IBM Support

QRadar: Hosts with LUKS encryption cannot be upgraded to 7.5.0 Update Pack 8

Flashes (Alerts)


Abstract

QRadar® SIEM development has identified a known issue where hosts with LUKS encryption cannot be upgraded to 7.5.0 Update Pack 8.  This is a RHEL limitation. Customers wishing to upgrade to 7.5.0 Update Pack 8 from 7.5.0 Update Pack 7 should ensure that no hosts in the deployment have LUKS encryption. This technote allows administrators to identify a QRadar managed host with LUKS encryption enabled.

Notice: This technical note is published in advance of the QRadar 7.5.0 Update Package 8 release to alert administrators to a new upgrade requirement for on-premise QRadar SIEM administrators. QRadar 7.5.0 Update Package 8 is not released at this time.

Content

Technical note updates

  • 15 March 2024 1:00 PM ET: Technote created for LUKS upgrade limitation.
    Note: This technical note is being published in advance of the QRadar 7.5.0 Update Package 8 release to alert administrators to a new upgrade requirement for on-premise QRadar SIEM administrators. QRadar 7.5.0 Update Package 8 is not released at this time.

Urgency


Important: Hosts with LUKS encryption cannot be upgraded to 7.5.0 Update Pack 8.  This is due to a RHEL limitation. QRadar SIEM (on-prem) administrators who want to upgrade to 7.5.0 Update Pack 8 from 7.5.0 Update Pack 7 should ensure that no hosts in the deployment have LUKS encryption enabled.

Affected products

QRadar SIEM Software installations at 7.5.0 Update Pack 7 including all Interim Fixes.  
QRadar on Cloud is not affected.
 

Am I affected?

Before you update to 7.5.0 Update Pack 8 or later, you must confirm whether you are affected by this known issue.

Procedure 
  1. Use SSH to log in to all QRadar hosts in your deployment as the root user.
  2. Type the following command on each host: 
    lsblk -o NAME,FSTYPE,TYPE,MOUNTPOINT | grep crypt
    Example output 
    └─storerhel-store        crypto_LUKS lvm   
  └─store                drbd        crypt 
  3. Review the output to determine if you have LUKS encryption on your QRadar host:
    • If there is an encryption type displayed in the output, you cannot continue the upgrade to 7.5.0 Update Pack 8.
    • If there is no output, you can continue the upgrade to 7.5.0 Update Pack 8.
       
      Results 
      If you are blocked from an upgrade to 7.5.0 Update Pack 8, you can open a support case for further assistance.  Please ensure you include the following in your case summary LUKS Limitation RH8.
  Note:
  The Update Pack for 7.5.0 UP8 is now GA and available on Fixcentral as of 25th March 2024.
  As part of the pre-checks the Update Pack will look for encrypted partitions and will stop the Update.
  You must still ensure that all Hosts within your deployment are checked before beginning any upgrade maintenance.
We apologize for any inconvenience due to this issue. If you have questions about the contents of this technical note, contact QRadar Support.

- QRadar Support

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtdAAA","label":"Upgrade"}],"Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.5.0"}]

Document Information

Modified date:
29 March 2024

UID

ibm17142062

Page Feedback