How to upgrade third party components manually
search cancel

How to upgrade third party components manually

book

Article ID: 274181

calendar_today

Updated On:

Products

Endpoint Threat Defense for Active Directory

Issue/Introduction

A few third party components are reported to be vulnerable and it is required to upgrade these manually.

The components are -

  • ApacheHTTP Server
  • ApacheTomcat
  • Node.js
  • MySQL

Environment

On-Prem TDAD

Cause

The reported third party components are vulnerable.

Resolution

Pre-requisite: 

  • It is recommended to take a snapshot of the TDAD JCore server and the remote DM

 

Steps to upgrade NODEJS: 

  • Download the latest LTS(Long Time Support) from https://nodejs.org/en/download
  • Install NodeJS msi with Administrator Privileges.
  • Upon completion of installation, confirm that the new version of NodeJS from the Control Panel.

 

Steps to upgrade APACHE HTTP SERVER: 

  • Download the Apache HTTP server from https://www.apachehaus.com/cgi-bin/download.plx
  • Backup the "conf" folder from <TDAD install dir>\core\Apache
  • In an elevated command prompt, run the following command to stop the service
    • sc stop SETDADWebSvc
  • Delete all files/folders from the current "Apache" folder present under <TDAD install dir>\core
  • Extract the files from the downloaded "ApacheHaus" zip to <TDAD install dir>\core\Apache 
  • Replace the "conf" folder from the backup
  • In an elevated command prompt, run the following command to start the service
    • sc start SETDADWebSvc

 

Steps to upgrade APACHE TOMCAT: 

  • Download the following installers:

  • Backup the existing conf, webapps, and work folders from <C:>\Program Files\Apache Software Foundation\Tomcat 9.0_SETDADCore\

  • Stop and uninstall the service - SETDADCore. In an elevated command prompt, run the following commands:

    • sc stop SETDADCore

    • sc delete SETDADCore

    • <C:>\Program Files\Apache Software Foundation\Tomcat 9.0_SETDADCore\Uninstall.exe /S /Y -ServiceName=SETDADCore
    • Close the command prompt
    • Delete the directory: <C:>\Program Files\Apache Software Foundation\Tomcat 9.0_SETDADCore

  • Proceed with the installation

    • Run the downloaded installer apache-tomcat-<version>.exe

    • When prompted specify Windows Service Name as SETDADCore 
    • Mention the path of JRE as <C:>\Program Files\AdoptOpenJDK\jre-11.0.6.10-hotspot
    • Uncheck the "Run Apache Tomcat" and "Show ReadMe" checkboxes from Completing Apache Tomcat Setup window
  • Post Installation configurations:

    • After installation replace conf, webapps, and work folders from the backup(taken initially) into the directory <C:>\Program Files\Apache Software Foundation\Tomcat 9.0_SETDADCore\

    • Open the registry editor

      •  Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Apache Tomcat 9.0 SETDADCore

        • Set the Publisher as "Symantec Corporation"
        • Add the DWORD(32-bit) EstimatedSize and set its value to Decimal - 100000 
      • Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SETDADCore
        • Set DisplayName as "Symantec Endpoint Threat Defense for AD Tomcat Service"
        • Set Description as "Symantec Endpoint Threat Defense for AD Tomcat Service"
        • Set ObjectName as "NT Service\SETDADCore

    • From a command prompt, navigate to the path where setACL utility is downloaded and run the commands:

      • setacl.exe -on "<C:>\Program Files\Apache Software Foundation\Tomcat 9.0_SETDADCore" -ot file -actn ace -ace "n:NT Service\SETDADCore;p:full"
      • setacl.exe -on "<C:>\Program Files\Symantec\Endpoint Threat Defense for AD\certs" -ot file -actn ace -ace "n:NT Service\SETDADCore;p:full"
      • setacl.exe -on "<C:>\Program Files\Symantec\Endpoint Threat Defense for AD\netFiles" -ot file -actn ace -ace "n:NT Service\SETDADCore;p:full"
      • setacl.exe -on "<C:>\Program Files\Symantec\Endpoint Threat Defense for AD\forensicsFiles" -ot file -actn ace -ace "n:NT Service\SETDADCore;p:full"
    • Open the registry editor
      • Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\SETDADCore\Parameters\Java
        • In the "Options" setting, append the following strings each on a new line:
                 -XX:NewSize=750m
                 -XX:MaxNewSize=750m
                 -Dlogpath="<C:>\Program Files\Symantec\Endpoint Threat Defense for AD\Logs
        • Set JvmMs with value Decimal 256
        • Set JvmMx with value decimal 4096
  • Start the Tomcat service.
    • From the command prompt, run the queries:
      • sc config SETDADCore start=auto
      • sc start SETDADCore

         

 

Steps to upgrade MYSQL: 

  • Download the installer "mysql-installer-community-x.x.xx.x.msi" from https://dev.mysql.com/downloads/installer/
  • Backup the data directory from <TDAD install dir>\MySQL

  • Open the registry editor and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Javelin. Note down the values of

    • MySQLpwd (use this MySQL password wherever prompted in the steps below)

    • SQLPort

  • In an elevated command prompt, run the following commands
    • To ensure the upgrade readiness
      • cd <TDAD install dir>\MySQL\MySQL Server 5.7\bin
      • mysqlcheck.exe --user=root --all-databases --check-upgrade -p
        (use MySQLpwd when prompted)
      • confirm if the status is shown as "OK"
    • Backup the database
      • cd <TDAD install dir>\MySQL\MySQL Server 5.7\bin
      • mysqldump --user=root -p --routines --events --all-databases --force > <c:>\full_db_dump.sql
  • Run the downloaded installer "mysql-installer-community-x.x.xx.x.msi"  and opt for the below settings instead of the default
    • Select MySQL Server in the window "Select Products To Upgrade"
    • Enable the checkbox next to the option "Skip system tables upgrade" on the window "Check and Upgrade Database"
    • Select the radio button next to the option "Yes, grant full access" on the window "Server File Permissions" and "Proceed" with the default options.
      Using the above steps MySQL server upgrades to the selected version and it can be confirmed from the control panel.
  • To install MySQL Shell, run the community installer "mysql-installer-community-x.x.xx.x.msi"
    • Click on "Add"
    • From the "Available Products" window, select Applications→MySQL Shell→MySQL Shell x.x→MySQL Shell x.x.xx - x64
    • Add it to the "Products To Be installed" window (right side) and proceed with the installation by double clicking, nothing is explicit in the option.
  • After the installation is complete, the MySQL shell window will be launched. If it does not, launch it from the location "<C:>\Program Files\MySQL\MySQL Shell x.x\bin" and run the below commands:
    • \c root@localhost:3306
            –  where port<3306> is the value of SQLPort saved earlier
            –  use MySQLpwd when prompted

    • \status
             – to confirm the server version 

    • util.checkForServerUpgrade()
              – we run the MySQL Upgrade Checker to be sure everything is compatible with MySQL x.x.
    • If any errors are seen we need to resolve them before proceeding with the upgrade 
    • \quit
               – to exit from MySQL shell window
    • In an elevated command prompt, run the command:
       sc stop SETDADMySQL
                – the above command is to stop the service of the earlier MySQL version  5.7.x     
  • To install MySQL Server:

    • Confirm if the path exists
      "<C:>\Program Files (x86)\MySQL\MySQL Installer for Windows" - This is expected to be present since it is a part of TDAD installation.

    • In an elevated command prompt: cd <C:>\Program Files (x86)\MySQL\MySQL Installer for Windows, run
      MySQLInstallerConsole --install server;x.x.xx;x64:*:port=3306;install_dir="<C:>\Program Files\Symantec\Endpoint Threat Defense for AD\MySQL\MySQL Server x.x"

    • Check if the installation is successful. Go to services and check that MYSQLxx is up and running.
    • Stop the new MySQLxx service using the command:
      sc stop MYSQLxx
    • Configurational changes:
      • Copy "1.sql" from a directory "<TDAD install dir>\MySQL\data" to the directory "C:\ProgramData\MySQL\MySQL Server x.x"
      • Modify "<C:>\ProgramData\MySQL\MySQL Server x.x\my.ini"
        • Edit "datadir" to point it to datadir of MySQL 5.7 datadir="<TDAD install dir>\MySQL\data/Data"
          where the value of datadir can be read from: "<TDAD install dir>\MySQL\data\my.ini"
        • Insert the following path under tag [mysqld], to read as:
          [mysqld]
           init_file=<TDAD install dir>\MySQL\data\1.sql
        • Search for "# The TCP/IP Port the MySQL Server will listen on" and replace with:
          bind-address=127.0.0.1
        • Modify the value of "Innodb_log_buffer_size" from 16M to 512M

        • Modify the value of "Innodb_buffer_pool_size" from 128M to 512M

        • Modify the value of "Innodb_redo_log_capacity" from 100M to 256M
        • Modify the value of "Max_allowed_packet" from 64M to 256M

    • Delete the services

      • sc delete SETDADMySQL

      • sc delete MySQLxx

    • From the command prompt:

      • cd <TDAD install dir>\MySQL\MySQL Server x.x\bin

      • Run
        mysqld.exe --install SETDADMySQL --defaults-file="C:\ProgramData\MySQL\MySQL Server x.x\my.ini"

    • Open the registry, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SETDADMySQL

      • Set DisplayName as "Symantec Endpoint Threat Defense for AD MySQL Service"
      • Set Description as "Symantec Endpoint Threat Defense for AD MySQL Service". If not existing, create a new 'String Value' for 'Description'.
    • Open services
      • select SETDADMySQL
      • Navigate to the Log On tab
        • Select "This account"
        • Mention "NT Service\SETDADMySQL"
        • Type the TDAD server console password in the field "Password"
    • Restart the system
    • Upon restart completion, confirm that the service SETDADMySQL is running with a new DisplayName and Description.
Powered by Wolken Software