Updates and Maintenance
There is a growing trend to make servers and containers immutable. The benefits include making the server/container more portable, more reproducible and scalable. However, it is the security benefits that make it compelling. Immutable Servers can be dramatically more secure as it is much easier to detect unauthorized modifications to your infrastructure.
Updating O/S and apps
If you need to manually update your server or otherwise install or modify files, you should first put the server or service into Maintenance Mode. This will suppress unwanted alerts.
If your servers are not immutable and you intend to update the O/S or applications during the lifetime of the server, you should preferably let SenseDeep invoke and manage the update. If SenseDeep manages the update, it can be sure that no other unauthorized attackers are modifying critical system files.
SenseDeep will run the script /opt/sensed/system-update to invoke the system update procedure for your system to apply important O/S security updates. You can modify this script to suit your needs.
You can control if SenseDeep will manage system updates on the Modify EC2 Service page. If you choose to manage your own updates, SenseDeep will permit modifications to system files during a system level update managed by the standard system utilities. This does open a small unavoidable window of vulnerability while SenseDeep is permitting updates to system files.
You can put the SenseDeep EC2 service or any host into maintenance mode where any alerts will be ignored for the duration of the maintenace period.
You can put a service into maintenance mode using the Modify EC2 page. Alternatively, you can put a specific host into maintenance mode by modifying the host. Select the host from the EC2 Hosts and then change the maintenance toggle.
The SenseDeep agent will update automatically as required. As updates are released, they will be pushed to your instances and SenseDeep will upgrade without downtime.
The SenseDeep agent will automatically and regularly update its rule set. The agent will typically check for rule set updates once per day, but this may happen more frequently if there are rule updates.