6. Upgrading from GOS 5 to GOS 6

Note

GOS 6 updates many vulnerability scanning and management components of the Greenbone Security Manager (GSM) to a major new version. This includes a transition to the Open Scanner Protocol (OSP).

Due to this transition, master-sensor setups with mixed GOS versions (GOS 5/GOS 6) are not supported. The upgrade has to be carried out for every Greenbone Security Manager (GSM) separately, including sensors.

The expert mode networking feature was removed for GOS 6. If this mode is still active, upgrading to GOS 6 is not possible. Contact the Greenbone Networks Support (support@greenbone.net) for help.

The ECDSA SSH key algorithm was removed for GOS 6. Logging in with such an SSH key is no longer possible and prevents upgrading to GOS 6. An SSH key of the following types has to be used: Ed25519 or RSA. Contact the Greenbone Networks Support (support@greenbone.net) for help.

Only proceed with upgrading to GOS 6 after reading the release notes and performing a backup of the current data, either via the backup functionality of GOS or via a VM snapshot on the hypervisor. Further news and previews for GOS 6 can be found at https://community.greenbone.net/c/news.

Before upgrading to GOS 6, the latest version of GOS 5 has to be installed on the GSM.

If there are any questions, contact the Greenbone Networks Support via e-mail (support@greenbone.net).

6.1. Upgrading the Greenbone Security Manager

The upgrade to GOS 6 can be carried out as follows:

  1. Select Maintenance and press Enter.

  2. Select Upgrade and press Enter.

  3. Select Switch Release and press Enter.

    → A warning informs that the GSM is upgraded to a major new version (see Fig. 6.1).

    _images/gos_menu_upgrade_gos6.png

    Fig. 6.1 Warning when upgrading to GOS 6

  4. Select Continue and press Enter.

    → A warning informs that the GSM is locked during the upgrade to GOS 6 (see Fig. 6.2).

    Note

    No system operations can be run during the upgrade and all running system operations have to be closed before upgrading.

    _images/gos_menu_upgrade_gos5_3.png

    Fig. 6.2 Warning that system is locked during the upgrade

  5. Select Yes and press Enter.

    → A message informs that the upgrade was started.

    Note

    When the upgrade is finished, a message informs that a reboot is required to apply all changes (see Fig. 6.3).

    _images/gos_menu_upgrade_gos5_4.png

    Fig. 6.3 Message after a successful upgrade

  6. Select Reboot and press Enter.

6.2. Upgrading the Flash Partition to the Latest Version

The internal flash partition of the GSM contains a backup copy of GOS and is used in case of a factory reset.

Upgrading the GOS version stored on the flash partition is recommended (see Chapter 7.3.7).

6.3. Reloading the Web Interface After an Upgrade

After an upgrade from one major version to another, the cache of the browser used for the web interface has to be emptied. Clearing the browser cache can be done in the options of the used browser.

Alternatively, the page cache of every page of the web interface can be emptied by pressing Ctrl and F5.

Note

Clearing the page cache has to be done for every single page.

Clearing the browser cache is global and applies to all pages.

6.4. Changes of Default Behaviour

The following list displays the changes of default behaviour from GOS 5 to GOS 6. Depending on the current features used, these changes may apply to the currently deployed setup.

Note

Check the following list to decide whether changes to the currently deployed setup are required. The Greenbone Networks Support (support@greenbone.net) may help during this process.

gb_video The changes are briefly explained in a video.

6.4.1. Web Interface

The menu Extras was dissolved and the menu Resilience was added.

The entries Performance, Trashcan, CVSS Calculator and Feed Status were moved from Extras to other menus. The user settings and the logout action can now be accessed by moving the mouse over the user icon in the upper right corner.

The menu Resilience was added containing the new functionalities Compliance Policies and Compliance Audits. In addition to that, the entry Remediation Tickets were moved to Resilience.

The entry Permissions was moved to the menu Administration. Additionally, the menu Administration is now visible for all users but contains only the entries according to the respective user’s permissions.

The user manual can now be found at Help > User Manual in the menu bar.

The entry TLS Certificates was added to the menu Assets.

6.4.2. Compliance Handling

In GOS 5.0 compliance was managed implicitly. Scan configurations and tasks could be used to represent compliance policies and audits.

With GOS 6.0 an explicit, intuitive compliance process was added. This includes creating or importing compliance policies and running compliance audits.

The results of an audit can be exported in the new report format GCR (Greenbone Compliance Report).

6.4.3. Scan Configurations

Due to changes to the NVT preference naming and identifier scheme, scan configurations created with GOS 5 or older may no longer be imported. Only scan configurations created with GOS 6 can be imported.

The default scan configurations included in GOS 6 are not affected.

6.4.4. Backups

Only backups created with the currently used GOS version or the previous GOS version can be restored. For GOS 6, only backups from GOS 5 or GOS 6 can be imported. If an older backup should be imported, e.g., from GOS 3 or GOS 4, an appliance with a matching GOS version has to be used.

Backups from GOS versions newer than the currently used GOS version are not supported as well. If a newer backup should be imported, an appliance with a matching GOS version has to be used.

6.4.5. Sensors

The sensor appliances (GSM 35 and GSM 25V) now use the Open Scanner Protocol (OSP) instead of the Greenbone Management Protocol (GMP). This means much lighter appliances that use less resources and can offer better performance, e.g., substantially decreased feed synchronization times. If GMP was used, the GMP API of the sensor cannot be used anymore.

In GOS 5.0 the results of a scan collected by a sensor remained in the database of the sensor. With GOS 6.0 the sensor types GSM 35 and GSM 25V become “lean sensors”, i.e., they do not have a database.

In case the sensor has a power-off, a task cannot be continued and the partial results cannot be obtained from the sensor.

Due to this change, sensor appliances (GSM 35 and GSM 25V) have to be set up and configured in a new way (see Chapter 16.2 – Update all sensor protocols).

6.4.6. TLS Certificates

With GOS 6.0 the asset management contains all collected TLS certificated.

The overview of TLS certificates for a certain report can directly be opened from the report.

6.4.7. Greenbone Management Protocol (GMP)

The Greenbone Management Protocol (GMP) has been updated to version 9.0 and the API has been adjusted slightly. The usage of some commands has changed and several commands, elements and attributes have been deprecated. The complete reference guide and the list of changes are available here.

6.4.8. Deprecated GOS Functionalities

The Expert Mode networking feature and support for the ECDSA SSH key algorithm have been removed. For SSH, only the following key types are supported now: Ed25519 and RSA.