Endpoint Configuration Procedures

When setting up newer Linux or Unix endpoints for patching, complete one of the following procedures on each Linux/Unix endpoint you support.

• Red Hat 5.5-7.x Endpoint Configuration (GUI)
• Red Hat 5.5-7 Endpoint Configuration (Terminal)
• Oracle Enterprise Linux 7 Configuration
• Oracle Solaris 11 Endpoint Configuration
• SUSE Linux 12 Endpoint Configuration
• Configuring AIX 7.1 and 6.1 Endpoints to Download Content

Mac users, all you have to do is run the agent installer (you don't need to do any vendor registration). See Ivanti Endpoint Security: Agent Installation Guide for info on installing the agent.

Red Hat 5.5-7.x Endpoint Configuration (GUI)

Before you can deploy patch content to your Red Hat Enterprise Linux 7 (RHEL) endpoints using Ivanti Endpoint Security, you must register the endpoint with Red Hat and subscribe to a repository. RHEL includes a wizard that makes this process fast and painless.

Complete this task from your RHEL 7 endpoints.

This procedure contains basic instructions for attaching to the Red Hat repository. For more detailed information about attaching to different repositories, consult the RHEL Systems Registration Guide.

1. From the dashboard, search for Red Hat Subscription Manager. When it displays, click Red Hat Subscription Manager.
2. Enter your root password.
3. Click Register.
4. Define a server to register against.
   • To register with the RHEL repository, leave the default server name.
   • To register with a RHEL satellite server within your enterprise, type your satellite server name in the I will register with field.
5. If you will use a proxy to connect with the defined repository, click Configure Proxy and fill in the required information.
   If you aren't using a proxy, skip to the next step.
6. Click Next.
7. From System Registration, enter your Red Hat account information.
8. If necessary, change your System Name, but in most cases just use the default.
9. Click Register.
10. When prompted, review your Subscription. If the info looks good, click Attach to connect to the repository.
    Your endpoint is subscribed to the entitlement you chose. Provided that the endpoint has a Patch Agent installed, you can begin deploying content to it.

Red Hat 5.5-7 Endpoint Configuration (Terminal)

Before you can deploy patch content to your Red Hat Enterprise Linux (RHEL) endpoints using Ivanti Endpoint Security, you must register the endpoint with Red Hat and subscribe to a repository. Power users can finish this process quickly using Terminal.

Complete this task from your RHEL endpoints.

This procedure contains basic instructions for attaching to the Red Hat repository. For more detailed information about attaching to different repositories, consult the RHEL Systems Registration Guide.

1. Open Terminal.
2. Elevate your privileges.
   1. Enter sudo -s
   2. Enter the root password.
3. Register the endpoint with RPM using your Red Hat Network credentials.
   1. Enter subscription-manager register --username= yourusername -- pasword= yourpassword
      If registration completes successfully, Terminal displays your new RPM registration ID.
4. Subscribe to one or more entitlement.
   1. Enter subscription-manager list --available | less
      This command list the entitlements attached to your Red Hat Network account. Write down or copy the Pool ID for each entitlement you want to use for the endpoint.
      When you're done copying Pool IDs, close out the list by typing q.
   2. Enter subscription-manager attach --pool= YourPoolId

      You can subscribe to all entitlements for your Red Hat Network account by entering subscription-manager attach --auto

Your endpoint is subscribed to the entitlement you chose. Provided that the endpoint has a Patch Agent installed, you can begin deploying content to it.

Oracle Enterprise Linux 7 Configuration

Before you can deploy patch content your Oracle Linux 7 endpoints, you have to register your endpoints with Oracle Unbreakable Network and attach to a repository.

You can complete this process either before or after you install the Patch Agent.

1. Open the dashboard and search for ULN Registration. When it displays, click ULN Registration.
2. Enter your root password.
3. Click Forward.
4. From the Enter your account information page, enter your Unbreakable Linux Network account information.
5. If your Oracle Linux 7 endpoint uses a proxy to access the Internet, click Advanced Network Configuration to enter proxy information. Close the dialog when you're done.
6. Click Forward.
7. [Optional] Enter a System Name and choose whether to send Oracle your system profile data.
8. Click Forward.
9. Click Finish to complete registration.
   Your endpoint is subscribed to the Oracle Unbreakable Network. Provided that the endpoint has a Patch Agent installed, you can begin deploying content to it.

