Patch Management
1,014 views
Skip to first unread message
uzair afendi
Apr 23, 2020, 4:02:47 AM4/23/20
to Wazuh mailing list
hello everyone,
my question is there any way to do a patch management in Wazuh?
Miguel Angel Abarca Caballero
Apr 23, 2020, 2:21:41 PM4/23/20
to Wazuh mailing list
Hello Uzair,
Will upgrade the selected agent
There are more ways of using agent_upgrade -> https://documentation.wazuh.com/3.12/user-manual/agents/remote-upgrading/upgrading-agent.html and https://documentation.wazuh.com/3.12/user-manual/reference/tools/agent_upgrade.html
Also, keep in mind that in case of having a multi-node Wazuh cluster, agent_upgrade must be executed on the node where the agent is connected.
- Using the Wazuh API either from Dev Tools in Wazuh APP in Kibana or either using the Wazuh RESTful API by CLI:
In these examples, I am using Wazuh API through CLI. (You will need to change foo:bar for your credentials in case you changed them)
This will list all outdated agents
This will upgrade the agent with ID = 002
This will check the upgrade result
And this will show you the status of the recently upgraded agent (just in case you want to ensure it has been properly upgraded
More info: https://documentation.wazuh.com/3.12/user-manual/agents/remote-upgrading/upgrading-agent.html
For these two ways of upgrading agents you are limited to upgrade agent by agent. This can be easily solved and automated by a simple script or automation
- Another way of upgrading agents is by upgrading using a package management software or upgrade using a package installation in the agent host. You can automate this process by using a software configuration management tool like Puppet for Linux or SCCM for Windows.
Now, if you are referring if there is a way to update Wazuh manager on a managed way you will either need to upgrade it using a package management software (like YUM in Centos) or using a package installation: https://documentation.wazuh.com/3.12/upgrade-guide/upgrading/index.html
List of Wazuh packages: https://documentation.wazuh.com/3.12/installation-guide/packages-list/index.html
And finally, if you are referring to a way of doing patch (code/product patching) you can visit our Wazuh GitHub project https://github.com/wazuh/wazuh and feel free to help by creating any kind of issues, pull requests and sharing ideas :)
Cheers,
Sorry, what do you exactly mean with patch management?
If you referring to a managed way of doing agent upgrades there are two ways on which Wazuh allows you to do it.
- Using CLI (command line interface) to run the agent_upgrade tool from the Wazuh manager:
Will show you the help menu
Will list the outdated agents along with their ids
If you referring to a managed way of doing agent upgrades there are two ways on which Wazuh allows you to do it.
- Using CLI (command line interface) to run the agent_upgrade tool from the Wazuh manager:
/var/ossec/bin/agent_upgrade -h/var/ossec/bin/agent_upgrade -l/var/ossec/bin/agent_upgrade -a agentIDThere are more ways of using agent_upgrade -> https://documentation.wazuh.com/3.12/user-manual/agents/remote-upgrading/upgrading-agent.html and https://documentation.wazuh.com/3.12/user-manual/reference/tools/agent_upgrade.html
Also, keep in mind that in case of having a multi-node Wazuh cluster, agent_upgrade must be executed on the node where the agent is connected.
- Using the Wazuh API either from Dev Tools in Wazuh APP in Kibana or either using the Wazuh RESTful API by CLI:
In these examples, I am using Wazuh API through CLI. (You will need to change foo:bar for your credentials in case you changed them)
More info: https://documentation.wazuh.com/3.12/user-manual/agents/remote-upgrading/upgrading-agent.html
For these two ways of upgrading agents you are limited to upgrade agent by agent. This can be easily solved and automated by a simple script or automation
- Another way of upgrading agents is by upgrading using a package management software or upgrade using a package installation in the agent host. You can automate this process by using a software configuration management tool like Puppet for Linux or SCCM for Windows.
Now, if you are referring if there is a way to update Wazuh manager on a managed way you will either need to upgrade it using a package management software (like YUM in Centos) or using a package installation: https://documentation.wazuh.com/3.12/upgrade-guide/upgrading/index.html
List of Wazuh packages: https://documentation.wazuh.com/3.12/installation-guide/packages-list/index.html
And finally, if you are referring to a way of doing patch (code/product patching) you can visit our Wazuh GitHub project https://github.com/wazuh/wazuh and feel free to help by creating any kind of issues, pull requests and sharing ideas :)
Cheers,
Miguel Ángel Abarca
uzair afendi
Apr 23, 2020, 3:46:56 PM4/23/20
to Miguel Angel Abarca Caballero, Wazuh mailing list
Yes i am referring patch(code/product patching) .Is there any way to do patch management in wazuh bcoz i want to do this in my enivornment
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/35d5b237-eb4d-4ca8-b114-2750c432fb6f%40googlegroups.com.
Miguel Angel Abarca Caballero
Apr 30, 2020, 2:42:36 PM4/30/20
to Wazuh mailing list
Hello again Uzair,
Wazuh is a final opensource product that is not made to do patching management.
I recommend you to use GitHub for these purposes. You could make your own fork of Wazuh project: https://github.com/wazuh/wazuh and start using GitHub to manage your patching process.
I recommend you to use GitHub for these purposes. You could make your own fork of Wazuh project: https://github.com/wazuh/wazuh and start using GitHub to manage your patching process.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages