CirrocumulusDeprovisioning APM - EPSEC/OPSWAT File Cleanup?
After deprovisioning APM, can any leftover epcsec files be deleted? For example, on my lab unit I have the files below after disabling APM:
[root@F5Lab01:Active:Standalone] config # cd /config/filestore/files_d/Common_d/epsec_package_d/
[root@F5Lab01:Active:Standalone] epsec_package_d # ls -l
total 398676
-rw-r--r--. 1 root root 265555968 Mar 22 2023 :Common:epsec-1.0.0-1372.0.iso_66424_1
-rw-r--r--. 1 root root 142684160 Aug 7 2019 :Common:epsec-1.0.0-852.0.iso_305870_1
If these are deleted and APM is subsequently re-enabled, what would happen? Is a new epsec file added as part of an upgrade on machines with APM enabled? Lastly, shouldn't these be deleted from the filestore when they're deleted via the GUI (System/Software Management/Antivirus Check Updates)?
The reason this has come up is because I'm noticing a few of my production F5 VMs have overly large ucs backups even though APM had been disabled. The tip about checking for the epsec opswat file in /config/filestore/files_d/Common_d/epsec_package_d/ I found in some older notes.
Thanks!
There is a KB article for the cleanup - https://my.f5.com/manage/s/article/K21175584
Using tmsh to remove an EPSEC package
Impact of procedure: Performing this procedure should not have a negative impact on the system.
- Log in to tmsh by entering the following command:
tmsh
- Delete the epsec-package using the following command syntax:
delete apm epsec epsec-package <folder name/filename>
For example:
delete /apm epsec epsec-package EPSEC/Images/epsec-1.0.0-527.0.iso
Note: It may take a few minutes for this command to reflect that the package deletion completed.
- You can validate the package was deleted by entering the following command:
list /apm epsec epsec-package recursive
- Log in to tmsh by entering the following command:
