Upgrading the Wazuh manager

Upgrade the Wazuh manager to the latest available version. When upgrading a Wazuh multi-node cluster, it is recommended to update the master node first to reduce server downtime.

Note

Root user privileges are required to execute all the commands described below.

Upgrade the Wazuh manager

To upgrade the Wazuh manager, choose your package manager and follow the instructions.

  1. Add the Wazuh repository. You can skip this step if the repository is already present and enabled on your server.

    1. Import the GPG key:

      # rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
      
    2. Add the repository:

      # cat > /etc/yum.repos.d/wazuh.repo << EOF
      [wazuh]
      gpgcheck=1
      gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
      enabled=1
      name=EL-\$releasever - Wazuh
      baseurl=https://packages.wazuh.com/4.x/yum/
      protect=1
      EOF
      
    1. Install the GPG key:

      # curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
      
    2. Add the repository:

      # echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
      
    3. Update the package information:

      # apt-get update
      
    1. Import the GPG key:

      # rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
      
    2. Add the repository:

      # cat > /etc/zypp/repos.d/wazuh.repo <<\EOF
      [wazuh]
      gpgcheck=1
      gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
      enabled=1
      name=EL-$releasever - Wazuh
      baseurl=https://packages.wazuh.com/4.x/yum/
      protect=1
      EOF
      
    3. Refresh the repository:

      # zypper refresh
      
  2. Upgrade the Wazuh manager to the latest version.

    # yum upgrade wazuh-manager
    
    # apt-get install wazuh-manager
    
    # zypper update wazuh-manager
    

Note

The configuration file of the Wazuh manager /var/ossec/etc/ossec.conf will not be replaced in the updates if it has been modified, so the settings of the new capabilities will have to be added manually. More information can be found in the User manual.

If Wazuh runs in a multi-node cluster, it is necessary to update all Wazuh managers to the same version. Otherwise, Wazuh nodes will not join the cluster.

  • Recommended action - Disable Wazuh updates

    We recommend disabling the Wazuh repository to prevent accidental upgrades. To do so, use the following command:

    # sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
    

    This step is not necessary if the user set the packages to a hold state instead of disabling the repository.

    # sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.list
    # apt-get update
    

    Alternatively, the user can set the package state to hold, which will stop updates. It will be still possible to upgrade it manually using apt-get install:

    # echo "wazuh-manager hold" | sudo dpkg --set-selections
    
    # sed -i "s/^enabled=1/enabled=0/" /etc/zypp/repos.d/wazuh.repo
    

Next steps

The Wazuh manager is now successfully upgraded.

  • To migrate from Open Distro for Elasticsearch 1.13 to the Wazuh indexer, see the Migrating to the Wazuh indexer section.

  • To upgrade Elastic Stack, follow the instructions in the Upgrading Elasticsearch, Kibana and Filebeat section.

  • If you are going to keep the same version of Elastic Stack, unfold the next section and follow the instructions to replace the Wazuh Kibana plugin. To check if your version of Elastic Stack is compatible with the new Wazuh version, check our compatibility matrix.

Upgrade the Wazuh Kibana plugin

  1. Remove the old Wazuh Kibana plugin:

    # cd /usr/share/kibana/
    # sudo -u kibana bin/kibana-plugin remove wazuh
    
  2. Install the new Wazuh Kibana plugin. Replace the Kibana version if necessary:

    # cd /usr/share/kibana/
    # sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-4.3.0_7.10.2-1.zip
    
  3. Restart Kibana:

    # systemctl restart kibana
    
    # service kibana restart
    
  4. Clear the browser’s cache and cookies.