Installing a custom WPK package

1. Install the root CA into the agent

Either the root CA certificate or the certificate used to sign the WPK package must be installed in the agent before running an upgrade.

You have two options to perform this action:

  1. Overwrite the shipped root CA with your certificate. This will prevent your agent from upgrading using WPK packages from Wazuh.

# cp /path/to/certificate etc/wpk_root.pem

  1. Add a new certificate by editing the ossec.conf file:

<agent-upgrade>
    <ca_verification>
        <enabled>yes</enabled>
        <ca_store>/var/ossec/etc/wpk_root.pem</ca_store>
        <ca_store>/path/to/certificate</ca_store>
    </ca_verification>
</agent-upgrade>

2. Run the upgrade

Run the WPK package from the ThreatLockDown manager:

# /var/ossec/bin/agent_upgrade -a 001 -f path/to/myagent.wpk -x upgrade.sh
Where:

  • -a 001 specifies the agent to upgrade.

  • -f path/to/myagent.wpk designates the path to the WPK package.

  • -x upgrade.sh is the name of the upgrading script contained in the package.

Note

To upgrade a Windows agent, you must use upgrade.bat instead of upgrade.sh.

Output example:

Upgrading...

Upgraded agents:
    Agent 001 upgraded: ThreatLockDown v4.2.7 -> ThreatLockDown v4.9.0