Perform the installation in the following order:
If you are upgrading the Change Guardian server on a computer running RHEL, ensure that the 64-bit expect RPM is installed before you start the upgrade.
To upgrade the Change Guardian Server in a traditional installation:
Back up your information using the cgbackup_util.sh script.
For information about using the backup utility, see Section 12.0, Backing Up and Restoring Data.
Download the latest installer from the Micro Focus Patch Finder website.
You must be a registered user to download patches. If you have not registered, click Register to create a user account in the patch download site.
Copy the installer file to a directory that has 0755 permissions.
NOTE:Trying to upgrade from any directory within /root fails because certain upgrade commands run as non-root user. Such commands cannot run if the installer is in the /root directory.
Log in as root to the Change Guardian server you want to upgrade.
Extract install files from the tar file:
tar -zxvf <install_filename>Change to the directory where the install file was extracted.
Start the upgrade:
./install-changeguardian.sh
(Conditional) If you want to upgrade from a custom path, specify the following command:
./install-changeguardian.sh --location=<custom_CG_directory_path>
NOTE:You can only upgrade from a custom path used for the original installation and the path must have 0755 permissions.
To proceed with a language of your choice, select the number next to the language.
If there are changes to the end user license agreement, read and accept the changes.
To select the desired migration option, enter option 1, 2, or 4.
WARNING:Ensure that you select the appropriate option because you cannot repeat this procedure after the upgrade is successful.
The data that was stored in MongoDB is retained as a backup.
(Conditional) If data migration is not successful, clean up data from PostgreSQL.
Specify yes to approve the upgrade.
The upgrade might take a few seconds to complete.
(Conditional) If your system does not meet the recommended disk space, make the required changes to the computer.
(Conditional) The data in MongoDB is redundant because Change Guardian 6.0 stores data only in PostgreSQL. To remove redundant data from MongoDB, clear the disk space:
./mongodb_cleanup.sh
Verify that you see the migrated content and that you are receiving new alerts by logging in to the Threat Response Dashboard.
Verify that you can connect to the Change Guardian web interface by accessing the following URL:
https://IP_Address_Change_Guardian_server:8443
Based on your security requirement, perform the post upgrade configurations.
If the Change Guardian server is running a version of an operating system that is not certified, some features might not function as expected. Upgrade to a supported operating system for a seamless experience.
To upgrade the operating system:
Log in as root to the machine running Change Guardian.
Stop the Change Guardian services:
/opt/netiq/cg/scripts/cg_services.sh stop
(Conditional) If Change Guardian was in FIPS mode before the operating system upgrade, upgrade the NSS database:
certutil -K -d sql:/etc/opt/novell/sentinel/3rdparty/nss -X
Follow the on-screen instructions to upgrade the NSS database.
Give full permissions to novell user for the following files in the /etc/opt/novell/sentinel/3rdparty/nss directory:
cert9.db key4.db pkcs11.txt
Upgrade the operating system.
(Conditional) If you use Mozilla Network Security Services (NSS) 3.29 or later, install the two dependent RPM files:
libfreebl3-hmac
libsoftokn3-hmac
(Conditional) For RHEL 7.x, check whether there are any errors in the RPM database:
rpm -qa --dbpath <install_location>/rpm | grep novell
Example: # rpm -qa --dbpath /custom/rpm | grep novell
If there are any errors, fix the errors:
rpm --rebuilddb --dbpath <install_location>/rpm
For example: # rpm --rebuilddb --dbpath /custom/rpm
Recheck that there are no errors:
rpm -qa --dbpath <install_location>/rpm | grep novell