Update
As soon as a new on-premises version is available, you will receive an e-mail from us. In the email, you can get the current version numbers. You will also get the latest versions from Github.
Make sure to also keep the installed software components Pulsar Agent, Watchdog, Hacktor and Observer up to date. You can execute the updates directly in the platform. Click here for instructions.
Enginsight Application
Automatic update (recommended)
We recommend to use our update script to automatically install the latest version of Enginsight.
Navigate to the directory of your installation and run the update script.
cd /opt/enginsight/enterprise
sudo chmod +x update.sh && ./update.sh
If the update.sh file does not exist, it can be downloaded and executed using the following commands.
cd /opt/enginsight/enterprise
wget -O update.sh https://raw.githubusercontent.com/enginsight/enterprise/master/update.sh
chmod +x update.sh
./update.sh
Creating a cronjob
Alternatively, you can have the update executed automatically via a cronjob.
Execute the following command to add a cronjob.
su - root
sudo chmod +x /opt/enginsight/enterprise/update.sh
sudo crontab -e
Copy the following line into the document, edit the execution time according to your needs and save the document.
0 04 * * 0 cd /opt/enginsight/enterprise && ./update.sh
In this example, the update is performed weekly on every Sunday 4:00 AM.
Manual update
If you want to manually update software modules to special versions, use the following procedure.
Navigate to /opt/enginsight/enterprise
cd /opt/enginsight/enterprise
Adjust the image versions of the various Docker services.
sudo nano docker-compose.yml
Example of services, ui-m1:
ui-m1:
image: enginsightonpremise/ui-m1:<version>
...
Save the docker-compose.yml
Execute the setup script and confirm all prompts.
sudo ./setup.sh
Loggernaut Update
For Loggernaut installations prior to 2.0.0, a one-time manual update is required to enable updating within the UI. To do this, execute the following code:
// sudo /opt/enginsight/loggernaut/ngs-loggernaut -update
Software Components
You can update our four software components directly in the Enginsight platform.
Pulsar Agent
The best way is to update the Pulsar agent on all hosts at the same time.
Go to Hosts → Overview.
Click on the "Update Agents" button. You will find it above the list of your hosts.
Click Refresh. If all agents are up to date, you will receive a message.
Observer
Go to Endpoints → Observers and check if all version numbers are up to date.
If an observer does not have the current version number, click the update icon in the right column at Actions.
Watchdog
Go to Discoveries → Watchdogs and check if all version numbers are up to date.
If a watchdog does not have the current version number, click the update icon in the right column at Actions.
Hacktor
Go to Penetration Testing → Hacktors and check if all version numbers are up to date.
If a hacktor does not have the current version number, click the update icon in the right column at Actions.
SIEM Update
In any case, perform a backup before updating your SIEM to secure your data!
The following instructions explain the procedure for updating the Docker containers for Zookeeper, Solr and Traicer. It is imperative that you follow the instructions to prevent errors!
Be sure to follow the order described below, especially for Zookeeper and Solr:
Zookeeper Update Avoid automatic updates for Zookeeper, or make sure that Zookeeper is fully started before the Solr update starts.
Solr Update Solr requires a running Zookeeper instance to start. If Solr is started before Zookeeper, connection problems may occur that can only be resolved by manually restarting Solr.
Traicer Update The Traicer container can be updated independently without any special dependencies.
Log in to the management server.
Change to the correct directory using
cd /opt/enginsight/enterprise/
.First run the central update script.
curl -sSL https://get.enginsight.com/siem/scripts/update.sh | sudo -E bash -s update
Follow the instructions in the script.
Then wait until the script has been executed completely.
Next, log in to your index server.
Repeat steps 2-4 on the index server.
Part Offline and Pulsar updates
These instructions describe how to carry out updates in a partially offline scenario, in which the app server temporarily receives an internet connection in order to download updates. The downloaded data can then be transferred to other hosts without an internet connection. The focus here is on updates to the Enginsight components, in particular the Pulsar component.
Update-Prozess bei eingeschränkter Konnektivität
Activate the internet Activate the internet connection on the app server to be able to download the updates.
execute
update.sh
Execute the update scriptupdate.sh
on the app server. To do this, follow the steps in the update instructions above.Checking and updating the software components
After completing the update, check all relevant components, including Pulsar, Watchdog, Observer and Hacktor. To ensure that the updates are cached correctly, update at least one installation of each component. Further details can be found in the instructions under Software components.
