« Back to Lynis Enterprise - Self-hosted

Migration of Lynis Enterprise

Important notices

  • Do NOT perform an OS upgrade on an existing system, unless this is confirmed by CISOfy
  • We suggest contacting us before doing a migration to ensure you have a compatible operating system

Actions on the existing system

Create a backup of the database (on existing Lynis Enterprise system)

Switch to the PostgreSQL user

su - postgres

Create the backup

/usr/bin/pg_dump --clean lynis_enterprise --file=/tmp/dump-database-lynis_enterprise.sql"

Copy the database backup from existing to new system

Use SCP or file share to copy the database backup to the new system

Optional: log out

From now on, all steps happen on the new system. To prevent accidential deletion of data on the existing system, consider logging out or switch to a non-privileged user.

Installation on new system

  • Use a supported version (contact us for details)
  • Software is installed in /data, so use a dedicated partition that can grow (LVM) or have a root file system that is big enough
  • Install all available updates

Configure email

Install Postfix or another MTA so that the system can send emails (alerts/password resets)

Configure firewall

Open port 443 (TCP) for incoming connections (upload of client systems, users to connect to system). Open any other ports that are needed for system administration.

Install Lynis Enterprise

Follow the installation instructions for your distribution.

  • Configure the Lynis Enterprise repository
  • Install ’lynis-updater’ tool
  • Run ’lynis-updater install
  • Use ‘root’ for the admin account or an alternative (and document it properly)

Migrate database

Note, only do this on the new system

Switch to the PostgreSQL user

su - postgres

Drop the database lynis_enterprise, as we will recreate this from the backup

psql -d postgres -c "DROP DATABASE IF EXISTS lynis_enterprise"

Create new database

psql -d postgres -c "CREATE DATABASE lynis_enterprise"

Restore the database dump

psql lynis_enterprise -f /path/to/dump-database-lynis_enterprise.sql

Reboot the system

To ensure that all is working correctly, also after a reboot, it is advised to reboot.

reboot

Perform status test

Ensure all components start up correctly and are running.

lynis-updater status

Log in to the web interface

Log in as ‘root’ to the interface

Optional: Shutdown the old system

The old system should now no longer receive any communications.

Optional: switch hostname on the new system

Update system configuration

The first step is to update the hostname is the system configuration

  • Change /etc/hosts
  • Change /etc/hostname
  • Reboot the system, so the changes

Update Lynis Enterprise configuration

After that, we need to reflect the changes in the Lynis Enterprise application

  • Change hostname in /data/lynis-enterprise/updater/config
  • Run lynis-updater update --force
  • Reboot the system

Test configuration

After the reboot, validate the configuration

lynis-updater status

Then log in to the web interface and confirm that it is working. Additionally, perform a system upload from a client system and see if its data is being updated.

Feedback

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution.