Linux Diagnostic Tool for McAfee Appliances

2

OverviewThis document provides information about the Linux Diagnostic Tool (LDT), including instructions for obtaining and running the LDT.

The diagnostic tests are performed only if McAfee Support requests them, in situations where they suspect the appliance has encountered a problem.

The LDT checks the status and integrity of any McAfee® hardware appliance based on an Intel platform.

The LDT-getlogs command collects information from the hardware components. McAfee Support then uses the information to evaluate the health of the appliance. The LDT does not repair any errors, nor does it announce any conclusions. When you supply the resulting LDT log .zip file to McAfee Support, they will use the data to diagnose any problems. LDT can also provide the mechanism to update RAID and disk firmware.

The LDT can be run on a live system (online) or in its own environment (offline). The online mode should only be used with the guidance of Support. The offline mode requires a reboot of the appliance, but can be run on any supported hardware appliance.

• LDT-getlogs-ZIP Version X.X => online method => used on running appliance• LDT-getlogs-ISO Version X.X => offline method => used with LDT environment

Using the LDT Run the LDT only as directed by McAfee Support.

We recommend using a USB flash drive because you can save system and hard disk logs directly to the USB drive. You can then share the USB drive with McAfee Support.

The CD saves the logs to RAM. You can view them, but you cannot copy them off the disk to share. If a CD is used, you may bring up a network interface and use SCP or FTP to transfer files off the appliance.

3

Offline method Using the LDT Bootable USB Media

There are many utilities to create a bootable USB media. In this document, we use Rufus, a small utility that is an open source program licensed under the GPL. Rufus is a standalone program and does not require installation.

Follow the instructions below to create an LDT bootable USB media.

The LDTISO image can work directly from CDROM or USB flash drive. Any program used to copy it to a USB drive should be configured to not change the image in any way. Changing the image is not needed and may result in the LDT software not operating as expected.

Note: For Linux or MacOS, you may choose UNetbootin utility: http://unetbootin.github.io/. For Command Line users, use the dd utility to burn the ISO image to a USB drive. Also:

• Use sudo credentials• Use “fdisk -l” to find the USB device (i.e. /dev/sdb)• Ensure the USB device is unmounted (to unmount USB: umount /dev/sdX)• Use the command: dd bs=4M if=/path/LDT-getlogs-version.build.iso of=/dev/sdX

Prerequisites

• A PC running Windows 7+ or later• Rufus application• A USB flash drive with at least 2 GB of space

Tasks

There are four tasks to prepare for using LDT. • Download LDT• Verify LDT ISO SHA256• Download Rufus• Create the LDT USB media

To download LDT:

Access the McAfee Downloads website. Log on with your Grant ID and download the LDT tool in the format LDT-getlogs-ISO Version X.X.

To verify the LDT ISO SHA256:

Use LDT-getlogs-ISO Version and verify the SHA256 of the ISO file downloaded based on the following instructions.

For Linux: Most Linux distributions come with the sha256sum utility.

4

• Open a terminal window.• Type the following command:

sha256sum [type file name with extension here] [path of the file]• You will see the sha256 sum of the ISO file.• Match it against the original value showing on the download site.

For Windows 10: There are few options to verify the SHA256 file. • Download one of the Windows utilities, such as Hash Tool.• Use Windows 10 built-in command line utility:

o CerUtil utility: From windows command prompt, type:certutil -hashfile "drive:\path\LDT-getlogs-ISO Version X.X" SHA256

o PowerShell - There is a command “get-Filehash” to generate the file hash to helpvalidate the ISO file integrity. Open the PowerShell window and type:

get-filehash drive:\path\LDT-getlogs – ISO Version X.X -Algorithm SHA256 Match it against the original value showing on the download site.

To download Rufus:

Access the site http://rufus.akeo.ie/ and download the utility.

To create the LDT USB Media: 1. Insert a flash drive.2. Launch the Rufus program from where the downloaded file was saved.3. Click Yes for Windows User Account Control (UAC).

5

4. Click No for the Rufus message. Note that this only appears when running Rufus for the firsttime.

Rufus detects the drive and handles various partition schemes and file structures. 5. Ensure the correct settings are set. Keep the default settings. Then click Start.

Click here to change the language

Click the optical drive button to select the ISO file.

