NetWitness how to check for Errant YUM Repositories Before Updating NetWitness or Security Analytics Appliances

Issue

Errant or unwanted YUM repositories on appliances may result in unexpected errors during the upgrade process.  

To avoid this problem, logon to NetWitness appliances prior to upgrading to execute a simple command to identify which, if any repositories are enabled, and disable unwanted repositories prior to initiating an upgrade.

Resolution

Logon to each Netwitness appliances or Security Analytics appliances via the console or an ssh session and run a simple command to identify YUM repositories that are enabled.

1. Logon to the appliances as root.
2. Execute the following command:

3. ​​Review the output of the command from step 2.  ​

In the sample output above,  the nw-os-base.repo, nw-rsa-base.repo, nw-rsa-cloud-extras.repo, nw-os-upgrade-x-x-x-x.repo  and nw-rsa-upgrade-x-x-x-x repositories are enabled.  These are normally the repositories that should be enabled on your Netwitness Admin Server or appliances. For 12.4, a new repository nw-leapp.repo is introduced as in the second example.

If you find any other repositories enabled please verify this is intended and do not proceed with the upgrade until you have verified the status of these repositories and disabled any repositories that you cannot confirm are intentional enabled.

Notes

To check on alll hosts at once you can run the below salt command instead 
salt '*' cmd.run 'grep "enabled=1" /etc/yum.repos.d/*.repo'

Product Details

NetWItness Product Set: NetWitness Platform
NetWitness  Product/Service Type: Core Appliance, Archiver, ESA, Malware, SA Server
NetWItness  Version:  11.x, 12.x, 
Platform: CentOS
O/S Version: EL7 , AlmaLinux 8.9

Summary

Run this simple command to check for errant or unwanted YUM repositories that are enabled before updating RSA NetWitness or Security Analytics appliances.

Approval Reviewer Queue

Technical approval queue