Flashes (Alerts)
Abstract
QRadar® SIEM development has identified a known issue where hosts with LUKS encryption cannot be upgraded to 7.5.0 Update Pack 8. This is a RHEL limitation. Customers wishing to upgrade to 7.5.0 Update Pack 8 from 7.5.0 Update Pack 7 should ensure that no hosts in the deployment have LUKS encryption. This technote allows administrators to identify a QRadar managed host with LUKS encryption enabled.
Notice: This technical note is published in advance of the QRadar 7.5.0 Update Package 8 release to alert administrators to a new upgrade requirement for on-premise QRadar SIEM administrators. QRadar 7.5.0 Update Package 8 is not released at this time.
Content
Technical note updates
- 15 March 2024 1:00 PM ET: Technote created for LUKS upgrade limitation.
Note: This technical note is being published in advance of the QRadar 7.5.0 Update Package 8 release to alert administrators to a new upgrade requirement for on-premise QRadar SIEM administrators. QRadar 7.5.0 Update Package 8 is not released at this time.
Important: Hosts with LUKS encryption cannot be upgraded to 7.5.0 Update Pack 8. This is due to a RHEL limitation. QRadar SIEM (on-prem) administrators who want to upgrade to 7.5.0 Update Pack 8 from 7.5.0 Update Pack 7 should ensure that no hosts in the deployment have LUKS encryption enabled.
Affected products
Procedure
- Use SSH to log in to all QRadar hosts in your deployment as the root user.
- Type the following command on each host:
lsblk -o NAME,FSTYPE,TYPE,MOUNTPOINT | grep crypt
└─storerhel-store crypto_LUKS lvm └─store drbd crypt
- Review the output to determine if you have LUKS encryption on your QRadar host:
-
If there is an encryption type displayed in the output, you cannot continue the upgrade to 7.5.0 Update Pack 8.
-
If there is no output, you can continue the upgrade to 7.5.0 Update Pack 8.Results
If you are blocked from an upgrade to 7.5.0 Update Pack 8, you can open a support case for further assistance. Please ensure you include the following in your case summary LUKS Limitation RH8.
-
The Update Pack for 7.5.0 UP8 is now GA and available on Fixcentral as of 25th March 2024.
As part of the pre-checks the Update Pack will look for encrypted partitions and will stop the Update.
You must still ensure that all Hosts within your deployment are checked before beginning any upgrade maintenance. We apologize for any inconvenience due to this issue. If you have questions about the contents of this technical note, contact QRadar Support.
- QRadar Support
Related Information
Was this topic helpful?
Document Information
Modified date:
29 March 2024
UID
ibm17142062