Thursday, August 23, 2012

Updating Java on Solaris

Updating Java is something I have to do a lot. There seems to be an update every few weeks. So I'm always patching java on my servers all the time. Theses are my notes on how to find and update Java on UNIX bases operating systems.  Follow the steps below to help keep your server safe from Java hacks.




The first thing to do is check to see which processor is in the server, SPARC or x86?.
# uname -a
SunOS hostname 5.10 Generic_147441-20 i86pc i386 i86pc
In the is case the processor is x86.

We need to find all the java on the server. Running the commands java -version is not enough. This command only shows the main version of Java on the server. Example output shown below.
# java -version
Java version "1.6.0_33"
Java(TM) SE Runtime Environment (build 1.6.0_33-b03)
Java HotSpot(TM) Server VM (build 20.8-b03, mixed mode)

 
Step 1  Find Java
You need to use the find command to find all the Java on your server. # find / -name java -type f
/usr/jdk/instances/jdk1.6.0/bin/amd64/java
/usr/jdk/instances/jdk1.6.0/bin/java
/usr/jdk/instances/jdk1.6.0/jre/bin/java
/usr/jdk/instances/jdk1.6.0/jre/bin/amd64/java
/usr/jdk/instances/jdk1.5.0/bin/java
/usr/jdk/instances/jdk1.5.0/bin/amd64/java
/usr/jdk/instances/jdk1.5.0/jre/bin/java
/usr/jdk/instances/jdk1.5.0/jre/bin/amd64/java
/usr/openv/java/jre/java
/usr/openv/java/jre/amd64/java
As you can see Java 5 is installed on the server. The Java -version didn't even list this version of java. You could keep the main version of Java patched, but if you don't patch both version then the computer will still be vulnerable.
The last two lines in the above example are the embedded Java in NetBackup. If you want to update these two items checkout my post "Updating Java in NetBackup".

Step 2 Check version
To find out what version of Java is on the server. Put the path statements above into the terminal with  -version at the end. Like the example below.
# /usr/jdk/instances/jdk1.6.0/bin/java -version
Java version "1.6.0_33"
Java(TM) SE Runtime Environment (build 1.6.0_33-b03)
Java HotSpot(TM) Server VM (build 20.8-b03, mixed mode)


Step 3 Patch version (Solaris 10)
Now that we have found and checked for Java versions on our server. It is time to patch the server. # unzip patchname
# pkgadd -d patchnam

Sometimes pkgadd will not work. In those cases use the patchadd command instead.
# patchadd patchname
Possible issues.
Sometimes if you try to install from a network share the install will error out. Move the file to /tmp and install from there.

Referance 
Man page for pkgadd
Man page for patchadd
 
If you have any questions or comments, please post them below.

No comments:

Post a Comment