Oracle Solaris 11 Endpoint Configuration

Before you can deploy patch content to you Oracle Solaris 11 endpoints, you have to register your endpoints Solaris and attach a repository.

Complete this process from you Solaris 11 endpoints.

This procedure will get your endpoints up and running, but it you need full documentation, you can find it at the Oracle Technology Network.

1. Download a certificate and key from Oracle so that the endpoint can access the Oracle Solaris 11 repository you're licensed for.
   1. Open a Web browser and navigate to https://pkg-register.oracle.com.
   2. Click Request Certificates.
   3. Sign in using your Oracle Account credentials.
   4. Select a repository and click Submit.
   5. If necessary, type a comment in ADDITIONAL CERTIFICATE DATA.
   6. Review Oracle's License Agreement and, if you agree to their terms, click Accept.
   7. Click Download Key and Download Certificate.
      The certificate and key are downloaded. Leave the Web browser open. It contains instruction for installing your downloads.
2. Install the repository certificate you just downloaded on your endpoint.
   1. Open Terminal.
   2. Follow the instructions listed in your Web browser.

   Your endpoint is subscribed to your licensed Solaris repository. Provided that the endpoint has a Patch Agent installed, you can begin deploying content to it.

SUSE Linux 12 Endpoint Configuration

Before you can deploy patch content to your SUSE Linux 12 endpoints using Ivanti Endpoint Security, you must register the endpoint with the SUSE Customer Center. SUSE 12 includes a wizard that makes this process fast and painless.

Complete this task from your SUSE 12 endpoints.

1. From the dashboard, search for YaST, open it, and then enter the root password.
2. Open Online Update.
3. When prompted, run the configuration workflow.
4. Enter the email address for your SUSE Customer Center account and your registration code.
5. If you have a local registration server, click Local Registration Server and enter its URL.
6. Click Next to begin registration.
   Your endpoint is subscribed. Provided that the endpoint has a Patch Agent installed, you can begin deploying content to it.

Important: While using Patch and Remediation to patch your SUSE 12 endpoints, you may need to disable the Snapper snapshot manager. If you leave it enabled, it takes two snapshots every time you make a deployment to your endpoints. These snapshots may lead to disk space issues. For information on disabling Snapper, see the article SuSE 12 Patching: Disabling Snapper on the Ivanti Community.

Configuring AIX 7.1 and 6.1 Endpoints to Download Content

To patch your AIX 6.1 and later endpoints using Ivanti Endpoint Security, your AIX endpoints must have Service Update Management Assistant (SUMA) enabled. SUMA is enabled by default, but you may need to configure some of its variables to work in your environment before you can begin patching the endpoint using Ivanti Endpoint Security.

1. Log on to your AIX endpoint.
2. Elevate your privileges.
   From the command line, enter su and your password.
3. Preview a maintenance download to check if SUMA is working correctly. Enter suma -x -w -a Action=Preview.
   The download preview may take a minute.

   If the preview download succeeds, you'll see output similar to:

   Copy

       ...
       Download SUCCEEDED: /usr/sys/inst.images/installp/ppr/wio.fcp.6.1.6.18bff
       Summary:
           586 downloaded
           0 failed
           0 skipped

If you see this in the command line, you're done! Don't worry about completing the next step.

4. If the preview download fails, SUMA is not configured correctly to work in your environment. You'll need to edit SUMA before you can use Ivanti Endpoint Security to patch AIX.
   1. From the command line, enter smit suma
   2. Select Configure SUMA and press ENTER.
   3. Press ENTER to select Base Configuration.
   4. Edit the list of options that appear for operations in your enterprise. When you're done, close SUMA.
   5. Once again, preview a maintenance download to check if SUMA is working correctly. Enter suma -x -w -a Action=Preview.

If SUMA is working correctly, you're all set to begin patching your AIX endpoints using Ivanti Endpoint Security. However, if you're still having trouble getting SUMA to work, contact your enterprise IT Helpdesk. You may have restrictive firewall settings in place that are interfering with SUMA.