Skip to main content
Overview USM Anywhere sensors are now available on Ubuntu Pro Federal Information Processing Standards (FIPS) 22.04 Pro, which provides enhanced operating system hardening and security compliance. This document will help you prepare your environment for a successful redeployment. Benefits of Upgrading
  • Stronger Security: Ubuntu Pro FIPS provides kernel-level hardening and advanced security protection.
  • Compliance Readiness: Meets FIPS 140-2/3 requirements and aligns with STIG methodology for regulated environments.
  • Extended Support: Includes long-term security patches and OS updates, lowering lifecycle risk.
  • Improved Stability: Updated libraries and dependencies enhance performance and application compatibility.
Key Considerations
  1. FIPS Requires Redeployment: Sensors must be redeployed to enable full FIPS protection.
  2. Mandatory Outbound Connection: Redeployed sensors require outbound TCP 443 access to contracts.canonical.com.
  3. Clean Redeployment: Fresh installations avoid legacy Ubuntu libraries or drivers, ensuring stability and preventing conflicts.
  4. Automated Upgrades: Sensors that are not redeployed will eventually auto-upgrade to the latest Ubuntu release, but these upgrades do not include FIPS protection and may retain legacy libraries or drivers (artifacts). Redeployment is the only way to enable full FIPS support and ensure clean installation.
  5. NIDS Configuration: If NIDS is in use, document the current settings (including VLAN configurations) and reapply them to the redeployed sensor to ensure consistency with the previous setup.
  6. Downtime Planning: Monitoring gaps may occur during redeployment. Organizations should schedule the work during a designated maintenance window and perform validation afterward to ensure continuity of operations.
Best Practices for Redeploying Sensors
  1. Plan Ahead: Schedule redeployment during a maintenance window and notify stakeholders of possible downtime.
  2. Backup Current Configurations: Document your log sources, feeds, and integrations. Follow the step-by-step instructions below to back up the sensor configuration.
  3. Deploy the New FIPS Sensor: Download the latest Ubuntu Pro FIPS sensor from the Sensor Downloads page and follow the deployment guide for your platform (VMware, AWS, Azure, etc.).
  4. Validate Data Flow: Confirm one-to-one log parity before and after deployment. Use USM Anywhere to verify alarms, events, and asset discovery.
  5. Decommission Old Sensor: Once validation is complete, retire the old sensor to avoid duplicate feeds.
  6. Monitor Post-Deployment: Track performance, alarms, and integrations for several days. Open a support case if issues are detected.
Backing Up Sensor Migrate a sensor to Ubuntu 22.04 FIPS
  1. Open your virtualization management console and connect to the USM Anywhere Sensor virtual machine (VM).
    Important: Alternatively, you can open an SSH session to the sensor VM. When using an SSH session, the default username is sysadmin.If you are accessing a USM Anywhere Sensor through SSH and you specified a username other than the default (sysadmin) for your SSH access, you must use the following commands at the command line to “sudo up” and access the sensor console:
    # sudo su – sysadmin
  2. From the USM Anywhere Sensor console System Menu, select Maintenance and press Enter. systemmenu.webp
  3. From the Maintenance menu, select Get Backup Information and press Enter. maintenancemenu.webp The FQDN and BackupID will appear.
  4. Copy the FQDN and BackupID, and save them for later use. getbackupinfo.webp
  5. Go to the USM Anywhere Sensors page and download the latest version of the USM Anywhere Sensor software.
    Note: Make sure to select the version that is compatible with your platform to ensure functionality.
  6. Connect to the USM Anywhere Sensor VM as you did in step 1 to shutdown the old sensor.
    Important: The old sensor running Ubuntu 20.04 must be shutdown to prevent network collisions and ensure a seamless transition to Ubuntu 22.04.
  7. From the USM Anywhere Sensor console System Menu, select Shutdown and press Enter. image.png A dialog box appears to confirm the shutdown.
  8. Select Yes and press Enter.
Deploy USM Anywhere FIPS Sensor
  1. Deploy the new sensor on the desired platform. Deployment guides providing detailed instructions on how to deploy each sensor type can be found on the USM Anywhere Sensors page. 
    • If you are redeploying an AWS or Azure sensor follow the instructions below to keep the same IP address.
  2. Once USM Anywhere FIPS sensor is deployed, open your virtualization management console and connect to the USM Anywhere Sensor virtual machine (VM).
  3. From the USM Anywhere Sensor console System Menu, select Maintenance and press Enter. systemmenu.webp
  4. From the Maintenance menu, select Restore Backup and press Enter. maintenancemenu-restorebackup.webp
  5. Enter the FQDN from step 4 and press Enter.
  6. Enter the BackupID from step 4 and press Enter. A progress bar will appear. Once completed, a dialog box confirming changes have been applied will appear.
  7. Press Enter.  maintenancemenu-restorebackup.webp
  8. Your new sensor should now be connected.
  9. Verify the new sensor is connected and working by checking the following:
  • The new sensor is reporting new events.
  • The network is configured as you want.
  • The new sensor is processing syslog events (if applicable).
  • The new sensor is processing network-based intrusion detection (NIDS) traffic (if applicable).
  1. Delete the old sensor once you have verified the new sensor is working.
    See Deleting a Sensor for more information.
Resources: Sensor Template Replacement Guide Backing Up and Restoring a Sensor USM Anywhere Sensor Downloads
I