Upgrading Sandfly

You will receive announcements about new versions of Sandfly from the mailing list if you subscribed to it. Additionally, you can check our website for announcements about new versions.

πŸ‘

TIP: Keep Your System Updated!

We are constantly adding in new sandfly investigative capabilities and features. You will want to make sure you keep your system updated.

To update Sandfly, fully read and complete the following steps.

Step 1: Pause Scheduled Tasks

Log into the Sandfly user interface (UI) and deactivate all enabled schedules. This is to ensure that no scheduled tasks are started during the install. You will need to resume the formerly active schedules after the upgrade is finished. See Deactivating and Deleting Schedule for details.

Step 2: Make Sure All Tasks Have Completed

In the Sandfly UI, check the Task Queues by clicking on its button in the Top Bar or via the sidebar at Scanning > Task Queues and make sure the task queue(s) are at 0 (zero), as indicated by the Total Tasks value. It is important to not stop nodes in the middle of scans because it can leave orphaned files on the remote hosts. If the nodes are allowed to finish then everything cleans up correctly.

Empty Task Queue

Empty Task Queue

Step 3: Download The Update

Option 1: Pull Latest Setup Scripts with Git

If you pulled the original setup from github, perform the following sequence. If you used the tarball you should proceed to step 3, option 2 instead.

Go to the "sandlfy-setup" directory on your server and nodes: (NOTE: your installation directory may be different than the default. If it is, simply use that path instead.)

cd ~/sandfly-setup

Then do a "git pull" to pull over the latest setup scripts:

git pull origin

Option 2: Pull Latest Setup Tarball

If you did not initially install the setup scripts with git, you will have to pull the latest version from the following URL and then untar it over the existing sandfly-setup directory:

Step 4: Delete Docker Images

Once all tasks have been cleared out, we can run our scripts to stop and delete all of the Docker containers on the server and node instances.

Run the following command on the server and all nodes.

On the Server:

cd ~/sandfly-setup/setup

./clean_docker.sh
* Sandfly server is running on this system. Stopping...
4b24ab50f1c5
4b24ab50f1c5
* Sandfly server stopped.
* Postgres is running on this system. Stopping...
f23041d1b2b4
waiting for server to shut down....
f23041d1b2b4
* Postgres server stopped.

* Done.

4b24ab50f1c5
f23041d1b2b4
4b24ab50f1c5
f23041d1b2b4
Untagged: quay.io/sandfly/sandfly:5.0.2
...
Untagged: postgres:14.9
...

On the Node(s):

cd ~/sandfly-setup/setup
./clean_docker.sh

* Stopping node container 865c0500124e
865c0500124e
865c0500124e
* Stopping node container 3b9a82446aae
3b9a82446aae
3b9a82446aae

* Done.

...

You will see a large list of container hashes go by. Then you will be back at the command prompt. That means the script completed and the Docker containers have been removed.

Step 5: Run Start Scripts On Server and Nodes

On the server, and separately on all nodes, simply run the applicable start script. They will pull over the latest version of Sandfly and run it.

On the Server:

cd ~/sandfly-setup/start_scripts/
./start_sandfly.sh
*** Starting Postgres.
...
*** Starting Sandfly Server.
...

<server is started>

On the Node(s):

cd ~/sandfly-setup/start_scripts/
./start_node.sh
Unable to find image 'sandfly/sandfly-node:latest' locally
latest: Pulling from sandfly/sandfly-node
...

On the Node(s) hosts you can run the start script multiple times to start additional containers depending on your RAM and CPU capacity.

Step 6: Verification

Run the docker ps command on the server and node(s) to make sure everything is running.

On the Server:

docker ps

CONTAINER ID   IMAGE                           COMMAND                  CREATED          STATUS          PORTS                                                                            NAMES
4b24ab50f1c5   quay.io/sandfly/sandfly:5.0.2   "/opt/sandfly/start_…"   4 seconds ago    Up 3 seconds    0.0.0.0:80->8000/tcp, :::80->8000/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp   sandfly-server
f23041d1b2b4   postgres:14.9                   "docker-entrypoint.s…"   4 seconds ago    Up 3 seconds    5432/tcp                                                                         sandfly-postgres

On the Node(s):

CONTAINER ID   IMAGE                           COMMAND                  CREATED          STATUS          PORTS                                                                            NAMES
865c0520124e   quay.io/sandfly/sandfly:5.0.2   "/opt/sandfly/start_…"   5 seconds ago    Up 3 seconds                                                                                     boring_jang
3b9a82546aae   quay.io/sandfly/sandfly:5.0.2   "/opt/sandfly/start_…"   7 seconds ago    Up 5 seconds                                                                                     clever_burnell
92b33fe63f33   quay.io/sandfly/sandfly:5.0.2   "/opt/sandfly/start_…"   8 seconds ago    Up 6 seconds                                                                                     goofy_blackwell

At this point you should now be able to log back into the UI. If you would like to confirm the version number, navigate to Settings > Settings Summary within the UI. The version number and build information is displayed in the "About Sandfly" section.

Step 7: Resume Your Schedules

Finally, re-activate your formerly enabled schedules and Sandfly will take up where it left off.