Forum Discussion

Fallout1984's avatar
Fallout1984
Icon for Cirrocumulus rankCirrocumulus
Dec 06, 2023

Deprovisioning APM - EPSEC/OPSWAT File Cleanup?

After deprovisioning APM, can any leftover epcsec files be deleted? For example, on my lab unit I have the files below after disabling APM:

[root@F5Lab01:Active:Standalone] config # cd /config/filestore/files_d/Common_d/epsec_package_d/
[root@F5Lab01:Active:Standalone] epsec_package_d # ls -l
total 398676
-rw-r--r--. 1 root root 265555968 Mar 22 2023 :Common:epsec-1.0.0-1372.0.iso_66424_1
-rw-r--r--. 1 root root 142684160 Aug 7 2019 :Common:epsec-1.0.0-852.0.iso_305870_1

If these are deleted and APM is subsequently re-enabled, what would happen? Is a new epsec file added as part of an upgrade on machines with APM enabled? Lastly, shouldn't these be deleted from the filestore when they're deleted via the GUI (System/Software Management/Antivirus Check Updates)?

The reason this has come up is because I'm noticing a few of my production F5 VMs have overly large ucs backups even though APM had been disabled. The tip about checking for the epsec opswat file in /config/filestore/files_d/Common_d/epsec_package_d/ I found in some older notes.

Thanks!

  • There is a KB article for the cleanup - https://my.f5.com/manage/s/article/K21175584

     

    Using tmsh to remove an EPSEC package

    Impact of procedure: Performing this procedure should not have a negative impact on the system.

    1. Log in to tmsh by entering the following command:

      tmsh

    2. Delete the epsec-package using the following command syntax:

      delete apm epsec epsec-package <folder name/filename>

      For example:

      delete /apm epsec epsec-package EPSEC/Images/epsec-1.0.0-527.0.iso

      Note: It may take a few minutes for this command to reflect that the package deletion completed.

    3. You can validate the package was deleted by entering the following command:

      list /apm epsec epsec-package recursive

  • There is a KB article for the cleanup - https://my.f5.com/manage/s/article/K21175584

     

    Using tmsh to remove an EPSEC package

    Impact of procedure: Performing this procedure should not have a negative impact on the system.

    1. Log in to tmsh by entering the following command:

      tmsh

    2. Delete the epsec-package using the following command syntax:

      delete apm epsec epsec-package <folder name/filename>

      For example:

      delete /apm epsec epsec-package EPSEC/Images/epsec-1.0.0-527.0.iso

      Note: It may take a few minutes for this command to reflect that the package deletion completed.

    3. You can validate the package was deleted by entering the following command:

      list /apm epsec epsec-package recursive