Skip to content

SELKS 1.2 to SELKS 2.0 upgrades

Jump to bottom
Peter Manev edited this page May 6, 2015 · 18 revisions

What is the difference between SELKS 1.2 and SELKS 2.0 you can further read here

This is a major SELKS upgrade.

As a standard best practice - please make sure that you test the upgrade in your test/QA environment first before doing it on your production systems.

Please follow this guide to upgrade from SELKS 1.2 to SELKS 2.0

1)

root@SELKS:~# sed -i 's/wheezy/jessie/g' /etc/apt/sources.list

2)

root@SELKS:~# sed -i 's/wheezy/jessie/g' /etc/apt/sources.list.d/selks.list

3)

root@SELKS:~# sed -i 's/elasticsearch\/1\.4/elasticsearch\/1\.5/g' /etc/apt/sources.list.d/elasticsearch.list

4)

root@SELKS:~# apt-get update && apt-get dist-upgrade

You can answer "yes" to all the questions EXCEPT the ones below:

Configuration file '/etc/issue.net'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** issue.net (Y/I/N/O/D/Z) [default=N] ? N

Setting up nginx-common (1.6.2-5) ...
Installing new version of config file /etc/default/nginx ...
Installing new version of config file /etc/init.d/nginx ...
Installing new version of config file /etc/logrotate.d/nginx ...

Configuration file '/etc/nginx/fastcgi_params'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** fastcgi_params (Y/I/N/O/D/Z) [default=N] ? N

5)

in /etc/default/elasticsearch make sure you have the following:

# enable dirs and future upgrades
# Configure restart on package upgrade (true, every other setting will lead to not restarting)
RESTART_ON_UPGRADE=true

# Elasticsearch log directory
LOG_DIR=/var/log/elasticsearch

# Elasticsearch data directory
DATA_DIR=/var/lib/elasticsearch

# Elasticsearch work directory
WORK_DIR=/tmp/elasticsearch

# Elasticsearch configuration directory
CONF_DIR=/etc/elasticsearch

# Elasticsearch configuration file (elasticsearch.yml)
CONF_FILE=/etc/elasticsearch/elasticsearch.yml

6)

reboot:

root@SELKS:~# reboot

7)

Then make sure the services are enabled:

root@SELKS:/home/selks-user#  systemctl enable suricata.service
root@SELKS:/home/selks-user#  systemctl enable kibana-dashboards-stamus.service
root@SELKS:/home/selks-user#  systemctl enable elasticsearch.service
root@SELKS:/home/selks-user#  systemctl enable logstash.service
root@SELKS:/home/selks-user#  systemctl enable suri_reloader.service

8)

Restart services:

root@SELKS:/home/selks-user# systemctl restart suricata.service
root@SELKS:/home/selks-user# systemctl restart elasticsearch.service
root@SELKS:/home/selks-user# systemctl restart logstash.service
root@SELKS:/home/selks-user# systemctl restart suri_reloader.service

That is all.

Not happy with kernel 3.16 ...wanna upgrade - simple:

root@SELKS:~# apt-get install linux-headers-3.18.11-stamus linux-image-3.18.11-stamus

Clone this wiki locally