Overview
Seqrite Universal Update Manager is a standalone tool that is used to download and manage the updates for different Seqrite products with different types of updates. It provides you the flexibility to download the updates on a single machine for Seqrite products.
Note: This Update Manager downloads updates for 8.3 ,8.4, and 8.5 clients across Windows, Linux, and macOS platforms.
Audience
This guide is useful for the Seqrite Admin, SOC Managers, and Analysts who would be using the system.
System requirements for EPP and EDR Update Manager
EPP Update Manager
Server that supports up to 1 to 2000 endpoints
· Ubuntu 24.04.2
· Available Disk Space: 8 GBs or above
· Available RAM: 8 GBs or above
· Processer: 4 Core (x86-64), 2.60GHz or above Server that supports up to 15000 endpoints
· Ubuntu 24.04.2
· Available Disk Space: 8 GBs or above
· Available RAM: 16 GBs or above
· Processer: 8 Core (x86-64), 2.60GHz or above Server that supports up to 25000 endpoints
· Ubuntu 24.04.2
· Available Disk Space: 8 GBs or above
· Available RAM: 32 GBs or above
· Processor: 16 Core(x86-64), 2.60GHz or above
Note: Set server upper limit (ulimit) higher than the derived number of connections; recommended to be 100000.
EDR Update Manager
| Supported Platforms | CPU | Memory | Disk |
|---|---|---|---|
| · Linux Mint 19.2 · Linux Mint 20 64bit · Ubuntu 22 · Ubuntu 20.04 64bit · Ubuntu 24.05.2 · openSUSE 42.3, 15.2 64bit · Red Hat Enterprise Linux 9.1 · BOSS 6 32bit · BOSS 8 64bit · Rocky Linux | 2 Core | 4 GB | 50 GB |
Installation Steps
- Download Update Manager installer from the following location:
EPP 8.5:
https://dlupdate.quickheal.com/builds/seqrite/85/en/suum_linux_8.5_x64.zip
- Follow these steps to install the Update Manager.
- Put UM installer suum_linux_8.5_x64.sh and suumconfig.dat together.
- Check suum_linux_8.5_x64.sh permissions for execution.
- Use the command sudo ./suum_linux_8.5_x64.sh to install Update Manager.
The installation path is: /usr/lib/Seqrite/UpdateManager/.
Note: On some of RHEL, centOS , Scientific Linux, Rocky linux and AlmaLinux systems SElinux is in enforcing mode. For Update manager installation we need to change it to permissive mode using the command.
Post Installation Steps
1. Verify Update Manager Service Ports
Check whether the Update Manager server (umservice) is responding on the default configured ports:
- HTTP Port (Default: 18081)
- HTTPS Port (Default: 18082)
Use the following commands:
sudo lsof -i:18081 | grep LISTEN
sudo lsof -i:18082 | grep LISTEN
2. Reconfigure Ports (If Required)
If the service is not listening on the configured ports, please reconfigure the ports using the following command:
./umcli service-config --action=set --serverPort=<new_http_port> --serverHttpsPort=<new_https_port>
Uninstallation Steps
Follow these steps to uninstall the Update Manager.
- Navigate to installation directory.
2. Run sudo ./uninstall.
Configuration (suumconfig.json)
Notes:
· This Update Manager downloads updates for 8.3 and 8.4 ,and 8.5clients across Windows, Linux, and macOS platforms.
· These configurations are converted into a dat file and then is consumed by the Update Manager.
{
"tenantID": "1sWTAn",
"packageID": "",
"locale": "en",
"brandName": "Seqrite","linInstallationPath": "/usr/lib/",
"winInstallationPath": "c:\program files\",
"macInstallationPath": "/Library/Application Support/","updateProxyURL": "http://URLPATH>
"fileServerPort": "18081",
"fileServerHttpsPort": "18082",
"socketPort": "45835",
"downloadRLkbps": 4096,
"fsthrottler": {
"isThrottlingEnable": true,
"useCustomSettings": false,
"customConnLimit": 0,
"customConnTimeout": 10,
"defaultSysConnConf": {
"8": 2000, //connection count for given RAM in GB
"16": 15000,
"32": 25000
},
"defaultConnLimit": 1000,
"defaultConnTimeout": 10}
"products": {
"EDR": {
"updates": {
"prdUpdate": {
"downloadMode": 1,
"downloadresume": true,
"inettimeout_sec": 1000,
"urllist": ["http://172.18.38.39:8080/"],
"ScheduleTime": ""
}
}},
"EPP": {
"updates":{
"quickup" :{
"downloadMode": 0,
"downloadresume": true,
"inettimeout_sec": 1000,
"urllist": [],
"ScheduleTime": ""
}
}}
}
}
Expected downloadMode values : 0 – Download from internet, 1 – alternative url, 2 – local path
Download Modes of Update Manager
Seqrite Universal Update Manager can download updates through either of the below mechanism:
Download Updates directly from CDN (Download mode 0)
Seqrite Universal Update Manager will directly download updates from CDN at a fixed schedule and host those directly through file server URL.
