bump develope to 4.3.1

.github/.goss.yaml

@@ -56,7 +56,7 @@ package:
   wazuh-manager:
     installed: true
     versions:
-    - 4.3.0
+    - 4.3.1
 port:
   tcp:1514:
     listening: true

.github/workflows/push.yml

@@ -25,7 +25,7 @@ jobs:
         version: v0.3.16
 
     - name: Execute Goss tests (wazuh-odfe)
-      run: dgoss run wazuh/wazuh-manager:4.3.0
+      run: dgoss run wazuh/wazuh-manager:4.3.1
       env:
         GOSS_SLEEP: 30
         GOSS_FILE: .github/.goss.yaml

.gitignore

@@ -0,0 +1,4 @@
+single-node/config/wazuh_indexer_ssl_certs/*.pem
+single-node/config/wazuh_indexer_ssl_certs/*.key
+multi-node/config/wazuh_indexer_ssl_certs/*.pem
+multi-node/config/wazuh_indexer_ssl_certs/*.key

CHANGELOG.md

@@ -1,6 +1,11 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## Wazuh Docker v4.3.1
+### Added
+
+- Update Wazuh to version [4.3.1](https://github.com/wazuh/wazuh/blob/v4.3.1/CHANGELOG.md#v431)
+
 ## Wazuh Docker v4.3.0
 ### Added
 

README.md

@@ -193,6 +193,7 @@ WAZUH_MONITORING_REPLICAS=0         #
 
 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
+| v4.3.1        |         |        |
 | v4.3.0        |         |        |
 | v4.2.5        | 1.13.2  | 7.11.2 |
 | v4.2.4        | 1.13.2  | 7.11.2 |

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.3.0"
-REVISION="43100"
+WAZUH-DOCKER_VERSION="4.3.1"
+REVISION="40311"

build-docker-images/wazuh-dashboard/Dockerfile

@@ -11,7 +11,7 @@ RUN apt-get update && apt install curl libcap2-bin xz-utils -y
 RUN mkdir -p $INSTALL_DIR
 
 # Download and extract Wazuh dashboard base
-RUN curl -o wazuh-dashboard-base.tar.xz https://packages-dev.wazuh.com/stack/dashboard/base/wazuh-dashboard-base-${WAZUH_VERSION}-linux-x64.tar.xz && \
+RUN curl -o wazuh-dashboard-base.tar.xz https://packages.wazuh.com/stack/dashboard/base/wazuh-dashboard-base-${WAZUH_VERSION}-linux-x64.tar.xz && \
     tar -xf wazuh-dashboard-base.tar.xz --directory  $INSTALL_DIR --strip-components=1
 
 # Generate certificates
@@ -81,6 +81,9 @@ ENV PATTERN="" \
     WAZUH_MONITORING_SHARDS="" \
     WAZUH_MONITORING_REPLICAS=""
 
+# Install dependencies
+RUN apt update && apt install -y libnss3-dev fonts-liberation libfontconfig1
+
 # Create wazuh-dashboard user and group
 RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
 RUN useradd --system \

build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml

@@ -1,5 +1,5 @@
 server.host: 0.0.0.0
-server.port: 443
+server.port: 5601
 opensearch.hosts: https://wazuh.indexer:9200
 opensearch.ssl.verificationMode: none
 opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]

build-docker-images/wazuh-indexer/Dockerfile

@@ -62,7 +62,10 @@ COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tmpfiles.d /usr/li
 RUN mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer && \
     mkdir -p /usr/share/wazuh-indexer/logs && chown 1000:1000 /usr/share/wazuh-indexer/logs && \
     mkdir -p /run/wazuh-indexer && chown 1000:1000 /run/wazuh-indexer && \
-    mkdir -p /var/log/wazuh-indexer && chown 1000:1000 /var/log/wazuh-indexer
+    mkdir -p /var/log/wazuh-indexer && chown 1000:1000 /var/log/wazuh-indexer && \
+    chmod 700 /usr/share/wazuh-indexer/config && \
+    chmod 600 /usr/share/wazuh-indexer/config/jvm.options && \
+    chmod 600 /usr/share/wazuh-indexer/config/opensearch.yml
 
