Wednesday, 20 March 2024

How to Troubleshoot Sophos UTM Update Failures Due to Insufficient Disk Space

Upon deploying Sophos UTM appliances, you might find that the Up2Date process fails due to a lack of disk space. This is common if there's a backlog of updates or if the appliance was initialized with an outdated build. Unfortunately, the Sophos UTM interface does not readily indicate this problem, showing only the availability of updates without hinting at potential installation issues.

Diagnosing the Problem

To understand the root cause, you need to inspect the Up2Date log:

Navigate to Management | Up2Date | Configuration.

Switch the Firmware and Pattern Download options to Manual and apply the changes.

Visit Management | Up2Date | Overview, open the live log or select Up2Date Messages, and initiate a check for Up2Date packages.

A message indicating a failure due to insufficient space in /var/up2date/sys confirms the issue.

Resolving Disk Space Issues

Resolution requires cautious shell access, given the potential risks involved. After backing up your system, follow these steps:

Enable shell access on your Sophos UTM and log in as loginuser.

Elevate your access with su – and navigate to /var/up2date/sys.

Verify free space with df –h . and remove outdated updates using rm *.

Recheck the available space to ensure the updates have been cleared.

Triggering Up2Date Firmware Check

After clearing space, initiate a new firmware check and download process with audld.plx --trigger--verbose. Monitor the downloads and stop the process as needed to prevent space exhaustion. Attempt the update installation again, this time using auisys.plx --no-reboot --verbose for a controlled update without automatic reboots.

Finalizing the Update Process

With the necessary updates installed, it's advisable to revert the Up2Date settings to automatic updates for firmware and patterns. This ensures ongoing protection without manual intervention, automating the download while keeping installation under your control.

No comments:

Post a Comment