Merge pull request #1667 from wazuh/enhancement/1664-revert-docker-image

Change docker image for 4.10.0-rc3
Merge pull request #1666 from wazuh/enhancement/1664-change-docker-image
2025-10-23 04:51:57 +00:00 · 2025-01-08 10:21:10 +01:00 · 2025-01-08 10:16:58 +01:00 · 2025-01-08 10:13:02 +01:00 · 2025-01-08 10:10:42 +01:00 · 2025-01-08 10:07:45 +01:00
103 changed files with 6220 additions and 1187 deletions
--- a/.env
+++ b/.env
@@ -0,0 +1,6 @@
+WAZUH_VERSION=4.10.0
+WAZUH_IMAGE_VERSION=4.10.0
+WAZUH_TAG_REVISION=1
+FILEBEAT_TEMPLATE_BRANCH=4.10.0
+WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz
+WAZUH_UI_REVISION=1
--- a/.github/.goss.yaml
+++ b/.github/.goss.yaml
@@ -0,0 +1,103 @@
+file:
+  /etc/filebeat/filebeat.yml:
+    exists: true
+    mode: "0644"
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+  /var/ossec/bin/wazuh-control:
+    exists: true
+    mode: "0750"
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+  /var/ossec/etc/lists/audit-keys:
+    exists: true
+    mode: "0660"
+    owner: wazuh
+    group: wazuh
+    filetype: file
+    contains: []
+  /var/ossec/etc/ossec.conf:
+    exists: true
+    mode: "0660"
+    owner: root
+    group: wazuh
+    filetype: file
+    contains: []
+  /var/ossec/etc/rules/local_rules.xml:
+    exists: true
+    mode: "0660"
+    owner: wazuh
+    group: wazuh
+    filetype: file
+    contains: []
+  /var/ossec/etc/sslmanager.cert:
+    exists: true
+    mode: "0640"
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+  /var/ossec/etc/sslmanager.key:
+    exists: true
+    mode: "0640"
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+package:
+  filebeat:
+    installed: true
+    versions:
+    - 7.10.2
+  wazuh-manager:
+    installed: true
+    versions:
+    - 4.10.0-1
+port:
+  tcp:1514:
+    listening: true
+    ip:
+    - 0.0.0.0
+  tcp:1515:
+    listening: true
+    ip:
+    - 0.0.0.0
+  tcp:55000:
+    listening: true
+    ip:
+    - 0.0.0.0
+process:
+  filebeat:
+    running: true
+  wazuh-analysisd:
+    running: true
+  wazuh-authd:
+    running: true
+  wazuh-execd:
+    running: true
+  wazuh-monitord:
+    running: true
+  wazuh-remoted:
+    running: true
+  wazuh-syscheckd:
+    running: true
+  s6-supervise:
+    running: true
+  wazuh-db:
+    running: true
+  wazuh-modulesd:
+    running: true
+user:
+  wazuh:
+    exists: true
+    groups:
+    - wazuh
+    home: /var/ossec
+    shell: /sbin/nologin
+group:
+  wazuh:
+    exists: true
--- a/.github/multi-node-filebeat-check.sh
+++ b/.github/multi-node-filebeat-check.sh
@@ -0,0 +1,18 @@
+filebeatout1=$(docker exec multi-node_wazuh.master_1 sh -c 'filebeat test output')
+filebeatstatus1=$(echo "${filebeatout1}" | grep -c OK)
+if [[ filebeatstatus1 -eq 7 ]]; then
+  echo "No errors in master filebeat"
+else
+  echo "Errors in master filebeat"
+  echo "${filebeatout1}"
+  exit 1
+fi
+filebeatout2=$(docker exec multi-node_wazuh.worker_1 sh -c 'filebeat test output')
+filebeatstatus2=$(echo "${filebeatout2}" | grep -c OK)
+if [[ filebeatstatus2 -eq 7 ]]; then
+ echo "No errors in worker filebeat"
+else
+ echo "Errors in worker filebeat"
+ echo "${filebeatout2}"
+ exit 1
+fi
--- a/.github/multi-node-log-check.sh
+++ b/.github/multi-node-log-check.sh
@@ -0,0 +1,16 @@
+log1=$(docker exec multi-node_wazuh.master_1 sh -c 'cat /var/ossec/logs/ossec.log' | grep -P "ERR|WARN|CRIT")
+if [[ -z "$log1" ]]; then
+  echo "No errors in master ossec.log"
+else
+  echo "Errors in master ossec.log:"
+  echo "${log1}"
+  exit 1
+fi
+log2=$(docker exec multi-node_wazuh.worker_1 sh -c 'cat /var/ossec/logs/ossec.log' | grep -P "ERR|WARN|CRIT")
+if [[ -z "${log2}" ]]; then
+  echo "No errors in worker ossec.log"
+else
+  echo "Errors in worker ossec.log:"
+  echo "${log2}"
+  exit 1
+fi
--- a/.github/single-node-filebeat-check.sh
+++ b/.github/single-node-filebeat-check.sh
@@ -0,0 +1,9 @@
+filebeatout=$(docker exec single-node_wazuh.manager_1 sh -c 'filebeat test output')
+filebeatstatus=$(echo "${filebeatout}" | grep -c OK)
+if [[ filebeatstatus -eq 7 ]]; then
+  echo "No errors in filebeat"
+else
+  echo "Errors in filebeat"
+  echo "${filebeatout}"
+  exit 1
+fi
--- a/.github/single-node-log-check.sh
+++ b/.github/single-node-log-check.sh
@@ -0,0 +1,8 @@
+log=$(docker exec single-node_wazuh.manager_1 sh -c 'cat /var/ossec/logs/ossec.log' | grep -P "ERR|WARN|CRIT")
+if [[ -z "$log" ]]; then
+  echo "No errors in ossec.log"
+else
+  echo "Errors in ossec.log:"
+  echo "${log}"
+  exit 1
+fi
--- a/.github/workflows/Procedure_push_docker_images.yml
+++ b/.github/workflows/Procedure_push_docker_images.yml
@@ -0,0 +1,167 @@
+run-name: Launch Push Docker Images - ${{ inputs.id }}
+name: Push Docker Images
+
+on:
+  workflow_dispatch:
+    inputs:
+      image_tag:
+        description: 'Docker image tag'
+        default: '4.10.0'
+        required: true
+      docker_reference:
+        description: 'wazuh-docker reference'
+        default: 'v4.10.0'
+        required: false
+      products:
+        description: 'Comma-separated list of the image names to build and push'
+        default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer'
+        required: true
+      filebeat_module_version:
+        description: 'Filebeat module version'
+        default: '0.4'
+        required: true
+      revision:
+        description: 'Package revision'
+        default: '1'
+        required: true
+      push_images:
+        description: 'Push images'
+        type: boolean
+        default: true
+        required: true
+      id:
+        description: "ID used to identify the workflow uniquely."
+        type: string
+        required: false
+      dev:
+        description: "Add tag suffix '-dev' to the image tag ?"
+        type: boolean
+        default: true
+        required: false
+  workflow_call:
+    inputs:
+      image_tag:
+        description: 'Docker image tag'
+        default: '4.10.0'
+        required: true
+        type: string
+      docker_reference:
+        description: 'wazuh-docker reference'
+        default: 'v4.10.0'
+        required: false
+        type: string
+      products:
+        description: 'Comma-separated list of the image names to build and push'
+        default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer'
+        required: true
+        type: string
+      filebeat_module_version:
+        description: 'Filebeat module version'
+        default: '0.4'
+        required: true
+        type: string
+      revision:
+        description: 'Package revision'
+        default: '1'
+        required: true
+        type: string
+      push_images:
+        description: 'Push images'
+        type: boolean
+        default: true
+        required: true
+      id:
+        description: "ID used to identify the workflow uniquely."
+        type: string
+        required: false
+      dev:
+        description: "Add tag suffix '-dev' to the image tag ?"
+        type: boolean
+        default: false
+        required: false
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Print inputs
+      run: |
+        echo "---------------------------------------------"
+        echo "Running Procedure_push_docker_images workflow"
+        echo "---------------------------------------------"
+        echo "* BRANCH: ${{ github.ref }}"
+        echo "* COMMIT: ${{ github.sha }}"
+        echo "---------------------------------------------"
+        echo "Inputs provided:"
+        echo "---------------------------------------------"
+        echo "* id: ${{ inputs.id }}"
+        echo "* image_tag: ${{ inputs.image_tag }}"
+        echo "* docker_reference: ${{ inputs.docker_reference }}"
+        echo "* products: ${{ inputs.products }}"
+        echo "* filebeat_module_version: ${{ inputs.filebeat_module_version }}"
+        echo "* revision: ${{ inputs.revision }}"
+        echo "* push_images: ${{ inputs.push_images }}"
+        echo "* dev: ${{ inputs.dev }}"
+        echo "---------------------------------------------"
+
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ inputs.docker_reference }}
+
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+    - name: Install Docker Compose
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y docker-compose
+        echo "Installed Docker Compose version: $(docker-compose --version)"
+
+    - name: Build Wazuh images
+      run: |
+        IMAGE_TAG=${{ inputs.image_tag }}
+        FILEBEAT_MODULE_VERSION=${{ inputs.filebeat_module_version }}
+        REVISION=${{ inputs.revision }}
+
+        if [[ "$IMAGE_TAG" == *"-"* ]]; then
+          IFS='-' read -r -a tokens <<< "$IMAGE_TAG"
+          if [ -z "${tokens[1]}" ]; then
+            echo "Invalid image tag: $IMAGE_TAG"
+            exit 1
+          fi
+          DEV_STAGE=${tokens[1]}
+          WAZUH_VER=${tokens[0]}
+          ./build-docker-images/build-images.sh -v $WAZUH_VER -r $REVISION -d $DEV_STAGE -f $FILEBEAT_MODULE_VERSION
+        else
+          ./build-docker-images/build-images.sh -v $IMAGE_TAG -r $REVISION -f $FILEBEAT_MODULE_VERSION
+        fi
+
+        # Save .env file (generated by build-images.sh) contents to $GITHUB_ENV
+        ENV_FILE_PATH=".env"
+
+        if [ -f $ENV_FILE_PATH ]; then
+          while IFS= read -r line || [ -n "$line" ]; do
+            echo "$line" >> $GITHUB_ENV
+          done < $ENV_FILE_PATH
