6. Upgrading from GOS 5 to GOS 6

Note

GOS 6 updates many vulnerability scanning and management components of the Greenbone Security Manager (GSM) to a major new version. This includes a transition to the Open Scanner Protocol (OSP).

Due to this transition, master-sensor setups with mixed GOS versions (GOS 5/GOS 6) are not supported. The upgrade has to be carried out for every Greenbone Security Manager (GSM) separately, including sensors.

The expert mode networking feature was removed for GOS 6. If this mode is still active, upgrading to GOS 6 is not possible. Contact the Greenbone Networks Support (support@greenbone.net) for help.

The ECDSA SSH key algorithm was removed for GOS 6. Logging in with such an SSH key is no longer possible and prevents upgrading to GOS 6. An SSH key of the following types has to be used: Ed25519 or RSA. Contact the Greenbone Networks Support (support@greenbone.net) for help.

Only proceed with upgrading to GOS 6 after reading the release notes and performing a backup of the current data, either via the backup functionality of GOS or via a VM snapshot on the hypervisor. Further news and previews for GOS 6 can be found at https://community.greenbone.net/c/news.

Before upgrading to GOS 6, the latest version of GOS 5 has to be installed on the GSM.

If there are any questions, contact the Greenbone Networks Support via e-mail (support@greenbone.net).

6.1. Upgrading the Greenbone Security Manager

The upgrade to GOS 6 can be carried out as follows:

  1. Select Maintenance and press Enter.

  2. Select Upgrade and press Enter.

  3. Select Switch Release and press Enter.

    → A warning informs that the GSM is upgraded to a major new version (see Fig. 6.1).

    _images/gos_menu_upgrade_gos6.png

    Fig. 6.1 Warning when upgrading to GOS 6

  4. Select Continue and press Enter.

    → A warning informs that the GSM is locked during the upgrade to GOS 6 (see Fig. 6.2).

    Note

    No system operations can be run during the upgrade and all running system operations have to be closed before upgrading.

    _images/gos_menu_upgrade_gos5_3.png

    Fig. 6.2 Warning that system is locked during the upgrade

  5. Select Yes and press Enter.

    → A message informs that the upgrade was started.

    Note

    When the upgrade is finished, a message informs that a reboot is required to apply all changes (see Fig. 6.3).

    _images/gos_menu_upgrade_gos5_4.png

    Fig. 6.3 Message after a successful upgrade

  6. Select Reboot and press Enter.

6.2. Upgrading the Flash Partition to the Latest Version

The internal flash partition of the GSM contains a backup copy of GOS and is used in case of a factory reset.

Upgrading the GOS version stored on the flash partition is recommended (see Chapter 7.3.7).

6.3. Changes of Default Behaviour

The following list displays the changes of default behaviour from GOS 5 to GOS 6. Depending on the current features used, these changes may apply to the currently deployed setup.

Note

Check the following list to decide whether changes to the currently deployed setup are required. The Greenbone Networks Support (support@greenbone.net) may help during this process.

6.3.1. Web Interface

Changed menu bar

The menu Extras was dissolved and the menu Resilience was added.

The entries Performance, Trashcan, CVSS Calculator and Feed Status were moved from Extras to other menus. The user settings can now be opened by clicking on the user name.

The menu Resilience was added containing the new functionalities Compliance Polcies and Compliance Audits. In addition to that, the entry Remediation Tickets were moved to Resilience.

The entry Permissions was moved to the menu Administration. Additionally, the menu Administration is now visible for all users but contains only the entries according to the respective user’s permissions.

The user manual con now be found at Help > User Manual in the menu bar.

The entry TLS Certificates was added to the menu Assets.

6.3.2. Compliance Handling

In GOS 5.0 compliance was managed implicitly. Scan configurations and tasks could be used to represent compliance policies and audits.

With GOS 6.0 an explicit, intuitive compliance process was added. This includes creating or importing compliance policies to the GSM and running compliance audits.

The results of an audit can be exported in the new report format GCR (Greenbone Compliance Report).

6.3.3. Report Formats

The new report format GCR (Greenbone Compliance Report) was added for the results of a compliance audit.

The report format GCR is a derivate of the report format GSR HTML.

6.3.4. Sensors

The sensor appliances (GSM 35 and GSM 25V) now use the Open Scanner Protocol (OSP) instead of the Greenbone Management Protocol (GMP). If GMP was used, the GMP API of the sensor cannot be used anymore.

In GOS 5.0 the results of a scan collected by a sensor remained in the database of the sensor. With GOS 6.0 the sensor types GSM 35 and GSM 25V become “lean sensors”, i.e. they do not have a database.

In case the sensor has a power-off, a task cannot be continued and the partial results cannot be obtained from the sensor.

Due to this change, sensor appliances (GSM 35 and GSM 25V) have to be set up and configured in a new way.

6.3.5. TLS Certificates

With GOS 6.0 the asset management contains all collected TLS certificated.

The overview of TLS certificates for a certain report can directly be opened from the report.

6.3.6. Greenbone Management Protocol (GMP)

The Greenbone Management Protocol (GMP) has been updated to version 9.0 and the API has been adjusted slightly. The usage of some commands has changed and several commands, elements and attributes have been deprecated. The complete reference guide and the list of changes are available here.