Versions Compared

Old Version 16

changes.mady.by.user Jean-luc KRIKER

Saved on

compared with

New Version Current

changes.mady.by.user Jean-luc KRIKER

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


[SRX] How to update IDP Signature Database off-lineĀ  ( Easier way to do it )

https://kb.juniper.net/InfoCenter/index?page=content&id=KB32399&actp=METADATA

...

https://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/technotes/SRX-IDP_Offline_SecurityPackage_update.pdf




check the signature id


Code Block
titlewhich version installed
Netbox@SRX340-1-Rack104# run show services application-identification version
  Application package version: 534


Netbox@SRX340-1-Rack104# run show security idp security-package-version
  Attack database version:N/A(N/A)
  Detector version :12.6.160121210
  Policy template version :N/A


Check-server

and get the latest signature id


Code Block
titleCheck server
Netbox@SRX340-1-Rack104> request services application-identification download check-server
Download server URL: https://signatures.juniper.net/cgi-bin/index.cgi
Sigpack Version: 3161
Protobundle version: 1.380.0-60.105
Build Time: Jan 13 2019 23:05:04


Netbox@SRX340-1-Rack104> request security idp security-package download check-server
Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi).
Version info:3161(Detector=12.6.160180509, Templates=3161)


application-identification

and

Download Server

and

sigpack version


Code Block
titlehere
collapsetrue
request
root@SRX340-1-Rack104> show services application-identification
download status https://signatures.juniper.net/xmlupdate/226/ApplicationGroups/3161/application_groups2.xml.gz
 status

Application Identification
 Status

idp folder

and

detector-capabilities

Code Block
titleidp folder
collapsetrue
%
ls
-al
/var/db/idpd/sec-download/
total
1484
drwxr-xr-x
3
root
wheel
512
Dec
Enabled
15
 Sessions
2017
under
. drwxr-xr-x
app detection
7
root
wheel
 0
 Max TCP
512
session
Dec 15 2017 .. -rw-r--r-- 1 root wheel 721970 Dec 15 2017 detector-capabilities.xml drwxr-xr-x 2 root wheel
packet memory     0
 Force packet plugin               Disabled
 Force stream plugin
512
Dec
15
2017
sub-download
more /var/db/idpd/sec-download/detector-capabilities.xml

application id folder

and

manifest.xml file

Code Block
titlemanifest.xml only xml.gz id files
collapsetrue
% more /var/db/appid/sec-download/manifest.xml | grep "xml.gz</id"
    <id>application_groups.xml.gz</id>
    <id>application_groups2.xml.gz</id>
    <id>applications.xml.gz</id>
    <id>applications2.xml.gz</id>
    <id>contexts.xml.gz</id>
    <id>filters.xml.gz</id>
    <id>groups.xml.gz</id>
    <id>platforms.xml.gz</id>
    <id>products.xml.gz</id>
    <id>services.xml.gz</id>
    <id>SignatureUpdate.xml.gz</id>
    <id>templates.xml.gz</id>
Code Block
titledownload manifest
wget -O manifest.xml "https://signatures.juniper.net/xmlupdate/226/Manifest/3161/manifest.xml" Also: wget -O manifest.xml "
Disabled
 Statistics collection interval    1440 (in minutes)

Application System Cache
 Status                            Enabled
 Max Number of entries in cache    131072
 Cache timeout                     3600 (in seconds)

Protocol Bundle
 Download Server                   https://signatures.juniper.net/cgi-bin/index.cgi
?device=jsrx340&adv_dev_info=srx340&feature=idp&os=15.1&build=49&dfa=hs&detector=12.6.160121210&from=&to=latest&type=manifest&sn=CY3016AF0008&release=150.2"

