USM Appliance and AlienVault OSSIM version 5.2 includes an operating system update to improve general performance, stability, and reliability. The AlienVault OS is based on Debian, which will update from Debian 6 ‘Squeeze’ to Debian 8 ‘Jessie’. All libraries, kernel, and software will be updated; therefore the update option is only available from the AlienVault Setup menu (both online and offline), not from the web interface.
Read the notes below carefully before running the update:
- Due to the complexity of this update, we are asking all customers to update to USM Appliance/AlienVault OSSIM version 5.1.1 first, following the normal update procedure; then update to version 5.2 from the AlienVault Setup menu.
- The file size for this update is around 800MB, so it may take a long time to download depending on your Internet connectivity. We recommend that you plan at least 1 hour window to update each AlienVault device. For the same reason, an SSH session may lose connection in the middle of the update, therefore we recommend updating the system from a terminal instead of an SSH session. Alternatively, you can use the GNU Screen program to maintain the session.
- For virtual environments, a big download relies heavily on the I/O of the hard disk, so it is better to update them one by one, never simultaneously. As always, if you have more than one USM Appliance instances deployed, you should update them from the higher level to the lower level, i.e. first the USM Appliance Logger, then the USM Appliance Server or USM Appliance All-in-One, and lastly the USM Appliance Sensor.
- This release requires rebooting the appliance once the update has completed.
- Please run a full backup before updating in case any unexpected issue happens.
Prior to the update, the system will run some checks to make sure that your USM Appliance/AlienVault OSSIM instance(s) is in a healthy state. Actual update will not start if any of the blocker type checks fails. A warning, on the other hand, is a recommendation; you can choose to ignore, you are accepting the risk that your update may not run properly. The table below summaries what these checks are, which AlienVault product they are applicable to, and what you can do if your USM Appliance/AlienVault OSSIM instance(s) do not pass a check.
|Checks||USM Appliance||AlienVault OSSIM||Remediation Steps|
|Verify that current session is not SSH||Warning||Warning||AlienVault recommends updating the system from a terminal to prevent potential connection problems during the update. If you have to use SSH, use screen.|
|Verify that there are no custom partitions||Blocker||Warning||Please contact AlienVault Support for custom partition issues.
For online update only:
This check considers any mounted USB device to be a custom partition. Disconnect the USB device and run the update again.
Offline update can be carried out through the USB device as normal.
|Verify that USM Appliance/AlienVault OSSIM is on version 5.1.1||Blocker||Blocker||Update to USM Appliance/AlienVault OSSIM version 5.1.1 first, then update to 5.2|
|Verify that there is enough disk space||Blocker||Blocker||You should have at least 10GB of free disk space before running the update.|
|Verify that the mysql proc table is OK||Blocker||Blocker||Repair the table and try again. To repair this table, jailbreak the system and run this command:
mysqlcheck --repair mysql proc -u root -pXXX
|Verify that High Availability (HA) is not enabled||Blocker||Blocker||Disable HA and run the update again.|
|Verify that there is no pending reboot||Blocker||Blocker||Reboot the appliance and run the update again.|
|Verity that CPU load is not too high||Blocker||Blocker||The load average of your CPU in the last minute is above 8. Reboot the appliance and run the update again.|
|Verify that the installed packages are provided by AlienVault||Blocker||N/A||Remove 3rd party packages. The error message will list what those packages are.|
|Verify that the installed packages are on the expected version||Blocker||N/A||Update to USM Appliance/AlienVault OSSIM version 5.1.1.|
|Verify that critical packages are on the expected version||Blocker||N/A||These are the packages that AlienVault packages have dependencies on.
Please contact AlienVault Support if critical packages are not on the correct version.
|Verify that all packages have been successfully installed||Blocker||N/A||Make sure all packages show ‘ii’ when running ‘dpkg –l’.
If not, try updating to USM Appliance 5.1.1 first, then run the 5.2 update.
Please contact AlienVault Support if the packages cannot be successfully installed.
|Verify that the VM meets the necessary requirements||Blocker||N/A||The minimum requirement for this update is 4 CPU cores and 7.7GB RAM.|
|Verify that the schema is the correct version||Blocker||N/A||Make sure that the USM Appliance schema version is 5.1.1.
Please contact AlienVault Support if the schema is not on the correct version.
To update to AlienVault USM Appliance/AlienVault OSSIM version 5.2
- Login to the AlienVault Console.
Navigate to System Preferences > Update AlienVault System > Update System (Major).
Note: Make sure to choose the Update System (Major) option. The Update System option only updates the security feeds.
- Confirm that you want to continue with the major update. Press <Yes>.
- The AlienVault update process starts with the message below:
*************************************** WARNING *************************************** This update will change the underlying operating system and kernel Please run a full backup before continuing to prevent any unexpected issues with your AlienVault system. Your last backup was on Sep 29 11:03 Do you want to upgrade?[Y/n]
- Type ‘y’ then press Enter.
- The update process continues if none of the checks fails.
- Reboot the system once the update process completes successfully.