How to recover from database failures for Juniper SRX IDP? - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Friday, March 15, 2013

How to recover from database failures for Juniper SRX IDP?



1. Disable idpd process from the configuration 

root@router> edit
root@router# set system processes idp-policy disable 
root@router# delete security idp 
root@router# commit

2. Once the idpd process is disabled, go to initialize (prune current records).

secdb failures, execute the following:
root@router# exit
root@router> exit
root@router% rm /var/db/idpd/db/secdb* /var/db/idpd/db/rdm.taf

3. Now reboot the device (it will initialize the secdb database) 
root@router% cli 
root@router> request system reboot

4. RE attack cache (DFA/PCRE cache) failures, execute the following:
Once the idpd process is disabled, we can go ahead to prune the database records

root@router# exit
root@router> exit
root@router# rm /var/db/idpd/db/dfa* /var/db/idpd/db/pcre* 
root@router# rm /var/db/idpd/db/cache.dbd /var/db/idpd/db/rdm.taf

5. Now reboot the device (it will initialize the cache database) root@router# cli root@router> request system reboot

Note: For RE attack cache, users need not do anything (the cache will build-up on subsequent policy compilation(s)).

 6. After the device reboots, enable idpd process 
root@router% cli 
root@router> edit 
root@router# delete system processes idp-policy 
root@router# commit

7. Now download the full-update of the security package and install it

Download:
root@router> request security idp security-package download full-update root@router> request security idp security-package download status

Once the download is complete, install it:
root@router> request security idp security-package install root@router> request security idp security-package install status

The device is recovered from secdb failure.

----------------------------------------------------------------------------------------------------------------------------------

The necessary steps for activating IDP are as follows:

  1. Install IDP license by issuing request system license add...
  2. Download IDP package by issuing request security idp security-package download
  3. Install IDP package by issuing request security idp security-package install
  4. Install IDP policy templates by issuing request security idp security-package install policy-templates
  5. Register the commit script that creates the IDP policies by issuing set system scripts commit file templates.xsl
  6. Set your preferred IDP policy as active, for instance by issuing set security idp active-policy Getting_Started
  7. Activate IDP on your policy by issuing set security policies from-zone trust to-zone untrust policy default-permit then permit application-services idp

No comments:

Post a Comment