Merge pull request #467 from wazuh/4.3

Merge 4.3 in master

.goss.yaml

@@ -16,22 +16,22 @@ file:
   /var/ossec/etc/lists/audit-keys:
     exists: true
     mode: "0660"
-    owner: ossec
-    group: ossec
+    owner: wazuh
+    group: wazuh
     filetype: file
     contains: []
   /var/ossec/etc/ossec.conf:
     exists: true
     mode: "0660"
     owner: root
-    group: ossec
+    group: wazuh
     filetype: file
     contains: []
   /var/ossec/etc/rules/local_rules.xml:
     exists: true
     mode: "0660"
-    owner: ossec
-    group: ossec
+    owner: wazuh
+    group: wazuh
     filetype: file
     contains: []
   /var/ossec/etc/sslmanager.cert:
@@ -56,7 +56,7 @@ package:
   wazuh-manager:
     installed: true
     versions:
-    - 4.1.5
+    - 4.3.0
 port:
   tcp:1514:
     listening: true
@@ -71,26 +71,26 @@ port:
     ip:
     - 0.0.0.0
 user:
-  ossec:
+  wazuh:
     exists: true
     groups:
-    - ossec
+    - wazuh
     home: /var/ossec
     shell: /sbin/nologin
-  ossecm:
+  wazuh:
     exists: true
     groups:
-    - ossec
+    - wazuh
     home: /var/ossec
     shell: /sbin/nologin
-  ossecr:
+  wazuh:
     exists: true
     groups:
-    - ossec
+    - wazuh
     home: /var/ossec
     shell: /sbin/nologin
 group:
-  ossec:
+  wazuh:
     exists: true
 process:
   filebeat:

CHANGELOG.md

@@ -1,6 +1,15 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## Wazuh Docker v4.3.0
+### Added
+
+- Update Wazuh to version [4.3.0](https://github.com/wazuh/wazuh/blob/v4.3.0/CHANGELOG.md#v430)
+
+## Wazuh Docker v4.2.0
+### Added
+
+- Update Wazuh to version [4.2.0](https://github.com/wazuh/wazuh/blob/v4.2.0/CHANGELOG.md#v420)
 ## Wazuh Docker v4.1.5
 ### Added
 

README.md

@@ -155,6 +155,10 @@ ADMIN_PRIVILEGES=true               # App privileges
 
 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
+| v4.3.0        | 1.12.0  | 7.10.2 |
+|---------------|---------|--------|
+| v4.2.0        | 1.12.0  | 7.10.2 |
+|---------------|---------|--------|
 | v4.1.4        | 1.12.0  | 7.10.2 |
 |---------------|---------|--------|
 | v4.1.3        | 1.12.0  | 7.10.2 |

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.1.5"
-REVISION="40114"
+WAZUH-DOCKER_VERSION="4.3.0"
+REVISION="43100"

docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh:
-    image: wazuh/wazuh-odfe:4.1.5
+    image: wazuh/wazuh-odfe:4.3.0
     hostname: wazuh-manager
     restart: always
     ports:
@@ -50,7 +50,7 @@ services:
         hard: 65536
 
   kibana:
-    image: wazuh/wazuh-kibana-odfe:4.1.5
+    image: wazuh/wazuh-kibana-odfe:4.3.0
     hostname: kibana
     restart: always
     ports:

kibana-odfe/Dockerfile

@@ -2,7 +2,7 @@
 FROM amazon/opendistro-for-elasticsearch-kibana:1.12.0
 USER kibana
 ARG ELASTIC_VERSION=7.10.0
-ARG WAZUH_VERSION=4.1.5
+ARG WAZUH_VERSION=4.3.0
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
 
 WORKDIR /usr/share/kibana

kibana/Dockerfile

@@ -2,7 +2,7 @@
 FROM docker.elastic.co/kibana/kibana:7.10.2
 USER kibana
 ARG ELASTIC_VERSION=7.10.2
-ARG WAZUH_VERSION=4.1.5
+ARG WAZUH_VERSION=4.3.0
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
 