+        else
+          echo "The environment file $ENV_FILE_PATH does not exist!"
+          exit 1
+        fi
+
+    - name: Tag and Push Wazuh images
+      if: ${{ inputs.push_images }}
+      run: |
+        IMAGE_TAG="${{ inputs.image_tag }}$( [ "${{ inputs.dev }}" == "true" ] && echo '-dev' || true )"
+        IMAGE_NAMES=${{ inputs.products }}
+        IFS=',' read -r -a images <<< "$IMAGE_NAMES"
+        for image in "${images[@]}"; do
+          echo "Tagging and pushing wazuh/$image:${WAZUH_VERSION} to wazuh/$image:$IMAGE_TAG"
+          docker tag wazuh/$image:${WAZUH_VERSION} wazuh/$image:$IMAGE_TAG
+          echo "Pushing wazuh/$image:$IMAGE_TAG ..."
+          docker push wazuh/$image:$IMAGE_TAG
+        done
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -0,0 +1,343 @@
+name: Wazuh Docker pipeline
+
+on: [pull_request]
+
+jobs:
+  build-docker-images:
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Check out code
+      uses: actions/checkout@v3
+
+    - name: Install docker-compose
+      run: |
+        curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
+        chmod +x /usr/local/bin/docker-compose
+
+    - name: Build Wazuh images
+      run: build-docker-images/build-images.sh
+
+    - name: Create enviroment variables
+      run: cat .env > $GITHUB_ENV
+
+    - name: Create backup Docker images
+      run: |
+        mkdir -p /home/runner/work/wazuh-docker/wazuh-docker/docker-images/
+        docker save wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar
+        docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar
+        docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
+
+    - name: Temporarily save Wazuh manager Docker image
+      uses: actions/upload-artifact@v3
+      with:
+        name: docker-artifact-manager
+        path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar
+        retention-days: 1
+
+    - name: Temporarily save Wazuh indexer Docker image
+      uses: actions/upload-artifact@v3
+      with:
+        name: docker-artifact-indexer
+        path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar
+        retention-days: 1
+
+    - name: Temporarily save Wazuh dashboard Docker image
+      uses: actions/upload-artifact@v3
+      with:
+        name: docker-artifact-dashboard
+        path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
+        retention-days: 1
+
+    - name: Install Goss
+      uses: e1himself/goss-installation-action@v1.0.3
+      with:
+        version: v0.3.16
+
+    - name: Execute Goss tests (wazuh-manager)
+      run: dgoss run wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}}
+      env:
+        GOSS_SLEEP: 30
+        GOSS_FILE: .github/.goss.yaml
+
+  check-single-node:
+    runs-on: ubuntu-latest
+    needs: build-docker-images
+    steps:
+
+    - name: Check out code
+      uses: actions/checkout@v3
+
+    - name: Install docker-compose
+      run: |
+        curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
+        chmod +x /usr/local/bin/docker-compose
+
+    - name: Create enviroment variables
+      run: cat .env > $GITHUB_ENV
+
+    - name: Retrieve saved Wazuh indexer Docker image
+      uses: actions/download-artifact@v3
+      with:
+        name: docker-artifact-indexer
+
+    - name: Retrieve saved Wazuh manager Docker image
+      uses: actions/download-artifact@v3
+      with:
+        name: docker-artifact-manager
+
+    - name: Retrieve saved Wazuh dashboard Docker image
+      uses: actions/download-artifact@v3
+      with:
+        name: docker-artifact-dashboard
+
+    - name: Docker load
+      run: |
+        docker load --input ./wazuh-indexer.tar
+        docker load --input ./wazuh-dashboard.tar
+        docker load --input ./wazuh-manager.tar
+
+
+    - name: Create single node certficates
+      run: docker-compose -f single-node/generate-indexer-certs.yml run --rm generator
+
+    - name: Start single node stack
+      run: docker-compose -f single-node/docker-compose.yml up -d
+
+    - name: Check Wazuh indexer start
+      run: |
+       sleep 60
+       status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`"
+       if [[ $status_green -eq 1 ]]; then
+        curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
+       else
+        curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
+        exit 1
+       fi
+       status_index="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | wc -l`"
+       status_index_green="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | grep "green" | wc -l`"
+       if [[ $status_index_green -eq $status_index ]]; then
+        curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
+       else
+        curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
+        exit 1
+       fi
+
+
+    - name: Check Wazuh indexer nodes
+      run: |
+       nodes="`curl -XGET "https://0.0.0.0:9200/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`"
+       if [[ $nodes -eq 1 ]]; then
+        echo "Wazuh indexer nodes: ${nodes}"
+       else
+        echo "Wazuh indexer nodes: ${nodes}"
+        exit 1
+       fi
+
+    - name: Check documents into wazuh-alerts index
+      run: |
+       sleep 120
+       docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`"
+       if [[ $docs -gt 0 ]]; then
+        echo "wazuh-alerts index documents: ${docs}"
+       else
+        echo "wazuh-alerts index documents: ${docs}"
+        exit 1
+       fi
+
+    - name: Check Wazuh templates
+      run: |
+       qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`"
+       templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`"
+       if [[ $qty_templates -gt 3 ]]; then
+        echo "wazuh templates:"
+        echo "${templates}"
+       else
+        echo "wazuh templates:"
+        echo "${templates}"
+        exit 1
+       fi
+
+    - name: Check Wazuh manager start
+      run: |
+        services="`curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`"
+        if [[ $services -gt 9 ]]; then
+          echo "Wazuh Manager Services: ${services}"
+          echo "OK"
+        else
+          echo "Wazuh indexer nodes: ${nodes}"
+          curl -k -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items
+          exit 1
+        fi
+      env:
+        TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
+
+    - name: Check filebeat output
+      run: ./.github/single-node-filebeat-check.sh
+
+    - name: Check Wazuh dashboard service URL
+      run: |
+       status=$(curl -XGET --silent  https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s | grep -E "^HTTP" | awk  '{print $2}')
+       if [[ $status -eq 200 ]]; then
+        echo "Wazuh dashboard status: ${status}"
+       else
+        echo "Wazuh dashboard status: ${status}"
+        exit 1
+       fi
+
+    - name: Check errors in ossec.log
+      run: ./.github/single-node-log-check.sh
+
+  check-multi-node:
+    runs-on: ubuntu-latest
+    needs: build-docker-images
+    steps:
+
+    - name: Check out code
+      uses: actions/checkout@v3
+
+    - name: Install docker-compose
+      run: |
+        curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
+        chmod +x /usr/local/bin/docker-compose
+
+    - name: Create enviroment variables
+      run: cat .env > $GITHUB_ENV
+
+    - name: free disk space
+      run: |
+        sudo swapoff -a
+        sudo rm -f /swapfile
+        sudo apt clean
+        docker rmi $(docker image ls -aq)
+        df -h
+
+    - name: Retrieve saved Wazuh dashboard Docker image
+      uses: actions/download-artifact@v3
+      with:
+        name: docker-artifact-dashboard
+
+    - name: Retrieve saved Wazuh manager Docker image
+      uses: actions/download-artifact@v3
+      with:
+        name: docker-artifact-manager
+
+    - name: Retrieve saved Wazuh indexer Docker image
+      uses: actions/download-artifact@v3
+      with:
+        name: docker-artifact-indexer
+
+    - name: Docker load
+      run: |
+        docker load --input ./wazuh-manager.tar
+        docker load --input ./wazuh-indexer.tar
+        docker load --input ./wazuh-dashboard.tar
+        rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar
+
+    - name: Create multi node certficates
+      run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator
+
+    - name: Start multi node stack
+      run: docker-compose -f multi-node/docker-compose.yml up -d
+
+    - name: Check Wazuh indexer start
+      run: |
+       until [[ `curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`  -eq 1 ]]
+       do
+         echo 'Waiting for Wazuh indexer start'
+         free -m
+         df -h
+         sleep 120
+       done
+       status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`"
+       if [[ $status_green -eq 1 ]]; then
+        curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
+       else
+        curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
+        exit 1
+       fi
+       status_index="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | wc -l`"
+       status_index_green="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | grep -E "green" | wc -l`"
+       if [[ $status_index_green -eq $status_index ]]; then
+        curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
+       else
+        curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
+        exit 1
