diff --git a/.goss.yaml b/.goss.yaml
index df044975..16655717 100644
--- a/.goss.yaml
+++ b/.goss.yaml
@@ -16,22 +16,22 @@ file:
/var/ossec/etc/lists/audit-keys:
exists: true
mode: "0660"
- owner: ossec
- group: ossec
+ owner: wazuh
+ group: wazuh
filetype: file
contains: []
/var/ossec/etc/ossec.conf:
exists: true
mode: "0660"
owner: root
- group: ossec
+ group: wazuh
filetype: file
contains: []
/var/ossec/etc/rules/local_rules.xml:
exists: true
mode: "0660"
- owner: ossec
- group: ossec
+ owner: wazuh
+ group: wazuh
filetype: file
contains: []
/var/ossec/etc/sslmanager.cert:
@@ -56,7 +56,7 @@ package:
wazuh-manager:
installed: true
versions:
- - 4.1.5
+ - 4.3.0
port:
tcp:1514:
listening: true
@@ -71,26 +71,26 @@ port:
ip:
- 0.0.0.0
user:
- ossec:
+ wazuh:
exists: true
groups:
- - ossec
+ - wazuh
home: /var/ossec
shell: /sbin/nologin
- ossecm:
+ wazuh:
exists: true
groups:
- - ossec
+ - wazuh
home: /var/ossec
shell: /sbin/nologin
- ossecr:
+ wazuh:
exists: true
groups:
- - ossec
+ - wazuh
home: /var/ossec
shell: /sbin/nologin
group:
- ossec:
+ wazuh:
exists: true
process:
filebeat:
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 040de54b..d3ba4d9f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,15 @@
# Change Log
All notable changes to this project will be documented in this file.
+## Wazuh Docker v4.3.0
+### Added
+
+- Update Wazuh to version [4.3.0](https://github.com/wazuh/wazuh/blob/v4.3.0/CHANGELOG.md#v430)
+
+## Wazuh Docker v4.2.0
+### Added
+
+- Update Wazuh to version [4.2.0](https://github.com/wazuh/wazuh/blob/v4.2.0/CHANGELOG.md#v420)
## Wazuh Docker v4.1.5
### Added
diff --git a/README.md b/README.md
index 1d8d45dc..15ba59f5 100644
--- a/README.md
+++ b/README.md
@@ -155,6 +155,10 @@ ADMIN_PRIVILEGES=true # App privileges
| Wazuh version | ODFE | XPACK |
|---------------|---------|--------|
+| v4.3.0 | 1.12.0 | 7.10.2 |
+|---------------|---------|--------|
+| v4.2.0 | 1.12.0 | 7.10.2 |
+|---------------|---------|--------|
| v4.1.4 | 1.12.0 | 7.10.2 |
|---------------|---------|--------|
| v4.1.3 | 1.12.0 | 7.10.2 |
diff --git a/VERSION b/VERSION
index 2b1e35cf..5fedc35e 100644
--- a/VERSION
+++ b/VERSION
@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.1.5"
-REVISION="40114"
+WAZUH-DOCKER_VERSION="4.3.0"
+REVISION="43100"
diff --git a/docker-compose.yml b/docker-compose.yml
index 53d919a1..35e682f4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,7 +3,7 @@ version: '3.7'
services:
wazuh:
- image: wazuh/wazuh-odfe:4.1.5
+ image: wazuh/wazuh-odfe:4.3.0
hostname: wazuh-manager
restart: always
ports:
@@ -50,7 +50,7 @@ services:
hard: 65536
kibana:
- image: wazuh/wazuh-kibana-odfe:4.1.5
+ image: wazuh/wazuh-kibana-odfe:4.3.0
hostname: kibana
restart: always
ports:
diff --git a/kibana-odfe/Dockerfile b/kibana-odfe/Dockerfile
index 00ee8bba..347a0c38 100644
--- a/kibana-odfe/Dockerfile
+++ b/kibana-odfe/Dockerfile
@@ -2,7 +2,7 @@
FROM amazon/opendistro-for-elasticsearch-kibana:1.12.0
USER kibana
ARG ELASTIC_VERSION=7.10.0
-ARG WAZUH_VERSION=4.1.5
+ARG WAZUH_VERSION=4.3.0
ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
WORKDIR /usr/share/kibana
diff --git a/kibana/Dockerfile b/kibana/Dockerfile
index 144afb91..d98443ae 100644
--- a/kibana/Dockerfile
+++ b/kibana/Dockerfile
@@ -2,7 +2,7 @@
FROM docker.elastic.co/kibana/kibana:7.10.2
USER kibana
ARG ELASTIC_VERSION=7.10.2
-ARG WAZUH_VERSION=4.1.5
+ARG WAZUH_VERSION=4.3.0
ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
WORKDIR /usr/share/kibana
diff --git a/production-cluster.yml b/production-cluster.yml
index 803ebfb0..af9d35c6 100644
--- a/production-cluster.yml
+++ b/production-cluster.yml
@@ -3,7 +3,7 @@ version: '3.7'
services:
wazuh-master:
- image: wazuh/wazuh-odfe:4.1.5
+ image: wazuh/wazuh-odfe:4.3.0
hostname: wazuh-master
restart: always
ports:
@@ -38,7 +38,7 @@ services:
- ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
wazuh-worker:
- image: wazuh/wazuh-odfe:4.1.5
+ image: wazuh/wazuh-odfe:4.3.0
hostname: wazuh-worker
restart: always
environment:
@@ -132,7 +132,7 @@ services:
- ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
kibana:
- image: wazuh/wazuh-kibana-odfe:4.1.5
+ image: wazuh/wazuh-kibana-odfe:4.3.0
hostname: kibana
restart: always
ports:
diff --git a/production_cluster/wazuh_cluster/wazuh_manager.conf b/production_cluster/wazuh_cluster/wazuh_manager.conf
index 740321bb..e877e6e5 100644
--- a/production_cluster/wazuh_cluster/wazuh_manager.conf
+++ b/production_cluster/wazuh_cluster/wazuh_manager.conf
@@ -6,7 +6,7 @@
no
no
smtp.example.wazuh.com
- ossecm@example.wazuh.com
+ wazuh@example.wazuh.com
recipient@example.wazuh.com
12
alerts.log
@@ -94,7 +94,7 @@
6h
yes
-
+
no
trusty
@@ -104,7 +104,7 @@
1h
-
+
no
stretch
@@ -112,7 +112,7 @@
1h
-
+
no
5
@@ -307,7 +307,7 @@
etc/rules
-
+
no
1515
@@ -346,4 +346,4 @@
syslog
/var/ossec/logs/active-responses.log
-
+
diff --git a/production_cluster/wazuh_cluster/wazuh_worker.conf b/production_cluster/wazuh_cluster/wazuh_worker.conf
index 59462183..0d66b453 100644
--- a/production_cluster/wazuh_cluster/wazuh_worker.conf
+++ b/production_cluster/wazuh_cluster/wazuh_worker.conf
@@ -6,7 +6,7 @@
no
no
smtp.example.wazuh.com
- ossecm@example.wazuh.com
+ wazuh@example.wazuh.com
recipient@example.wazuh.com
12
alerts.log
@@ -94,7 +94,7 @@
6h
yes
-
+
no
trusty
@@ -104,7 +104,7 @@
1h
-
+
no
stretch
@@ -112,7 +112,7 @@
1h
-
+
no
5
@@ -307,7 +307,7 @@
etc/rules
-
+
no
1515
@@ -346,4 +346,4 @@
syslog
/var/ossec/logs/active-responses.log
-
+
diff --git a/wazuh-odfe/Dockerfile b/wazuh-odfe/Dockerfile
index 1b18e3d3..dd461073 100644
--- a/wazuh-odfe/Dockerfile
+++ b/wazuh-odfe/Dockerfile
@@ -3,7 +3,7 @@ FROM centos:7
ARG FILEBEAT_CHANNEL=filebeat-oss
ARG FILEBEAT_VERSION=7.10.0
-ARG WAZUH_VERSION=4.1.5-1
+ARG WAZUH_VERSION=4.3.0-1
ARG TEMPLATE_VERSION="master"
ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"
@@ -39,7 +39,7 @@ ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/e
RUN chmod go-w /etc/filebeat/wazuh-template.json
COPY config/etc/ /etc/
-COPY --chown=root:ossec config/create_user.py /var/ossec/framework/scripts/create_user.py
+COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py
# Prepare permanent data
# Sync calls are due to https://github.com/docker/docker/issues/9547
diff --git a/wazuh-odfe/config/etc/cont-init.d/0-wazuh-init b/wazuh-odfe/config/etc/cont-init.d/0-wazuh-init
index 1973f85a..b45dced5 100644
--- a/wazuh-odfe/config/etc/cont-init.d/0-wazuh-init
+++ b/wazuh-odfe/config/etc/cont-init.d/0-wazuh-init
@@ -94,7 +94,7 @@ remove_data_files() {
##############################################################################
create_ossec_key_cert() {
- print "Creating ossec-authd key and cert"
+ print "Creating wazuh-authd key and cert"
exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096"
exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/"
}
@@ -161,7 +161,7 @@ main() {
