Upgrading the Wazuh manager

This section describes how to upgrade the Wazuh manager, from Wazuh 3.x to the latest available version, which includes upgrading to the latest compatible version of Open Distro for Elasticsearch or Elastic Stack basic licence.

Note

To reduce the downtime of the servers it is recommended to upgrade the master node first

Note

Root user privileges are required to execute all the commands described below.

To upgrade the Wazuh manager choose the appropriate tab for the desired package manager:

  1. Import the GPG key:

    # rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
    
  2. Add the repository:

    # cat > /etc/yum.repos.d/wazuh.repo << EOF
    [wazuh]
    gpgcheck=1
    gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
    enabled=1
    name=EL-$releasever - Wazuh
    baseurl=https://packages.wazuh.com/4.x/yum/
    protect=1
    EOF
    
  1. Clean the YUM cache:

# yum clean all
  1. Upgrade the Wazuh manager to the latest version:

# yum upgrade wazuh-manager
  1. Install the GPG key:

    # curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
    
  2. Add the repository:

    # echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
    
  3. Update the package information:

    # apt-get update
    
  1. Upgrade the Wazuh manager to the latest version:

# apt-get install wazuh-manager
  1. Import the GPG key:

    # rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
    
  2. Add the repository:

    # cat > /etc/zypp/repos.d/wazuh.repo <<\EOF
    [wazuh]
    gpgcheck=1
    gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
    enabled=1
    name=EL-$releasever - Wazuh
    baseurl=https://packages.wazuh.com/4.x/yum/
    protect=1
    EOF
    
  1. Upgrade the Wazuh manager to the latest version:

# zypper update wazuh-manager

Note

The configuration file of the Wazuh manager will not be replaced in upgrades if you modified it, so the user will need to manually add the settings for the new capabilities. More information can be found in the User manual.

If Wazuh is run in a multi-node cluster, it is necessary to upgrade all the Wazuh managers to the same version. Otherwise, the Wazuh nodes will not join the cluster.

Disabling the Wazuh repository

It is recommended to disable the Wazuh repository in order to avoid undesired upgrades and compatibility issues:

# sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo

This step is not necessary if the user set the packages to a hold state instead of disabling the repository.

# sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.list
# apt-get update

Alternatively, the user can set the package state to hold, which will stop updates. It will be still possible to upgrade it manually using apt-get install:

# echo "wazuh-manager hold" | sudo dpkg --set-selections
# sed -i "s/^enabled=1/enabled=0/" /etc/zypp/repos.d/wazuh.repo

Next step

The next step consists on upgrading Elasticsearch, Kibana and Filebeat.