Upgrading the Wazuh agent
The following steps show how to upgrade the Wazuh agent to the latest available version. Since Wazuh 3.x, it is possible to upgrade the Wazuh agents either remotely from the Wazuh manager or locally. Upgrading the Wazuh agents remotely is possible by using the agent_upgrade
tool or the Wazuh API. More information about the process can be found in the Remote agent upgrade section.
To perform the upgrade locally, follow the instructions for the operating system of the Wazuh agent:
Import the GPG key:
# rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
Add the repository:
# cat > /etc/yum.repos.d/wazuh.repo << EOF [wazuh] gpgcheck=1 gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-$releasever - Wazuh baseurl=https://packages.wazuh.com/4.x/yum/ protect=1 EOF
Clean the YUM cache:
# yum clean all
Upgrade the Wazuh agent to the latest version:
# yum upgrade wazuh-agent
It is recommended to disable the Wazuh repository in order to avoid undesired upgrades and compatibility issues as the Wazuh agent should always be in the same or an older version than the Wazuh manager:
# sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
Install the GPG key:
# curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
Add the repository:
# echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
Upgrade the Wazuh agent to the latest version:
# apt-get update # apt-get install wazuh-agent
It is recommended to disable the Wazuh repository in order to avoid undesired upgrades and compatibility issues as the Wazuh agent should always be in the same or an older version than the Wazuh manager. Skip this step if the package is set to a
hold
state:# sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.list # apt-get update
Import the GPG key:
# rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
Add the repository:
# cat > /etc/zypp/repos.d/wazuh.repo <<\EOF [wazuh] gpgcheck=1 gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=EL-$releasever - Wazuh baseurl=https://packages.wazuh.com/4.x/yum/ protect=1 EOF
Upgrade the Wazuh agent to the latest version:
# zypper update wazuh-agent
It is recommended to disable the Wazuh repository in order to avoid undesired upgrades and compatibility issues as the Wazuh agent should always be in the same or an older version than the Wazuh manager:
# sed -i "s/^enabled=1/enabled=0/" /etc/zypp/repos.d/wazuh.repo
The Wazuh agent upgrading process for Windows systems requires to download the latest Windows installer. There are two ways of using the installer, both of them require administrator rights
.
Using the GUI installer. Open the installer and follow the instructions to upgrade the Wazuh agent:
Using the command line. To upgrade the Wazuh agent from the command line, run the installer using Windows PowerShell or the command prompt. The
/q
argument is used for unattended installations:
# wazuh-agent-4.0.4-1.msi /q
The Wazuh agent upgrading process for macOS systems requires to download the latest macOS installer. There are two ways of using the installer.
Using the GUI will perform a simple upgrade. Double click on the downloaded file and follow the wizard. If you are not sure how to answer some of the prompts, simply use the default answers:
Using the command line:
# installer -pkg wazuh-agent-4.0.4-1.pkg -target /
The Wazuh agent upgrading process for AIX systems requires to download the latest AIX installer and run the following command:
# rpm -U wazuh-agent-4.0.4-1.aix.ppc.rpm
The Wazuh agent upgrading process for Solaris 11 systems requires to download the latest Solaris 11 i386 installer or Solaris 11 sparc installer depending on the Solaris 11 host architecture.
Stop the Wazuh agent:
# /var/ossec/bin/ossec-control stop
After that, upgrade the Wazuh agent. Choose one option depending on the host architecture:
Solaris 11 i386:
# pkg install -g wazuh-agent_v4.0.4-sol11-i386.pkg wazuh-agent
Solaris 11 sparc:
# pkg install -g wazuh-agent_v4.0.4-sol11-sparc.pkg wazuh-agent
Start the Wazuh agent:
# /var/ossec/bin/ossec-control start
The Wazuh agent upgrading process for Solaris 10 systems requires to download the latest Solaris 10 i386 installer or Solaris 10 sparc installer depending on the Solaris 10 host architecture.
Stop the Wazuh agent:
# /var/ossec/bin/ossec-control stop
Backup the
ossec.conf
configuration file:# cp /var/ossec/etc/ossec.conf ~/ossec.conf.bk # cp /var/ossec/etc/client.keys ~/client.keys.bk
Remove the Wazuh agent:
# pkgrm wazuh-agent
After that, install the Wazuh agent. Choose one option depending on the host architecture:
Solaris 10 i386:
# pkgadd -d wazuh-agent_v4.0.4-sol10-i386.pkg wazuh-agent
Solaris 10 sparc:
# pkgadd -d wazuh-agent_v4.0.4-sol10-sparc.pkg wazuh-agent
Restore the
ossec.conf
configuration file:# mv ~/ossec.conf.bk /var/ossec/etc/ossec.conf # chown root:ossec /var/ossec/etc/ossec.conf
Start the wazuh-agent:
# /var/ossec/bin/ossec-control start
The Wazuh agent upgrading process for HP-UX systems requires to download the latest HP-UX installer.
Stop the Wazuh agent:
# /var/ossec/bin/ossec-control stop
Backup the
ossec.conf
configuration file:# cp /var/ossec/etc/ossec.conf ~/ossec.conf.bk # cp /var/ossec/etc/client.keys ~/client.keys.bk
Deploy the Wazuh agent files:
# tar -xvf wazuh-agent-4.0.4-1-hpux-11v3-ia64.tar
Restore the
ossec.conf
configuration file:# mv ~/ossec.conf.bk /var/ossec/etc/ossec.conf # chown root:ossec /var/ossec/etc/ossec.conf # mv ~/client.keys.bk /var/ossec/etc/client.keys # chown root:ossec /var/ossec/etc/client.keys
Start the wazuh-agent:
# /var/ossec/bin/ossec-control start
Once the Wazuh agent is upgraded, if it still uses UDP, which was the default protocol for versions prior to Wazuh 4.x, it must be changed to TCP in the ossec.conf
file:
<ossec_config>
<client>
<server>
<address>172.16.1.17</address>
<port>1514</port>
<protocol>udp</protocol>
</server>