Patching Golden Image/Master Template Using Saner CVEM

Modified on Thu, 18 Sep at 1:35 PM

Product Version: 6.5.0.0

Overview

This document provides step-by-step instructions to streamline the patching process for Template/Golden Images using the Saner CVEM platform. By preparing the master image with the Saner CVEM Agent, patches can be applied centrally without requiring agent reinstallation or reactivation on cloned instances. This approach eliminates the need to patch cloned machines individually, thereby simplifying patch management and ensuring consistency across environments.

Supported Operating System

Windows

Applicable Platforms

On-Cloud Deployment
On-Premises Deployment

Steps to Install and Configure the Saner CVEM Agent in the Template Machine

1. Download the Saner CVEM Agent

Log in to the Saner CVEM Console under the respective account.
Download the latest version of the Saner CVEM Agent.

2. Transfer the Agent File

Copy the downloaded Saner CVEM Agent ZIP file to the Master Image/Template machine.

3. Extract the Agent File

Extract the contents of the Saner CVEM Agent ZIP file.

4. Install the Saner CVEM Agent

Run the installer and complete the installation of the Saner CVEM Agent on the template machine.

5. Configure Activation Token

Navigate to the extracted agent folder.
Open the spsaneractivation.conf file in Notepad.
Copy the value from the “ActivationToken” field.

6. Create Token File

Create a new text file named TGT_Key.txtunder:
```
C:\Program Files (x86)\SecPod Saner\
```
Paste the copied token value into this file.

7. Create Batch Script for Deactivation

Create a batch script with the following lines:

net stop "SecPod Saner Agent"
type "C:\Program Files (x86)\SecPod Saner\TGT_Key.txt" > "C:\Program Files (x86)\SecPod Saner\assertion.key"

Save the script as Agent_Deactivation_Template.bat under:
```
C:\Program Files (x86)\SecPod Saner\
```

8. Configure Group Policy for Automation

Open Group Policy Editor.

Navigate to:

Local Computer Policy > Computer Configuration > Windows Settings > Scripts (Startup/Shutdown)

Select Shutdown, then click Add and browse to the location of Agent_Deactivation_Template.bat.
Add the file, then click Apply and OK.

9. Shutdown and Clone the Template

Shut down the Template machine.
Begin cloning the instance as needed.
The Saner CVEM Agent will automatically activate whenever the Template is powered on for patching.

Conclusion

By following the above steps, administrators can ensure the Saner CVEM Agent is pre-configured in cloned machines, enabling seamless patching without the need for manual intervention. This method reduces repetitive tasks, saves time, and ensures consistent patch compliance across all cloned instances.