What is the use of epsec-package file in APM ?
Hello Team , What is the use of epsec-package file in APM ? How EPSEC works in APM ? apm epsec epsec-package epsec-1.0.0-1622.0.iso { create-time 2024-09-19:12:50:37 last-update-time 2024-03-21:11:07:38 mode 33188 oesis-version 4.3.3969.0 revision 1 size 301641728 system-package true updated-by root version 1.0.0-1622.0 }
APM device not supported
Hello All I am new to the F5 so hope not to ask a question that maybe asked already (I did look and not able to see) I have a 3rd party having issues connecting to the F5 remotely so I was wondering the best course of action to troubleshoot the problem. Error I have seen: Executed agent '/Common/messagebox_epsec_device_not_supported_act_message_box_ag_3' return value 0Common 123481494763780fallbackMessage Box Logging15018426122017-08-04 11:30:12 Following rule 'fallback' from item 'Message Box' to item 'Logging'Common 123481494763781Device not supported.15018426122017-08-04 11:30:12 Logging Agent: Device not supported.Common 123481494763782/Common/messagebox_epsec_device_not_supported_act_logging_ag_3015018426122017-08-04 11:30:12 Executed agent '/Common/messagebox_epsec_device_not_supported_act_logging_ag_3' return value 0Common Regards EDAPM :: EPSEC / OPSWAT :: Dealing with Unsupported Antivirus Applications
How do folks deal with unsupported antivirus applications when requiring passing of this check prior to logging in? For example, some users have repackaged applications from their ISPs, and it is typically something they either pay for or comes with their subscription. They generally aren't too keen on moving to something else because of that. I would entertain the idea of a bypass... but EPSEC doesn't even see it. Removing the troublesome AV suite and enabling/updating Defender would work and get them in... but again, they're generally not too keen on removing something they pay for. And giving the ISP-specific nature of it... I doubt OPSWAT is going to accommodate an update in that regard? Anyway... Does anybody have any tricks for this in their environment? Thanks!
Modify UCS Archive so it doesn't backup epsec images
Problem this snippet solves: Currently, if you have APM installed, the UCS Archive process, also backs up the epsec images. I have written a bash script, which modifies the UCS Archive process, so that it does not include these in the UCS Archive process, and it also modifies the bigip.conf that is archived, so that it does not contain references to these images. By default, APM has it's own epsec image in /var/sam/images so when your UCS Archive is loaded to a new system, or a rebuilt system, it will just use the default epsec image for that system. This means that if you have upload a new epsec image to fix an issue, you will need to ensure that this is done on any system you restore the UCS Archive too. How to use this snippet: Just save the bash script to a file like /shared/bin/modify_ucs.sh Then run the script:- # sh /shared/bin/modify_ucs.sh The script modifies /usr/libdata/configsync/cs.dat and creates two files config_save_pre and config_save_post in the same folder. It also creates a backup of cs.dat as cs.YYYY_MM_DD_HH_MM.bak The /usr filesystem is mounted RO, so I remount it RW to do this. To remove changes: mount -o remount,rw /usr cd /usr/libdata/configsync/ mv -f `ls -1t cs.dat.[0-9][0-9][0-9][0-9]*.bak|head -1` cs.dat rm -f config_save_p[or][se]* mount -o remount,ro /usr This modification does not survive a upgrade, so you will need to run the script again after any upgrade If you are running a cron job to create a daily/weekly backup, you can just call this script before you run the tmsh save sys ucs command, as it checks to see if the modification has already been done. Code : 70454
