Upgrading the Wazuh manager

This section describes how to upgrade the Wazuh manager to the latest available version. When upgrading a Wazuh multi-node cluster, it is recommended to update the master node first to reduce server downtime.

Note

Root user privileges are required to execute all the commands described below.

To upgrade the Wazuh manager, choose your package manager and follow the instructions.

  1. Import the GPG key:

    # rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
    
  2. Add the repository:

    # cat > /etc/yum.repos.d/wazuh.repo << EOF
    [wazuh]
    gpgcheck=1
    gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
    enabled=1
    name=EL-$releasever - Wazuh
    baseurl=https://packages.wazuh.com/4.x/yum/
    protect=1
    EOF
    
  1. Clean the YUM cache:

# yum clean all
  1. (For upgrades from version 3.13.3) Remove the Wazuh API:

# yum remove wazuh-api
  1. Upgrade the Wazuh manager to the latest version:

# yum upgrade wazuh-manager
  1. Install the GPG key:

    # curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
    
  2. Add the repository:

    # echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
    
  3. Update the package information:

    # apt-get update
    
  1. (For upgrades from version 3.13.3) Remove the Wazuh API:

# apt-get remove --purge wazuh-api
  1. Upgrade the Wazuh manager to the latest version:

# apt-get install wazuh-manager
  1. Import the GPG key:

    # rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
    
  2. Add the repository:

    # cat > /etc/zypp/repos.d/wazuh.repo <<\EOF
    [wazuh]
    gpgcheck=1
    gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
    enabled=1
    name=EL-$releasever - Wazuh
    baseurl=https://packages.wazuh.com/4.x/yum/
    protect=1
    EOF
    
  1. (For upgrades from version 3.13.3) Remove the Wazuh API:

# zypper remove wazuh-api
  1. Upgrade the Wazuh manager to the latest version:

# zypper update wazuh-manager

Note

The configuration file of the Wazuh manager will not be replaced in the updates if it has been modified, so the settings of the new capabilities will have to be added manually. More information can be found at the User manual.

If Wazuh runs in a multi-node cluster, it is necessary to update all Wazuh managers to the same version. Otherwise, Wazuh nodes will not join the cluster.

  • Recommended action - Disable Wazuh updates

    We recommend disabling the Wazuh repository to prevent accidental upgrades. To do so, use the following command:

    # sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
    

    This step is not necessary if the user set the packages to a hold state instead of disabling the repository.

    # sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.list
    # apt-get update
    

    Alternatively, the user can set the package state to hold, which will stop updates. It will be still possible to upgrade it manually using apt-get install:

    # echo "wazuh-manager hold" | sudo dpkg --set-selections
    
    # sed -i "s/^enabled=1/enabled=0/" /etc/zypp/repos.d/wazuh.repo
    

Next steps

The Wazuh manager is now successfully upgraded and you can proceed with upgrading the Elastic Stack. To perform this action, see the Upgrading Elasticsearch, Kibana and Filebeat section.