HomeDocumentationAPI Reference
Log In
Documentation

Upgrading Sandfly

You will receive announcements about new versions of Sandfly from the mailing list if you subscribed to it. Additionally, you can check our website for announcements about new versions.

👍

TIP: Keep Your System Updated!

We are constantly adding in new sandfly investigative capabilities and features. You will want to make sure you keep your system updated.

To update Sandfly, fully read and complete the following steps.

Step 1: Pause Scheduled Tasks

Log into the Sandfly User Interface (UI) and deactivate all enabled schedules. This is to ensure that no scheduled tasks are started during the install. You will need to resume the formerly active schedules after the upgrade is finished. See Deactivating and Deleting Schedule for details.

Step 2: Make Sure All Tasks Have Completed

In the Sandfly UI, check the Task Queues by clicking on its button in the Top Bar or via the sidebar at Scanning > Task Queues and make sure the task queue(s) are at 0 (zero), as indicated by the Total Tasks value. It is important to not stop nodes in the middle of scans because it can leave orphaned files on the remote hosts. If the nodes are allowed to finish then everything cleans up correctly.

Empty Task Queue

Empty Task Queue

Step 3: Download The Update

Download the latest version from the following URL and then untar it over the existing sandfly-setup directory:

❗️

IMPORTANT: Extract the archive over the existing sandfly-setup directory

The files contained in the tarball do not overwrite generated configurations or other added files under that directory, so it is generally safe to untar the new version on to the existing directory. If any scripts were customized, or if you prefer to be cautious, make a backup of the entire directory before extraction.

Step 4: Delete Docker Images

Once all tasks have been cleared out, we can run our scripts to stop and delete all of the Docker containers on the server and node instances.

Run the following command on the server and all nodes.

On the Server:

cd ~/sandfly-setup/setup

./clean_docker.sh
* Sandfly server is running on this system. Stopping...
4b24ab50f1c5
4b24ab50f1c5
* Sandfly server stopped.
* Postgres is running on this system. Stopping...
f23041d1b2b4
waiting for server to shut down....
f23041d1b2b4
* Postgres server stopped.

* Done.

4b24ab50f1c5
f23041d1b2b4
4b24ab50f1c5
f23041d1b2b4
Untagged: quay.io/sandfly/sandfly:5.4.2
...
Untagged: postgres:14.15
...

On every host being used as a Node, including if the Node is on the Server:

cd ~/sandfly-setup/setup
./clean_docker.sh

* Stopping node container 865c0500124e
865c0500124e
865c0500124e
* Stopping node container 3b9a82446aae
3b9a82446aae
3b9a82446aae

* Done.

...

You will see a large list of container hashes go by. Then you will be back at the command prompt. That means the script completed and the Docker containers have been removed.

Step 5: Run Start Scripts On Server and Nodes

On the server, and separately on all nodes, simply run the applicable start script. They will pull over the latest version of Sandfly and run it.

On the Server:

cd ~/sandfly-setup/start_scripts/
./start_sandfly.sh
*** Starting Postgres.
** Loading images from local archive:
** ../../docker_images/sandfly-docker-images-5.4.2.tgz
** There will be a slight delay before further output...
...
Loaded image: quay.io/sandfly/sandfly:5.4.2
...
Loaded image: postgres:14.15

...
*** Starting Sandfly Server.

On every host being used as a Node, including if the Node is on the Server:

cd ~/sandfly-setup/start_scripts/
./start_node.sh
** Loading images from local archive:
** ../../docker_images/sandfly-docker-images-5.4.2.tgz
** There will be a slight delay before further output...
...
Loaded image: quay.io/sandfly/sandfly:5.4.2

On the Node(s) hosts you can run the start script multiple times to start additional containers depending on your RAM and CPU capacity.

Step 6: Verification

Run the docker ps command on the server and node(s) to make sure everything is running.

On the Server:

docker ps

CONTAINER ID   IMAGE                           COMMAND                  CREATED          STATUS          PORTS     NAMES
4b24ab50f1c5   quay.io/sandfly/sandfly:5.4.2   "/opt/sandfly/start_…"   4 seconds ago    Up 3 seconds    0.0.0.0:80->8000/tcp, :::80->8000/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp                  sandfly-server
f23041d1b2b4   postgres:14.15                  "docker-entrypoint.s…"   4 seconds ago    Up 3 seconds    5432/tcp   sandfly-postgres

On every host being used as a Node, including if the Node is on the Server:

docker ps

CONTAINER ID   IMAGE                           COMMAND                  CREATED          STATUS          PORTS     NAMES
865c0520124e   quay.io/sandfly/sandfly:5.4.2   "/opt/sandfly/start_…"   5 seconds ago    Up 3 seconds              boring_jang
3b9a82546aae   quay.io/sandfly/sandfly:5.4.2   "/opt/sandfly/start_…"   7 seconds ago    Up 5 seconds              clever_burnell
92b33fe63f33   quay.io/sandfly/sandfly:5.4.2   "/opt/sandfly/start_…"   8 seconds ago    Up 6 seconds              goofy_blackwell

At this point you should now be able to log back into the UI. If you would like to confirm the version number and/or public keys, navigate to Settings > Settings Summary within the UI. The version number and build information are displayed in the "About Sandfly" section.

Step 7: Resume Your Schedules

Finally, re-activate your formerly enabled schedules and Sandfly will take up where it left off.

Updated 27 days ago