+       fi
+
+    - name: Check Wazuh indexer nodes
+      run: |
+       nodes="`curl -XGET "https://0.0.0.0:9200/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`"
+       if [[ $nodes -eq 3 ]]; then
+        echo "Wazuh indexer nodes: ${nodes}"
+       else
+        echo "Wazuh indexer nodes: ${nodes}"
+        exit 1
+       fi
+
+    - name: Check documents into wazuh-alerts index
+      run: |
+       until [[ $(``curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"``)  -gt 0 ]]
+       do
+         echo 'Waiting for Wazuh indexer events'
+         free -m
+         df -h
+         sleep 10
+       done
+       docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`"
+       if [[ $docs -gt 0 ]]; then
+        echo "wazuh-alerts index documents: ${docs}"
+       else
+        echo "wazuh-alerts index documents: ${docs}"
+        exit 1
+       fi
+
+    - name: Check Wazuh templates
+      run: |
+       qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh" | wc -l`"
+       templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh"`"
+       if [[ $qty_templates -gt 3 ]]; then
+        echo "wazuh templates:"
+        echo "${templates}"
+       else
+        echo "wazuh templates:"
+        echo "${templates}"
+        exit 1
+       fi
+
+    - name: Check Wazuh manager start
+      run: |
+        services="`curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`"
+        if [[ $services -gt 10 ]]; then
+          echo "Wazuh Manager Services: ${services}"
+          echo "OK"
+        else
+          echo "Wazuh indexer nodes: ${nodes}"
+          curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items
+          exit 1
+        fi
+        nodes=$(curl -k -s -X GET "https://0.0.0.0:55000/cluster/nodes" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r ".data.affected_items[].name" | wc -l)
+        if [[ $nodes -eq 2 ]]; then
+         echo "Wazuh manager nodes: ${nodes}"
+        else
+         echo "Wazuh manager nodes: ${nodes}"
+         exit 1
+        fi
+      env:
+        TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
+
+    - name: Check filebeat output
+      run: ./.github/multi-node-filebeat-check.sh
+
+    - name: Check Wazuh dashboard service URL
+      run: |
+       status=$(curl -XGET --silent  https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I | grep -E "^HTTP" | awk  '{print $2}')
+       if [[ $status -eq 200 ]]; then
+        echo "Wazuh dashboard status: ${status}"
+       else
+        echo "Wazuh dashboard status: ${status}"
+        exit 1
+       fi
+
+    - name: Check errors in ossec.log
+      run: ./.github/multi-node-log-check.sh
--- a/.github/workflows/trivy-dashboard.yml
+++ b/.github/workflows/trivy-dashboard.yml
@@ -0,0 +1,77 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Trivy scan Wazuh dashboard
+
+on:
+  release:
+    types:
+    - published
+  pull_request:
+    branches:
+      - master
+      - stable
+  schedule:
+    - cron: '34 2 * * 1'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+
+    name: Build images and upload Trivy results
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Installing dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y jq
+
+      - name: Checkout latest tag
+        run: |
+          latest=$(curl -s "https://api.github.com/repos/wazuh/wazuh-docker/releases/latest" | jq -r '.tag_name')
+          git fetch origin
+          git checkout $latest
+
+      - name: Build Wazuh images
+        run: build-docker-images/build-images.sh
+
+      - name: Create enviroment variables
+        run: |
+          cat .env > $GITHUB_ENV
+          echo "GITHUB_REF_NAME="${GITHUB_REF_NAME%/*} >> $GITHUB_ENV
+
+      - name: Run Trivy vulnerability scanner for Wazuh dashboard
+        uses: aquasecurity/trivy-action@2a2157eb22c08c9a1fac99263430307b8d1bc7a2
+        with:
+          image-ref: 'wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}}'
+          format: 'template'
+          template: '@/contrib/sarif.tpl'
+          output: 'trivy-results-dashboard.sarif'
+          severity: 'LOW,MEDIUM,CRITICAL,HIGH'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results-dashboard.sarif'
+
+      - name: Slack notification
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_CHANNEL: cicd-monitoring
+          SLACK_COLOR: ${{ job.status }} # or a specific color like 'good' or '#ff00ff'
+          #SLACK_ICON: https://github.com/rtCamp.png?size=48
+          SLACK_MESSAGE: "Check the results: https://github.com/wazuh/wazuh-docker/security/code-scanning?query=is%3Aopen+branch%3A${{ env.GITHUB_REF_NAME }}"
+          SLACK_TITLE: Wazuh docker Trivy vulnerability scan finished.
+          SLACK_USERNAME: github_actions
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
--- a/.github/workflows/trivy-indexer.yml
+++ b/.github/workflows/trivy-indexer.yml
@@ -0,0 +1,77 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Trivy scan Wazuh indexer
+
+on:
+  release:
+    types:
+    - published
+  pull_request:
+    branches:
+      - master
+      - stable
+  schedule:
+    - cron: '34 2 * * 1'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+
+    name: Build images and upload Trivy results
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Installing dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y jq
+
+      - name: Checkout latest tag
+        run: |
+          latest=$(curl -s "https://api.github.com/repos/wazuh/wazuh-docker/releases/latest" | jq -r '.tag_name')
+          git fetch origin
+          git checkout $latest
+
+      - name: Build Wazuh images
+        run: build-docker-images/build-images.sh
+
+      - name: Create enviroment variables
+        run: |
+          cat .env > $GITHUB_ENV
+          echo "GITHUB_REF_NAME="${GITHUB_REF_NAME%/*} >> $GITHUB_ENV
+
+      - name: Run Trivy vulnerability scanner for Wazuh indexer
+        uses: aquasecurity/trivy-action@2a2157eb22c08c9a1fac99263430307b8d1bc7a2
+        with:
+          image-ref: 'wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}}'
+          format: 'template'
+          template: '@/contrib/sarif.tpl'
+          output: 'trivy-results-indexer.sarif'
+          severity: 'LOW,MEDIUM,CRITICAL,HIGH'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results-indexer.sarif'
+
+      - name: Slack notification
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_CHANNEL: cicd-monitoring
+          SLACK_COLOR: ${{ job.status }} # or a specific color like 'good' or '#ff00ff'
+          #SLACK_ICON: https://github.com/rtCamp.png?size=48
+          SLACK_MESSAGE: "Check the results: https://github.com/wazuh/wazuh-docker/security/code-scanning?query=is%3Aopen+branch%3A${{ env.GITHUB_REF_NAME }}"
+          SLACK_TITLE: Wazuh docker Trivy vulnerability scan finished.
+          SLACK_USERNAME: github_actions
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
--- a/.github/workflows/trivy-manager.yml
+++ b/.github/workflows/trivy-manager.yml
@@ -0,0 +1,77 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Trivy scan Wazuh manager
+
+on:
+  release:
+    types:
+    - published
+  pull_request:
+    branches:
+      - master
+      - stable
+  schedule:
+    - cron: '34 2 * * 1'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+
+    name: Build images and upload Trivy results
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Installing dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y jq
+
+      - name: Checkout latest tag
+        run: |
+          latest=$(curl -s "https://api.github.com/repos/wazuh/wazuh-docker/releases/latest" | jq -r '.tag_name')
+          git fetch origin
+          git checkout $latest
+
+      - name: Build Wazuh images
+        run: build-docker-images/build-images.sh
+
+      - name: Create enviroment variables
+        run: |
+          cat .env > $GITHUB_ENV
+          echo "GITHUB_REF_NAME="${GITHUB_REF_NAME%/*} >> $GITHUB_ENV
+
+      - name: Run Trivy vulnerability scanner for Wazuh manager
+        uses: aquasecurity/trivy-action@2a2157eb22c08c9a1fac99263430307b8d1bc7a2
+        with:
+          image-ref: 'wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}}'
+          format: 'template'
+          template: '@/contrib/sarif.tpl'
+          output: 'trivy-results-manager.sarif'
+          severity: 'LOW,MEDIUM,CRITICAL,HIGH'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results-manager.sarif'
+
+      - name: Slack notification
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_CHANNEL: cicd-monitoring
+          SLACK_COLOR: ${{ job.status }} # or a specific color like 'good' or '#ff00ff'
+          #SLACK_ICON: https://github.com/rtCamp.png?size=48
+          SLACK_MESSAGE: "Check the results: https://github.com/wazuh/wazuh-docker/security/code-scanning?query=is%3Aopen+branch%3A${{ env.GITHUB_REF_NAME }}"
+          SLACK_TITLE: Wazuh docker Trivy vulnerability scan finished.
+          SLACK_USERNAME: github_actions
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,4 @@
+single-node/config/wazuh_indexer_ssl_certs/*.pem
+single-node/config/wazuh_indexer_ssl_certs/*.key
+multi-node/config/wazuh_indexer_ssl_certs/*.pem
+multi-node/config/wazuh_indexer_ssl_certs/*.key
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,482 @@
 # Change Log
 All notable changes to this project will be documented in this file.

