Sophos UTM: Update the UTM through the Shell


It is recommended that all UTM users update their systems regularly. While there is usually no issue during an update, sometimes an update can have errors. This is an article to assist when having update problems.

Applies to the following Sophos product(s) and version(s)
Astaro Security Gateway/Sophos UTM

Operating systems
V7, V8, V9

What To Do

One of the common issues that will occur is with system up2dates not functioning as intended through the WebAdmin. Although sometimes users may forget that they do need to apply System up2dates manually, as opposed to pattern up2dates which are automatic. Up2date management is configured under ‘Management’ | ‘Up2date’.

In the event that normal up2date from the WebAdmin does not work there are several tests that can be run as well as force of up2dates to run from SSH.

Simulation of RPM installs

Simulation of an up2date install is useful for determining why a particular up2date may be failing. The output will appear in the standard /var/log/up2date.log file or for an individual test by sending to a file will make examination easier.

auisys.plx --simulation
auisys.plx --simulation >> up2datetest.log

Up2date to a specific version

This is useful for up2dating to a specific version rather than all the way to the latest in particular with up2dates making large changes as noted by our feature releases of 8.100, 8.200, 8.300. Prior to up2dating completely it is usually useful and causes less problems to first up2date to the latest in the series prior to a feature release.

auisys.plx --upto 8.203

Force and skip RPM arguments

For up2date issues the combination of the –rpmargs and –force will have the greatest effect on loading all current up2dates. In addition these can be combined with the –upto version in order to create a powerful up2date order. This command is standard to run to effectively force all up2dates present to load on a system despite previous up2date failures which may be triggered by customized RPM packages having been loaded on the system previously.

auisys.plx --rpmargs --force

Or combined with ‘upto’ version:

auisys.plx --rpmargs --force --upto 8.203

Downloading new up2dates

Sometimes a new download or removal of an up2date will be required to resolve an issue if an up2date has been corrected on the up2date servers or is otherwise corrupted on a customer system. Remove any affected system up2dates from the AxG and run a new download:

cd /var/up2date/sys
rm u2d-sys-8.301*

If the download cannot communicate or authenticate to a server the download can be pulled directly from the Sophos ftp servers into the /var/up2date/sys directory with a wget command such as:

cd /var/up2date/sys

Then, to make the update appear in WebAdmin:

auisys.plx --showdesc

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.