Plixer Scrutinizer servers.
System updates
Plixer Scrutinizer can be set to run system updates either on demand or automatically on a daily basis.
Note
When automatic system updates are enabled, updates are scheduled at a random time outside of the configured business hours.
All system update commands run yum update using https. They can be entered directly into the command line or from within the interactive scrut_util CLI utility. Additional settings, such as a proxy server (if required), can also be configured in the yum.conf file.
To initiate or configure system updates directly from the command line, use the following commands:
| Command | Function |
|---|---|
scrut_util --system update |
Pulls down available updates from Plixer.com when run |
scrut_util --system update --schedule |
Enables automatic daily update pulls |
scrut_util --system update --unschedule |
Disables automatic daily update pulls |
To initiate or configure system updates from within the scrut_util interactive CLI utility, use the following syntax at the SCRUTINIZER> prompt:
| Command | Function |
|---|---|
system update |
Pulls down available updates from Plixer.com when run |
system update schedule |
Enables automatic daily update pulls |
system update unschedule |
Disables automatic daily update pulls |
Whenever a system update is run, an audit Event with the update details will be generated under the Plixer Scrutinizer Alarm Monitor. In the event of issues, yum history can be used to roll back updates.
Important
In the case of operating system patches, all Plixer Scrutinizer services will be restarted, which may result in up to a minute of missed data.
Note
In distributed environments, system update commands will need to be run on each server.
Version upgrades
For major version upgrades (e.g., X.0.0 to Y.0.0), contact Plixer Technical Support for assistance with the process.
Vulnerability checks
While both the Plixer Scrutinizer web interface and the operating system behind it are frequently updated to address newly discovered security issues, vulnerability scanning and auditing solutions may still report vulnerabilities that have already been patched. In most cases, this is the combined result of a backported security patch and the tool only scanning for component version numbers.
If this happens, there are two ways to verify the validity of the vulnerability report:
- Check the package changelog for the CVE identifier/number of the vulnerability (e.g., CVE-2017-3169)
- Download and install the latest OVAL Definitions from
oval.cisecurity.org/repository, which will allow any compatible tools to determine the status of vulnerabilities, even when security patches have been backported.
For additional assistance, contact Plixer Technical Support.