FortiSOAR™ OS Update Process
FortiSOAR™ OS update process includes the following:
FortiSOAR™ CentOS 7 update server
Whenever CentOS publishes an important OS update for CentOS, an announcement is made using the CentOS-announce mailing list. The FortiSOAR™ engineering team is subscribed to this mailing list. Once a new update is available, FortiSOAR™ Engineering first tests these updates on a FortiSOAR™ Virtual Appliance by performing vulnerability scan using Nessus™. If no reported vulnerabilities are seen sanity testing is done for stability and regression. After confirming that the update is safe, updates are pushed to the FortiSOAR™ CentOS 7 update server (update.cybersponse.com).
FortiSOAR™ OS updates
Before release, FortiSOAR™ is updated with the latest updates from the CentOS mirror servers. A FortiSOAR™ customer automatically receives an OS update when they upgrade to the latest FortiSOAR™.
If a customer needs to update CentOS 7 without upgrading the FortiSOAR™ product itself, they can do the following:
- Ensure that update.cybersponse.com is reachable from your VM.
If you connect using a proxy, ensure that you set the proxy in the/etc/wgetrc,/etc/profile, andyum.conffiles. This is required to download the OS updates file. - SSH to your FortiSOAR™ 6.4.0 VM and log in as a root user.
-
Download the OS update script (
security-patch-update.sh) for 6.4.0 by running the following command:
# wget https://update.cybersponse.com/6.4.0/security-patch-update.sh
Note: If your instance can connect to update.cybersponse.com only using a proxy, then ensure that the proxy is set in the/etc/wgetrcfile.
For example:use_proxy=yes
http_proxy=<proxy_server_ip:port>
https_proxy=<proxy_server_ip:port> - Run the
security-patch-update.shscript to apply the security patch on your 6.4.0 system:
#sh security-patch-update.sh - Reboot your host post-upgrade, if directed by the script.