 WORKDIR /usr/share/kibana

production-cluster.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh-master:
-    image: wazuh/wazuh-odfe:4.1.5
+    image: wazuh/wazuh-odfe:4.3.0
     hostname: wazuh-master
     restart: always
     ports:
@@ -38,7 +38,7 @@ services:
       - ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh-worker:
-    image: wazuh/wazuh-odfe:4.1.5
+    image: wazuh/wazuh-odfe:4.3.0
     hostname: wazuh-worker
     restart: always
     environment:
@@ -132,7 +132,7 @@ services:
       - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
 
   kibana:
-    image: wazuh/wazuh-kibana-odfe:4.1.5
+    image: wazuh/wazuh-kibana-odfe:4.3.0
     hostname: kibana
     restart: always
     ports:

production_cluster/wazuh_cluster/wazuh_manager.conf

@@ -6,7 +6,7 @@
     <logall_json>no</logall_json>
     <email_notification>no</email_notification>
     <smtp_server>smtp.example.wazuh.com</smtp_server>
-    <email_from>ossecm@example.wazuh.com</email_from>
+    <email_from>wazuh@example.wazuh.com</email_from>
     <email_to>recipient@example.wazuh.com</email_to>
     <email_maxperhour>12</email_maxperhour>
     <email_log_source>alerts.log</email_log_source>
@@ -94,7 +94,7 @@
     <ignore_time>6h</ignore_time>
     <run_on_start>yes</run_on_start>
 
-    <!-- Ubuntu OS vulnerabilities --> 
+    <!-- Ubuntu OS vulnerabilities -->
     <provider name="canonical">
       <enabled>no</enabled>
       <os>trusty</os>
@@ -104,7 +104,7 @@
       <update_interval>1h</update_interval>
     </provider>
 
-    <!-- Debian OS vulnerabilities -->  
+    <!-- Debian OS vulnerabilities -->
     <provider name="debian">
       <enabled>no</enabled>
       <os>stretch</os>
@@ -112,7 +112,7 @@
       <update_interval>1h</update_interval>
     </provider>
 
-    <!-- RedHat OS vulnerabilities -->  
+    <!-- RedHat OS vulnerabilities -->
     <provider name="redhat">
       <enabled>no</enabled>
       <os>5</os>
@@ -307,7 +307,7 @@
     <rule_dir>etc/rules</rule_dir>
   </ruleset>
 
-  <!-- Configuration for ossec-authd -->
+  <!-- Configuration for wazuh-authd -->
   <auth>
     <disabled>no</disabled>
     <port>1515</port>
@@ -346,4 +346,4 @@
     <log_format>syslog</log_format>
     <location>/var/ossec/logs/active-responses.log</location>
   </localfile>
-</ossec_config> 
+</ossec_config>

production_cluster/wazuh_cluster/wazuh_worker.conf

@@ -6,7 +6,7 @@
     <logall_json>no</logall_json>
     <email_notification>no</email_notification>
     <smtp_server>smtp.example.wazuh.com</smtp_server>
-    <email_from>ossecm@example.wazuh.com</email_from>
+    <email_from>wazuh@example.wazuh.com</email_from>
     <email_to>recipient@example.wazuh.com</email_to>
     <email_maxperhour>12</email_maxperhour>
     <email_log_source>alerts.log</email_log_source>
@@ -94,7 +94,7 @@
     <ignore_time>6h</ignore_time>
     <run_on_start>yes</run_on_start>
 
-    <!-- Ubuntu OS vulnerabilities --> 
+    <!-- Ubuntu OS vulnerabilities -->
     <provider name="canonical">
       <enabled>no</enabled>
       <os>trusty</os>
@@ -104,7 +104,7 @@
       <update_interval>1h</update_interval>
     </provider>
 
-    <!-- Debian OS vulnerabilities -->  
+    <!-- Debian OS vulnerabilities -->
     <provider name="debian">
       <enabled>no</enabled>
       <os>stretch</os>
@@ -112,7 +112,7 @@
       <update_interval>1h</update_interval>
     </provider>
 
-    <!-- RedHat OS vulnerabilities -->  
+    <!-- RedHat OS vulnerabilities -->
     <provider name="redhat">
       <enabled>no</enabled>
       <os>5</os>
@@ -307,7 +307,7 @@
     <rule_dir>etc/rules</rule_dir>
   </ruleset>
 
-  <!-- Configuration for ossec-authd -->
+  <!-- Configuration for wazuh-authd -->
   <auth>
     <disabled>no</disabled>
     <port>1515</port>
@@ -346,4 +346,4 @@
     <log_format>syslog</log_format>
     <location>/var/ossec/logs/active-responses.log</location>
   </localfile>
-</ossec_config> 
+</ossec_config>

wazuh-odfe/Dockerfile

@@ -3,7 +3,7 @@ FROM centos:7
 
 ARG FILEBEAT_CHANNEL=filebeat-oss
 ARG FILEBEAT_VERSION=7.10.0
-ARG WAZUH_VERSION=4.1.5-1
+ARG WAZUH_VERSION=4.3.0-1
 ARG TEMPLATE_VERSION="master"
 ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"
 
@@ -39,7 +39,7 @@ ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/e
 RUN chmod go-w /etc/filebeat/wazuh-template.json
 
 COPY config/etc/ /etc/
-COPY --chown=root:ossec config/create_user.py /var/ossec/framework/scripts/create_user.py
+COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py
 