 AutoUpdate
PS
C:\Users\jkriker\Documents\script>
ls
Directory:
C:\Users\jkriker\Documents\script
Mode
     Disabled
Slot 1:
 Application package version
LastWriteTime
  0
 Status
Length
Name
----
-------------
     Free
 PB Version
------
---- -a----
16/04/2019
13:46
       N/A
 Engine version
5379
manifest.xml
-a----
16/04/2019
12:48
     N/A
 Sessions
4269066
SignatureUpdate.xml.gz
PS
C:\Users\jkriker\Documents\script\appid>
more
.\manifest.xml
|
grep
"xml.gz</url>"
|
sed
s/<url>//
|
sed
s/<\/url>//
|
sed
s/.*https/https/
>
.\download-file-list.txt
PS C:\Users\jkriker\Documents\script\appid> more .\download-file-list.txt https://signatures.juniper.net/xmlupdate/226/ApplicationGroups/3161/application_groups.xml.gz
 0



request services application-identification download status

https://signatures.juniper.net/xmlupdate/226/ApplicationGroups/3161/application_groups2.xml.gz
https://signatures.juniper.net/xmlupdate/226/Applications/3161/applications.xml.gz https://signatures.juniper.net/xmlupdate/226/Applications/3161/applications2.xml.gz https://signatures.juniper.net/xmlupdate/226/Contexts/3161/contexts.xml.gz https://signatures.juniper.net/xmlupdate/226/Filters/3161/filters.xml.gz https://signatures.juniper.net/xmlupdate/226/Groups/3161/groups.xml.gz https://signatures.juniper.net/xmlupdate/226/Platforms/3161/platforms.xml.gz https://signatures.juniper.net/xmlupdate/226/Products/3161/products.xml.gz https://signatures.juniper.net/xmlupdate/226/Services/3161/services.xml.gz https://signatures.juniper.net/xmlupdate/226/SignatureUpdates/3161/SignatureUpdate.xml.gz https://signatures.juniper.net/xmlupdate/226/Templates/3161/templates.xml.gz determine the file to download Code Block
titledownload file
!!!!!!!! some web browser have some problem with the xml file >>>>>> using wget instead ( on powershell/windoes or linux ) !!!!!!!!!!!!!! Netbox@SRX340-1-Rack104> request security idp security-package download check-server Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi). Version info:3161(Detector=12.6.160180509, Templates=3161) >>>>> Just change the Template ID, here 3161 <<<<<<<< PS C:\Users\jkriker\Documents\script> wget https://signatures.juniper.net/xmlupdate/226/SignatureUpdates/3161/SignatureUpdate.xml.gz -O SignatureUpdate.xml.gz PS C:\Users\jkriker\Documents\script> ls Directory: C:\Users\jkriker\Documents\script Mode LastWriteTime Length Name ---- ------------- ------ ---- d----- 16/04/2017 12:00


idp folder

and

detector-capabilities


Code Block
titleidp folder
collapsetrue
% ls -al /var/db/idpd/sec-download/
total 1484
drwxr-xr-x  3 root  wheel     512 Dec 15  2017 .
drwxr-xr-x  7 root  wheel     512 Dec 15  2017 ..
-rw-r--r--  1 root  wheel  721970 Dec 15  2017 detector-capabilities.xml
drwxr-xr-x  2 root  wheel     512 Dec 15  2017 sub-download



more /var/db/idpd/sec-download/detector-capabilities.xml


application id folder

and

manifest.xml file


Code Block
titlemanifest.xml only xml.gz id files
collapsetrue
% more /var/db/appid/sec-download/manifest.xml | grep "xml.gz</id"
    <id>application_groups.xml.gz</id>
    <id>application_groups2.xml.gz</id>
    <id>applications.xml.gz</id>
    <id>applications2.xml.gz</id>
    <id>contexts.xml.gz</id>
    <id>filters.xml.gz</id>
    <id>groups.xml.gz</id>
    <id>platforms.xml.gz</id>
    <id>products.xml.gz</id>
    <id>services.xml.gz</id>
    <id>SignatureUpdate.xml.gz</id>
    <id>templates.xml.gz</id>


Code Block
titledownload manifest
 wget -O manifest.xml "https://signatures.juniper.net/xmlupdate/226/Manifest/3161/manifest.xml"


Also:
wget -O manifest.xml  "https://signatures.juniper.net/cgi-bin/index.cgi?device=jsrx340&adv_dev_info=srx340&feature=idp&os=15.1&build=49&dfa=hs&detector=12.6.160121210&from=&to=latest&type=manifest&sn=CY3016AF0008&release=150.2"



PS C:\Users\jkriker\Documents\script> ls


    Directory: C:\Users\jkriker\Documents\script


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----       16/04/2019     13:46           5379 manifest.xml
-a----       16/04/2019     12:48        4269066 SignatureUpdate.xml.gz



PS C:\Users\jkriker\Documents\script\appid> more .\manifest.xml | grep "xml.gz</url>" | sed s/<url>// | sed s/<\/url>// | sed s/.*https/https/ > .\download-file-list.txt

PS C:\Users\jkriker\Documents\script\appid> more .\download-file-list.txt
https://signatures.juniper.net/xmlupdate/226/ApplicationGroups/3161/application_groups.xml.gz
https://signatures.juniper.net/xmlupdate/226/ApplicationGroups/3161/application_groups2.xml.gz
https://signatures.juniper.net/xmlupdate/226/Applications/3161/applications.xml.gz
https://signatures.juniper.net/xmlupdate/226/Applications/3161/applications2.xml.gz
https://signatures.juniper.net/xmlupdate/226/Contexts/3161/contexts.xml.gz
https://signatures.juniper.net/xmlupdate/226/Filters/3161/filters.xml.gz
https://signatures.juniper.net/xmlupdate/226/Groups/3161/groups.xml.gz
https://signatures.juniper.net/xmlupdate/226/Platforms/3161/platforms.xml.gz
https://signatures.juniper.net/xmlupdate/226/Products/3161/products.xml.gz
https://signatures.juniper.net/xmlupdate/226/Services/3161/services.xml.gz
https://signatures.juniper.net/xmlupdate/226/SignatureUpdates/3161/SignatureUpdate.xml.gz
https://signatures.juniper.net/xmlupdate/226/Templates/3161/templates.xml.gz


determine the file to download


Code Block
titledownload file
!!!!!!!!  some web browser have some problem with the xml file >>>>>> using wget instead ( on powershell/windoes or linux ) !!!!!!!!!!!!!!


Netbox@SRX340-1-Rack104> request security idp security-package download check-server
Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi).
Version info:3161(Detector=12.6.160180509, Templates=3161)

>>>>> Just change the Template ID, here 3161 <<<<<<<<

PS C:\Users\jkriker\Documents\script> wget https://signatures.juniper.net/xmlupdate/226/SignatureUpdates/3161/SignatureUpdate.xml.gz -O SignatureUpdate.xml.gz


PS C:\Users\jkriker\Documents\script> ls


    Directory: C:\Users\jkriker\Documents\script


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----       16/04/2017     12:00                test1
d-----       17/04/2017     19:03                Test2
-a----       13/10/2018     13:28            466 napalm_config.py
-a----       16/04/2019     12:48        4269066 SignatureUpdate.xml.gz

Then put it in the /var/tmp folder

PS C:\Users\jkriker\Documents\script> sftp Netbox@172.30.95.210:/var/tmp/
Password:
Connected to 172.30.95.210.
Changing to: /var/tmp/

sftp> put SignatureUpdate.xml.gz
Uploading SignatureUpdate.xml.gz to /cf/var/tmp/SignatureUpdate.xml.gz
SignatureUpdate.xml.gz                                                                             100% 4169KB 631.5KB/s   00:06

sftp> ls
SignatureUpdate.xml.gz    appidd_trace_debug        gres-tp                   install                   phone-home
pics                      policy_status
test1
d-----
17/04/2017
 rtsdb
19:03
Test2
-a----
sd-upgrade
13/10/2018
13:28
   sec-download
spu_kmd_init
466
napalm_config.py
-a----
    usb
16/04/2019
12:48
4269066
SignatureUpdate.xml.gz
Then
put
it
in
the /var/tmp folder
vi.recover




Also can be done like in the KB.

PS C:\Users\jkriker\Documents\script> wget "https://signatures.juniper.net/cgi-bin/index.cgi?device=jsrx340&adv_dev_info=srx340&feature=idp&os=15.1&build=49&dfa=hs&platform_ver
sion=&detector=12.6.160121210&from=&to=latest&type=update&sn=CY3016AF0008&release=150.2" -O SignatureUpdate.xml.gz



Code Block
titleOLD: determine the file to download
collapsetrue
Netbox@SRX340-1-Rack104> show security idp security-package-version
  Attack database version:N/A(N/A)
  Detector version :12.6.160121210  <<<<<<<<< installed 
  Policy template version :N/A

Netbox@SRX340-1-Rack104> request security idp security-package download check-server
Successfully retrieved from(https://signatures.juniper.net/cgi-bin/index.cgi).
Version info:3161(Detector=12.6.160180509, Templates=3161)


The latest one is:
Detector=12.6.160180509


https://signatures.juniper.net/cgi-bin/index.cgi?device=jsrx340&adv_dev_info=&feature=idp&os=15.1&build=49&dfa=hs&detector=12.6.160171124&from=&to=latest&type=offline

https://signatures.juniper.net/cgi-bin/index.cgi?
device=jsrx340&
adv_dev_info=&
feature=idp&
os=15.1&
build=49&
dfa=hs&detector=12.6.160171124&
from=&to=latest&type=offline



----------------------------------------------------------------------------------------------------
junos command to provide the answer

device=jsrx340&
os=15.1&
build=49&

Netbox@SRX340-1-Rack104> show version
Hostname: SRX340-1-Rack104
Model: srx340
Junos: 15.1X49-D150.2
JUNOS Software Release [15.1X49-D150.2]


Image Modified

idp offline-download


Code Block
titlesftp with powershell
PS C:\Users\jkriker\Documents\script> ls


    Directory: C:\Users\jkriker\Documents\script


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----       16/04/2017     12:00                test1
d-----       17/04/2017     19:03                Test2
-a----       13/10/2018     13:28            466 napalm_config.py
-a----       16/04/2019     12:48        4269066 SignatureUpdate.xml.gz


PS C:\Users\jkriker\Documents\script> sftp Netbox@172.30.95.210
Password:
Connected to 172.30.95.210.
sftp> put SignatureUpdate.xml.gz
Uploading SignatureUpdate.xml.gz to /cf/var/home/Netbox/SignatureUpdate.xml.gz
SignatureUpdate.xml.gz                                                                                                                        100% 4169KB 622.2KB/s   00:06
sftp> ls
SignatureUpdate.xml.gz
sftp> quit
PS C:\Users\jkriker\Documents\script>


Code Block
titleoffline-download
Netbox@SRX340-1-Rack104> request security idp security-package offline-download ?
Possible completions:
  <[Enter]>            Execute this command
  package-path         Package path of the zipped security package
  status               Retrieve the status of offline package download operation
  |                    Pipe through a command


Netbox@SRX340-1-Rack104> request security idp security-package offline-download package-path ?
Possible completions:
  <package-path>       Package path of the zipped security package



Netbox@SRX340-1-Rack104> request security idp security-package offline-download package-path /cf/var/home/Netbox/SignatureUpdate.xml.gz
Will be processed in async mode. Check the status using the status checking CLI

Netbox@SRX340-1-Rack104> request security idp security-package offline-download status
Done;Signature package offline download Successful.

Netbox@SRX340-1-Rack104> request security idp security-package install
error: Security Package installation disabled temporarily due to invalid license.  <<<<<<<<<<<<<<< Need install IDP license!!!!!