If you are installing on a new server (not upgrading from v5), please use this installer:
https://updates.atomicorp.com/installers/awp_standalone.sh
Upgrading from v5 or v5.5 to v6
- Backup your system
- As the root user, run this command:
wget -q -O - https://updates.atomicorp.com/installers/awp_standalone.sh |bash
The above script performs an automated process that updates from version 5 to version 6. It is unattended and does not require input by the user.
Please note: OSSEC logs files are not removed and will be indexed in v6. For systems with lots of OSSEC logs, this conversion process may take time to complete and is normal.
V6 Architecture Changes
- Adds 2 new daemons: awpd and awp
- awpd does the indexing, awpwebd is the web front end and API
- Does not install any of the previous components in version 5.
- Indexes the ossec alerts and log file instead of using the mysql relational database design to display data in the User Interface.
- Upgrade to the atomic update manager (aum) to pull from the v6 instead of v5 repository.
- Turns the tortix database off and the tortix daemon which provided data to the UI.
- Installs go-lang libraries and dependencies.
- Adds new awp repository to /etc/yum.repos.d/
Impact:
- Tortixdb turns off
- ibdata file stops being written to by mysql. In the previous version this file continued to grow due to events being written to the tortixdb and could not be deleted.
- Improved performance:
- Decreased CPU utilization
- Decreased memory utilization.
- More storage space becomes available
- Faster searching capabilities within the UI.
New Features:
- System Overview panel. Improved Hub Monitoring. Shows: disk space used for mounted filesystems on AEO Hub, physical memory and swap memory. In addition it shows current system load with the base, peak and average.
- Security Configuration Assessment (SCA) scanner that quantifies vulnerabilities on the endpoints connected to the hub. Uses yaml files configured within the module to map results to Security Frameworks such as PCI and CIS benchmarks. Scans can be run in intervals or on demand.
- Agent Management Enhancements: Create Sub groups under parent groups
- Improved Events Searching: Able to search by security frameworks by entering in the security framework in the text search field.
- Unlimited saved and exported search results.
- Compliance Reporting (PCI, CIS) - Presentation layer will continue to be updated.
- Visible connections on the hub (Access Control > Connections)
- Reporting Features - Agent Status; Event Searches; Vulnerability Scan Results; SCA Scan Results.