 # Prepare permanent data
 # Sync calls are due to https://github.com/docker/docker/issues/9547

wazuh-odfe/config/etc/cont-init.d/0-wazuh-init

@@ -94,7 +94,7 @@ remove_data_files() {
 ##############################################################################
 
 create_ossec_key_cert() {
-  print "Creating ossec-authd key and cert"
+  print "Creating wazuh-authd key and cert"
   exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096"
   exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/"
 }
@@ -161,7 +161,7 @@ main() {
   # Remove some files in permanent_data (i.e. .template.db)
   remove_data_files
 
-  # Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
+  # Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
   if [ $AUTO_ENROLLMENT_ENABLED == true ]
   then
     if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]

wazuh-odfe/config/etc/cont-init.d/2-manager

@@ -36,11 +36,11 @@ function_wazuh_migration(){
       fi
 
       \cp -f /wazuh-migration/data/etc/ossec.conf /var/ossec/etc/ossec.conf
-      chown root:ossec /var/ossec/etc/ossec.conf
+      chown root:wazuh /var/ossec/etc/ossec.conf
       chmod 640 /var/ossec/etc/ossec.conf
 
       \cp -f /wazuh-migration/data/etc/client.keys /var/ossec/etc/client.keys
-      chown ossec:ossec /var/ossec/etc/client.keys
+      chown wazuh:wazuh /var/ossec/etc/client.keys
       chmod 640 /var/ossec/etc/client.keys
 
       \cp -f /wazuh-migration/data/etc/sslmanager.cert /var/ossec/etc/sslmanager.cert
@@ -49,25 +49,25 @@ function_wazuh_migration(){
       chmod 640 /var/ossec/etc/sslmanager.cert /var/ossec/etc/sslmanager.key
 
       \cp -f /wazuh-migration/data/etc/shared/default/agent.conf /var/ossec/etc/shared/default/agent.conf
-      chown ossec:ossec /var/ossec/etc/shared/default/agent.conf
+      chown wazuh:wazuh /var/ossec/etc/shared/default/agent.conf
       chmod 660 /var/ossec/etc/shared/default/agent.conf
 
       \cp -f /wazuh-migration/data/etc/decoders/* /var/ossec/etc/decoders/
-      chown ossec:ossec /var/ossec/etc/decoders/*
+      chown wazuh:wazuh /var/ossec/etc/decoders/*
       chmod 660 /var/ossec/etc/decoders/*
 
       \cp -f /wazuh-migration/data/etc/rules/* /var/ossec/etc/rules/
-      chown ossec:ossec /var/ossec/etc/rules/*
+      chown wazuh:wazuh /var/ossec/etc/rules/*
       chmod 660 /var/ossec/etc/rules/*
 
       if [ -e /wazuh-migration/data/agentless/.passlist ]; then
         \cp -f /wazuh-migration/data/agentless/.passlist /var/ossec/agentless/.passlist
-        chown root:ossec /var/ossec/agentless/.passlist
+        chown root:wazuh /var/ossec/agentless/.passlist
         chmod 640 /var/ossec/agentless/.passlist
       fi
 
       \cp -f /wazuh-migration/global.db /var/ossec/queue/db/global.db
-      chown ossec:ossec /var/ossec/queue/db/global.db
+      chown wazuh:wazuh /var/ossec/queue/db/global.db
       chmod 640 /var/ossec/queue/db/global.db
 
       # mark volume as migrated
@@ -123,4 +123,4 @@ function_create_custom_user
 function_entrypoint_scripts
 
 # Start Wazuh
-/var/ossec/bin/ossec-control start
+/var/ossec/bin/wazuh-control start

xpack-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh:
-    image: wazuh/wazuh:4.1.5
+    image: wazuh/wazuh:4.3.0
     hostname: wazuh-manager
     restart: always
     ports:
@@ -146,7 +146,7 @@ services:
 
 
   kibana:
-    image: wazuh/wazuh-kibana:4.1.5
+    image: wazuh/wazuh-kibana:4.3.0
     hostname: kibana
     restart: always
     ports:

xpack-from-sources.yml

@@ -8,7 +8,7 @@ services:
       args:
         - FILEBEAT_CHANNEL=filebeat
         - FILEBEAT_VERSION=7.10.2
-    image: wazuh/wazuh:4.1.5
+    image: wazuh/wazuh:4.3.0
     hostname: wazuh-manager
     restart: always
     ports:
@@ -152,7 +152,7 @@ services:
 
   kibana:
     build: kibana/
-    image: wazuh/wazuh-kibana:4.1.5
+    image: wazuh/wazuh-kibana:4.3.0
     hostname: kibana
     restart: always
     ports: