Upgrade the OpenSSL component for a running InsightIQ 4.1.3.x or InsightIQ 4.1.4.x system to address the security vulnerability: CVE-2021-3712. These steps show how to upgrade OpenSSL to version 1.1.1l on a site without an internet connection.
Determine whether an upgrade is required: see steps in Upgrade OpenSSL.
Recommended: Export the InsightIQ datastore to a location that is not on the InsightIQ host system. This database export can be used if a recovery is needed.
Recommended: Ensure or walk through the procedure on a different system before applying these changes to a production system.
These steps show how to update Linux dependencies required to install OpenSSL 1.1.1l, and how to update OpenSSL to version 1.1.1l.
mount -o loop CentOS-7-x86_64-Everything-2003.iso /mnt
cd /etc/yum.repos.d/
[c7-media] name=CentOS-$releasever - Media baseurl=file:///mnt/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[base] name=CentOS-$releasever - Base mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 enabled=0 #released updates [updates] name=CentOS-$releasever - Updates mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 enabled=0 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 enabled=0 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[root@centos76 yum.repos.d]# yum repolist
sudo yum install -y make gcc perl pcre-devel zlib-devel perl-core
md5sum openssl-1.1.1l.tar.gz
tar -xvf openssl-1.1.1l.tar.gz
cd openssl-1.1.1l sudo ./config sudo make sudo make install export LD_LIBRARY_PATH="/usr/local/lib:/usr/local/lib64" sudo echo "export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64" >> ~/.bashrc
[root@mk-236 ~]# openssl version OpenSSL 1.1.1l 24 Aug 2021
cd .. rm -rf openssl-1.1.1l rm -rf openssl-1.1.1l.tar.gz