Repo, teleport, tenable

Reposerver Notes.md

@@ -63,6 +63,7 @@ yum clean all && yum makecache fast
 
 #From target server; view the available packages
 yum --disablerepo="*" --enablerepo="msoc" list available
+yum --disablerepo="*" --enablerepo="tenable" list available
 
 #From target server
 yum install 'name of package'

Teleport Notes.md

@@ -24,7 +24,11 @@ tsh --proxy=teleport.xdr.accenturefederalcyber.com login
 tsh ls
 tsh --proxy=teleport.xdr.accenturefederalcyber.com ls
 tsh --proxy=teleport.xdrtest.accenturefederalcyber.com ssh caasp-phantom
+
+# These work for SCP, depending on if you are logged in to teleport yet. 
 tshd scp brad.poulton@sensu.pvt.xdrtest.accenturefederalcyber.com:sensu_support.tgz .
+tsh scp SecurityCenter-5.21.0-el7.x86_64.rpm brad.poulton@reposerver.pvt.xdrtest.accenturefederalcyber.com:~
+tsh --proxy=teleport.xdrtest.accenturefederalcyber.com scp SC-202204.3-5.x-rh7-64.tgz brad.poulton@security-center-0.pvt.xdrtest.accenturefederalcyber.com:~
 ```
 
 ## Troubleshooting

Tenable Notes.md

@@ -28,12 +28,19 @@ sudo /opt/nessus_agent/sbin/nessuscli -v
 
 - Download the latest RPM from [Tenable Download - Nessus](https://www.tenable.com/downloads/nessus)
 - Check the sha256 on your mac with `shasum -a 256 Nessus-8.15.1-es7.x86_64.rpm`
-- Use teleport web UI to upload the file to the TEST and PROD repo server; See [How to add a new package to the Reposerver](Reposerver%20Notes.md)
+- Use teleport scp to upload the file to the TEST and PROD repo server; See [How to add a new package to the Reposerver](Reposerver%20Notes.md)
 - Update the tenable repo per the Reposerver Notes above
-- Stop the service and take an EBS snapshot as a backup ( see below for details )
+- Stop the service and take an EBS snapshot as a backup
+    - `systemctl stop SecurityCenter` 
+    - `systemctl start nessusd`
+    - Use the AWS cli to take a snapshot of all EBS volumes  
+    ```
+    aws --profile mdr-test-c2-gov ec2 create-snapshots --instance-specification 'InstanceId=i-01d72189085662b1e,ExcludeBootVolume=false' --tag-specifications 'ResourceType=snapshot,Tags=[{Key=Name,Value=security-center-0-pre-upgrade-backup-5.19.1}]'
+    ```
 - Note: You can upgrade all three Nessus servers at the same time with `salt nessus* cmd.run`
 - Run `yum clean all && yum makecache fast` on the appropriate server or `salt nessus* pkg.upgrade name=Nessus` on salt-master to update the software from the repo server
 - For Nessus, you need to start the software after the upgrade with `systemctl start nessusd.service`
+- For Tenable.sc, use this command: `yum update SecurityCenter`
 - To ensure everything is working, log into [Tenable.sc](https://security-center.pvt.xdr.accenturefederalcyber.com) with admin creds and look at the Resources > Nessus Scanners then click on Options > Update Status
 - If the Scanner shows a status of "Protocol Error" you were too fast and need to be patient; go browse a conservative news source for 5 minutes ;-)
 
@@ -44,14 +51,15 @@ Occasionally Tenable will release patches for Tenable.sc. These patches need to
 - Download the security patch to your Mac
 - Check the hash against the tenable provided one
     - `shasum -a 256 SC-202110.1-5.x-rh7-64.tgz`
-- Use teleport web UI to upload the file directly to the Tenable.sc server
+    - `sha256sum SC-202204.3-5.x-rh7-64.tgz` ( Or on RedHat)
+- Use teleport scp/web UI to upload the file directly to the Tenable.sc server
 - Stop Tenable.sc and take a backup via snapshots
     - `systemctl stop SecurityCenter`
     - Use the AWS cli to take a snapshot of all EBS volumes  
     ```
     aws --profile mdr-test-c2-gov ec2 create-snapshots --instance-specification 'InstanceId=i-01d72189085662b1e,ExcludeBootVolume=false' --tag-specifications 'ResourceType=snapshot,Tags=[{Key=Name,Value=security-center-0-pre-upgrade-backup-5.19.1}]'
     ```
-- extract patch and apply per Tenable's website
+- Extract patch and apply per the Release Notes on Tenable's website