# Remove some files in permanent_data (i.e. .template.db)
remove_data_files
- # Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
+ # Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
if [ $AUTO_ENROLLMENT_ENABLED == true ]
then
if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]
diff --git a/wazuh-odfe/config/etc/cont-init.d/2-manager b/wazuh-odfe/config/etc/cont-init.d/2-manager
index e5956cb5..9e70ace9 100644
--- a/wazuh-odfe/config/etc/cont-init.d/2-manager
+++ b/wazuh-odfe/config/etc/cont-init.d/2-manager
@@ -36,11 +36,11 @@ function_wazuh_migration(){
fi
\cp -f /wazuh-migration/data/etc/ossec.conf /var/ossec/etc/ossec.conf
- chown root:ossec /var/ossec/etc/ossec.conf
+ chown root:wazuh /var/ossec/etc/ossec.conf
chmod 640 /var/ossec/etc/ossec.conf
\cp -f /wazuh-migration/data/etc/client.keys /var/ossec/etc/client.keys
- chown ossec:ossec /var/ossec/etc/client.keys
+ chown wazuh:wazuh /var/ossec/etc/client.keys
chmod 640 /var/ossec/etc/client.keys
\cp -f /wazuh-migration/data/etc/sslmanager.cert /var/ossec/etc/sslmanager.cert
@@ -49,25 +49,25 @@ function_wazuh_migration(){
chmod 640 /var/ossec/etc/sslmanager.cert /var/ossec/etc/sslmanager.key
\cp -f /wazuh-migration/data/etc/shared/default/agent.conf /var/ossec/etc/shared/default/agent.conf
- chown ossec:ossec /var/ossec/etc/shared/default/agent.conf
+ chown wazuh:wazuh /var/ossec/etc/shared/default/agent.conf
chmod 660 /var/ossec/etc/shared/default/agent.conf
\cp -f /wazuh-migration/data/etc/decoders/* /var/ossec/etc/decoders/
- chown ossec:ossec /var/ossec/etc/decoders/*
+ chown wazuh:wazuh /var/ossec/etc/decoders/*
chmod 660 /var/ossec/etc/decoders/*
\cp -f /wazuh-migration/data/etc/rules/* /var/ossec/etc/rules/
- chown ossec:ossec /var/ossec/etc/rules/*
+ chown wazuh:wazuh /var/ossec/etc/rules/*
chmod 660 /var/ossec/etc/rules/*
if [ -e /wazuh-migration/data/agentless/.passlist ]; then
\cp -f /wazuh-migration/data/agentless/.passlist /var/ossec/agentless/.passlist
- chown root:ossec /var/ossec/agentless/.passlist
+ chown root:wazuh /var/ossec/agentless/.passlist
chmod 640 /var/ossec/agentless/.passlist
fi
\cp -f /wazuh-migration/global.db /var/ossec/queue/db/global.db
- chown ossec:ossec /var/ossec/queue/db/global.db
+ chown wazuh:wazuh /var/ossec/queue/db/global.db
chmod 640 /var/ossec/queue/db/global.db
# mark volume as migrated
@@ -123,4 +123,4 @@ function_create_custom_user
function_entrypoint_scripts
# Start Wazuh
-/var/ossec/bin/ossec-control start
+/var/ossec/bin/wazuh-control start
diff --git a/xpack-compose.yml b/xpack-compose.yml
index 938c89d7..f741a7ce 100644
--- a/xpack-compose.yml
+++ b/xpack-compose.yml
@@ -3,7 +3,7 @@ version: '3.7'
services:
wazuh:
- image: wazuh/wazuh:4.1.5
+ image: wazuh/wazuh:4.3.0
hostname: wazuh-manager
restart: always
ports:
@@ -146,7 +146,7 @@ services:
kibana:
- image: wazuh/wazuh-kibana:4.1.5
+ image: wazuh/wazuh-kibana:4.3.0
hostname: kibana
restart: always
ports:
diff --git a/xpack-from-sources.yml b/xpack-from-sources.yml
index 68ffab3e..33074e5d 100644
--- a/xpack-from-sources.yml
+++ b/xpack-from-sources.yml
@@ -8,7 +8,7 @@ services:
args:
- FILEBEAT_CHANNEL=filebeat
- FILEBEAT_VERSION=7.10.2
- image: wazuh/wazuh:4.1.5
+ image: wazuh/wazuh:4.3.0
hostname: wazuh-manager
restart: always
ports:
@@ -152,7 +152,7 @@ services:
kibana:
build: kibana/
- image: wazuh/wazuh-kibana:4.1.5
+ image: wazuh/wazuh-kibana:4.3.0
hostname: kibana
restart: always
ports: