SOFTPAQ NUMBER: N/A PART NUMBER: N/A FILE NAME: CompaqW2200-1.03-10.i386.rpm TITLE: System Software Upgrade Package for Compaq W2200 TaskSmart Servers VERSION: 1.03-10 LANGUAGE: English CATEGORY: Fix DIVISION: TaskSmart Appliances PRODUCTS AFFECTED: TaskSmart W2200 (All Models) OPERATING SYSTEM: Red Hat Linux 7.0 SYSTEM CONFIGURATION: All shipping configurations PREREQUISITES: Compaq TaskSmart W2200 Systems Software v1.01 or v1.02 EFFECTIVE DATE: 10/05/01 ELECTRONIC DISTRIBUTION ALLOWED: Yes SUPERSEDES: N/A DESCRIPTION: The Systems Software Upgrade Package for the Compaq TaskSmart W2200 family of servers is an advanced RPM based installer containing many sub-packages. This upgrade package will install / upgrade several packages and fixes, automatically, in the proper order, freeing the administrator from tedious multi-rpm installations. Installation is carried out through the web based Web Server Configuration Application. ENHANCEMENTS/FIXES: SECURITY ENHANCEMENTS - Kernel has been upgraded to 2.2.19. System is no longer vulnerable to the root exploit through the execve() system call. NFS system programs have been upgraded to support the new kernel. - SNMP Read-only Community String: If the SNMP Read-only Community String was set to the default setting of "public", the upgrade process changed it to "cpqPublic" for enhanced security. If the default setting had been changed from "public" before the upgrade, the custom string is retained. RAPIDLAUNCH USABILITY NOTE: UID light functionality is unaffected when using RapidLaunch v2.3 or higher. If using an older version of RapidLaunch the "SNMP Read" field must be changed to cpqPublic before the UID light will function properly. Simply click the "Authentication" field for the device and change the "SNMP Read" field to cpqPublic. - Apache Module "mod_status": The Apache module, mod_status, which presents an HTML page with the current server statistics is now disabled by default for enhanced security. The system administrator may choose to turn mod_status back on by enabling it in the Web Server Configuration Application. - Added ability to disallow incoming traffic to any system service IP port by Ethernet interface through the Web Server Configuration Application (* indicates new port selections in this release) Service / Port(s) HTTP / *80 HTTPS / *443 Anonymous FTP / 21 Telnet / 23 SSH / 22 SMTP / 25 POP3 / 110 IMAP / 143, 220, 993 SNMP / 161 Who/Login / *513 Auth - Ident / 113 ICMP (ping, timestamp) / *ICMP protocol NFS / *111, *113, *1024, *1025, 2049 Compaq Insight Web Management Agent / *2301 Compaq Configurator / 3201 WEB SERVER CONFIGURATION APPLICATION - System can now be upgraded by browsing and uploading the upgrade rpm from a local workstation. - When restoring a system, you may select to either perform a "Full Restore" or "Replicate Configuration". A full restore will restore all data to the system. A replicated configuration will allow you to set the Hostname, and IP addresses to unique values on the target system. - The Unit Identification Light LED may be enabled or disabled from the menu to help you identify a W2200 in a rack. This replaces the CD eject function. Service on IP port 3203, used for the CD eject function, has been removed. - Added ability to disallow incoming traffic on various additional ports and services (see Security Enhancements above). - Fixed security issue limiting virtual site administrators from looking at other sites. - Fixed disk quota initialization after a system restore. NETWORKING - Fixed ipchains issue limiting outbound traffic on various ports. Fixed ipchains "no defined interface" issue. MANAGEMENT - Updated Compaq Insight Manager agents to version 5.20. Updated Health driver to 2.2.0. HOW TO USE: It is always a good practice to backup your system before performing any system upgrade. Backup your W2200 system before proceeding. There are 4 methods for downloading and installation. Please choose the method which best matches your environment: A - DIRECT METHOD (Single W2200's / direct access to public ftp site) If you have access to Compaq's public ftp server from the W2200 system and are only updating a single W2200 system, it is possible to download and install this update in one step by using the Web Server Configuration Application's System Upgrade Utility. After backing up your system proceed to the DIRECT METHOD section. B - STAGING METHOD (Multiple or Single W2200 / No direct access to public ftp site). If you are updating multiple W2200 systems and/or you do not have direct access to Compaq's public ftp site you will want to download this rpm to a staging directory not necessarily located on the system(s) you intend to update. It is always a good practice to backup your system before performing any system upgrade. After backing up your system proceed to the STAGING METHOD section. C - CD METHOD (* For experienced Linux / Unix users only. RPM update file has been burned to a CD-R / W2200 without access to the public ftp site or private ftp / html server ). If you desire to burn the RPM update file to a cd and install from the cd drive of the unit to be upgraded follow the CD METHOD. It is always a good practice to backup your system before performing any system upgrade. After backing up your system proceed to the CD METHOD section. D - W2200 FILESYSTEM METHOD (* For experienced Linux / Unix users only. RPM update file has been placed on the W2200 to be updated) If you desire to upgrade your W2200 system after downloading the .rpm file to the actual system to be updated follow the W2200 FILESYSTEM METHOD. It is always a good practice to backup your system before performing any system upgrade. After backing up your system proceed to the W2200 FILESYSTEM METHOD section. ------------------ A - DIRECT METHOD ================================================== 1) Login to the Web Server Configuration Application as system administrator. 2) Select "Management" from the left-hand navigation pane. Select "System Upgrade Utility" from the resulting drop down menu. 3) Use "anonymous" for the User Name field. Leave the Password field empty. Use the following URL for the "Location of the Upgrade" field: "ftp://ftp.compaq.com/pub/products/servers/supportsoftware/linux /RedHat/CompaqW2200-1.03-10.i386.rpm". Select the "Download the Upgrade" button. The upgrade file is large and could take a considerable amount of time depending upon your connection and current Internet conditions. 4) You will see the message "Downloading file... One moment please" . Please read the important upgrade information and license agreement which appears when the download is complete. 6) Select the "Apply Upgrade" button after agreeing to the license agreement to start the upgrade process. After selecting the 'Apply Upgrade' button, please WAIT FOR 10 MINUTES before resuming ANY activity on the system. DO NOT USE THE WEB INTERFACE FOR 10 MINUTES. Depending on your current software version your system may be automatically restarted. 7) After waiting for 10 minutes your upgrade should be complete and your system ready for normal use. RAPIDLAUNCH NOTE: UID light functionality is unaffected when using RapidLaunch v2.3 or higher. The latest version of RapidLaunch, v2.3.91 or newer (Part No. 135199-403), may be installed for correct UID function -or- if using an older version of RapidLaunch the "SNMP Read" field must be changed to cpqPublic before the UID light will function properly. If using a version prior to 2.3 simply click the "Authentication" field for the selected device and change the "SNMP Read" field to cpqPublic. B - STAGING METHOD ================================================ 1) Download the upgrade package to a location which is accessible from each of the W2200's you wish to upgrade. This may be to a file share on an ftp server or http server (web server). The downloaded file is a linux based rpm package with a filename based on the W2200 software version number. 2) Login to the Web Server Configuration Application as system administrator. 3) Select "Management" from the left-hand navigation pane. Select "System Upgrade Utility" from the resulting drop down menu. 4) Fill in the "User Name" and "Password" fields with the appropriate information needed to access the system on which you have located the CompaqW2200-1.03-10.i386.rpm upgrade file. Fill in the "Location of the Upgrade" field with the complete URL location for the CompaqW2200-1.03-10.i386 upgrade file ( ex. ftp://ispserver2.bigisp.com/temp/CompaqW2200-1.03-7.i386.rpm ). Select the "Download the Upgrade" button. 5) You will see the message "Downloading file... One moment please" . Please read the important upgrade information and license agreement which appears when the download is complete. 6) Select the "Apply Upgrade" button after agreeing to the license agreement to start the upgrade process. After selecting the 'Apply Upgrade' button, please WAIT FOR 10 MINUTES before resuming ANY activity on the system. DO NOT USE THE WEB INTERFACE FOR 10 MINUTES. Depending on your current software version your system may be automatically restarted. 7) After waiting for 10 minutes your upgrade should be complete and your system ready for normal use. RAPIDLAUNCH NOTE: UID light functionality is unaffected when using RapidLaunch v2.3 or higher. The latest version of RapidLaunch, v2.3.91 or newer (Part No. 135199-403), may be installed for correct UID function -or- if using an older version of RapidLaunch the "SNMP Read" field must be changed to cpqPublic before the UID light will function properly. If using a version prior to 2.3 simply click the "Authentication" field for the selected device and change the "SNMP Read" field to cpqPublic. C - CD METHOD ====================================================== * For experienced Linux / Unix users only 1) Burn the CompaqW2200-1.03-10.i386.rpm onto a CD-R. 2) Insert the CD into the CD drive of the W2200 server being upgraded. 3) Create a user with ftp and telnet privileges through the Web Server Configuration Application. 4) Using a client PC network accessible from the machine being upgraded, telnet into the W2200 system, change to root user (su - then password). Mount the cdrom drive (mount /mnt/cdrom). Copy the rpm to the user's home directory (cp /mnt/cdrom/CompaqW2200-1.03-10.i386.rpm /home/USERNAME). Substitute the created user's name for USERNAME. 5) Login to the Web Server Configuration Application as system administrator. 6) Select "Management" from the left-hand navigation pane. Select "System Upgrade Utility" from the resulting drop down menu. 7) Fill in the "User Name" and "Password" fields with the name and password of the new user created in step 3. Fill in the "Location of the Upgrade" field with the local URL path to the file. This will be ftp://127.0.0.1/home/USERNAME/CompaqW2200-1.03-10.i386.rpm . Substitute the created user's name for USERNAME. Select the "Download the Upgrade" button. 5) You will see the message "Downloading file... One moment please" . Please read the important upgrade information and license agreement which appears when the download is complete. Proceed to step 6. 6) Select the "Apply Upgrade" button after agreeing to the license agreement to start the upgrade process. After selecting the 'Apply Upgrade' button, please WAIT FOR 10 MINUTES before resuming ANY activity on the system. DO NOT USE THE WEB INTERFACE FOR 10 MINUTES. Depending on your current software version your system may be automatically restarted. 7) After waiting for 10 minutes your upgrade should be complete and your system ready for normal use. RAPIDLAUNCH NOTE: UID light functionality is unaffected when using RapidLaunch v2.3 or higher. The latest version of RapidLaunch, v2.3.91 or newer (Part No. 135199-403), may be installed for correct UID function -or- if using an older version of RapidLaunch the "SNMP Read" field must be changed to cpqPublic before the UID light will function properly. If using a version prior to 2.3 simply click the "Authentication" field for the selected device and change the "SNMP Read" field to cpqPublic. D - W2200 FILESYSTEM METHOD =============================================== * For experienced Linux / Unix users only 1) Create a user with ftp and telnet privileges through the Web Server Configuration Application. 2) At the command line (telnet/console) of the W2200 on which the .rpm file resides, copy the rpm to the user's home directory (cp CompaqW2200-1.03-10.i386.rpm /home/USERNAME). Substitute the created user's name for USERNAME. 3) Login to the Web Server Configuration Application as system administrator. 4) Select "Management" from the left-hand navigation pane. Select "System Upgrade Utility" from the resulting drop down menu. 5) Fill in the "User Name" and "Password" fields with the name and password of the new user created in step 3. Fill in the "Location of the Upgrade" field with the local URL path to the file. This will be ftp://127.0.0.1/home/USERNAME/CompaqW2200-1.03-10.i386.rpm . Substitute the created user's name for USERNAME. Select the "Download the Upgrade" button. 6) You will see the message "Downloading file... One moment please" . Please read the important upgrade information and license agreement which appears when the download is complete. Proceed to step 6. 7) Select the "Apply Upgrade" button after agreeing to the license agreement to start the upgrade process. After selecting the 'Apply Upgrade' button, please WAIT FOR 10 MINUTES before resuming ANY activity on the system. DO NOT USE THE WEB INTERFACE FOR 10 MINUTES. Depending on your current software version your system may be automatically restarted. 8) After waiting for 10 minutes your upgrade should be complete and your system ready for normal use. RAPIDLAUNCH NOTE: UID light functionality is unaffected when using RapidLaunch v2.3 or higher. The latest version of RapidLaunch, v2.3.91 or newer (Part No. 135199-403), may be installed for correct UID function -or- if using an older version of RapidLaunch the "SNMP Read" field must be changed to cpqPublic before the UID light will function properly. If using a version prior to 2.3 simply click the "Authentication" field for the selected device and change the "SNMP Read" field to cpqPublic. Copyright 2001, Compaq Computer Corporation. All rights reserved. Product names mentioned herein may be trademarks and/or registered trademarks of their respective companies.