+## [4.10.0]
+
+### Added
+
+- Improve the push docker images workflow ([#1551](https://github.com/wazuh/wazuh-docker/pull/1551))
+- Update the Procedure push docker images workflow file ([#1524](https://github.com/wazuh/wazuh-docker/pull/1524))
+- Add the push_docker_images procedure workflow file ([#1518](https://github.com/wazuh/wazuh-docker/pull/1518))
+
+### Changed
+
+- None
+
+### Fixed
+
+- Add unset capabilities. ([#1619](https://github.com/wazuh/wazuh-docker/pull/1619))
+- Removed references to module enabling because they are now enabled by default. ([#1416](https://github.com/wazuh/wazuh-docker/pull/1416))
+
+### Deleted
+
+- None
+
+## [4.9.2]
+
+### Added
+
+- Update Wazuh to version [4.9.2](https://github.com/wazuh/wazuh/blob/v4.9.2/CHANGELOG.md#v492)
+
+## [4.9.1]
+
+### Added
+
+- None
+
+### Changed
+
+- None
+
+
+### Fixed
+
+- Fix typos into Wazuh manager entrypoint ([#1569](https://github.com/wazuh/wazuh-docker/pull/1569))
+
+### Deleted
+
+- None
+
+
+## Wazuh Docker v4.9.0
+### Added
+
+- Update Wazuh to version [4.9.0](https://github.com/wazuh/wazuh/blob/v4.9.0/CHANGELOG.md#v490)
+
+## Wazuh Docker v4.8.2
+### Added
+
+- Update Wazuh to version [4.8.2](https://github.com/wazuh/wazuh/blob/v4.8.2/CHANGELOG.md#v482)
+
+## Wazuh Docker v4.8.1
+### Added
+
+- Update Wazuh to version [4.8.1](https://github.com/wazuh/wazuh/blob/v4.8.1/CHANGELOG.md#v481)
+
+## Wazuh Docker v4.8.0
+### Added
+
+- Update Wazuh to version [4.8.0](https://github.com/wazuh/wazuh/blob/v4.8.0/CHANGELOG.md#v480)
+
+## Wazuh Docker v4.7.5
+### Added
+
+- Update Wazuh to version [4.7.5](https://github.com/wazuh/wazuh/blob/v4.7.5/CHANGELOG.md#v475)
+
+## Wazuh Docker v4.7.4
+### Added
+
+- Update Wazuh to version [4.7.4](https://github.com/wazuh/wazuh/blob/v4.7.4/CHANGELOG.md#v474)
+
+## Wazuh Docker v4.7.3
+### Added
+
+- Update Wazuh to version [4.7.3](https://github.com/wazuh/wazuh/blob/v4.7.3/CHANGELOG.md#v473)
+
+## Wazuh Docker v4.7.2
+### Added
+
+- Update Wazuh to version [4.7.2](https://github.com/wazuh/wazuh/blob/v4.7.2/CHANGELOG.md#v472)
+
+## Wazuh Docker v4.7.1
+### Added
+
+- Update Wazuh to version [4.7.1](https://github.com/wazuh/wazuh/blob/v4.7.1/CHANGELOG.md#v471)
+
+## Wazuh Docker v4.7.0
+### Added
+
+- Update Wazuh to version [4.7.0](https://github.com/wazuh/wazuh/blob/v4.7.0/CHANGELOG.md#v470)
+
+## Wazuh Docker v4.6.0
+### Added
+
+- Update Wazuh to version [4.6.0](https://github.com/wazuh/wazuh/blob/v4.6.0/CHANGELOG.md#v460)
+
+## Wazuh Docker v4.5.4
+### Added
+
+- Update Wazuh to version [4.5.4](https://github.com/wazuh/wazuh/blob/v4.5.4/CHANGELOG.md#v454)
+
+## Wazuh Docker v4.5.3
+### Added
+
+- Update Wazuh to version [4.5.3](https://github.com/wazuh/wazuh/blob/v4.5.3/CHANGELOG.md#v453)
+
+## Wazuh Docker v4.5.2
+### Added
+
+- Update Wazuh to version [4.5.2](https://github.com/wazuh/wazuh/blob/v4.5.2/CHANGELOG.md#v452)
+
+## Wazuh Docker v4.5.1
+### Added
+
+- Update Wazuh to version [4.5.1](https://github.com/wazuh/wazuh/blob/v4.5.1/CHANGELOG.md#v451)
+
+## Wazuh Docker v4.5.0
+### Added
+
+- Update Wazuh to version [4.5.0](https://github.com/wazuh/wazuh/blob/v4.5.0/CHANGELOG.md#v450)
+
+## Wazuh Docker v4.4.5
+### Added
+
+- Update Wazuh to version [4.4.5](https://github.com/wazuh/wazuh/blob/v4.4.5/CHANGELOG.md#v445)
+
+## Wazuh Docker v4.4.4
+### Added
+
+- Update Wazuh to version [4.4.4](https://github.com/wazuh/wazuh/blob/v4.4.4/CHANGELOG.md#v444)
+
+## Wazuh Docker v4.4.3
+### Added
+
+- Update Wazuh to version [4.4.3](https://github.com/wazuh/wazuh/blob/v4.4.3/CHANGELOG.md#v443)
+
+## Wazuh Docker v4.4.2
+### Added
+
+- Update Wazuh to version [4.4.2](https://github.com/wazuh/wazuh/blob/v4.4.2/CHANGELOG.md#v442)
+
+## Wazuh Docker v4.4.1
+### Added
+
+- Update Wazuh to version [4.4.1](https://github.com/wazuh/wazuh/blob/v4.4.1/CHANGELOG.md#v441)
+
+## Wazuh Docker v4.4.0
+### Added
+
+- Update Wazuh to version [4.4.0](https://github.com/wazuh/wazuh/blob/v4.4.0/CHANGELOG.md#v440)
+
+## Wazuh Docker v4.3.11
+### Added
+
+- Update Wazuh to version [4.3.11](https://github.com/wazuh/wazuh/blob/v4.3.11/CHANGELOG.md#v4311)
+
+## Wazuh Docker v4.3.10
+### Added
+
+- Update Wazuh to version [4.3.10](https://github.com/wazuh/wazuh/blob/v4.3.10/CHANGELOG.md#v4310)
+
+
+## Wazuh Docker v4.3.9
+### Added
+
+- Update Wazuh to version [4.3.9](https://github.com/wazuh/wazuh/blob/v4.3.9/CHANGELOG.md#v439)
+
+
+## Wazuh Docker v4.3.8
+### Added
+
+- Update Wazuh to version [4.3.8](https://github.com/wazuh/wazuh/blob/v4.3.8/CHANGELOG.md#v438)
+
+## Wazuh Docker v4.3.7
+### Added
+
+- Update Wazuh to version [4.3.7](https://github.com/wazuh/wazuh/blob/v4.3.7/CHANGELOG.md#v437)
+
+## Wazuh Docker v4.3.6
+### Added
+
+- Update Wazuh to version [4.3.6](https://github.com/wazuh/wazuh/blob/v4.3.6/CHANGELOG.md#v436)
+
+## Wazuh Docker v4.3.5
+### Added
+
+- Update Wazuh to version [4.3.5](https://github.com/wazuh/wazuh/blob/v4.3.5/CHANGELOG.md#v435)
+
+## Wazuh Docker v4.3.4
+### Added
+
+- Update Wazuh to version [4.3.4](https://github.com/wazuh/wazuh/blob/v4.3.4/CHANGELOG.md#v434)
+
+## Wazuh Docker v4.3.3
+### Added
+
+- Update Wazuh to version [4.3.3](https://github.com/wazuh/wazuh/blob/v4.3.3/CHANGELOG.md#v433)
+
+## Wazuh Docker v4.3.2
+### Added
+
+- Update Wazuh to version [4.3.2](https://github.com/wazuh/wazuh/blob/v4.3.2/CHANGELOG.md#v432)
+
+## Wazuh Docker v4.3.1
+### Added
+
+- Update Wazuh to version [4.3.1](https://github.com/wazuh/wazuh/blob/v4.3.1/CHANGELOG.md#v431)
+
+## Wazuh Docker v4.3.0
+### Added
+
+- Update Wazuh to version [4.3.0](https://github.com/wazuh/wazuh/blob/v4.3.0/CHANGELOG.md#v430)
+
+## Wazuh Docker v4.2.7
+### Added
+
+- Update Wazuh to version [4.2.7](https://github.com/wazuh/wazuh/blob/v4.2.7/CHANGELOG.md#v427)
+
+## Wazuh Docker v4.2.6
+### Added
+
+- Update Wazuh to version [4.2.6](https://github.com/wazuh/wazuh/blob/v4.2.6/CHANGELOG.md#v426)
+
+## Wazuh Docker v4.2.5
+### Added
+
+- Update Wazuh to version [4.2.5](https://github.com/wazuh/wazuh/blob/v4.2.5/CHANGELOG.md#v425)
+
+## Wazuh Docker v4.2.4
+### Added
+
+- Update Wazuh to version [4.2.4](https://github.com/wazuh/wazuh/blob/v4.2.4/CHANGELOG.md#v424)
+
+## Wazuh Docker v4.2.3
+### Added
+
+- Update Wazuh to version [4.2.3](https://github.com/wazuh/wazuh/blob/v4.2.3/CHANGELOG.md#v423)
+
+## Wazuh Docker v4.2.2
+### Added
+
+- Update Wazuh to version [4.2.2](https://github.com/wazuh/wazuh/blob/v4.2.2/CHANGELOG.md#v422)
+
+## Wazuh Docker v4.2.1
+### Added
+
+- Update Wazuh to version [4.2.1](https://github.com/wazuh/wazuh/blob/v4.2.1/CHANGELOG.md#v421)
+
+## Wazuh Docker v4.2.0
+### Added
+
+- Update Wazuh to version [4.2.0](https://github.com/wazuh/wazuh/blob/v4.2.0/CHANGELOG.md#v420)
+
+## Wazuh Docker v4.1.5
+### Added
+
+- Update Wazuh to version [4.1.5](https://github.com/wazuh/wazuh/blob/v4.1.5/CHANGELOG.md#v415)
+- Update ODFE compatibility to version 1.13.2
+
+## Wazuh Docker v4.1.4
+### Added
+
+- Update Wazuh to version [4.1.4](https://github.com/wazuh/wazuh/blob/v4.1.4/CHANGELOG.md#v414)
+
+## Wazuh Docker v4.1.3
+### Added
+
+- Update Wazuh to version [4.1.3](https://github.com/wazuh/wazuh/blob/v4.1.3/CHANGELOG.md#v413)
+
+## Wazuh Docker v4.1.2
+### Added
+
+- Update Wazuh to version [4.1.2](https://github.com/wazuh/wazuh/blob/v4.1.2/CHANGELOG.md#v412)
+
+## Wazuh Docker v4.1.1
+### Added
+
+- Update Wazuh to version [4.1.1](https://github.com/wazuh/wazuh/blob/v4.1.1/CHANGELOG.md#v411)
+
+## Wazuh Docker v4.1.0
+### Added
+
+- Update Wazuh to version [4.1.0](https://github.com/wazuh/wazuh/blob/v4.1.0/CHANGELOG.md#v410)
+- Update ODFE compatibility to version 1.12.0
+- Add support for Elasticsearch (xpack) images once again (7.10.2)  ([@xr09](https://github.com/xr09)) [#409](https://github.com/wazuh/wazuh-docker/pull/409)
+- Re-enable entrypoint scripts  ([@xr09](https://github.com/xr09)) [#435](https://github.com/wazuh/wazuh-docker/pull/435)
+- Add Goss binary for healthchecks ([@xr09](https://github.com/xr09)) [$441](https://github.com/wazuh/wazuh-docker/pull/441)
+- Update s6-overlay to latest version
+
+## Wazuh Docker v4.0.4_1.11.0
+
+### Added
+
+- Update to Wazuh version [4.0.4](https://github.com/wazuh/wazuh/blob/v4.0.4/CHANGELOG.md#v404)
+
+
+## Wazuh Docker v4.0.3_1.11.0
+
+### Added
+
+- Update to Wazuh version 4.0.3
+
+
+## Wazuh Docker v4.0.2_1.11.0
+
+### Added
+
+- Update to Wazuh version 4.0.2
+
+## Wazuh Docker v4.0.1_1.11.0
+
+### Added
+
+- Update to Wazuh version 4.0.1
+- Opendistro 1.11.0 compatiblity
+- Re-enabled dumping ossec.log to stdout
+
+## Wazuh Docker v4.0.0_1.10.1
+
+### Added
+
+- Update to Wazuh version 4.0.0
+- Updating Wazuh cluster key dynamically ([@1stOfHisGame](https://github.com/1stOfHisGame))  [#393](https://github.com/wazuh/wazuh-docker/pull/393)
+- Switched to CentOS 7 for base image ([@xr09](https://github.com/xr09)) [#259](https://github.com/wazuh/wazuh-docker/issues/259)
+- Using s6-overlay for process management ([@xr09](https://github.com/xr09)) [#274](https://github.com/wazuh/wazuh-docker/issues/274)
+- Allow the creation of custom API users ([@xr09](https://github.com/xr09)) [#395](https://github.com/wazuh/wazuh-docker/issues/395)
+- OpenDistro support ([@xr09](https://github.com/xr09)) [#373](https://github.com/wazuh/wazuh-docker/pull/373)
+
+
+### Changed
+
+- Removal of Elastic images
+
+
+## Wazuh Docker v3.13.2_7.9.1
+
+### Added
+
+- Update to Wazuh version 3.13.2_7.9.1
+- Add CLUSTER_NETWORK_HOST environment variable ([@jfut](https://github.com/jfut)) [#372](https://github.com/wazuh/wazuh-docker/pull/372)
+
+### Fixed
+
+- Too many redirects when running on port 80 ([@chowmean](https://github.com/chowmean)) [#377](https://github.com/wazuh/wazuh-docker/pull/377)
+- Move Filebeat installation to build stage ([@xr09](https://github.com/xr09)) [#378](https://github.com/wazuh/wazuh-docker/pull/378)
+
+
+## Wazuh Docker v3.13.1_7.8.0
+
+### Added
+
+- Update to Wazuh version 3.13.1_7.8.0
+
+
+## Wazuh Docker v3.13.0_7.7.1
+
+### Added
+
+- Update to Wazuh version 3.13.3_7.7.1
+
+### Fixed
+
+- Save agentless state ([@xr09](https://github.com/xr09)) [#350](https://github.com/wazuh/wazuh-docker/pull/350)
+- Use HTTP credentials for service check when required ([@xr09](https://github.com/xr09)) [#356](https://github.com/wazuh/wazuh-docker/pull/356)
+
+## Wazuh Docker v3.12.3_7.6.2
+
+### Added
+
+- Update to Wazuh version 3.12.3_7.6.2
+
+
+## Wazuh Docker v3.12.2_7.6.2
+
+### Added
+
+- Update to Wazuh version 3.12.2_7.6.2
+
+## Wazuh Docker v3.12.1_7.6.2
+
+### Added
+
+- Update to Wazuh version 3.12.1_7.6.2
+
+### Fixed
+
+- Agent timestamp not being properly saved ([@xr09](https://github.com/xr09)) [#323](https://github.com/wazuh/wazuh-docker/pull/323)
+
+
+## Wazuh Docker v3.12.0_7.6.1
+
+### Added
+
+- Update to Wazuh version 3.12.0_7.6.1
+
+
+## Wazuh Docker v3.11.4_7.6.1
+
+### Added
+
+- Update to Wazuh version 3.11.4_7.6.1
+
+- Enable HTTP v2 on nginx ([@xr09](https://github.com/xr09)) [#308](https://github.com/wazuh/wazuh-docker/pull/308)
+
+### Fixed
+
+- Updated NGINX config syntax ([@xr09](https://github.com/xr09)) [#303](https://github.com/wazuh/wazuh-docker/pull/303)
+
+
+## Wazuh Docker v3.11.3_7.5.2
+
+### Added
+
+- Update to Wazuh version 3.11.3_7.5.2
+
+## Wazuh Docker v3.11.2_7.5.1
+
+### Added
+
+- Bumped Node.js to version 10 ([@xr09](https://github.com/xr09)) [#8615cd4](https://github.com/wazuh/wazuh-docker/commit/8615cd4d2152601e55becc7c3675360938e74b6a)
+
+### Fixed
+
+- Fix S3 Plugin ([@AnthonySendra](https://github.com/AnthonySendra)) [#293](https://github.com/wazuh/wazuh-docker/pull/293)
+
+## Wazuh Docker v3.11.1_7.5.1
+
+### Added
+
+- Update to Wazuh version 3.11.1_7.5.1
+- Filebeat configuration file updated to latest version ([@manuasir](https://github.com/manuasir)) [#271](https://github.com/wazuh/wazuh-docker/pull/271)
+- Allow using the hostname as node_name for managers ([@JPLachance](https://github.com/JPLachance)) [#261](https://github.com/wazuh/wazuh-docker/pull/261)
+
+## Wazuh Docker v3.11.0_7.5.1
+
+### Added
+
+- Update to Wazuh version 3.11.0_7.5.1
+
+## Wazuh Docker v3.10.2_7.5.0
+
+### Added
+
+- Update to Wazuh version 3.10.2_7.5.0
+
+## Wazuh Docker v3.10.2_7.3.2
+
+### Added
+
+- Update to Wazuh version 3.10.2_7.3.2
+
+## Wazuh Docker v3.10.0_7.3.2
+
+### Added
+
+- Update to Wazuh version 3.10.0_7.3.2
+
+## Wazuh Docker v3.9.5_7.2.1
+
+### Added
+
+- Update to Wazuh version 3.9.5_7.2.1
+
+## Wazuh Docker v3.9.4_7.2.0
+
+### Added
+
+- Update to Wazuh version 3.9.4_7.2.0
+- Implemented Wazuh Filebeat Module ([jm404](https://www.github.com/jm404)) [#2a77c6a](https://github.com/wazuh/wazuh-docker/commit/2a77c6a6e6bf78f2492adeedbade7a507d9974b2)
+
 ## Wazuh Docker v3.9.3_7.2.0