Deactivating the Internet connection Once the updates are complete, disconnect the app server from the Internet.
Pulsar-Download-Script
If an update is required for the Pulsar component, proceed as follows:
Zum Enterprise-Verzeichnis wechseln Navigate to the directory
/opt/enginsight/enterprise
:sudo cd /opt/enginsight/enterprise
Download new script
Download the latest Pulsar update script from the official repository:
sudo wget https://raw.githubusercontent.com/enginsight/enterprise/master/scripts/fixed/pulsar.sh
Make script executable Grant the downloaded script the necessary execution rights:
sudo chmod +x pulsar.sh
Execute script Execute the script to download the current version of the Pulsar in all variants:
sudo ./pulsar.sh
Finalize setup Start the setup script to finalize the changes:
sudo ./setup.sh
Adjustment in the docker-compose.yml
docker-compose.yml
Adjust the configuration of the docker-compose.yml
for the server-m2
service to mount the Pulsar directory correctly:
server-m2:
...
- "./pulsar:/opt/enginsight/server-m2/pulsar"
After the adjustment, restart the affected service to apply the changes:
sudo docker-compose up -d server-m2
After completing the steps described above, all relevant components should be updated to the latest version. Make sure that all services are running properly and that the system is stable.
External Components
Mongo DB Upgrade
Backup of the MongoDB-configuration The Configuration in
/etc/mongod.conf
gets deleted during the upgrade. It must therefore be backed up beforehand.
Creation of a database dump Basic command:
mongodump --host "rs0/<ipOfTheDBAsUsedByTheApi>:27017" --db enginsight
With RBAC (user name/password) Add the following parameters:
--username mongoDefaultUser --password $(</etc/enginsight/mongoDefaultUserPassword) --authenticationDatabase "enginsight"
With TLS Add the following parameters:
--ssl --sslCAFile /etc/enginsight/ssl/mongodbCA.crt --sslPEMKeyFile /etc/enginsight/ssl/mongodb.pem
A complete dump command with an example IP for a database without TLS and RBAC looks like this:
mongodump --host "rs0/192.168.180.38:27017" --db enginsight
A complete dump command with an example IP for a database with TLS and RBAC looks like this:
mongodump --host "rs0/192.168.180.38:27017" --username mongoDefaultUser --password $(</etc/enginsight/mongoDefaultUserPassword) --authenticationDatabase "enginsight" --ssl --sslCAFile /etc/enginsight/ssl/mongodbCA.crt --sslPEMKeyFile /etc/enginsight/ssl/mongodb.pem --db enginsight
Deinstallation of MongoDB 5
systemctl stop mongod
apt remove mongodb-org
apt autoremove
Please note that all data without a dump will be lost before you start the next step.
Deleting database remnants
sudo rm -rf /var/lib/mongodb
Upgrade of the Debian-system Perform the upgrade with the plugin listed here. The MongoDB repository is automatically updated to version 8.0. A restart of the system is mandatory.