 USER wazuh-indexer
 

build-docker-images/wazuh-indexer/config/config.sh

@@ -22,7 +22,7 @@ export REPO_DIR=/unattended_installer
 
 rm -rf ${INSTALLATION_DIR}/
 
-curl -o ${INDEXER_FILE} https://packages-dev.wazuh.com/stack/indexer/base/${BASE_FILE}
+curl -o ${INDEXER_FILE} https://packages.wazuh.com/stack/indexer/base/${BASE_FILE}
 tar -xf ${INDEXER_FILE}
 
 ## TOOLS

build-docker-images/wazuh-indexer/config/entrypoint.sh

@@ -84,9 +84,10 @@ if [[ "$(id -u)" == "0" ]]; then
 fi
 
 
-if [[ "$DISCOVERY" == "single-node" ]]; then
+if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then
   # run securityadmin.sh for single node with CACERT, CERT and KEY parameter
   nohup /securityadmin.sh &
+  touch "/var/lib/wazuh-indexer/.flag"
 fi
 
 run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD"

build-docker-images/wazuh-manager/Dockerfile

@@ -4,7 +4,7 @@ FROM ubuntu:focal
 RUN rm /bin/sh && ln -s /bin/bash /bin/sh
 
 ARG WAZUH_VERSION
-ARG TEMPLATE_VERSION=4.2
+ARG TEMPLATE_VERSION=4.3
 ARG FILEBEAT_CHANNEL=filebeat-oss
 ARG FILEBEAT_VERSION=7.10.2
 ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"

build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init

@@ -41,12 +41,18 @@ exec_cmd_stdout() {
 
 mount_permanent_data() {
   for permanent_dir in "${PERMANENT_DATA[@]}"; do
+    data_tmp="${WAZUH_INSTALL_PATH}/data_tmp/permanent${permanent_dir}/"
+    print ${data_tmp}
     # Check if the path is not empty
     if find ${permanent_dir} -mindepth 1 | read; then
       print "The path ${permanent_dir} is already mounted"
     else
-      print "Installing ${permanent_dir}"
-      exec_cmd "cp -a ${WAZUH_INSTALL_PATH}/data_tmp/permanent${permanent_dir}/. ${permanent_dir}"
+      if find ${data_tmp} -mindepth 1 | read; then
+        print "Installing ${permanent_dir}"
+        exec_cmd "cp -a ${data_tmp}. ${permanent_dir}"
+      else
+        print "The path ${permanent_dir} is empty, skiped"
+      fi
     fi
   done
 }

indexer-certs-creator/config/entrypoint.sh

@@ -28,7 +28,7 @@ else
   exit 1
 fi
 
-cp /certificates/certs.yml /config.yml
+cp /config/certs.yml /config.yml
 
 chmod 700 /$CERT_TOOL
 

multi-node/Migration-to-Wazuh-4.3.md

@@ -17,7 +17,7 @@ Assuming that you have a v4.2 production deployment, perform the following steps
 **4. Spin down the 4.2 environment.**
 `docker-compose -f production-cluster.yml down`
 
-**Steps 5 and 6 can be done with the volume-migrator.sh script, specifying Docker version and project name as parameters.**
+**Steps 5 and 6 can be done with the volume-migrator.sh script, specifying Docker compose version and project name as parameters.**
 
 Ex: $ multi-node/volume-migrator.sh 1.25.0 multi-node
 

multi-node/config/wazuh_dashboard/opensearch_dashboards.yml

@@ -1,5 +1,5 @@
 server.host: 0.0.0.0
-server.port: 443
+server.port: 5601
 opensearch.hosts: https://wazuh1.indexer:9200
 opensearch.ssl.verificationMode: certificate
 opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]

multi-node/config/wazuh_dashboard/wazuh.yml

@@ -2,6 +2,6 @@ hosts:
   - 1513629884013:
       url: "https://wazuh.master"
       port: 55000
-      username: acme-user
+      username: wazuh-wui
       password: MyS3cr37P450r.*-
       run_as: false

multi-node/docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh.master:
-    image: wazuh/wazuh-manager:4.3.0
+    image: wazuh/wazuh-manager:4.3.1
     hostname: wazuh.master
     restart: always
     ports:
@@ -18,7 +18,7 @@ services:
       - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
       - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
       - SSL_KEY=/etc/ssl/filebeat.key
-      - API_USERNAME=acme-user
+      - API_USERNAME=wazuh-wui
       - API_PASSWORD=MyS3cr37P450r.*-
     volumes:
       - master-wazuh-api-configuration:/var/ossec/api/configuration
@@ -38,7 +38,7 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.worker:
-    image: wazuh/wazuh-manager:4.3.0
+    image: wazuh/wazuh-manager:4.3.1
     hostname: wazuh.worker
     restart: always
     environment:
@@ -67,7 +67,7 @@ services:
       - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh1.indexer:
-    image: wazuh/wazuh-indexer:4.3.0
+    image: wazuh/wazuh-indexer:4.3.1
     hostname: wazuh1.indexer
     restart: always
     ports:
@@ -93,7 +93,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
 
