Upgrade wazuh-agents without internet
1,101 views
Skip to first unread message
Tuaans Anh
Jun 18, 2023, 8:28:33 AM6/18/23
to Wazuh mailing list
Hi everyone,
Because of internet gateway, my wazuh agent cannot be updated automate. So how can I upgrade my all agents without internet? Or some other way?
Thanks a lot.
Steve Dahdah
Jun 18, 2023, 9:34:49 AM6/18/23
to Wazuh mailing list
Hey Tuaans
Why don't you download the agent's latest version and install it?
Why don't you download the agent's latest version and install it?
Tuaans Anh
Jun 18, 2023, 10:17:10 AM6/18/23
to Wazuh mailing list
Hi Steve,
My system has a lot of agents, so now I have to download and reinstall them one by one?
No, I don't want to do that, I think Wazuh has some way to upgrade, which likely Vulnerability detection offline-update.
Devender Rao
Jun 19, 2023, 12:55:35 AM6/19/23
to Wazuh mailing list
Hi Tuaans,
Thanks for using Wazuh!
I hope you are having a good day
You can upgrade the agents with the help of the manager, from the wazuh manager backend by specific Agents ID when running the command for example or from UI from dev tools :-
/var/ossec/bin/agent_upgrade -a 005
Reference:
https://documentation.wazuh.com/current/user-manual/agents/remote-upgrading/upgrading-agent.html
If you are facing an issue with the first option, also you can go with 3rd party tools to automate this task.
To upgrade agents from the installation package with Third Party tools:
I hope this will help!
Regards,
Devender
Thanks for using Wazuh!
I hope you are having a good day
You can upgrade the agents with the help of the manager, from the wazuh manager backend by specific Agents ID when running the command for example or from UI from dev tools :-
/var/ossec/bin/agent_upgrade -a 005
Reference:
https://documentation.wazuh.com/current/user-manual/agents/remote-upgrading/upgrading-agent.html
If you are facing an issue with the first option, also you can go with 3rd party tools to automate this task.
To upgrade agents from the installation package with Third Party tools:
Install Wazuh Agent - Installation Guide · Wazuh documentation
Wazuh Puppet module - Deployment with Puppet · Wazuh documentation
Deploying Wazuh agent using Windows GPO (Group Policy Objects) | Wazuh
I hope this will help!
Regards,
Devender
Tuaans Anh
Jun 19, 2023, 4:12:52 AM6/19/23
to Wazuh mailing list
Hi
Devender,
I have a problem when I use the command below:
Upgrading...
Failed upgrades:
Agent 001 status: The repository is not reachable
Failed upgrades:
Agent 001 status: The repository is not reachable
I have read the "Upgrade agent" in Adding a custom repository - Remote upgrading · Wazuh documentation. I'm wondering that can I use this guide to upgrade my agents.
Devender Rao
Jun 20, 2023, 6:32:58 AM6/20/23
to Wazuh mailing list
Hi Tuaans,
Yes, you can use the custom repository method, by following this Wazuh documentation. Host a repo inside your local network, and keep the name of the pkg like
WPK files must be named using the following pattern:
wazuh_agent_W_X_Y_Z.wpk
Where:
W is the version of the release,
X is the name of the operating system,
Y is the version of the operating system, and
Z is the machine's architecture.
wazuh_agent_v4.4.4_centos_7_x86_64.wpk
generate the sha1sum for the pkg and create the versions file inside the repo with pkg.
You can use sha1sum command to get the SHA1 for the pkg.
sha1sum wazuh_agent_v4.4.4_centos_7_x86_64.wpk
If there are different operating systems for the agents, you need to create the directory structure for the same and put the pkg inside the particular architecture directory.
/ └── centos └── 7 └── x86_64 ├── versions ├── wazuh_agent_v4.4.4_centos_7_x86_64.wpk
After setting all these, run the below command
/var/ossec/bin/agent_upgrade -a <agent-id> -d -r http://your_repo_address/ -v v4.4.4
Also,
Can you confirm wazuh manager and all agents are in the local network or in different subnets?
If yes, you can write a custom script that downloads the agent and upgrade with system defaults.
