AlienVault® USM Appliance™

Operating System Upgrade in Version 5.8.0

Applies to Product: USM Appliance™ AlienVault OSSIM®

USM Appliance version 5.8.0 includes an operating system (OS) upgrade to improve the performance and security of your deployment. The upgrade process consists of three parts:

  • Perform Pre-Checks: Runs a set of diagnostic checks to ensure that your deployment meets AT&T Cybersecurity's requirements.
  • Update OS Packages: Brings the OS packages to the designated versions.
  • Update USM Appliance Packages: Brings the USM Appliance specific packages to the designated versions.

The upgrade process aborts if any of the pre-checks fail. The following table lists the various errors you may receive. If you need help passing these checks, please contact AT&T Cybersecurity Technical Support.

Pre-Check Error Codes and Messages
Error Code Error Message
1 alienvault-update is already running ... exiting.
2 System cannot be updated because a vulnerability scan is currently running. Try again later.
3 The system must be rebooted. Please, reboot the system before starting the update process.
4 The verification process could not be completed. Signature file not found.
5 The verification process could not be completed. Signature is invalid.
6 System cannot connect to APT. Execute 'dpkg --configure -a --force-confnew' to correct the problem.
22 Unable to obtain database password. Please, check your ossim_setup.conf file.
23 mysqlcheck command not found.
24 Your database is corrupted and cannot be repaired.
27 It seems that there are more than 200M events in the database or your indexes are corrupted.
29 Cannot change repositories.
31 Error downloading packages.
32 Error while updating a major version.
33 Error while updating a major version (MariaDB cannot be installed).
34 Error while updating a major version (Squid cannot be installed).
35 ossim_setup.conf has been removed. Try to recover a backup from /etc/ossim/.
36 Error updating sources list.
40 Dash shell cannot be installed.
42 AlienVault preseeds cannot be set.
50 Parsing error: Some command line arguments are unknown. Please, type alienvault-update --help for more information.
51 System must be running v5.7.6 to perform an OS update.
52 System is unstable, some packages are not correctly installed and configured.
53 Your system does not meet the minimum requirements (For more information, review https://cdn-cybersecurity.att.com/docs/data-sheets/usm-appliance.pdf).
54 Your system has less partitions than required in /dev/sda, please contact with support.
55 System is running in HA mode. If you want to update your system, please disable the HA system by running alienvault-ha-assistant -d, and then update.
56 CPU usage is above 90%, the OS update requires CPU usage to be below the threshold.
57 USM Appliance cannot be updated, packages cannot be installed.
58 No profiles found in your system.
59 ossim_setup.conf is corrupted. Profiles not found. Try to recover a backup from /etc/ossim/."
60 The command apt-get update failed. Please, check your internet connection.
61 You don't have enough disk space. Please, free up space on your hard drive.
62 A problem occurred checking your USM Appliance license. Please, check the update log for more information.
64 Database schema version mismatch.
65 Packages cannot be downloaded. Please, check the update log for more information.
66 Failed to install package from Threat Intelligence update.
67 Apt command cannot be updated
68 System is unstable, some packages have not been updated to the latest version.
69 bash script was executed isolatedly. Please, use alienvault-update command instead.
70 MySQL cannot be started.

You may also receive some warnings from running these pre-checks. See the following table for details.AT&T Cybersecurity recommends that you review the warning messages and correct as many issues as possible, but you can proceed with the upgrade by entering y when the system asks if you want to continue.

Pre-Check Warnings
Number Warning Message
1 SSH Session detected. AlienVault recommends updating the system from a terminal to prevent possible connection problems during the update.
2 The verification process could not be completed. User agent signature is invalid.
3 There is no connection. UserAgent will not be downloaded.
4 apt-get --yes autoremove --purge could not be executed.
5 Failed to install libhyperscan!
6 No event backup with less than 14 days found. It's recommended creating a new backup and copying it to an external device.
7 No configuration backup with less than 14 days found. It's recommended creating a new backup and copying it to an external device.
8 NfSen backup cannot be created.
9 MySQL backups cannot be created.
10 MySQL backups cannot be restored.
11 Default api periodic tasks cannot be enabled.
12 Default api periodic tasks cannot be disabled.
13 New Squid configuration cannot be applied.
14 Squid backup cannot be created.
15 Squid backup cannot be restored.
16 Nagios module cannot be disabled in Apache server.
17 Nagios module cannot be enabled in Apache server.
18 More than 3 partitions has been detected in /dev/sda. It's recommended contacting with support before proceeding.

 

Because USM Appliance needs to reboot during the OS upgrade, you cannot perform this particular update from the browser. For the same reason, it is not recommended to run the upgrade from an SSH session either. Please run the update from a terminal or a virtual machine (VM) console.

To upgrade the OS

  1. Launch the AlienVault Console and use your credentials to log in.

    The AlienVault Setup menu displays.

  2. Select System Preferences.
  3. Select Update AlienVault System.
  4. Select Upgrade Operating System or Upgrade Operating System (Offline), and then press Enter. If choosing offline, see Update USM Appliance Offline on how to prepare the ISO image.

    Important: These two options are only available in USM Appliance version 5.7.6.

  5. Confirm your selection by pressing Enter.

    The upgrade process starts, writing its progress to /var/log/alienvault/update/alienvault57to58-update-<timestamp>.log. For example:

    You can check the log file periodically to monitor the progress. This upgrade can take more than 30 minutes to finish.