   wazuh2.indexer:
-    image: wazuh/wazuh-indexer:4.3.0
+    image: wazuh/wazuh-indexer:4.3.1
     hostname: wazuh2.indexer
     restart: always
     environment:
@@ -115,7 +115,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
 
   wazuh3.indexer:
-    image: wazuh/wazuh-indexer:4.3.0
+    image: wazuh/wazuh-indexer:4.3.1
     hostname: wazuh3.indexer
     restart: always
     environment:
@@ -137,15 +137,15 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.3.0
+    image: wazuh/wazuh-dashboard:4.3.1
     hostname: wazuh.dashboard
     restart: always
     ports:
-      - 443:443
+      - 443:5601
     environment:
       - OPENSEARCH_HOSTS="https://wazuh1.indexer:9200"
       - WAZUH_API_URL="https://wazuh.master"
-      - API_USERNAME=acme-user
+      - API_USERNAME=wazuh-wui
       - API_PASSWORD=MyS3cr37P450r.*-
     volumes:
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem

multi-node/generate-indexer-certs.yml

@@ -6,4 +6,5 @@ services:
     image: wazuh/wazuh-certs-generator:0.0.1
     hostname: wazuh-certs-generator
     volumes:
-      - ./config/wazuh_indexer_ssl_certs/:/certificates/
+      - ./config/wazuh_indexer_ssl_certs/:/certificates/
+      - ./config/certs.yml:/config/certs.yml

single-node/config/wazuh_dashboard/opensearch_dashboards.yml

@@ -1,5 +1,5 @@
 server.host: 0.0.0.0
-server.port: 443
+server.port: 5601
 opensearch.hosts: https://wazuh.indexer:9200
 opensearch.ssl.verificationMode: certificate
 opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]

single-node/config/wazuh_dashboard/wazuh.yml

@@ -2,6 +2,6 @@ hosts:
   - 1513629884013:
       url: "https://wazuh.manager"
       port: 55000
-      username: acme-user
+      username: wazuh-wui
       password: MyS3cr37P450r.*-
       run_as: false

single-node/docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh.manager:
-    image: wazuh/wazuh-manager:4.3.0
+    image: wazuh/wazuh-manager:4.3.1
     hostname: wazuh.manager
     restart: always
     ports:
@@ -19,7 +19,7 @@ services:
       - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
       - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
       - SSL_KEY=/etc/ssl/filebeat.key
-      - API_USERNAME=acme-user
+      - API_USERNAME=wazuh-wui
       - API_PASSWORD=MyS3cr37P450r.*-
     volumes:
       - wazuh_api_configuration:/var/ossec/api/configuration
@@ -39,7 +39,7 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.indexer:
-    image: wazuh/wazuh-indexer:4.3.0
+    image: wazuh/wazuh-indexer:4.3.1
     hostname: wazuh.indexer
     restart: always
     ports:
@@ -64,16 +64,16 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.3.0
+    image: wazuh/wazuh-dashboard:4.3.1
     hostname: wazuh.dashboard
     restart: always
     ports:
-      - 443:443
+      - 443:5601
     environment:
       - INDEXER_USERNAME=admin
       - INDEXER_PASSWORD=SecretPassword
       - WAZUH_API_URL=https://wazuh.manager
-      - API_USERNAME=acme-user
+      - API_USERNAME=wazuh-wui
       - API_PASSWORD=MyS3cr37P450r.*-
     volumes:
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem

single-node/generate-indexer-certs.yml

@@ -6,4 +6,5 @@ services:
     image: wazuh/wazuh-certs-generator:0.0.1
     hostname: wazuh-certs-generator
     volumes:
-      - ./config/wazuh_indexer_ssl_certs/:/certificates/
+      - ./config/wazuh_indexer_ssl_certs/:/certificates/
+      - ./config/certs.yml:/config/certs.yml