 ### Fixed
@@ -127,7 +603,7 @@ All notable changes to this project will be documented in this file.
 - Add env credentials for nginx. ([#86](https://github.com/wazuh/wazuh-docker/pull/86))
 - Improve filebeat configuration ([#88](https://github.com/wazuh/wazuh-docker/pull/88))

-### Fixed 
+### Fixed

 - Temporary fix for Wazuh cluster master node in Kubernetes. ([#84](https://github.com/wazuh/wazuh-docker/pull/84))

--- a/2
+++ b/2
@@ -1,5 +1,5 @@

- Portions Copyright (C) 2019 Wazuh, Inc.
+ Portions Copyright (C) 2017, Wazuh Inc.
 Based on work Copyright (C) 2003 - 2013 Trend Micro, Inc.

 This program is a free software; you can redistribute it and/or modify
--- a/README.md
+++ b/README.md
@@ -7,57 +7,233 @@

 In this repository you will find the containers to run:

-* wazuh: It runs the Wazuh manager, Wazuh API and Filebeat (for integration with Elastic Stack)
-* wazuh-kibana: Provides a web user interface to browse through alerts data. It includes Wazuh plugin for Kibana, that allows you to visualize agents configuration and status.
-* wazuh-nginx: Proxies the Kibana container, adding HTTPS (via self-signed SSL certificate) and [Basic authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#Basic_authentication_scheme).
-* wazuh-elasticsearch: An Elasticsearch container (working as a single-node cluster) using Elastic Stack Docker images. **Be aware to increase the `vm.max_map_count` setting, as it's detailed in the [Wazuh documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#increase-max-map-count-on-your-host-linux).** 
+* Wazuh manager: it runs the Wazuh manager, Wazuh API and Filebeat OSS
+* Wazuh dashboard: provides a web user interface to browse through alert data and allows you to visualize the agents configuration and status.
+* Wazuh indexer: Wazuh indexer container (working as a single-node cluster or as a multi-node cluster). **Be aware to increase the `vm.max_map_count` setting, as it's detailed in the [Wazuh documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#increase-max-map-count-on-your-host-linux).**

-In addition, a docker-compose file is provided to launch the containers mentioned above. 
-
-* Elasticsearch cluster. In the Elasticsearch Dockerfile we can visualize variables to configure an Elasticsearch Cluster. These variables are used in the file *config_cluster.sh* to set them in the *elasticsearch.yml* configuration file. You can see the meaning of the node variables [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html) and other cluster settings [here](https://github.com/elastic/elasticsearch/blob/master/distribution/src/config/elasticsearch.yml).
+The folder `build-docker-images` contains a README explaining how to build the Wazuh images and the necessary assets.
+The folder `indexer-certs-creator` contains a README explaining how to create the certificates creator tool and the necessary assets.
+The folder `single-node` contains a README explaining how to run a Wazuh environment with one Wazuh manager, one Wazuh indexer, and one Wazuh dashboard.
+The folder `multi-node` contains a README explaining how to run a Wazuh environment with two Wazuh managers, three Wazuh indexers, and one Wazuh dashboard.

 ## Documentation

 * [Wazuh full documentation](http://documentation.wazuh.com)
 * [Wazuh documentation for Docker](https://documentation.wazuh.com/current/docker/index.html)
-* [Docker hub](https://hub.docker.com/u/wazuh)
+* [Docker Hub](https://hub.docker.com/u/wazuh)
+
+
+### Setup SSL certificate
+
+Before starting the environment it is required to provide an SSL certificate (or just generate one self-signed).
+
+Documentation on how to provide these two can be found at [Wazuh Docker Documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#production-deployment).
+
+
+## Environment Variables
+
+Default values are included when available.
+
+### Wazuh
+```
+API_USERNAME="wazuh-wui"                            # Wazuh API username
+API_PASSWORD="MyS3cr37P450r.*-"                     # Wazuh API password - Must comply with requirements
+                                                    # (8+ length, uppercase, lowercase, special chars)
+
+INDEXER_URL=https://wazuh.indexer:9200              # Wazuh indexer URL
+INDEXER_USERNAME=admin                              # Wazuh indexer Username
+INDEXER_PASSWORD=SecretPassword                     # Wazuh indexer Password
+FILEBEAT_SSL_VERIFICATION_MODE=full                 # Filebeat SSL Verification mode (full or none)
+SSL_CERTIFICATE_AUTHORITIES=""                      # Path of Filebeat SSL CA
+SSL_CERTIFICATE=""                                  # Path of Filebeat SSL Certificate
+SSL_KEY=""                                          # Path of Filebeat SSL Key
+```
+
+### Dashboard
+```
+PATTERN="wazuh-alerts-*"        # Default index pattern to use
+
+CHECKS_PATTERN=true             # Defines which checks must be considered by the healthcheck
+CHECKS_TEMPLATE=true            # step once the Wazuh app starts. Values must be true or false
+CHECKS_API=true
+CHECKS_SETUP=true
+
+APP_TIMEOUT=20000               # Defines maximum timeout to be used on the Wazuh app requests
+
+API_SELECTOR=true               Defines if the user is allowed to change the selected API directly from the Wazuh app top menu
+IP_SELECTOR=true                # Defines if the user is allowed to change the selected index pattern directly from the Wazuh app top menu
+IP_IGNORE="[]"                  # List of index patterns to be ignored
+
+DASHBOARD_USERNAME=kibanaserver     # Custom user saved in the dashboard keystore
+DASHBOARD_PASSWORD=kibanaserver     # Custom password saved in the dashboard keystore
+WAZUH_MONITORING_ENABLED=true       # Custom settings to enable/disable wazuh-monitoring indices
+WAZUH_MONITORING_FREQUENCY=900      # Custom setting to set the frequency for wazuh-monitoring indices cron task
+WAZUH_MONITORING_SHARDS=2           # Configure wazuh-monitoring-* indices shards and replicas
+WAZUH_MONITORING_REPLICAS=0         ##
+```

