You will receive announcements about new versions of Sandfly from the mailing list if you subscribed to it. Additionally, you can check our website for announcements about new versions. 


TIP: Keep Your System Updated!

We are constantly adding in new sandfly investigative capabilities and features. You will want to make sure you keep your system updated.


To update Sandfly, fully read and complete the following steps.


Step 1: Pause Scheduled Tasks

Log into the Sandfly UI and pause all enabled schedules. This is to ensure that no scheduled tasks are kicking off during the install. You will need to un-pause the scheduled tasks after the upgrade is finished. See Pausing and Deleting Schedule for details.


Step 2: Make Sure All Tasks Have Completed

In the Sandfly UI, check the Task Queue by clicking on its button in the top bar or via the menu at Scanning > Task Queue and make sure the task queue is at 0 (zero), as indicated by the number in the circle. It is important to not stop nodes in the middle of scans because it can leave orphaned files on the remote hosts. If the nodes are allowed to finish then everything cleans up correctly.


Empty Task Queue

Empty Task Queue



Step 3: Download The Update

Option 1: Pull Latest Setup Scripts with Git

If you pulled the original setup from github, perform the following sequence. If you used the tarball you should proceed to step 3, option 2 instead.


Go to the sandlfy-setup directory on your server and nodes. Then do a pull for the latest setup scripts with the commands below:

cd ~/sandfly-setup


Then do a git pull to pull over any changes:

git pull origin


Option 2: Pull Latest Setup Tarball

If you did not initially install the setup scripts with git, you will have to pull the latest version from this URL and then untar it over the existing sandfly-setup directory:


https://github.com/sandflysecurity/sandfly-setup/releases/latest 



Step 4: Delete Docker Images

Once all tasks have been cleared out, we can run our scripts to stop and delete all Docker containers on the server and node instances.


Run the following command on the server and all nodes. 


Server:

cd ~/sandfly-setup/setup
./clean_docker.sh

be5e5caf816b
db7a5567a8f1
b5ba80831a5d
be5e5caf816b
db7a5567a8f1
b5ba80831a5d
Untagged: sandfly/sandfly-rabbit:latest
Untagged: sandfly/sandfly-server-mgmt:latest
Untagged: sandfly/sandfly-server:latest
...


Node:

cd ~/sandfly-setup/setup
./clean_docker.sh

a8c3b80228c4
9ecc25cdaae7
0106c87dbfd3
fb25ff348c30
a8c3b80228c4
9ecc25cdaae7
0106c87dbfd3
fb25ff348c30
Untagged: sandfly/sandfly-node:latest
...


You will see a large list of container hashes go by. Then you will be back at the command prompt. That means the script completed and the Docker containers have been removed.



Step 5: Run Start Scripts Again On Server and Nodes

On the server, and separately on all nodes, simply run the applicable start script. They will pull over the latest version of Sandfly and run it.


Server:

cd ~/sandfly-setup/start_scripts/
./start_sandfly.sh
*** Starting Postgres.
...
*** Starting RabbitMQ server.
...
Waiting for RabbitMQ to configure and start. This will take about 45 seconds.
......
*** Starting Sandfly Server.
...

<server is started>


Node:

cd ~/sandfly-setup/start_scripts/
./start_node.sh
Unable to find image 'sandfly/sandfly-node:latest' locally
latest: Pulling from sandfly/sandfly-node
...


On the Node(s) hosts you can run the start script multiple times to start multiple containers depending on your RAM and CPU capacity.



Step 6: Verification

Run the docker ps command on the server and node(s) to make sure everything is running.


Server:

docker ps
CONTAINER ID   IMAGE                                  COMMAND                  CREATED          STATUS          PORTS                                                                                            NAMES
8d2917c310d0   quay.io/sandfly/sandfly-server:3.1.0   "/opt/sandfly/start_…"   4 minutes ago    Up 4 minutes    0.0.0.0:80->8000/tcp, :::80->8000/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp                   sandfly-server
2968340233e4   quay.io/sandfly/sandfly-rabbit:3.1.0   "/bin/sh -c /usr/loc…"   4 minutes ago    Up 4 minutes    4369/tcp, 5671-5672/tcp, 15691-15692/tcp, 25672/tcp, 0.0.0.0:5673->5673/tcp, :::5673->5673/tcp   sandfly-rabbit
753966adf165   postgres:14.0                          "docker-entrypoint.s…"   4 minutes ago    Up 4 minutes    5432/tcp                                                                                         sandfly-postgres


Node:

docker ps
CONTAINER ID        IMAGE                         COMMAND                  CREATED              STATUS              PORTS               NAMES
2d08ee113488        sandfly/sandfly-node:latest   "/usr/local/sandfly/…"   2 seconds ago        Up 1 second                             nostalgic_villani
059f71acec24        sandfly/sandfly-node:latest   "/usr/local/sandfly/…"   3 seconds ago        Up 3 seconds                            heuristic_agnesi
bd36bbb28944        sandfly/sandfly-node:latest   "/usr/local/sandfly/…"   5 seconds ago        Up 5 seconds                            elegant_jennings
bea2bc10800e        sandfly/sandfly-node:latest   "/usr/local/sandfly/…"   About a minute ago   Up About a minute                       trusting_roentgen


You can log into the UI on the server and check the Audit Log. You will see an entry near the top that shows the server version and timestamp:


Upgraded Version Entry in Audit Log

Upgraded Version Entry in Audit Log



Step 7: Resume Your Schedules

Finally, resume your formerly enabled schedules and Sandfly will take up where it left off.




Previous
Previous Article:

Next Article:
Next