6

6. The File dialog opens. Browse to the location of LDT-getlogs-ISO Version X.X. Select the ISOfile and click Open.

Rufus displays the selected image at the bottom of the user interface.

7

7. Click Start.8. Select OK when prompted with the Rufus image detection.

9. Confirm Rufus disk erase prompt by selecting OK.

The LDT-getlogs-ISO Version X.X files are copied to the flash drive. This process can take several minutes. The Rufus progress bar will give you some indication of how long it will take.

8

Rufus completes the write process and silently drops-back to its default window.

9

10. When Rufus is done, close the program. 11. When complete, double-check the external drive to verify the files were copied over.

12. Safely remove hardware and eject media . From this dialog box you can click on the device you want to remove, and press “Eject”. Wait for few seconds, this might take some time depending on the PC; Windows will display a notification that it is "Safe to Remove Hardware". The USB media can then be safely removed.

The LDT USB media is now ready to use.

10

Start the LDT

1. Insert the LDT USB media into the appliance. 2. If the hardware appliance is powered down, press the power button to turn it on. If the

appliance is running, request a graceful reboot through the CLI window or management interface.

3. During the start of the boot process, as McAfee logo appears, press “F6” to enter the boot menu.

Note: Some McAfee products prompt for the BIOS password before entering the boot menu. See the documentation for your product, at https://support.mcafee.com or https://docs.mcafee.com.

4. A list of available devices for booting the system is displayed. Select your USB device name

displayed in the boot menu and click Enter. In the example below, it shows “USB Flash MemoryPMAP”.

11

5. Wait for the system to boot to McAfee LDT Linux OS. The boot process takes a few minutes.

The system then displays the LDT Menu.

Select L) Capture System and Disk Logs to collect the log files.

12

6. Enter any additional Information that will help with the Service request. After adding additional Information to the case, press Ctrl-D to continue

The LDT compiles a zip file saved to the /logs directory on the USB drive.

7. Press Enter to return to the LDT menu. 8. Select U from the LDT menu to unmount the LDT USB media. 9. To reboot the appliance, select R from the LDT menu. 10. To power down the system, select P from the LDT menu. LDT Output LDT produces a single zip file as output, stored on the USB drive under the /logs directory. This file contains many hardware diagnostic log files and any notes you entered (notes.txt). Provide this file to McAfee Support so they can investigate hardware issues.

13

Using RMM Media Redirector

The Intel® Remote Management Module (Intel® RMM) allows users to securely gain access and control servers from any machine on the network. The port location varies by platform. Intel platforms might be configured with Intel® RMM3 or Intel® RMM4 module.

Make sure that you have deployed an Intel® Remote Management Module (RMM) for remote access. You must have remote access to a supported Intel® hardware appliance.

Prerequisites • RMM access. To configure and enable RMM access, see the documentation for your

product, at https://support.mcafee.com/ or https://docs.mcafee.com.• Client system with operating system with java enabled web browser.• Client system with Java Runtime Environment (JRE) version 8 or higher.• Client system browser must allow pop-up windows from the integrated BMC Web

Console IP address.Tasks There are four tasks to prepare for using the RMM Media Redirector:

• Download LDT.• Verify LDT ISO SHA256.• Update Java Security configuration by adding the Intel® RMM IP to allow access.• Configure the RMM Media Redirector.

To download LDT:

Access the McAfee Downloads website. Log on with your Grant ID and download the LDT tool in the format LDT-getlogs-ISO Version X.X.

To verify the LDT ISO SHA256:

Use LDT-getlogs-ISO Version and verify the SHA256 of the ISO file downloaded based on the following instructions.

For Linux: Most Linux distributions come with the sha256sum utility. • Open a terminal window.• Type the following command:

sha256sum [type file name with extension here] [path of the file]• You will see the sha256 sum of the ISO file.• Match it against the original value showing on the download site.

For Windows 10: There are few options to verify the SHA256 file. • Download one of the Windows utilities, such as Hash Tool.• Use Windows 10 built-in command line utility:

o CerUtil utility: From windows command prompt, type:certutil -hashfile "drive:\path\LDT-getlogs-ISO Version X.X" SHA256

14

o PowerShell - There is a command “get-Filehash” to generate the file hash to helpvalidate the ISO file integrity. Open the PowerShell window and type:

get-filehash drive:\path\LDT-getlogs – ISO Version X.X -Algorithm SHA256 Match it against the original value showing on the download site.

To update Java Security configuration by adding RMM IP to allow access:

1. If the Intel® RMM IP is not added to the Java exception site list, an error might be displayed“Application Blocked by security Settings”. To add the Intel® RMM IP address to the Javaexception site list:

Windows 10 • Right-click on the Start button and select the Control Panel option.• In the Windows Control Panel, click on Programs.• Click on the Java icon to open the Java Control Panel.

Windows 8 • Use search to find the Control Panel• Press Windows logo key + W to open the Search charm to search settings

OR• Drag the Mouse pointer to the bottom-right corner of the screen, then click on the

Search icon.• In the search box enter Java Control Panel• Click on Java icon to open the Java Control Panel.

Windows 7 • Click on the Start button and then click on the Control Panel option.• In the Control Panel Search enter Java Control Panel.• Click on the Java icon to open the Java Control Panel.

MacOS • Click on the Apple icon (upper left corner).• Click on 'System Preferences'.• Click on the Java icon.

2. From Java Control Panel, select the Security tab.3. Select and click Edit Site List to open the exception site list.4. Click Add to type the Intel® RMM IP address on the highlighted line.5. Click OK to save. The Java Control Panel returns to the Security tab.6. Click OK to exit the Java Control Panel.

To configure the RMM Media Redirector

1. With Configured and enabled RMM, enter the configured IP of the Intel RMM IP into a Javaenabled web browser and press Enter. The Intel Integrated BMC Web Console Login page isdisplayed.

15

2. Log on to the Intel Remote Management Module (RMM) with your user name and password.

3. Click Login to view the home appliance page. 4. The Integrated BMC Web Console home page and Java remote console layout may be

different depending on the installed RMM module. Example 1

a. From the home appliance page, select Remote Control in the top menu Notes: • Client system browser must allow pop-up windows from the integrated BMC Web

Console IP address. • A pop-up window is displayed to download the java Network Launch Protocol,

jviewer.jnlp file, which in turn downloads the standalone java application implementing the remote console.

b. Click Launch Console.

c. Open the downloaded file. d. To accept the certificate warning, click Continue.

16

e. To accept the Security Warning, tick the check box and click Run:

f. In the remote console window, click Device.

g. In the remote console window, select Redirect ISO.

17

h. Select the ISO file you want to mount from your local drive and click Open.

i. Reboot the server by selecting Reset Server => Perform Action.

Example 2

Notes: • Client system browser must allow pop-up windows from the integrated BMC Web

Console IP address. • A pop-up window is displayed to download the java Network Launch Protocol,

launch.jnlp file, which in turn downloads the standalone java application implementing the remote console.

a. From the home appliance page, select Remote Control in the top menu. b. Click Launch Console.

18

c. To accept the security warning, click Keep.

d. Open the downloaded file.

19

e. In the remote console window, select Virtual Media. f. Select Device1. g. Select ISO File in the Logical Drive Type drop-down list. h. Click Open Image to select the LDT ISO.

i. Open Image displays a file dialog. Browse to the location containing LDT ISO. j. Select the ISO file you want to mount from your local drive and click Open.

k. The Image name path is displayed. Click Plug in to mount the device. The button will be

grayed out.

20

l. Click OK.

21

Start the LDT 1. If the hardware appliance is powered down, press the power button to turn it on. If the

system is running, request a graceful reboot through the CLI windows or management interface.

2. Press F6 to enter the boot option menu. 3. Some McAfee products prompt for the BIOS password before entering the boot menu. See

the documentation for your product, at https://support.mcafee.com/ or https://docs.mcafee.com.

4. At the boot option, select Virtual CDROM 1.00; it will boot the mounted LDT ISO.

22

5. Press Enter to continue. 6. Wait for the system to boot to McAfee LDT Linux OS. Note that booting from RMM Media

redirector might take several minutes to boot to the LDT menu.

7. The system displays the LDT Menu.

23

8. Select L) Capture System and Disk Logs to collect the log files.

9. Enter any additional Information that might help with the Service request.

10. After adding notes to the case, press Ctrl-D to continue.

24

11. The LDT-getlogs program starts collecting the hardware logs. When completed, it displays

the following:

12. Press Enter to continue. The system returns to the LDT menu.

NOTE: When using the RMM Media Redirector, the log files are stored in /tmp.

