Forum Discussion

cdjac0bsen's avatar
cdjac0bsen
Icon for Nimbostratus rankNimbostratus
May 28, 2019

Monthly auto attack signature update schedule

The only built-in options are daily, weekly, and monthly. I don't know how many days are in the monthly schedule, but I assume it doesn't follow the calendar months. Is there a way to schedule a manual cron job that will update signatures on the same day every month (e.g. the 25th of every month)?

1 Reply

  • In doing some testing it seems the monthly ASM signature update kicks off at 4:02AM and repeats every 30 days dependent on the day you configured it.

    You will see logs similar to the following:

    Mar 31 16:03:23 bigipve2 info perl[14997]: 01310053:6: ASMConfig change:  Attack Signatures Update Settings [update]: Update Interval was set to monthly.
    Apr  2 04:02:03 bigipve2 info asm_config_server_rpc_handler.pl[15813]: The most recent Attack Signatures file is already installed. Signature file update skipped.

    Is there a way to schedule a manual cron job that will update signatures on the same day every month (e.g. the 25th of every month)?

    • It looks like you would need to edit your cron to run the script /usr/share/ts/bin/update_sigfile.pl at a certain time/date/interval.
    • This article might help: K33730915: Overview of anacron utility on the BIG-IP system
    • I'm unsure what impact this would have on the GUI configuration for the ASM signature update.
    [root@lab-a:Active:Disconnected] config # ls -lh /etc/cron.daily/
    total 17K
    lrwxrwxrwx. 1 root root   36 2019-02-06 14:19 asm_update_sigfile -> /usr/share/ts/bin/asm_update_sigfile
    -rwxr-xr-x. 1 root root  896 2018-06-14 11:24 clean_oblog
    -rwxr-xr-x. 1 root root  921 2018-06-14 11:33 cleanup_sync_files
    -r-xr-xr-x. 1 root root  528 2018-06-14 10:20 integritycheck
    -rwx------. 1 root root 2.3K 2018-06-14 11:42 logrotate
    -rwx------. 1 root root  524 2016-06-22 06:46 tmpwatch
    lrwxrwxrwx. 1 root root   36 2019-02-06 14:19 update_dpi_sigfile -> /usr/share/ts/bin/update_dpi_sigfile
    lrwxrwxrwx. 1 root root   35 2019-02-06 14:19 update_fps_engine -> /usr/share/ts/bin/update_fps_engine
    lrwxrwxrwx. 1 root root   39 2019-02-06 14:19 update_fps_signatures -> /usr/share/ts/bin/update_fps_signatures
    lrwxrwxrwx. 1 root root   34 2019-02-06 14:19 update_pem_tacdb -> /usr/share/ts/bin/update_pem_tacdb
     
    [root@lab-a:Active:Disconnected] config # crontab -l
    MAILTO=""
    1-59/10 * * * * /usr/bin/diskmonitor
    0 */4 * * * /usr/bin/diskwearoutstat
    22 14 * * * /usr/bin/updatecheck -a
    22 14 06 * * /usr/bin/phonehome_upload
    8 * * * * /usr/bin/copy_rrd save