< All Topics

Wazuh Upgrade Automation Script

PostedMay 30, 2025
UpdatedSeptember 25, 2025
Byotto.lukacs

This is a shell script I created based on Wazuh’s official Central Components Upgrade Guide to simplify the upgrade process.

The script upgrades the server components to the latest 4.12.0 version.


Tested on Ubuntu 24.04.2 LTS.


Important: Run the script only if you have a backup and a way to restore it.

If you are upgrading from version 4.7.x or earlier, please note that the script does not include commands that need to be for update from Wazuh version 4.7.x or earlier.

Code for upgrade


#!/bin/bash

set -e
trap ‘echo -e “\033[0;31m[ERROR] The script failed at line $LINENO\033[0m”‘ ERR

# Color settings
GREEN=’\033[0;32m’
NC=’\033[0m’ # No Color

# Parameter check
if [ $# -ne 3 ]; then
echo -e “${GREEN}Usage: $0 <WAZUH_INDEXER_IP_ADDRESS> <USERNAME> <PASSWORD>${NC}”
exit 1
fi

WAZUH_INDEXER_IP_ADDRESS=$1
USERNAME=$2
PASSWORD=$3

# Check for root privileges
if [ “$(id -u)” -ne 0 ]; then
echo -e “${GREEN}This script must be run as root (e.g., with sudo).${NC}”
exit 1
fi

# Execute commands
echo -e “${GREEN}1/24 Install missing packages${NC}”
apt-get install -y gnupg apt-transport-https

echo -e “${GREEN}2/24 Install the GPG key${NC}”
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg –no-default-keyring –keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg –import && chmod 644 /usr/share/keyrings/wazuh.gpg

echo -e “${GREEN}3/24 Add the repository${NC}”
echo “deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main” | tee -a /etc/apt/sources.list.d/wazuh.list

echo -e “${GREEN}4/24 Update the packages information${NC}”
apt-get update

echo -e “${GREEN}5/24 Stop the Filebeat and Wazuh dashboard services${NC}”
systemctl stop filebeat
systemctl stop wazuh-dashboard

echo -e “${GREEN}6/24 Disable shard replication${NC}”
curl -X PUT “https://${WAZUH_INDEXER_IP_ADDRESS}:9200/_cluster/settings” \
-u ${USERNAME}:${PASSWORD} -k -H “Content-Type: application/json” -d ‘
{
“persistent”: {
“cluster.routing.allocation.enable”: “primaries”
}
}’

echo -e “${GREEN}7/24 Perform a flush operation${NC}”
curl -X POST “https://${WAZUH_INDEXER_IP_ADDRESS}:9200/_flush” -u ${USERNAME}:${PASSWORD} -k

echo -e “${GREEN}8/24 Stop Wazuh manager and indexer${NC}”
systemctl stop wazuh-manager
systemctl stop wazuh-indexer

echo -e “${GREEN}9/24 Upgrade the Wazuh indexer${NC}”
apt-get install -y wazuh-indexer

echo -e “${GREEN}10/24 Restart the Wazuh indexer service${NC}”
systemctl daemon-reload
systemctl enable wazuh-indexer
systemctl start wazuh-indexer

echo -e “${GREEN}11/24 Check the newly upgraded Wazuh indexer${NC}”
curl -k -u ${USERNAME}:${PASSWORD} https://${WAZUH_INDEXER_IP_ADDRESS}:9200/_cat/nodes?v

echo -e “${GREEN}12/24 Re-enable shard allocation${NC}”
curl -X PUT “https://${WAZUH_INDEXER_IP_ADDRESS}:9200/_cluster/settings” \
-u ${USERNAME}:${PASSWORD} -k -H “Content-Type: application/json” -d ‘
{
“persistent”: {
“cluster.routing.allocation.enable”: “all”
}
}’

echo -e “${GREEN}13/24 Check Wazuh indexer status after enabling shard allocation${NC}”
curl -k -u ${USERNAME}:${PASSWORD} https://${WAZUH_INDEXER_IP_ADDRESS}:9200/_cat/nodes?v

echo -e “${GREEN}14/24 Start Wazuh manager service${NC}”
systemctl start wazuh-manager

echo -e “${GREEN}15/24 Upgrade Wazuh manager service${NC}”
apt-get install -y wazuh-manager

echo -e “${GREEN}16/24 Download the Wazuh module for Filebeat${NC}”
curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module

echo -e “${GREEN}17/24 Download the alerts template${NC}”
curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/v4.12.0/extensions/elasticsearch/7.x/wazuh-template.json
chmod go+r /etc/filebeat/wazuh-template.json

echo -e “${GREEN}18/24 Restart Filebeat${NC}”
systemctl daemon-reload
systemctl enable filebeat
systemctl start filebeat

echo -e “${GREEN}19/24 Upload the new Wazuh template and pipelines for Filebeat${NC}”
filebeat setup –pipelines
filebeat setup –index-management -E output.logstash.enabled=false

echo -e “${GREEN}20/24 Backup dashboard configuration before upgrade${NC}”
cp /etc/wazuh-dashboard/opensearch_dashboards.yml /etc/wazuh-dashboard/opensearch_dashboards.yml.old

echo -e “${GREEN}21/24 Upgrade the Wazuh dashboard${NC}”
apt-get install -y wazuh-dashboard

echo -e “${GREEN}22/24 Restart the Wazuh dashboard${NC}”
systemctl daemon-reload
systemctl enable wazuh-dashboard
systemctl start wazuh-dashboard

echo -e “${GREEN}23/24 Verify the versions${NC}”
apt list –installed wazuh-indexer
apt list –installed wazuh-manager
apt list –installed wazuh-dashboard

echo -e “${GREEN}24/24 Check the services status${NC}”
systemctl status wazuh-indexer –no-pager
systemctl status wazuh-manager –no-pager
systemctl status wazuh-dashboard –no-pager
systemctl status filebeat –no-pager

Usage

Give execution permission to the script 

chmod +x upgrade_wazuh.sh

Run like this: 

sudo ./upgrade_wazuh.sh <WAZUH_INDEXER_IP_ADDRESS> <USERNAME> <PASSWORD>
Table of Contents