31.4 Upgrading the Operating System

This version of Sentinel includes a set of commands to use during the operating system upgrade procedure. These commands ensure Sentinel works correctly after you upgrade the operating system. Before you upgrade Sentinel, ensure that you refer system requirements for compatibility. For information, see Sentinel System Requirements.

IMPORTANT:

  • If you want to upgrade from SLES 11 SP4, you must first upgrade to SLES 12 SP3 or SLES12 SP4 and then upgrade to SLES 15 or SLES 15 SP1.

  • If you are on RHEL version 7.7, do not upgrade to version 8.x because this is not supported by Red Hat. For more information, see the Red Hat documentation.

Use the following steps to upgrade your operating system:

  1. On the Sentinel server where you want to upgrade your operating system, log in as one of the following:

    • root user

    • Non-root user

  2. Open a command prompt and change to the directory where the Sentinel install file was extracted.

  3. Stop the Sentinel services:

    rcsentinel stop

  4. (Conditional) If Sentinel was in FIPS mode before the operating system upgrade, NSS database files must be manually upgraded by running the following command:

    certutil -K -d sql:/etc/opt/novell/sentinel/3rdparty/nss -X

    Follow the on-screen instructions to upgrade the NSS database.

    Give full permissions to novell user for the following files:

    cert9.db
key4.db 
pkcs11.txt

  5. Upgrade your operating system.

  6. (Conditional) When upgrading to SLES 15 or SLES 15 SP1, the following warning is displayed:

    warning: Unsupported version of key: V3

    You can either ignore the warning or perform a workaround to prevent the warning from being displayed. For more information about the workaround, see the SLES documentation.

  7. (Conditional) If you are upgrading from RHEL version 7.6 to version 8.x, you may see a message that certain novell RPMs will be removed. If you see this message, you must

    1. Upgrade to Sentinel 8.3

    2. Back up Sentinel data.

    3. Upgrade the RHEL operating system.

    4. Restore Sentinel data.

  8. (Conditional) If you use Mozilla Network Security Services (NSS) 3.29, two dependent RPM files libfreebl3-hmac and libsoftokn3-hmac are not installed. Manually install the following RPM files: libfreebl3-hmac and libsoftokn3-hmac.

  9. (Conditional) If you are upgrading from SLES12SP4 to SLES15SP1 in FIPS mode, you must first upgrade the SLES operating system, apply the latest operating system patches, and then start Sentinel.

  10. (Conditional) For RHEL 7.x, run the following command to check whether there are any errors in the RPM database:

    rpm -qa --dbpath <install_location>/rpm | grep novell

    Example: # rpm -qa --dbpath /custom/rpm | grep novell

    1. If there are any errors, run the following command to fix the errors:

      rpm --rebuilddb --dbpath <install_location>/rpm

      Example: # rpm --rebuilddb --dbpath /custom/rpm

    2. Run the command mentioned in Step 7 to ensure that there are no errors.

  11. Repeat this procedure on the following:

    • Collector Managers

    • Correlation Engines

  12. Restart the Sentinel service:

    rcsentinel restart

    This step is not applicable for Sentinel HA.