For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

cdjac0bsen's avatar
cdjac0bsen
Icon for Nimbostratus rankNimbostratus
May 28, 2019

Monthly auto attack signature update schedule

The only built-in options are daily, weekly, and monthly. I don't know how many days are in the monthly schedule, but I assume it doesn't follow the calendar months. Is there a way to schedule a manual cron job that will update signatures on the same day every month (e.g. the 25th of every month)?

ASM Advanced WAF
security

1 Reply

  • Andrew-F5's avatar
    Andrew-F5
    Icon for Employee rankEmployee
    Jun 13, 2019

    In doing some testing it seems the monthly ASM signature update kicks off at 4:02AM and repeats every 30 days dependent on the day you configured it.

    You will see logs similar to the following:

    Mar 31 16:03:23 bigipve2 info perl[14997]: 01310053:6: ASMConfig change:  Attack Signatures Update Settings [update]: Update Interval was set to monthly.
Apr  2 04:02:03 bigipve2 info asm_config_server_rpc_handler.pl[15813]: The most recent Attack Signatures file is already installed. Signature file update skipped.

    Is there a way to schedule a manual cron job that will update signatures on the same day every month (e.g. the 25th of every month)?

    • It looks like you would need to edit your cron to run the script /usr/share/ts/bin/update_sigfile.pl at a certain time/date/interval.
    • This article might help: K33730915: Overview of anacron utility on the BIG-IP system
    • I'm unsure what impact this would have on the GUI configuration for the ASM signature update.
    [root@lab-a:Active:Disconnected] config # ls -lh /etc/cron.daily/
total 17K
lrwxrwxrwx. 1 root root   36 2019-02-06 14:19 asm_update_sigfile -> /usr/share/ts/bin/asm_update_sigfile
-rwxr-xr-x. 1 root root  896 2018-06-14 11:24 clean_oblog
-rwxr-xr-x. 1 root root  921 2018-06-14 11:33 cleanup_sync_files
-r-xr-xr-x. 1 root root  528 2018-06-14 10:20 integritycheck
-rwx------. 1 root root 2.3K 2018-06-14 11:42 logrotate
-rwx------. 1 root root  524 2016-06-22 06:46 tmpwatch
lrwxrwxrwx. 1 root root   36 2019-02-06 14:19 update_dpi_sigfile -> /usr/share/ts/bin/update_dpi_sigfile
lrwxrwxrwx. 1 root root   35 2019-02-06 14:19 update_fps_engine -> /usr/share/ts/bin/update_fps_engine
lrwxrwxrwx. 1 root root   39 2019-02-06 14:19 update_fps_signatures -> /usr/share/ts/bin/update_fps_signatures
lrwxrwxrwx. 1 root root   34 2019-02-06 14:19 update_pem_tacdb -> /usr/share/ts/bin/update_pem_tacdb
 
[root@lab-a:Active:Disconnected] config # crontab -l
MAILTO=""
1-59/10 * * * * /usr/bin/diskmonitor
0 */4 * * * /usr/bin/diskwearoutstat
22 14 * * * /usr/bin/updatecheck -a
22 14 06 * * /usr/bin/phonehome_upload
8 * * * * /usr/bin/copy_rrd save