25

13. Bring up the network interface to transfer the zipped log files to an accessible system on the network. For more information, see the section “To bring up a network interface”.

14. To return to the LDT menu, type /startup/20-menu.sh. 15. To reboot the appliance, select R from the LDT menu. 16. To power down the system, select P from the LDT menu.

LDT Output The LDT produces a single zip file as output under the /tmp directory and transferred to a network location. This file contains many hardware diagnostic log files and any notes you entered (notes.txt). Provide this file to McAfee Support so they can investigate hardware issues.

26

To bring-up a Network Interface

To move the log files off the appliance using FTP or SCP, first bring up a network interface. This is useful after using the CD or RMM Media Redirector methods of running the LDT, as you are unable to save the compiled zip file.

Task 1. From the LDT main menu, enter the Shell by typing s and pressing Enter at the prompt. 2. Run the script /bin/netup.sh by typing netup.sh at the prompt and pressing Enter.

3. At the network selection screen, select the interface to configure. Press Tab or Enter to

change interfaces. Press N to select the interface and move to the next screen.

27

4. Configure the interface for either DHCP or manual configuration. Press Tab to move between fields. Tab to the field with “?”.

5. Type Y to proceed. The script commits the settings and brings up the interface.

28

6. Check the IP address, and then run #ifconfig -a.

7. Use SCP or FTP to move files off the appliance. 8. Disconnect RMM Media Redirector (RMM Example 1). Uncheck the Redirect ISO option.

9. Disconnect RMM Media Redirector (RMM Example 2), click Plug Out.

10. To return to the LDT menu, type /startup/20-menu.sh. 11. To reboot the appliance, select R from the LDT menu. 12. To power down the system, select P from the LDT menu.

Online method The LDT-getlogs-ZIP Version X.X file does not require you to shut down the appliance, avoiding down time.

Disclaimer: The online version of the LDT can run on Linux OS provided with McAfee products. Furthermore, it must be run on a user account that has administrator privileges. If you are unsure if your appliance is running McAfee Linux OS or if your account has administrator privileges, contact McAfee Support for further assistance.

Task

1. From the McAfee Downloads website, log on with your Grant ID. Download the LDT tool inthe format “LDT-getlogs-ZIP Version X.X”.

2. Verify the LDT-getlogs file SHA256 sum.LinuxMost Linux distribution come with the sha256sum utility• Open a terminal window.• Type the following command: sha256sum [type file name with extension here] [path of

the file]• You will see the ISO SHA256 sum.

Match it against the original value showing on the download site.

Windows 10 There are few options to verify the SHA256 file. • Download Windows one of the utilities, such as Has Tool.• Use Windows 10 built-in command line utilityCerUtil utility: From windows command prompt, type:

certutil -hashfile "drive:\path\LDT-getlogs- ZIP Version X.X" SHA256 PowerShell In PowerShell, the command “get-Filehash” generates the file hash to help validate the ISO file integrity. Open PowerShell window and type:

get-filehash drive:\path\LDT-getlogs – ZIP Version X.X -Algorithm SHA256 • Match it against the original value showing on the download site.

3. Copy or upload the LDT-getlogs-version.build.zip to the system (scp,ftp,etc..) to the pathprovided by support.

4. Check for file presence, execute this command:#ls <press enter>Example Output: …… LDT-getlogs-ZIP Version X.X ……

30

5. Unzip the LDT-getlogs-ZIP Version X.X

Start the LDT

1. Execute the following command /getlogs/getlogs.sh.2. Add additional information, example:

------------------------------------------------------------------Please enter any useful notes or information about this system. e.g. escalation number,which drives have failed, what remediation has been attempted, and the like.

Service Request 4-1111........ - System exhibits power cycling issues 3. Press Ctrl-D when finished.

------------------------------------------------------------Obtaining information from OS...... done Obtaining information from NICs...... done Doing host0... .............. ... done

Created /path/fielname.zip ------------------------------------------------------------------

4. Copy or transfer the resulting LDT output .zip file filename.zip back to McAfee Support foranalysis