Download Updates from alternative URL (Download mode 1)
Seqrite Universal Update Manager will download updates from any alternative URL where updates are already present. This URL needs to be configured in suumconfig in urllist via SUUM CLI command. SUUM will now host these updates directly through the file server URL.
Download Updates from Local Path (Download mode 2)
Seqrite Universal Update Manager will host updates from the Update folder copied from the standalone update manager on the host machine. The absolute path till /update/1800 needs to be updated in suumconfig file in urllist via SUUM CLI command. UM will now host these updates directly through the file server URL.
UM Service Commands
sudo ./umservice -service [OPTION]
OPTION: [install, uninstall, start, stop, restart]
Command Line Interface (umcli)
This is command line interface which is used to send OnDemand action to UM service to perform multiple operations as given follow:
Usage:/umcli [OPTIONS]
SUUM Throttling
SUUM is a standalone system designed to download various types of updates across multiple platforms. In addition to fetching updates, it also hosts the latest versions, making them readily available to serve multiple clients simultaneously. This centralized mechanism enhances scalability and efficiency but also introduces challenges related to load management and system reliability.
To ensure consistent performance and dependable service delivery under high demand, a throttling mechanism has been implemented. This approach helps regulate client requests, maintaining system stability and ensuring that all clients are served reliably without overwhelming the hosted environment.
The table here represents the commands, actions and their descriptions-
| Command | Action | Description | Example |
|---|---|---|---|
| throttling | –action=start | Start throttling according to system configurations. | ./umcli throttling –action=start |
| throttling | –action=start-custom –connCnt=<no. of clients to be supported at a time> –timeout= |
Update throttling configuration to enable throttling & also restart the file server. | ./umcli throttling –action=start-custom –connCnt=2 –timeout=15 |
| throttling | –action=stop | Disable throttling & also restart the file server. | ./umcli throttling –action=stop |
| throttling | –action=get-status | Get current throttling configurations of the server | ./umcli throttling –action=get-status |
Note: You need sudo privileges to execute this command. Options are:
| Command | Action | Description | Example | |||
|---|---|---|---|---|---|---|
| 1 | update- now | –prdid= |
Perform an immediate update on the specified product. | ./umcli update-now –prdid=EDR | ||
| 2 | cancel- update | –prdid= |
Cancel an ongoing update for the specified product. | ./umcli cancel-update –prdid=EDR | ||
| 3 | service- config | –action=get | Get current configuration for Update Manager. | ./umcli service-config –action=get | ||
| 4 | service-config | –action=set –proxy= |
Sets Update Manager service parameters (proxy, serverPort, serverHttpsPort, download rate). All parameters are optional and can be configured as required. | ./umcli service-config --action=set --proxy="http://" --serverPort=8085 --serverHttpsPort=8088 --download-rate=1000 |
||
| 5 | product- config | –action=getall | Retrieve configuration for all products | ./umcli product-config –action=getall | ||
| 6 | product- config | –action=add — prdid= |
Add a new product configuration. Keep input.json into install dir with given format: { "updates":{ "quickup" :{ "downloadMode": 0, "downloadresume": true, "inettimeout_sec": 10000, "urllist": [], "ScheduleTime": "" } } } | ./umcli product-config –action=add — prdid=EDR –file=input.json | ||
| 7 | product- config | –action=remove — prdid= |
Remove configuration of update type for the given product. | ./umcli product-config –action=remove — prdid=EDR –updatetype=quickup | ||
| 8 | rollback- update | –prdid= |
Rollback a previously applied update for the specified product. | ./umcli rollback-update –prdid=EDR | ||
| 9 | get- status | –prdid= |
Retrieve the status of the specified product. | ./umcli get-status –prdid=EDR |
| 10 | update- schedule | –prdid= |
Schedule an update for the specified product. | ./umcli update-schedule –prdid=EDR — updatetype=prdUpdate –schtime="*/4 * * * *" |
|---|---|---|---|---|
| 11 | update- schedule | –prdid= |
Delete schedule for given update type of product. | ./umcli update-schedule –prdid=EDR — updatetype=prdUpdate –schtime="" |
| 12 | get- reports | –prdid= |
Retrieve and update reports for the specified product and update type. | ./umcli get-reports –prdid=EDR — updatetype=prdUpdate |
| 13 | save- report | –srcfile= |
Save an updated report. | .\umcli save-report — srcfile=SHHprdUpdate2024-02-17T11-00- 55.354.rpt –destfile= |
| 14 | display- report | –file= |
Display a saved update report. | ./umcli. display-report: –file=<=<tmp file location> |
SUUM File Server
This is a local file server to host downloaded updates by Update Manager.
