|
@@ -21,7 +21,7 @@ Each month the environment must be patched to comply with FedRAMP requirements.
|
|
|
|
|
|
Email Template that needs to be sent out prior to patching and email addresses of individuals who should get the email.
|
|
|
```
|
|
|
-Leonard, Wesley A. <wesley.a.leonard@accenturefederal.com>; Waddle, Duane E. <duane.e.waddle@accenturefederal.com>; Nair, Asha A. <asha.a.nair@accenturefederal.com>; Middleton, S. <s.middleton@accenturefederal.com>; Crawley, Angelita <angelita.crawley@accenturefederal.com>; Rivas, Gregory A. <gregory.a.rivas@accenturefederal.com>; Damstra, Frederick T. <frederick.t.damstra@accenturefederal.com>; Poulton, Brad <brad.poulton@accenturefederal.com>; Williams, Colby <colby.williams@accenturefederal.com>; Mahmood, Shahid <shahid.mahmood@accenturefederal.com>; Naughton, Brandon <brandon.naughton@accenturefederal.com>
|
|
|
+Leonard, Wesley A. <wesley.a.leonard@accenturefederal.com>; Waddle, Duane E. <duane.e.waddle@accenturefederal.com>; Nair, Asha A. <asha.a.nair@accenturefederal.com>; Middleton, S. <s.middleton@accenturefederal.com>; Crawley, Angelita <angelita.crawley@accenturefederal.com>; Rivas, Gregory A. <gregory.a.rivas@accenturefederal.com>; Damstra, Frederick T. <frederick.t.damstra@accenturefederal.com>; Poulton, Brad <brad.poulton@accenturefederal.com>; Williams, Colby <colby.williams@accenturefederal.com>; Mahmood, Shahid <shahid.mahmood@accenturefederal.com>; Naughton, Brandon <brandon.naughton@accenturefederal.com>; Cooper, Jeremy <jeremy.cooper@accenturefederal.com>;
|
|
|
```
|
|
|
|
|
|
```
|
|
@@ -82,16 +82,16 @@ FYI, patching today.
|
|
|
Starting with moose and internal infra patching. Check disk space for potential issues.
|
|
|
```
|
|
|
salt -C '* not ( afs* or saf* or nga* or ma-* or mo-* or dc-c19* or la-c19* or nihor* or bp-ot-demo* )' test.ping --out=txt
|
|
|
-salt -C '* not ( afs* or saf* or nga* or ma-* or mo-* or dc-c19* or la-c19* or nihor* or bp-ot-demo*)' cmd.run 'df -h /boot'
|
|
|
-salt -C '* not ( afs* or saf* or nga* or ma-* or mo-* or dc-c19* or la-c19* or nihor* or bp-ot-demo*)' cmd.run 'df -h /var/log' # some at 63%
|
|
|
-salt -C '* not ( afs* or saf* or nga* or ma-* or mo-* or dc-c19* or la-c19* or nihor* or bp-ot-demo*)' cmd.run 'df -h /var' # one at 74%
|
|
|
-salt -C '* not ( afs* or saf* or nga* or ma-* or mo-* or dc-c19* or la-c19* or nihor* or bp-ot-demo*)' cmd.run 'df -h'
|
|
|
+salt -C '* not ( afs* or saf* or nga* or ma-* or mo-* or dc-c19* or la-c19* or nihor* or bp-ot-demo* )' cmd.run 'df -h /boot'
|
|
|
+salt -C '* not ( afs* or saf* or nga* or ma-* or mo-* or dc-c19* or la-c19* or nihor* or bp-ot-demo* )' cmd.run 'df -h /var/log' # some at 63%
|
|
|
+salt -C '* not ( afs* or saf* or nga* or ma-* or mo-* or dc-c19* or la-c19* or nihor* or bp-ot-demo* )' cmd.run 'df -h /var' # one at 74%
|
|
|
+salt -C '* not ( afs* or saf* or nga* or ma-* or mo-* or dc-c19* or la-c19* or nihor* or bp-ot-demo* )' cmd.run 'df -h'
|
|
|
|
|
|
# Fred's update for df -h:
|
|
|
-salt -C '* not ( afs* or saf* or nga* or ma-* or mo-* or dc-c19* or la-c19* or nihor* or bp-ot-demo*)' cmd.run 'df -h | egrep "[890][0-9]\%"'
|
|
|
+salt -C '* not ( afs* or saf* or nga* or ma-* or mo-* or dc-c19* or la-c19* or nihor* or bp-ot-demo* )' cmd.run 'df -h | egrep "[890][0-9]\%"'
|
|
|
|
|
|
# Review packages that will be updated. some packages are versionlocked (Collectd, Splunk,etc.).
|
|
|
-salt -C '* not ( afs* or saf* or nga* or ma-* or mo-* or dc-c19* or la-c19* or nihor* or bp-ot-demo*)' cmd.run 'yum check-update'
|
|
|
+salt -C '* not ( afs* or saf* or nga* or ma-* or mo-* or dc-c19* or la-c19* or nihor* or bp-ot-demo* )' cmd.run 'yum check-update'
|
|
|
|
|
|
### OpenVPN sometimes goes down with patching and needs a restart of the service.
|
|
|
### Let's patch the VPN after everthing else. I am not sure which package is causing the issue. Kernal? bind-utils?
|
|
@@ -101,13 +101,13 @@ salt -C '* not ( afs* or saf* or nga* or ma-* or mo-* or dc-c19* or la-c19* or n
|
|
|
salt -C 'openvpn*' pkg.upgrade
|
|
|
|
|
|
# Just to be sure, run it again to make sure nothing got missed.
|
|
|
-salt -C '* not ( afs* or saf* or nga* or ma-* or mo-* or dc-c19* or la-c19* or nihor* or bp-ot-demo*)' pkg.upgrade exclude='phantom_repo'
|
|
|
+salt -C '* not ( afs* or saf* or nga* or ma-* or mo-* or dc-c19* or la-c19* or nihor* or bp-ot-demo* )' pkg.upgrade exclude='phantom_repo'
|
|
|
|
|
|
#patch GC ( from the GC salt master )
|
|
|
-salt -C '*accenturefederalcyber.com not ( nihor* or bp-ot-demo* or bas-* )' test.ping
|
|
|
-salt -C '*accenturefederalcyber.com not ( nihor* or bp-ot-demo* or bas-* )' cmd.run 'df -h | egrep "[890][0-9]\%"'
|
|
|
-salt -C '*accenturefederalcyber.com not ( nihor* or bp-ot-demo* or bas-* )' cmd.run 'yum check-update'
|
|
|
-salt -C '*accenturefederalcyber.com not ( nihor* or bp-ot-demo* or bas-* )' pkg.upgrade
|
|
|
+salt -C '*accenturefederalcyber.com not ( nihor* or bp-ot-demo* or bas-* or doed* )' test.ping
|
|
|
+salt -C '*accenturefederalcyber.com not ( nihor* or bp-ot-demo* or bas-* or doed* )' cmd.run 'df -h | egrep "[890][0-9]\%"'
|
|
|
+salt -C '*accenturefederalcyber.com not ( nihor* or bp-ot-demo* or bas-* or doed* )' cmd.run 'yum check-update'
|
|
|
+salt -C '*accenturefederalcyber.com not ( nihor* or bp-ot-demo* or bas-* or doed* )' pkg.upgrade
|
|
|
```
|
|
|
|
|
|
> :warning: After upgrades check on Portal to make sure it is still up.
|