Upgrading the Wazuh manager

Upgrade the Wazuh manager to the latest available version. When upgrading a Wazuh multi-node cluster, it is recommended to update the master node first to reduce server downtime.

Note

Root user privileges are required to execute all the commands described below.

Upgrade the Wazuh manager

To upgrade the Wazuh manager, choose your package manager and follow the instructions.

  1. Add the Wazuh repository:

    1. Import the GPG key:

      # rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
      
    2. Add the repository:

      # cat > /etc/yum.repos.d/wazuh.repo << EOF
      [wazuh]
      gpgcheck=1
      gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
      enabled=1
      name=EL-\$releasever - Wazuh
      baseurl=https://packages.wazuh.com/4.x/yum/
      protect=1
      EOF
      
    1. Install the GPG key:

      # curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
      
    2. Add the repository:

      # echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
      
    3. Update the package information:

      # apt-get update
      
    1. Import the GPG key:

      # rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
      
    2. Add the repository:

      # cat > /etc/zypp/repos.d/wazuh.repo <<\EOF
      [wazuh]
      gpgcheck=1
      gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
      enabled=1
      name=EL-$releasever - Wazuh
      baseurl=https://packages.wazuh.com/4.x/yum/
      protect=1
      EOF
      
    3. Refresh the repository:

      # zypper refresh
      
  2. Stop the Wazuh manager:

    # systemctl stop wazuh-manager
    
    # service wazuh-manager stop
    
  3. Upgrade the Wazuh manager to the latest version:

    # yum upgrade wazuh-manager
    
    # apt-get install wazuh-manager
    
    # zypper update wazuh-manager
    
  4. Restart the Wazuh manager:

    # systemctl daemon-reload
    # systemctl enable wazuh-manager
    # systemctl start wazuh-manager
    

    Choose one option according to the operating system used:

    1. RPM based operating system:

    # chkconfig --add wazuh-manager
    # service wazuh-manager start
    
    1. Debian based operating system:

    # update-rc.d wazuh-manager defaults 95 10
    # service wazuh-manager start
    

Note

The configuration file of the Wazuh manager will not be replaced in the updates if it has been modified, so the settings of the new capabilities will have to be added manually. More information can be found at the User manual.

If Wazuh runs in a multi-node cluster, it is necessary to update all Wazuh managers to the same version. Otherwise, Wazuh nodes will not join the cluster.

  • Recommended action - Disable Wazuh updates

    We recommend disabling the Wazuh repository to prevent accidental upgrades. To do so, use the following command:

    # sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
    

    This step is not necessary if the user set the packages to a hold state instead of disabling the repository.

    # sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.list
    # apt-get update
    

    Alternatively, the user can set the package state to hold, which will stop updates. It will be still possible to upgrade it manually using apt-get install:

    # echo "wazuh-manager hold" | sudo dpkg --set-selections
    
    # sed -i "s/^enabled=1/enabled=0/" /etc/zypp/repos.d/wazuh.repo
    

Next steps

The Wazuh manager is now successfully upgraded. To check if your version of Elastic Stack is compatible with the new Wazuh version, check our compatibility matrix.

  • To upgrade Elastic Stack, follow the instructions in the Upgrading Elasticsearch, Kibana and Filebeat section.

  • If you are going to keep the same version of Elastic Stack, unfold the next section and follow the instructions to replace the Wazuh Kibana plugin.

Upgrade the Wazuh Kibana plugin

  1. Remove the old Wazuh Kibana plugin:

    # cd /usr/share/kibana/
    # sudo -u kibana bin/kibana-plugin remove wazuh
    
  2. Install the new Wazuh Kibana plugin. Replace the Kibana version if necessary:

    # cd /usr/share/kibana/
    # sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-4.2.4_7.10.2-1.zip
    
  3. Restart Kibana:

    # systemctl restart kibana
    
    # service kibana restart
    
  4. Clear the browser’s cache and cookies.