Upgrading Wazuh to Version 4.8.0: A Step-by-Step Guide
In this tutorial, we’ll walk you through upgrading your Wazuh setup to the latest 4.8.0 release. This upgrade includes significant changes to the vulnerability detection system and the user interface (UI), which we’ll explore in detail. By the end of this guide, you’ll have your Wazuh manager, indexer, and dashboards updated and running smoothly.
What’s New in Wazuh 4.8.0?
The 4.8.0 release of Wazuh brings several important updates:
Refactored Vulnerability Detection: The vulnerability detection system has been completely overhauled.
UI Changes: Several user interface improvements have been made for better usability.
Configuration Updates: Some configuration changes are required, particularly for vulnerability detection.
Full Release Notes: https://documentation.wazuh.com/current/release-notes/release-4-8-0.html
Preparation
Before we begin, ensure you have:
— A backup of your current Wazuh configuration.
— Administrative access to your Wazuh servers.
Step 1: Stopping Services
First, stop all Wazuh services to prepare for the upgrade:
sudo systemctl stop wazuh-manager
sudo systemctl stop wazuh-indexer
sudo systemctl stop wazuh-dashboard
Step 2: Upgrading the Indexer
sudo apt-get install --only-upgrade wazuh-indexer
Start the indexer service and check its status:
sudo systemctl start wazuh-indexer
sudo systemctl status wazuh-indexer
Step 3: Upgrading the Dashboard
sudo apt-get install --only-upgrade wazuh-dashboard
sudo systemctl start wazuh-dashboard
sudo systemctl status wazuh-dashboard
Step 4: Upgrading the Manager
sudo apt-get install --only-upgrade wazuh-manager
sudo systemctl start wazuh-manager
sudo systemctl status wazuh-manager
Step 5: Updating Configuration
Edit your ossec.conf
file to update the vulnerability detection configuration. Replace the existing <vulnerability-detector>
block with the new configuration:
<vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://0.0.0.0:9200</host>
</hosts>
<ssl>
<certificate_authorities>
<ca>/etc/filebeat/certs/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/filebeat/certs/filebeat.pem</certificate>
<key>/etc/filebeat/certs/filebeat-key.pem</key>
</ssl>
</indexer>
❗ SEE VIDEO LINKED AT START OF POST FOR WALKTHROUGH❗
You must save the Wazuh indexer username and password into the Wazuh manager keystore using the Wazuh-keystore tool.
/var/ossec/bin/wazuh-keystore -f indexer -k username -v <INDEXER_USERNAME>
/var/ossec/bin/wazuh-keystore -f indexer -k password -v <INDEXER_PASSWORD>
sudo systemctl restart wazuh-manager
Conclusion
Upgrading to Wazuh 4.8.0 brings enhanced functionality and improved security features. By following this guide, you’ve successfully upgraded your Wazuh environment to take advantage of these new capabilities. For more detailed information, refer to the official Wazuh documentation.
Need Help?
The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.
Website: https://www.socfortress.co/
Contact Us: https://www.socfortress.co/contact_form.html