Performing a Sophos UTM Up2Date from the command line

  • Article ID: 115382
  • Rating:
  • 1 customers rated this article 2.0 out of 6
  • Updated: 28 Aug 2013

This article provides information and commands related to the Sophos UTM Up2Date process.

The commands can be run from the command line and perform such tasks as manually updating, pre-checking an update will work, forcing a re-installation, etc.

Applies to the following Sophos product(s) and version(s)

Sophos UTM

Introduction

The Up2Date installer is used to install both system and pattern up2dates.

It will by default install all available Up2Date packages first (and records whether a reboot of the UTM is required). If a reboot is required it will schedule the reboot until the successful installation of the last available Up2Date package.

You can also only install up to a specific version using the -upto switch. Running in -simulation mode will not make any changes to the file system, so this mode can be used to see the Up2Date package contents and scripts which would be triggered.

The -showdesc option will unpack the installation instruction file from the Up2Date package, so you can access the Up2Date package properties (version, required version, reboot required, urgency) as well as the description (bug fixes, news, etc.).

Note:

  • The installer is very strict. If one point of the installation fails, the complete installation is considered a failure. Make sure the script hooks you want to execute do exit correctly.
  • When a system Up2Date installation fails because of some random issue (like a failing script), it cannot be installed via the WebAdmin again because the RPMs have already (partly) been installed and therefore the pre-installation check fails. This is also the case if you have had RPMs installed by either support or development.
  • The current workaround which solves the problem of partly installed RPMs is to use the -rpmargs -force command. It is not possible to run this command from the web frontend.
  • For 7.400, the Up2Date installer was changed to skip already installed RPM packages during the installation. Therefore, Up2Date packages can be re-installed again using the WebAdmin.
  • There is a new command line option to force the RPM package re-installation (-rpmreinstall) in case you need to re-install packages; in this case, you also have to use the -rpmargs -force command line switches.

Generate and show Up2Date description

Use the following command to upload an Up2Date package manually via SSH to the UTM and want to see it immediately as available Up2Date in the WebAdmin:

  • auisys.plx -showdesc

Download package in debug mode

The following command will provide debug output from the downloading process, include authentication, md5sum. You find the tar.gz file in /var/up2date/sys

  • audld.plx -level d

Simulate installation process

The following command starts the UTM Up2Date installation process in simulation mode. This allow you to test whether the installation would work before actually installing for real.

  • auisys.plx -simulation

The following shows an example output:

myUTM:/root # auisys.plx -simulation
Starting Up2Date Package Installer
Simulation mode enabled!
Searching for available up2date packages for type 'sys'

Installing up2date package version 9.092008
myUTM:/root # Verifying up2date package signature
Unpacking installation instructions
Unpacking up2date package container
Running pre-installation checks
Starting up2date package installation
Would do 0, 0 [ENV 300] rpm --test -U --nodeps /var/up2date//sys-install/u2d-sys-9.092008/rpms/libgmime-2_4-2-2.4.26-10.gb6ce3fc.i686.rpm
Would do 0, 1 [ENV 300] rpm --test -U --nodeps /var/up2date//sys-install/u2d-sys-9.092008/rpms/libiconv-1.12-10.g1ff1a15.i686.rpm

...
...
...

Would do 7, 0 [ENV 300] sh -c exec /var/up2date//sys-install/u2d-sys-9.092008/./update9.092008post_start
Would do 9, 0 [NOENV no] rm /var/up2date//sys/u2d-sys-9.091005-092008.tgz.gpg
Would do 9, 1 [NOENV no] sync
Would touch '/tmp/.u2d-sys-9.091-9.092-5.8.1.tgz'
Would mark for reboot now

Installing up2date package version 9.100008
Verifying up2date package signature
Unpacking installation instructions
You are currently running Version 9.091005, but Version 9.092008 is required for this up2date package.

Force an Up2date process

  • auisys.plx -rpmargs -force

Pattern Up2Date

Remove actual virus patterns

  • rpm -e u2d-auav -nodeps rpm -e u2d-clam -nodeps

Restore default patterns

  • mount /opt/inst cd /opt/inst/rpm rpm -Uhv u2d-auav-7-103.i686.rpm -force rpm -Uhv u2d-clam-7-465.i686.rpm -force

Force pattern installation (without sys install)

  • auisys.plx -nosys

Up2Date Downloader audld.plx

The Up2Date downloader is used to download system up2dates as well as pattern up2dates. The default operation is to fetch all Up2Date types which are mentioned in the configuration; you can choose a subset of these by using the -types command line switch.

Usage:

  • audld --help
  • audld --version
  • audld --level <d(ebug)|i(nfo)|w(arn)|c(rit)>
  • audld --configfile <path/to/file>
  • audld --types|modes=type,type2,type3
  • audld --nosys (exclude type "sys")
  • audld --dryrun (don't download packages)
  • audld --server <host:port> (preferred server)
  • audld --trigger (trigger pattern download/installation)
  • audld --proxy <(user:pass@)host:port> (preferred proxy)
  • audld --ha-override (override HA slave/cluster routine)

Those are gnu longopts, so abbreviations are possible.

Up2Date Installer auisys.plx

Usage:

  • Configuration options:
    • --configfile <path> the config file
    • --transferdir <path> where to look for incoming files
    • --workbasedir <path> where to unpack the incoming file
    • --level [c|e|w|i|d|n] set debuglevel
  • Installation options:
    • --simulation no real work - only simulation
    • --[no]cleanupcleanup of workdir; default: on
    • --[no]reboot reboot enabled; default: on
    • --upto X.yyyzzz end version (default: 999.999999) (enforces sys-only run)
    • --oldestonly only the next version (enforces sys-only run)
    • --types <type> restrict the up2date package types
    • --nosys don't do system up2date installation
    • --rpmargs --arg1,--arg2 pass additional arguments to RPM
    • --rpmreinstall don't skip already installed RPM packages
  • Other Modes - No installation:
    • --help help text and exit
    • --version module versions and exit
    • --showdesc generate and show up2date description

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments