Upgrading Wazuh to Version 4.8.0: A Step-by-Step Guide
In this tutorial, we’ll walk you through upgrading your Wazuh setup to the latest 4.8.0 release. This upgrade includes significant changes to the vulnerability detection system and the user interface (UI), which we’ll explore in detail. By the end of this guide, you’ll have your Wazuh manager, indexer, and dashboards updated and running smoothly.
What’s New in Wazuh 4.8.0?
The 4.8.0 release of Wazuh brings several important updates:
Refactored Vulnerability Detection: The vulnerability detection system has been completely overhauled.
UI Changes: Several user interface improvements have been made for better usability.
Configuration Updates: Some configuration changes are required, particularly for vulnerability detection.
Full Release Notes: https://documentation.wazuh.com/current/release-notes/release-4-8-0.html
Preparation
Before we begin, ensure you have:
— A backup of your current Wazuh configuration.
— Administrative access to your Wazuh servers.
Step 1: Stopping Services
First, stop all Wazuh services to prepare for the upgrade:
sudo systemctl stop wazuh-manager
sudo systemctl stop wazuh-indexer
sudo systemctl stop wazuh-dashboardStep 2: Upgrading the Indexer
sudo apt-get install --only-upgrade wazuh-indexerStart the indexer service and check its status:
sudo systemctl start wazuh-indexer
sudo systemctl status wazuh-indexerStep 3: Upgrading the Dashboard
sudo apt-get install --only-upgrade wazuh-dashboardsudo systemctl start wazuh-dashboard
sudo systemctl status wazuh-dashboardStep 4: Upgrading the Manager
sudo apt-get install --only-upgrade wazuh-managersudo systemctl start wazuh-manager
sudo systemctl status wazuh-managerStep 5: Updating Configuration
Edit your ossec.conf file to update the vulnerability detection configuration. Replace the existing <vulnerability-detector> block with the new configuration:
<vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://0.0.0.0:9200</host>
</hosts>
<ssl>
<certificate_authorities>
<ca>/etc/filebeat/certs/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/filebeat/certs/filebeat.pem</certificate>
<key>/etc/filebeat/certs/filebeat-key.pem</key>
</ssl>
</indexer>❗ SEE VIDEO LINKED AT START OF POST FOR WALKTHROUGH❗
You must save the Wazuh indexer username and password into the Wazuh manager keystore using the Wazuh-keystore tool.
/var/ossec/bin/wazuh-keystore -f indexer -k username -v <INDEXER_USERNAME>
/var/ossec/bin/wazuh-keystore -f indexer -k password -v <INDEXER_PASSWORD>sudo systemctl restart wazuh-managerConclusion
Upgrading to Wazuh 4.8.0 brings enhanced functionality and improved security features. By following this guide, you’ve successfully upgraded your Wazuh environment to take advantage of these new capabilities. For more detailed information, refer to the official Wazuh documentation.
Need Help?
The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.
Website: https://www.socfortress.co/
Contact Us: https://www.socfortress.co/contact_form.html