 ## Directory structure

-	wazuh-docker
-	├── docker-compose.yml
-	├── kibana
-	│   ├── config
-	│   │   ├── entrypoint.sh
-	│   │   └── kibana.yml
-	│   └── Dockerfile
-	├── LICENSE
-	├── nginx
-	│   ├── config
-	│   │   └── entrypoint.sh
-	│   └── Dockerfile
-	├── README.md
-	├── CHANGELOG.md
-	├── VERSION
-	├── test.txt
-	└── wazuh
-	    ├── config
-	    │   ├── data_dirs.env
-	    │   ├── entrypoint.sh
-	    │   ├── filebeat.runit.service
-	    │   ├── filebeat.yml
-	    │   ├── init.bash
-	    │   ├── postfix.runit.service
-	    │   ├── wazuh-api.runit.service
-	    │   └── wazuh.runit.service
-	    └── Dockerfile
+    ├── build-docker-images
+    │   ├── build-images.sh
+    │   ├── build-images.yml
+    │   ├── README.md
+    │   ├── wazuh-dashboard
+    │   │   ├── config
+    │   │   │   ├── config.sh
+    │   │   │   ├── config.yml
+    │   │   │   ├── dl_base.sh
+    │   │   │   ├── entrypoint.sh
+    │   │   │   ├── install_wazuh_app.sh
+    │   │   │   ├── opensearch_dashboards.yml
+    │   │   │   ├── wazuh_app_config.sh
+    │   │   │   └── wazuh.yml
+    │   │   └── Dockerfile
+    │   ├── wazuh-indexer
+    │   │   ├── config
+    │   │   │   ├── action_groups.yml
+    │   │   │   ├── config.sh
+    │   │   │   ├── config.yml
+    │   │   │   ├── entrypoint.sh
+    │   │   │   ├── internal_users.yml
+    │   │   │   ├── opensearch.yml
+    │   │   │   ├── roles_mapping.yml
+    │   │   │   ├── roles.yml
+    │   │   │   └── securityadmin.sh
+    │   │   └── Dockerfile
+    │   └── wazuh-manager
+    │       ├── config
+    │       │   ├── check_repository.sh
+    │       │   ├── create_user.py
+    │       │   ├── etc
+    │       │   │   ├── cont-init.d
+    │       │   │   │   ├── 0-wazuh-init
+    │       │   │   │   ├── 1-config-filebeat
+    │       │   │   │   └── 2-manager
+    │       │   │   └── services.d
+    │       │   │       ├── filebeat
+    │       │   │       │   ├── finish
+    │       │   │       │   └── run
+    │       │   │       └── ossec-logs
+    │       │   │           └── run
+    │       │   ├── filebeat_module.sh
+    │       │   ├── filebeat.yml
+    │       │   ├── permanent_data.env
+    │       │   └── permanent_data.sh
+    │       └── Dockerfile
+    ├── CHANGELOG.md
+    ├── indexer-certs-creator
+    │   ├── config
+    │   │   └── entrypoint.sh
+    │   ├── Dockerfile
+    │   └── README.md
+    ├── LICENSE
+    ├── multi-node
+    │   ├── config
+    │   │   ├── certs.yml
+    │   │   ├── nginx
+    │   │   │   └── nginx.conf
+    │   │   ├── wazuh_cluster
+    │   │   │   ├── wazuh_manager.conf
+    │   │   │   └── wazuh_worker.conf
+    │   │   ├── wazuh_dashboard
+    │   │   │   ├── opensearch_dashboards.yml
+    │   │   │   └── wazuh.yml
+    │   │   └── wazuh_indexer
+    │   │       ├── internal_users.yml
+    │   │       ├── wazuh1.indexer.yml
+    │   │       ├── wazuh2.indexer.yml
+    │   │       └── wazuh3.indexer.yml
+    │   ├── docker-compose.yml
+    │   ├── generate-indexer-certs.yml
+    │   ├── Migration-to-Wazuh-4.4.md
+    │   ├── README.md
+    │   └── volume-migrator.sh
+    ├── README.md
+    ├── SECURITY.md
+    ├── single-node
+    │   ├── config
+    │   │   ├── certs.yml
+    │   │   ├── wazuh_cluster
+    │   │   │   └── wazuh_manager.conf
+    │   │   ├── wazuh_dashboard
+    │   │   │   ├── opensearch_dashboards.yml
+    │   │   │   └── wazuh.yml
+    │   │   └── wazuh_indexer
+    │   │       ├── internal_users.yml
+    │   │       └── wazuh.indexer.yml
+    │   ├── docker-compose.yml
+    │   ├── generate-indexer-certs.yml
+    │   └── README.md
+    └── VERSION
+


 ## Branches

-* `stable` branch on correspond to the latest Wazuh-Docker stable version.
 * `master` branch contains the latest code, be aware of possible bugs on this branch.
-* `Wazuh.Version_ElasticStack.Version` (for example 3.9.3_7.2.0) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.
+* `stable` branch corresponds to the last Wazuh stable version.
+
+## Compatibility Matrix
+
+| Wazuh version | ODFE    | XPACK  |
+|---------------|---------|--------|
+| v4.10.0       |         |        |
+| v4.9.2        |         |        |
+| v4.9.1        |         |        |
+| v4.9.0        |         |        |
+| v4.8.2        |         |        |
+| v4.8.1        |         |        |
+| v4.8.0        |         |        |
+| v4.7.5        |         |        |
+| v4.7.4        |         |        |
+| v4.7.3        |         |        |
+| v4.7.2        |         |        |
+| v4.7.1        |         |        |
+| v4.7.0        |         |        |
+| v4.6.0        |         |        |
+| v4.5.4        |         |        |
+| v4.5.3        |         |        |
+| v4.5.2        |         |        |
+| v4.5.1        |         |        |
+| v4.5.0        |         |        |
+| v4.4.5        |         |        |
+| v4.4.4        |         |        |
+| v4.4.3        |         |        |
+| v4.4.2        |         |        |
+| v4.4.1        |         |        |
+| v4.4.0        |         |        |
+| v4.3.11       |         |        |
+| v4.3.10       |         |        |
+| v4.3.9        |         |        |
+| v4.3.8        |         |        |
+| v4.3.7        |         |        |
+| v4.3.6        |         |        |
+| v4.3.5        |         |        |
+| v4.3.4        |         |        |
+| v4.3.3        |         |        |
+| v4.3.2        |         |        |
+| v4.3.1        |         |        |
+| v4.3.0        |         |        |
+| v4.2.7        | 1.13.2  | 7.11.2 |
+| v4.2.6        | 1.13.2  | 7.11.2 |
+| v4.2.5        | 1.13.2  | 7.11.2 |
+| v4.2.4        | 1.13.2  | 7.11.2 |
+| v4.2.3        | 1.13.2  | 7.11.2 |
+| v4.2.2        | 1.13.2  | 7.11.2 |
+| v4.2.1        | 1.13.2  | 7.11.2 |
+| v4.2.0        | 1.13.2  | 7.10.2 |
+| v4.1.5        | 1.13.2  | 7.10.2 |
+| v4.1.4        | 1.12.0  | 7.10.2 |
+| v4.1.3        | 1.12.0  | 7.10.2 |
+| v4.1.2        | 1.12.0  | 7.10.2 |
+| v4.1.1        | 1.12.0  | 7.10.2 |
+| v4.1.0        | 1.12.0  | 7.10.2 |
+| v4.0.4        | 1.11.0  |        |
+| v4.0.3        | 1.11.0  |        |
+| v4.0.2        | 1.11.0  |        |
+| v4.0.1        | 1.11.0  |        |
+| v4.0.0        | 1.10.1  |        |

 ## Credits and Thank you

@@ -66,11 +242,11 @@ These Docker containers are based on:
 *  "deviantony" dockerfiles which can be found at [https://github.com/deviantony/docker-elk](https://github.com/deviantony/docker-elk)
 *  "xetus-oss" dockerfiles, which can be found at [https://github.com/xetus-oss/docker-ossec-server](https://github.com/xetus-oss/docker-ossec-server)

-We thank you them and everyone else who has contributed to this project.
+We thank them and everyone else who has contributed to this project.