MongoDB reinstallation After a system restart:
sudo apt install mongodb-org
MongoDB setup
Restoring the configuration Now restore the backup of the
/etc/mongod.conf
file.Updating the configuration syntax Due to a change in the configuration syntax, an adjustment is required. The
storage
section previously looked like this:# Where and how to store data. storage: dbPath: /var/lib/mongodb journal: enabled: true # engine: # mmapv1: # wiredTiger:
The
journal
key is no longer supported and must be removed along with its suboptions. The section should then look like this:# Where and how to store data. storage: dbPath: /var/lib/mongodb # engine: # mmapv1: # wiredTiger:
Temporarily deactivating authentication Temporarily comment out the
security
: section in the/etc/mongod.conf
file if it exists. This applies to the entire section including sub-items, i.e. the indented options undersecurity:
!Start the Mongo DB
sudo systemctl enable --now mongod
Setting up the replica set Basic command:
mongosh --host "<IP_OF_THE_DB_AS_USED_BY_THE_API>:27017" \ --eval "rs.initiate({ _id: \"rs0\", members: [{ _id: 0, host: \"<IP_OF_THE_DB_AS_USED_BY_THE_API>:27017\" }] })"
With TLS The following parameters must be added after the
--host
parameter:--tls --tlsCAFile /etc/enginsight/ssl/mongodbCA.crt --tlsCertificateKeyFile /etc/enginsight/ssl/mongodb.pem
Complete command with exemplary IP without TLS:
mongosh --host "192.168.180.38:27017" \ --eval "rs.initiate({ _id: \"rs0\", members: [{ _id: 0, host: \"192.168.180.38:27017\" }] })"
mongosh --host "192.168.180.38:27017" --tls --tlsCAFile /etc/enginsight/ssl/mongodbCA.crt --tlsCertificateKeyFile /etc/enginsight/ssl/mongodb.pem \ --eval "rs.initiate({ _id: \"rs0\", members: [{ _id: 0, host: \"192.168.180.38:27017\" }] })"
Restore user (if previously available) Basic commands:
mongosh --host "<IP_OF_THE_DB_AS_USED_BY_THE_API>:27017" \ --eval "db.createUser({user:'mongoAdminUser',pwd:\"$(</etc/enginsight/mongoAdminUserPassword)\",roles:['userAdminAnyDatabase','clusterMonitor']})" admin mongosh --host "<IP_OF_THE_DB_AS_USED_BY_THE_API>:27017" \ --eval "db.createUser({user:'mongoDefaultUser',pwd:\"$(</etc/enginsight/mongoDefaultUserPassword)\",roles:[{role:'readWrite',db:'enginsight'}]})" enginsight
With TLS The following parameters must be added after the
--host
parameter:--tls --tlsCAFile /etc/enginsight/ssl/mongodbCA.crt --tlsCertificateKeyFile /etc/enginsight/ssl/mongodb.pem
Complete commands with exemplary IP without TLS:
mongosh --host "192.168.180.38:27017" \ --eval "db.createUser({user:'mongoAdminUser',pwd:\"$(</etc/enginsight/mongoAdminUserPassword)\",roles:['userAdminAnyDatabase','clusterMonitor']})" admin mongosh --host "192.168.180.38:27017" \ --eval "db.createUser({user:'mongoDefaultUser',pwd:\"$(</etc/enginsight/mongoDefaultUserPassword)\",roles:[{role:'readWrite',db:'enginsight'}]})" enginsight
Complete commands with exemplary IP with TLS:
mongosh --host "192.168.180.38:27017" --tls --tlsCAFile /etc/enginsight/ssl/mongodbCA.crt --tlsCertificateKeyFile /etc/enginsight/ssl/mongodb.pem \ --eval "db.createUser({user:'mongoAdminUser',pwd:\"$(</etc/enginsight/mongoAdminUserPassword)\",roles:['userAdminAnyDatabase','clusterMonitor']})" admin mongosh --host "192.168.180.38:27017" --tls --tlsCAFile /etc/enginsight/ssl/mongodbCA.crt --tlsCertificateKeyFile /etc/enginsight/ssl/mongodb.pem \ --eval "db.createUser({user:'mongoDefaultUser',pwd:\"$(</etc/enginsight/mongoDefaultUserPassword)\",roles:[{role:'readWrite',db:'enginsight'}]})" enginsight
Reactivation of the authentication The lines commented out in step 7.3. must now be commented in again. MongoDB must then be restarted:
sudo systemctl restart mongod
Importing the dump Basic command:
mongorestore --host "rs0/<IP_OF_THE_DB_AS_USED_BY_THE_API>:27017"
With RBAC (Username/Password)
Add these parameters:
--username mongoDefaultUser --password $(</etc/enginsight/mongoDefaultUserPassword) --authenticationDatabase "enginsight"
With TLS
Add these parameters:
--ssl --sslCAFile /etc/enginsight/ssl/mongodbCA.crt --sslPEMKeyFile /etc/enginsight/ssl/mongodb.pem
A complete dump command with an example IP for a database without TLS and RBAC looks like this:
mongorestore --host "rs0/192.168.180.38:27017"
A complete dump command with an example IP for a database with TLS and RBAC looks like this:
mongorestore --host "rs0/192.168.180.38:27017" --username mongoDefaultUser --password $(</etc/enginsight/mongoDefaultUserPassword) --authenticationDatabase "enginsight" --ssl --sslCAFile /etc/enginsight/ssl/mongodbCA.crt --sslPEMKeyFile /etc/enginsight/ssl/mongodb.pem
Last updated
Was this helpful?