|Blade ZipKit Package Info|
|Name: Component Template with Remediation - Heartbleed Remediation Kit|
|Type: Component Template (version Neutral)|
|BSA Compatible Version: 8.2, 8.3, 8.5, 8.7|
|Tested on version: 188.8.131.526|
|Tested against host running on: CentOS 6.5, Oracle Linux 6.5, Red Hat Linux 6.5, Ubuntu 12.04, Solaris 9, Solaris 10, Solaris 11, Windows 2008, Windows 2012, Windows 2012 R2|
Update - Rev. 1.1:
- Added scan and remediation files for Solaris 9, 10 and 11
This Component Template performs the following actions:
- Creates a Component Template called OpenSSL - Heartbleed Check
- Creates a Depot Object called Heartbleed-Remediation
- The Component Template searches for all native OS installed OpenSSL files and checks for the vulnerable SSL versions.
- The Depot Object contains the patched OpenSSL files for AIX, CentOS, Oracle Linux, Red Hat, Solaris and Ubuntu
- The Component Template includes a local property which scans windows directories for the OpenSSL vulnerability.
NOTE: The BladeLogic compliance content needs to be installed prior to importing the ZipKit.
Instructions for importing the package:
- Download the attached files
- From the BSA Console, select Component Templates , right-click and select Import (version-neutral)
- Browse to the location of the download file OpenSSL-Heartbleed Check.zip
- Check the box for "Automatically map or create export group"
- Click Next twice
- Select a location where to place this new package in BSA (default will keep structure of the package as it was exported)
- Click Finish
- Copy the EO-Heartbleed file to the <blade-install-directory>/share/sensors directory
- Copy the win_ssl_version.nsh to the <blade-install-directory>/storage/extended-objects directory
Once the import has completed, browse to the location of the package in Component Templates and Depot to confirm the configuration and settings.
There are Auto-Remediation tasks enabled so please un-check if not needed.
Here are example screen-shots from BladeLogic:
Component Template to look for UNIX, Linux and Windows OpenSSL path: