For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Fallout1984's avatar
Fallout1984
Icon for Cirrocumulus rankCirrocumulus
Dec 06, 2023
Solved

Deprovisioning APM - EPSEC/OPSWAT File Cleanup?

After deprovisioning APM, can any leftover epcsec files be deleted? For example, on my lab unit I have the files below after disabling APM:

[root@F5Lab01:Active:Standalone] config # cd /config/filestore/files_d/Common_d/epsec_package_d/
[root@F5Lab01:Active:Standalone] epsec_package_d # ls -l
total 398676
-rw-r--r--. 1 root root 265555968 Mar 22 2023 :Common:epsec-1.0.0-1372.0.iso_66424_1
-rw-r--r--. 1 root root 142684160 Aug 7 2019 :Common:epsec-1.0.0-852.0.iso_305870_1

If these are deleted and APM is subsequently re-enabled, what would happen? Is a new epsec file added as part of an upgrade on machines with APM enabled? Lastly, shouldn't these be deleted from the filestore when they're deleted via the GUI (System/Software Management/Antivirus Check Updates)?

The reason this has come up is because I'm noticing a few of my production F5 VMs have overly large ucs backups even though APM had been disabled. The tip about checking for the epsec opswat file in /config/filestore/files_d/Common_d/epsec_package_d/ I found in some older notes.

Thanks!

application delivery
BIG-IP Access Policy Manager (APM)
  • Jeffrey_Granier's avatar
    Jeffrey_Granier
    Dec 07, 2023

    There is a KB article for the cleanup - https://my.f5.com/manage/s/article/K21175584

     

    Using tmsh to remove an EPSEC package

    Impact of procedure: Performing this procedure should not have a negative impact on the system.

    1. Log in to tmsh by entering the following command:

      tmsh

    2. Delete the epsec-package using the following command syntax:

      delete apm epsec epsec-package <folder name/filename>

      For example:

      delete /apm epsec epsec-package EPSEC/Images/epsec-1.0.0-527.0.iso

      Note: It may take a few minutes for this command to reflect that the package deletion completed.

    3. You can validate the package was deleted by entering the following command:

      list /apm epsec epsec-package recursive

1 Reply

  • Jeffrey_Granier's avatar
    Jeffrey_Granier
    Icon for Employee rankEmployee
    Dec 07, 2023

    There is a KB article for the cleanup - https://my.f5.com/manage/s/article/K21175584

     

    Using tmsh to remove an EPSEC package

    Impact of procedure: Performing this procedure should not have a negative impact on the system.

    1. Log in to tmsh by entering the following command:

      tmsh

    2. Delete the epsec-package using the following command syntax:

      delete apm epsec epsec-package <folder name/filename>

      For example:

      delete /apm epsec epsec-package EPSEC/Images/epsec-1.0.0-527.0.iso

      Note: It may take a few minutes for this command to reflect that the package deletion completed.

    3. You can validate the package was deleted by entering the following command:

      list /apm epsec epsec-package recursive