Do the upgrade patches have a DEL_USER in them somewhere
search cancel

Do the upgrade patches have a DEL_USER in them somewhere

book

Article ID: 387209

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

 Doing the upgrade from 11.0 to 11.1.1 .

The upgrade was successful but it triggered a cybersecurity alert that User unset performed a DEL_USER action on account gnats, ntp, systemd-coredump, systemd-resolve.

- there's such a command in the upgrade patches somewhere that does this ?

The patches run were :

Layer7_API_PlatformUpdate_64bit_v11.0-Debian-2024-12-16.L7P
Layer7_API_PlatformUpdate_v11.1.00-Debian-17707.L7P
Layer7_API_Gateway_Debian_v11.1.00-17707.L7P
Layer7_API_PMS_Debian_v2.0.0-20240715115049.L7P
Layer7_API_PlatformUpdate_64bit_v11.1-Debian-2024-11-24.L7P
Layer7_API_Gateway_Debian_v11.1.1-18484.L7P

Environment

CA API Gateway 11.1

Cause

normal O.S patches operations

Resolution

- Some OS package create new users during installation, so it is natural that their postrm script might have the corresponding del user command.  
- Per debian manual, postrm on old version is triggered on upgrade of the package.

-  Depends on the package involved

Just giving an example, so it really depends on the package :

Debian postrm command

The script can be called in the following ways:

-postrm remove After the package was removed.

- postrm purge After the package was purged.

- old-postrm upgrade new-version After the package was upgraded.

- new-postrm failed-upgrade old-version new-version If the above upgrade call fails.

  The new-version is passed only since dpkg 1.18.5.
- postrm disappear overwriter-package overwriter-version After all of the packages files have been replaced.

- new-postrm abort-install If preinst fails during install.

- new-postrm abort-install old-version new-version If preinst fails during install for an upgrade of a removed  package.


  The new-version is passed only since dpkg 1.18.5.
- new-postrm abort-upgrade old-version new-versionIf preinst fails during upgrade.

- The new-version is passed only since dpkg 1.18.5.

*** most likely those users (gnats, ntp, systemd-coredump, systemd-resolve) got recreated after the package got upgraded

- You can check if the user where recreated after the patches by using the command below 

 getent passwd 

 

Powered by Wolken Software