Welcome to this video demonstration, which is to accompany this KB, which is the ECS solution to the Apache log for a remote code execution vulnerability issue. There are two CVEs that are resolved as part of this fix. Video, there's 4 parts to this video. It covers checking and upgrading the Xo version, pre-checks for patch application. Application of patch. And post checks. Move to the CLI, you first verify the version of X Doctor you're running on the system.
In this case, you have 78.2, uh, you need 79.0 or higher. So upload the X Starter package you've downloaded, upload it to the first node in the VDC. Which will be home slash admin. This directory. Once you've done that, upgrade the version of X Factor. So here you can see the version of Xs Doctor is now successfully upgraded to 79. If you have more than one rack in the VDC, it needs to be done on the rack master node on each VDC as well. Again, verify a version of X Doctor is 79. The next step we move to is the prechecks. So we check our GTs on the system. Like so, in this case, you can see we have 0 on ready DTs.
So we now move to our second pre-check. To run the SVC patch command with status. Wait for that to execute. So 2nd PreCheck has now successfully completed. You will see he has validated all nodes are online. This is important. If all nodes are not online, the patch will not be applied on the offline node. So if this is not done, please investigate first why this node is offline. Check for, you know, other service procedures that may be running on the system at this time.
Here you will see the, the two CVEs that need to be applied, jar file that's changed, that will be changed, and the services that will be restarted on a rolling basis across all the nodes. So now we move to the patch and stall. We will be executing this procedure using Screen. So you'll see the command around there, which is basically a patch install opening screen session. I call it patch install. You can call it what you want. And the second thing to do here is to unset timeout.
This is This is to make sure that there's no timeouts during the execution of the procedure. So once that's done, we are now ready to proceed with the actual patch install. Like so. So again, it does a few verification checks. Again, these are the patches, the jar file, the services, all the services will be restarted on each node on a rolling basis. The number of nodes in this system is 4. And the time between uh the actual restart of the services is 7.5 minutes. So after the services are restarted, GTs are allowed to stabilize for 7.5 minutes.
So once you have received this prompt, press yes to continue. So the first thing it does is it distributes the the new jar file across the 4 nodes in this instance. So 567, and 8. Jar file is now distributed to all the nodes, and we now began to restart of the services with a 7.5 minutes in. As you can see, patching is now completed and all nodes and services have been restarted. So from here, we exit our screen session. And we run the same checks we ran before the patch install, so. Like this. So you can see here the unready GTs are now zero. You will see here, um, so this is at 12:45 currently.
You will see from previous timestamps that you see here around 12:41, 12:42 there was unread DTs. That was because it was within the seven minute window and some of the DT still hadn't stabilized, which as you can see here, we have 3 concurrent three successive checks where we have unre DTs, so this check is good. And the final check we run is again, like we did originally, we checked the patch status.
So same commands just with status. So we wait for that to complete. This now tells you the patch has been. Installed for both CVEs, um, you'll see here the output, no files to be installed, no services need to be restarted. So at this stage we have successfully completed the procedure. Um, please refer to the KB for full details and for some of the, uh, you know, guidance around time and frequently asked questions. If there's any issues in terms of the patch not installing or issues with the pre or post checks, please open NSR with ECS support. Thank you for your time.