Upgrading Sandfly
You will receive announcements about new versions of Sandfly from the mailing list if you subscribed to it. Additionally, you can check our website for announcements about new versions.
TIP: Keep Your System Updated!
We are constantly adding in new sandfly investigative capabilities and features. You will want to make sure you keep your system updated.
To update Sandfly, fully read and complete the following steps.
Step 1: Pause Scheduled Tasks
Log into the Sandfly user interface (UI) and deactivate all enabled schedules. This is to ensure that no scheduled tasks are started during the install. You will need to resume the formerly active schedules after the upgrade is finished. See Deactivating and Deleting Schedule for details.
Step 2: Make Sure All Tasks Have Completed
In the Sandfly UI, check the Task Queues by clicking on its button in the Top Bar or via the sidebar at Scanning > Task Queues and make sure the task queue(s) are at 0 (zero), as indicated by the Total Tasks value. It is important to not stop nodes in the middle of scans because it can leave orphaned files on the remote hosts. If the nodes are allowed to finish then everything cleans up correctly.
Step 3: Download The Update
Option 1: Pull Latest Setup Scripts with Git
If you pulled the original setup from github, perform the following sequence. If you used the tarball you should proceed to step 3, option 2 instead.
Go to the "sandlfy-setup" directory on your server and nodes: (NOTE: your installation directory may be different than the default. If it is, simply use that path instead.)
cd ~/sandfly-setup
Then do a "git pull" to pull over the latest setup scripts:
git pull origin
Option 2: Pull Latest Setup Tarball
If you did not initially install the setup scripts with git, you will have to pull the latest version from the following URL and then untar it over the existing sandfly-setup directory:
Step 4: Delete Docker Images
Once all tasks have been cleared out, we can run our scripts to stop and delete all of the Docker containers on the server and node instances.
Run the following command on the server and all nodes.
On the Server:
cd ~/sandfly-setup/setup
./clean_docker.sh
* Sandfly server is running on this system. Stopping...
4b24ab50f1c5
4b24ab50f1c5
* Sandfly server stopped.
* Postgres is running on this system. Stopping...
f23041d1b2b4
waiting for server to shut down....
f23041d1b2b4
* Postgres server stopped.
* Done.
4b24ab50f1c5
f23041d1b2b4
4b24ab50f1c5
f23041d1b2b4
Untagged: quay.io/sandfly/sandfly:5.0.2
...
Untagged: postgres:14.9
...
On the Node(s):
cd ~/sandfly-setup/setup
./clean_docker.sh
* Stopping node container 865c0500124e
865c0500124e
865c0500124e
* Stopping node container 3b9a82446aae
3b9a82446aae
3b9a82446aae
* Done.
...
You will see a large list of container hashes go by. Then you will be back at the command prompt. That means the script completed and the Docker containers have been removed.
Step 5: Run Start Scripts On Server and Nodes
On the server, and separately on all nodes, simply run the applicable start script. They will pull over the latest version of Sandfly and run it.
On the Server:
cd ~/sandfly-setup/start_scripts/
./start_sandfly.sh
*** Starting Postgres.
...
*** Starting Sandfly Server.
...
<server is started>
On the Node(s):
cd ~/sandfly-setup/start_scripts/
./start_node.sh
Unable to find image 'sandfly/sandfly-node:latest' locally
latest: Pulling from sandfly/sandfly-node
...
On the Node(s) hosts you can run the start script multiple times to start additional containers depending on your RAM and CPU capacity.
Step 6: Verification
Run the docker ps
command on the server and node(s) to make sure everything is running.
On the Server:
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4b24ab50f1c5 quay.io/sandfly/sandfly:5.0.2 "/opt/sandfly/start_…" 4 seconds ago Up 3 seconds 0.0.0.0:80->8000/tcp, :::80->8000/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp sandfly-server
f23041d1b2b4 postgres:14.9 "docker-entrypoint.s…" 4 seconds ago Up 3 seconds 5432/tcp sandfly-postgres
On the Node(s):
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
865c0520124e quay.io/sandfly/sandfly:5.0.2 "/opt/sandfly/start_…" 5 seconds ago Up 3 seconds boring_jang
3b9a82546aae quay.io/sandfly/sandfly:5.0.2 "/opt/sandfly/start_…" 7 seconds ago Up 5 seconds clever_burnell
92b33fe63f33 quay.io/sandfly/sandfly:5.0.2 "/opt/sandfly/start_…" 8 seconds ago Up 6 seconds goofy_blackwell
At this point you should now be able to log back into the UI. If you would like to confirm the version number, navigate to Settings > Settings Summary within the UI. The version number and build information is displayed in the "About Sandfly" section.
Step 7: Resume Your Schedules
Finally, re-activate your formerly enabled schedules and Sandfly will take up where it left off.
Updated 3 months ago