I hope this will help!
Regards,
Devender
Yes, you can use the custom repository method, by following this Wazuh documentation. Host a repo inside your local network, and keep the name of the pkg like
WPK files must be named using the following pattern:
wazuh_agent_W_X_Y_Z.wpk
Where:
W is the version of the release,
X is the name of the operating system,
Y is the version of the operating system, and
Z is the machine's architecture.
wazuh_agent_v4.4.4_centos_7_x86_64.wpk
generate the sha1sum for the pkg and create the versions file inside the repo with pkg.
You can use sha1sum command to get the SHA1 for the pkg.
sha1sum wazuh_agent_v4.4.4_centos_7_x86_64.wpk
If there are different operating systems for the agents, you need to create the directory structure for the same and put the pkg inside the particular architecture directory.
/ └── centos └── 7 └── x86_64 ├── versions ├── wazuh_agent_v4.4.4_centos_7_x86_64.wpk
After setting all these, run the below command
/var/ossec/bin/agent_upgrade -a <agent-id> -d -r http://your_repo_address/ -v v4.4.4
Also,
Can you confirm wazuh manager and all agents are in the local network or in different subnets?
If yes, you can write a custom script that downloads the agent and upgrade with system defaults.
I hope this will help!
Regards,
Devender
Tuaans Anh
Jun 20, 2023, 10:16:07 PM6/20/23
to Wazuh mailing list
Hi
Devender,
Thanks for reply,
Yes, wazuh manager and all agents are in the private network. The only thing blocks the connection is FW and I have resolved that, every connection is success.
And about upgrading though custom repository, I want to know that can I just download the WPK file in this list and run command:
Or I still have to add a custom repo like step by step in the documentation?
Devender Rao
Jun 22, 2023, 5:53:39 AM6/22/23
to Wazuh mailing list
Hi Tuaans,
Yes, you need to create the custom repo as mentioned in the documentation,
For example, for an agent installed on Centos 7 x86_64, the manager will look for the latest package in our_wpk_repo/centos/7/x86_64/ , so please make sure you have the correct directory structure according to agents architecture
If the agents are on Ubuntu, you need to create the directory name per os and version.
https://documentation.wazuh.com/current/user-manual/agents/remote-upgrading/custom-repository.html
I hope this will help!
Regards,
Devender
Yes, you need to create the custom repo as mentioned in the documentation,
For example, for an agent installed on Centos 7 x86_64, the manager will look for the latest package in our_wpk_repo/centos/7/x86_64/ , so please make sure you have the correct directory structure according to agents architecture
If the agents are on Ubuntu, you need to create the directory name per os and version.
https://documentation.wazuh.com/current/user-manual/agents/remote-upgrading/custom-repository.html
I hope this will help!
Regards,
Devender
Tuaans Anh
Jun 22, 2023, 10:25:21 PM6/22/23
to Wazuh mailing list
Hi Devender,
You means like I have to create each subfolder and in the x86_64 folder include versions, which has sha1sum of version, and wpk file, right?
And when I created all the files, I would create custom wpk packages?
Tuaans Anh
Jun 27, 2023, 5:51:09 AM6/27/23
to Wazuh mailing list
Hi Devender Rao,
I created the latest package in directory ubuntu/23.04/x86_64/ and followed the documentation, but I got stuck when I built linux wpk package:
root@ubuntuserver2204:/home/ubuntu/wazuh-server/wazuh-packages/wpk# ./generate_wpk_package.sh -t linux -b v4.4.4 -d /tmp/wpk -k /tmp/keys -o LinuxAgent.wpk
[+] Building 21.4s (9/20)
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 2.46kB 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/centos:6 3.0s
=> [auth] library/centos:pull token for registry-1.docker.io 0.0s
=> [ 1/15] FROM docker.io/library/centos:6@sha256:a93df2e96e07f56ea48f215425c6f1673ab922927894595bb5c0ee4c5a955133 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 11.32kB 0.0s
=> CACHED [ 2/15] RUN rm /etc/yum.repos.d/* && echo "exactarch=1" >> /etc/yum.conf 0.0s
=> CACHED [ 3/15] COPY CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo 0.0s
=> ERROR [ 4/15] RUN yum -y install epel-release && yum -y install gcc make git gcc-c++ jq sudo gnupg automake autoconf wget l 18.3s
------
> [ 4/15] RUN yum -y install epel-release && yum -y install gcc make git gcc-c++ jq sudo gnupg automake autoconf wget libtool policycoreutils-python yum-utils epel-release redhat-rpm-config rpm-devel autopoint gettext nspr nspr-devel nss nss-devel kenel-headers magic magic-devel db4 db4-devel zlib zlib-devel rpm-build bison sharutils bzip2-devel xz-devel lzo-devel e2fsprogs-devel libacl-devel libattr-devel openssl-devel libxml2-devel kexec-tools elfutils libarchive-devel elfutils-libelf-devel elfutils-libelf patchelf elfutils-devel libgcrypt-devel:
#0 0.520 Loaded plugins: fastestmirror, ovl
#0 0.597 Setting up Install Process
#0 18.22 http://mirror.nsc.liu.se/centos-store/6.10/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.nsc.liu.se'"
#0 18.22 Trying other mirror.
#0 18.22 Error: Cannot retrieve repository metadata (repomd.xml) for repository: base. Please verify its path and try again
------
Dockerfile:6
--------------------
5 |
6 | >>> RUN yum -y install epel-release && \
7 | >>> yum -y install gcc make git gcc-c++ \
8 | >>> jq sudo gnupg automake \
9 | >>> autoconf wget libtool policycoreutils-python \
10 | >>> yum-utils epel-release redhat-rpm-config rpm-devel \
11 | >>> autopoint gettext nspr nspr-devel \
12 | >>> nss nss-devel kenel-headers magic magic-devel \
13 | >>> db4 db4-devel zlib zlib-devel rpm-build bison \
14 | >>> sharutils bzip2-devel xz-devel lzo-devel \
15 | >>> e2fsprogs-devel libacl-devel libattr-devel \
16 | >>> openssl-devel libxml2-devel kexec-tools elfutils \
17 | >>> libarchive-devel elfutils-libelf-devel \
18 | >>> elfutils-libelf patchelf elfutils-devel libgcrypt-devel
19 |
--------------------
ERROR: failed to solve: process "/bin/sh -c yum -y install epel-release && yum -y install gcc make git gcc-c++ jq sudo gnupg automake autoconf wget libtool policycoreutils-python yum-utils epel-release redhat-rpm-config rpm-devel autopoint gettext nspr nspr-devel nss nss-devel kenel-headers magic magic-devel db4 db4-devel zlib zlib-devel rpm-build bison sharutils bzip2-devel xz-devel lzo-devel e2fsprogs-devel libacl-devel libattr-devel openssl-devel libxml2-devel kexec-tools elfutils libarchive-devel elfutils-libelf-devel elfutils-libelf patchelf elfutils-devel libgcrypt-devel" did not complete successfully: exit code: 1
Unable to find image 'linux_wpk_builder_x86_64:latest' locally
docker: Error response from daemon: pull access denied for linux_wpk_builder_x86_64, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
See 'docker run --help'.
[+] Building 21.4s (9/20)
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 2.46kB 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/centos:6 3.0s
=> [auth] library/centos:pull token for registry-1.docker.io 0.0s
=> [ 1/15] FROM docker.io/library/centos:6@sha256:a93df2e96e07f56ea48f215425c6f1673ab922927894595bb5c0ee4c5a955133 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 11.32kB 0.0s
=> CACHED [ 2/15] RUN rm /etc/yum.repos.d/* && echo "exactarch=1" >> /etc/yum.conf 0.0s
=> CACHED [ 3/15] COPY CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo 0.0s
=> ERROR [ 4/15] RUN yum -y install epel-release && yum -y install gcc make git gcc-c++ jq sudo gnupg automake autoconf wget l 18.3s
------
> [ 4/15] RUN yum -y install epel-release && yum -y install gcc make git gcc-c++ jq sudo gnupg automake autoconf wget libtool policycoreutils-python yum-utils epel-release redhat-rpm-config rpm-devel autopoint gettext nspr nspr-devel nss nss-devel kenel-headers magic magic-devel db4 db4-devel zlib zlib-devel rpm-build bison sharutils bzip2-devel xz-devel lzo-devel e2fsprogs-devel libacl-devel libattr-devel openssl-devel libxml2-devel kexec-tools elfutils libarchive-devel elfutils-libelf-devel elfutils-libelf patchelf elfutils-devel libgcrypt-devel:
#0 0.520 Loaded plugins: fastestmirror, ovl
#0 0.597 Setting up Install Process
#0 18.22 http://mirror.nsc.liu.se/centos-store/6.10/os/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'mirror.nsc.liu.se'"
#0 18.22 Trying other mirror.
#0 18.22 Error: Cannot retrieve repository metadata (repomd.xml) for repository: base. Please verify its path and try again
------
Dockerfile:6
--------------------
5 |
6 | >>> RUN yum -y install epel-release && \
7 | >>> yum -y install gcc make git gcc-c++ \
8 | >>> jq sudo gnupg automake \
9 | >>> autoconf wget libtool policycoreutils-python \
10 | >>> yum-utils epel-release redhat-rpm-config rpm-devel \
11 | >>> autopoint gettext nspr nspr-devel \
12 | >>> nss nss-devel kenel-headers magic magic-devel \
13 | >>> db4 db4-devel zlib zlib-devel rpm-build bison \
14 | >>> sharutils bzip2-devel xz-devel lzo-devel \
15 | >>> e2fsprogs-devel libacl-devel libattr-devel \
16 | >>> openssl-devel libxml2-devel kexec-tools elfutils \
17 | >>> libarchive-devel elfutils-libelf-devel \
18 | >>> elfutils-libelf patchelf elfutils-devel libgcrypt-devel
19 |
--------------------
ERROR: failed to solve: process "/bin/sh -c yum -y install epel-release && yum -y install gcc make git gcc-c++ jq sudo gnupg automake autoconf wget libtool policycoreutils-python yum-utils epel-release redhat-rpm-config rpm-devel autopoint gettext nspr nspr-devel nss nss-devel kenel-headers magic magic-devel db4 db4-devel zlib zlib-devel rpm-build bison sharutils bzip2-devel xz-devel lzo-devel e2fsprogs-devel libacl-devel libattr-devel openssl-devel libxml2-devel kexec-tools elfutils libarchive-devel elfutils-libelf-devel elfutils-libelf patchelf elfutils-devel libgcrypt-devel" did not complete successfully: exit code: 1
Unable to find image 'linux_wpk_builder_x86_64:latest' locally
docker: Error response from daemon: pull access denied for linux_wpk_builder_x86_64, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
See 'docker run --help'.
Please help me!
Thanks a lot
Maxim M.
Jun 27, 2023, 6:19:36 AM6/27/23
to Wazuh mailing list
Hi.
I'm also intrested in local wazuh repo, but haven't started this yet.
ERROR: failed to solve: process "/bin/sh -c yum -y install epel-release && yum -y install gcc make git gcc-c++ jq sudo gnupg automake autoconf wget libtool policycoreutils-python yum-utils epel-release redhat-rpm-config rpm-devel autopoint gettext nspr nspr-devel nss nss-devel kenel-headers magic magic-devel db4 db4-devel zlib zlib-devel rpm-build bison sharutils bzip2-devel xz-devel lzo-devel e2fsprogs-devel libacl-devel libattr-devel openssl-devel libxml2-devel kexec-tools elfutils libarchive-devel elfutils-libelf-devel elfutils-libelf patchelf elfutils-devel libgcrypt-devel" did not complete successfully: exit code: 1
Looks like your wazuh local repo have no internet connection to do "yum install".
If I understood it right, it's suppose your local wazuh repo must have internet connection.
And your wazuh-manager(without internet connection, for example) will use this local repo for updating your agents.
вторник, 27 июня 2023 г. в 15:51:09 UTC+6, Tuaans Anh:
Reply all
Reply to author
Forward
0 new messages