Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Isilon InsightIQ 4.1.4.x Installation Guide

PDF

Upgrade OpenSSL on a system without an internet connection

Upgrade the OpenSSL component for a running InsightIQ 4.1.3.x or InsightIQ 4.1.4.x system to address the security vulnerability: CVE-2021-3712. These steps show how to upgrade OpenSSL to version 1.1.1l on a site without an internet connection.

  • Determine whether an upgrade is required: see steps in Upgrade OpenSSL.

  • Recommended: Export the InsightIQ datastore to a location that is not on the InsightIQ host system. This database export can be used if a recovery is needed.

  • Recommended: Ensure or walk through the procedure on a different system before applying these changes to a production system.

These steps show how to update Linux dependencies required to install OpenSSL 1.1.1l, and how to update OpenSSL to version 1.1.1l.

  1. On a PC connected to the internet, download the CentOS 7.8 DVD or Everything image file (example: CentOS-7-x86_64-Everything-2003.iso), and then transfer the image file to the InsightIQ host.
  2. On the InsightIQ host, from a command line, mount the ISO file, for example: 
    mount -o loop CentOS-7-x86_64-Everything-2003.iso /mnt
  3. Go to the folder with your Yum repositories: 
    cd /etc/yum.repos.d/
  4. Create backup copies of CentOS-Media.repo and CentOS-Base.repo.
  5. Edit the file /etc/yum.repos.d/CentOS-Media.repo, updating the fields: baseurl and enabled: 
    [c7-media]
name=CentOS-$releasever - Media
baseurl=file:///mnt/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
  6. Edit the file /etc/yum.repos.d/CentOS-Base.repo, adding or changing the value of the field: enabled, so that all default repos become temporarily disabled: 
    [base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
enabled=0

#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
enabled=0

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
enabled=0

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
  7. Confirm that the repo list looks correct: 
    [root@centos76 yum.repos.d]# yum repolist
  8. Install dependencies required to install OpenSSL. The commands may be different for other Linux versions. For example, to update CentOS 7.8 or 7.9: 
    sudo yum install -y make gcc perl pcre-devel zlib-devel perl-core
  9. On a PC connected to the internet, download the installation files for OpenSSL 1.1.1l from https://www.openssl.org/source, and then transfer the image file to the InsightIQ host.
    NOTE The last letter of OpenSSL version 1.1.1l is the lower-case letter L.
  10. Verify the installation file by comparing the MD5 checksum value. 
    md5sum openssl-1.1.1l.tar.gz
    For example, for OpenSSL 1.1.1l, the MD5 checksum should be: ac0d4387f3ba0ad741b0580dd45f6ff3.
  11. Extract the installer: 
    tar -xvf openssl-1.1.1l.tar.gz
  12. Compile and install OpenSSL: 
    cd openssl-1.1.1l

sudo ./config

sudo make

sudo make install

export LD_LIBRARY_PATH="/usr/local/lib:/usr/local/lib64"

sudo echo "export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64" >> ~/.bashrc
  13. Check the version of OpenSSL on your system. The version should now be 1.1.1l or later: 
    [root@mk-236 ~]# openssl version
OpenSSL 1.1.1l 24 Aug 2021
    NOTE If you receive the message: "No such file or directory", you can exit from current running shell, login again, and check again. You may also need to update the PATH environment variable to include the locations: /usr/local/sbin and /usr/local/bin.
  14. Replace the CentOS-Media.repo and CentOS-Base.repo files in /etc/yum.repos.d with their backup versions.
  15. Optional: Cleanup the installation by removing the installation files: 
    cd ..

rm -rf openssl-1.1.1l

rm -rf openssl-1.1.1l.tar.gz

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\