The subscription for the Greenbone Security Manager includes upgrades for new versions of scan engine, web-interface etc. The upgrades are easy to execute.
Greenbone continuously provides new upgrades. The users can decide on their own whether and when they want to execute the upgrade.
There are 3 types of upgrades:
Patch-Level Upgrades (for example from 2.0.0-26 to 2.0.0-27)
Release Upgrades (for example from 2.0.0 to 2.1.0)
Generation Upgrades (for example from 2.4.0 to 3.0.0)
This page provides guides on how to execute the updates.
Check version of your GSM
The version of a GSM is available in 3 ways:
Via console (no login required):
The version and type of the GSM is directly visible on the console prompt without the need to log in. You may need to hit the return key to refresh the welcome message.
Welcome to the Greenbone OS 2.0.0-26 running on a Greenbone Security Manager 500 gsm login:
Via SSH access (required login):
Directly after logging in via SSH with the account "admin", version and type is displayed:
$ ssh email@example.com firstname.lastname@example.org's password: Welcome to the Greenbone OS 2.0.0-26 running on a Greenbone Security Manager 500
Version and GSM type are also shown in the start dialog of the Greenbone OS Administration (command "gos-admin-menu"):
Via HTTPS (web interface, no login required):
Version and GSM type are directly visible in the login dialog of the web interface:
Execute GSM System Upgrade
Step 1: Review changes first
It is very important that you review all changes between your current version and the newest version. Pay attention to any hints on changes of behaviour, changes of formats, data migrations etc.
Review based on this overview: Greenbone OS: Current
Step 2: Backup
Additionally to your routine backups it is recommended to create and extra backup of the most current state before executing a upgrade. This is especially important for Release Upgrades and Generation Upgrades where the database model is updated and your data will automatically be migrated.
Depending on the GSM type, different strategies for backups are available. Keep in mind that for a system upgrade it does make sense to create a complete system backup rather than just a userdata backup.
GSM ONE and GSM 25V: Apply the backup methods of the hypervisor.
GSM 25: All scan data is stored on the sensor master. For standard deployments there is no need for a backup.
GSM 100: A userdata backup is sufficient for this GSM type.
GSM from 500: These devices additionally own a internal backup partition. It can be used for Patchlevel Upgrades and Release Upgrades. For Generation Upgrades a external backup is necessary because this type of upgrade will reset all partitions.
Step 3: System Upgrade
Execute Patch-Level Upgrade
The upgrade can be executed without shutting down the system. In general it is highly recommended to wait for all scans to finish or to stop them. Additionally you should ensure no scheduled scans are launched during the upgrade. Scan results would be lost and there would be impact on performance.
Start "gos-admin-menu" and select the Upgrade Management.
This will show the version a upgrade would install. This version was downloaded as part of the usual feed updates.
It can happen that version shown as available is not the newest version according to the Greenbone Newsletter or according to the page Greenbone OS: Current (for example this happens for a GSM ONE that is only booted on occasion). In this case either a feed update was not (yet) executed or the GSM currently can not access the Greenbone Feed Server. Should the Selfcheck of the main menu be successful, a manual Download via "Sync" can be requested.
Now choose "Upgrade" to start the process. It will be displayed that the upgrade is prepared:
From this moment on the upgrade runs fully automatically. You now work on other tasks. Usually, the upgrade is finished in less than one hour.
With menu item "Refresh" you can update the status view. After some time the status changes to "System upgrade in progress". During this the current version of the GOS changes to the new one:
Only after the process is fully completed, you should leave gos-admin-menu:
For patch-level upgrades a reboot is not mandatory, but recommended. In doubt, please contact the Greenbone Support Team.
Execute Release Upgrade
In general it is highly recommended to wait for all scans to finish or to stop them. Additionally you should ensure no scheduled scans are launched during the upgrade. Scan results would be lost and there would be impact on performance.
Now start "gos-admin-menu" and enter the Upgrade Management. There, choose "Switch Release" to prepare the system for the switch to the next new release, provided there is one available.
If you confirm the following dialog with "Yes", you will not be able to stay on the current release version. It will then be mandatory to update to the next release in order to install new patch levels.
After the release switch was confirmed, the switch is prepared:
After some time the status changes to "Release switch is in progress". This means, the data for the new release are now downloaded. This process can take quite some time and requires connection to the Greenbone Feed Server.
Once the release switch is completely prepared, the menu item "Upgrade" will get available. Now execute the actual upgrade in the same way as done for a Patch-Level Upgrade.
However, the process differs in two ways from the regular patch level upgrade: First, the upgrade will take much longer (can be a couple of hours, best is to wait until next day). Second, a reboot of the system is necessary.
Execute Generation Upgrade
For these upgrades special manuals are prepared and made available under Greenbone OS Manuals as corresponding Upgrade Guides in PDF format for download.