-
Notifications
You must be signed in to change notification settings - Fork 70
Updating 2019.1 to 2019.2
@AlanOrlikoski edited this page Mar 29, 2019
·
4 revisions
Step 1 (optional): Remove Plaso and TimeSketch and /usr/bin/local/cdqr.py from the host OS as they are no longer used
sudo apt remove -y plaso-data plaso-tools
sudo -H pip uninstall timesketch -y
sudo rm /usr/local/bin/cdqr.py
Step 2: Download the latest docker-compose.yml file and rebuild
cd /opt/Skadi/Docker
docker-compose down
sudo curl -O /opt/Skadi/Docker/docker-compose.yml https://raw.githubusercontent.com/orlikoski/Skadi/master/Docker/docker-compose.yml
echo HEAP_SIZE=1g | sudo tee -a /opt/Skadi/Docker/.env
docker-compose up -d
Step 3: Update TimeSketch config file to newer format
sudo sed -i "s/u'/'/g" /etc/timesketch.conf
sudo sed -i s/NEO4J_PASSWORD =.*^/NEO4J_PASSWORD = ''/g /etc/timesketch.conf
sudo sed -i s"/NEO4J_PASSWORD =.*/NEO4J_PASSWORD = \'\'"/g /etc/timesketch.conf
Step 4: Keep Postgres v10 to preserve data
sudo sed -i "s/postgres:11/postgres:10/g" /opt/Skadi/Docker/docker-compose.yml
Step 5: Install CDQR Docker and the CDQR Docker helper script
docker pull aorlikoski/cdqr:4.4.0
sudo curl -o /usr/local/bin/cdqr https://raw.githubusercontent.com/orlikoski/CDQR/master/Docker/cdqr
sudo chmod +x /usr/local/bin/cdqr
Back up everything you really want to keep before doing this. The data should persist in the data volumes Skadi uses but accidents happen. It might take a while to download all of the new docker containers required.