File server will deploy on same machine on UM service start and map to the file- serverdirectory inside installation folder.
Port for this server is provided at the following location suumconfig.dat:
· For HTTP : http://<IP/host>:18081/file-server
· For HTTPS : https://<IP/host>:18082/file-server
To create directory structure for multiproduct updates on File Server follow below template:
Installation Directory
└── file-server
├**── EDR
│ ├**── prdUpdate
│ │ ├**── checksum.json
│ │ └── master.bin
│ └── updateType2
└── EPS
└── quickup
└── 1800
└── Build
Note: For EPP above hierarchy is by default available.
This is local file server to host downloaded updates by Update Manager.
File server will deploy on same machine on UM service start and map to the file-server directory inside installation folder.
Default port for this http server is 18081 and https server is 18082. If given port is already in used then we
return as failure in logs. Another port can be configured using umcli.
Final URL for http : http://<IP/host>:<http_port>/file-server
Final URL for https : https://<IP/host>:<https_port>/file-server
To create directory structure for multiproduct updates, File Server should follow below template:
Installation Directory
└── file-server
├── EDR
│ ├── prdUpdate
│ │ ├── checksum.json
│ │ └── master.bin
│ └── updateType2
└── Product2
└── updateType1
Log Configurations
logconfig.yaml
product:SUUM
deployment:“
type:SUUM
log:“
log-to-file:true“
path:logs/um.log
level:Debug
log-source:true“
max-backup:10“
max-size:1
Versioning
For pkg type update this file should be there in /productname/updatetype dir to show the version and timestamp in reports as well it will be used to identify each update uniquely please find below the file format for version.json and it should be added in checksum file like above. Also, it should be updated whenever products are released new update.
version.json
{“
"version":"1.0.0",“
"timeStamp":"2024-02-22T10-41-52.862"“
}
Threat model report for update manager: Update Manager Threat Modelling
OS coverage details
| Platform | IP | status |
|---|---|---|
| linux mint 19.2 | 172.18.39.16 | DONE |
| Linux Mint 20 64bit | 172.18.38.42 | DONE |
| ubuntu 22 | 172.18.38.59 | DONE |
| openSUSE 42.3 64bit | 172.18.38.38 | DONE |
| openSUSE 15.2 64bit | 172.18.38.39 | DONE |
| Ubuntu 20.04 64bit | 172.18.38.45 | DONE |
| Red Hat Enterprise Linux 9.1 | 172.18.38.40 | DONE |
| BOSS 6 32bit | 172.18.38.32 | DONE |
| BOSS 8 64bit | 172.18.38.33 | DONE |
| Rocky Linux | 172.18.39.13 | DONE |
| centos 8.2 | 172.18.38.48 | done |
Configure Alternate Update Mechanism
Perform the following steps to configure the update mechanism for all the Windows, Mac and Linux endpoints listed in the policy.
- Login to EPP 8.5 console.
- Go to the Policies Page
- Update >Update mode
- Select Download from specified Update Agents
- Click the Add button. The Configure Update Details screen appears.
- Enter the Hostname and the Custom URL.
a. Hostname can be any name of the computer where the update folder is placed.
b. The URL for Update Manager:
For Http: http://ipname:18081
For Https: https://ipname:18082
- Click Add.
- Click Save Policy on the Policies page.
Once the alternate update mechanism configuration steps are completed, it updates your client endpoints listed in the policy.