 ## License and copyright

-Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)

 ## Web references

--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,45 @@
+# Wazuh Open Source Project Security Policy
+
+Version: 2023-06-12
+
+## Introduction
+This document outlines the Security Policy for Wazuh's open source projects. It emphasizes our commitment to maintain a secure environment for our users and contributors, and reflects our belief in the power of collaboration to identify and resolve security vulnerabilities.
+
+## Scope
+This policy applies to all open source projects developed, maintained, or hosted by Wazuh.
+
+## Reporting Security Vulnerabilities
+If you believe you've discovered a potential security vulnerability in one of our open source projects, we strongly encourage you to report it to us responsibly.
+
+Please submit your findings as security advisories under the "Security" tab in the relevant GitHub repository. Alternatively, you may send the details of your findings to [security@wazuh.com](mailto:security@wazuh.com).
+
+## Vulnerability Disclosure Policy
+Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps:
+
+1. Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
+2. Validation: We will validate the issue and work on reproducing it in our environment.
+3. Remediation: We will work on a fix and thoroughly test it
+4. Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
+5. Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
+
+This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability.
+
+## Automatic Scanning
+We leverage GitHub Actions to perform automated scans of our supply chain. These scans assist us in identifying vulnerabilities and outdated dependencies in a proactive and timely manner.
+
+## Credit
+We believe in giving credit where credit is due. If you report a security vulnerability to us, and we determine that it is a valid vulnerability, we will publicly credit you for the discovery when we disclose the vulnerability. If you wish to remain anonymous, please indicate so in your initial report.
+
+We do appreciate and encourage feedback from our community, but currently we do not have a bounty program. We might start bounty programs in the future.
+
+## Compliance with this Policy
+We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications.
+
+Furthermore, we will not take legal action against or suspend or terminate access to the site or services of those who discover and report security vulnerabilities in accordance with this policy because of the fact.
+
+We ask that all users and contributors respect this policy and the security of our community's users by disclosing vulnerabilities to us in accordance with this policy.
+
+## Changes to this Security Policy
+This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date.
+
+If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com)
--- a/4
+++ b/4
@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="3.9.3_7.2.0"
-REVISION="3930"
+WAZUH-DOCKER_VERSION="4.10.0"
+REVISION="41008"
--- a/build-docker-images/README.md
+++ b/build-docker-images/README.md
@@ -0,0 +1,32 @@
+# Wazuh Docker Image Builder
+
+The creation of the images for the Wazuh stack deployment in Docker is done with the build-images.yml script
+
+To execute the process, the following must be executed in the root of the wazuh-docker repository:
+
+```
+$ build-docker-images/build-images.sh
+```
+
+This script initializes the environment variables needed to build each of the images.
+
+The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
+
+```
+$ build-docker-images/build-images.sh -v 4.10.0
+```
+
+To get all the available script options use the -h or --help option:
+
+```
+$ build-docker-images/build-images.sh -h
+
+Usage: build-docker-images/build-images.sh [OPTIONS]
+
+    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
+    -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default 0.4.
+    -r, --revision <rev>         [Optional] Package revision. By default 1
+    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 4.10.0.
+    -h, --help                   Show this help.
+
+```
--- a/build-docker-images/build-images.sh
+++ b/build-docker-images/build-images.sh
@@ -0,0 +1,144 @@
+WAZUH_IMAGE_VERSION=4.10.0
+WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
+WAZUH_TAG_REVISION=1
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
+IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
+
+# Wazuh package generator
+# Copyright (C) 2023, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+WAZUH_IMAGE_VERSION="4.10.0"
+WAZUH_TAG_REVISION="1"
+WAZUH_DEV_STAGE=""
+FILEBEAT_MODULE_VERSION="0.4"
+
+# -----------------------------------------------------------------------------
+
+trap ctrl_c INT
+
+clean() {
+    exit_code=$1
+
+    exit ${exit_code}
+}
+
+ctrl_c() {
+    clean 1
+}
+
+# -----------------------------------------------------------------------------
+
+
+build() {
+
+    WAZUH_VERSION="$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')"
+    FILEBEAT_TEMPLATE_BRANCH="${WAZUH_IMAGE_VERSION}"
+    WAZUH_FILEBEAT_MODULE="wazuh-filebeat-${FILEBEAT_MODULE_VERSION}.tar.gz"
+    WAZUH_UI_REVISION="${WAZUH_TAG_REVISION}"
+
+    if  [ "${WAZUH_DEV_STAGE}" ];then
+        FILEBEAT_TEMPLATE_BRANCH="v${FILEBEAT_TEMPLATE_BRANCH}-${WAZUH_DEV_STAGE,,}"
+        if ! curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/${FILEBEAT_TEMPLATE_BRANCH}"; then
+            echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}"
+            clean 1
+        fi
+    else
+        if curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/v${FILEBEAT_TEMPLATE_BRANCH}"; then
+            FILEBEAT_TEMPLATE_BRANCH="v${FILEBEAT_TEMPLATE_BRANCH}"
+        elif curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/${FILEBEAT_TEMPLATE_BRANCH}"; then
+            FILEBEAT_TEMPLATE_BRANCH="${FILEBEAT_TEMPLATE_BRANCH}"
+        else
+            WAZUH_MASTER_VERSION="$(curl -s https://raw.githubusercontent.com/wazuh/wazuh/master/src/VERSION | sed -e 's/v//g')"
+            if [ "${FILEBEAT_TEMPLATE_BRANCH}" == "${WAZUH_MASTER_VERSION}" ]; then
+                FILEBEAT_TEMPLATE_BRANCH="master"
+            else
+                echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}"
+                clean 1
+            fi
+        fi
+    fi
+
+    echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > .env
+    echo WAZUH_IMAGE_VERSION=$WAZUH_IMAGE_VERSION >> .env
+    echo WAZUH_TAG_REVISION=$WAZUH_TAG_REVISION >> .env
+    echo FILEBEAT_TEMPLATE_BRANCH=$FILEBEAT_TEMPLATE_BRANCH >> .env
+    echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> .env
+    echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env
+
+    docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache || clean 1
+
+    return 0
+}
+
+# -----------------------------------------------------------------------------
+
+help() {
+    echo
+    echo "Usage: $0 [OPTIONS]"
+    echo
+    echo "    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default."
+    echo "    -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default ${FILEBEAT_MODULE_VERSION}."
+    echo "    -r, --revision <rev>         [Optional] Package revision. By default ${WAZUH_TAG_REVISION}"
+    echo "    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, ${WAZUH_IMAGE_VERSION}."
+    echo "    -h, --help                   Show this help."
+    echo
+    exit $1
+}
+
+# -----------------------------------------------------------------------------
+
+main() {
+    while [ -n "${1}" ]
+    do
+        case "${1}" in
+        "-h"|"--help")
+            help 0
+            ;;
+        "-d"|"--dev")
+            if [ -n "${2}" ]; then
+                WAZUH_DEV_STAGE="${2}"
+                shift 2
+            else
+                help 1
+            fi
+            ;;
+        "-f"|"--filebeat-module")
+            if [ -n "${2}" ]; then
+                FILEBEAT_MODULE_VERSION="${2}"
+                shift 2
+            else
+                help 1
+            fi
+            ;;
+        "-r"|"--revision")
+            if [ -n "${2}" ]; then
+                WAZUH_TAG_REVISION="${2}"
+                shift 2
+            else
+                help 1
+            fi
+            ;;
+        "-v"|"--version")
+            if [ -n "$2" ]; then
+                WAZUH_IMAGE_VERSION="$2"
+                shift 2
+            else
+                help 1
+            fi
+            ;;
+        *)
+            help 1
+        esac
+    done
+
+    build || clean 1
+
+    clean 0
+}
+
+main "$@"
--- a/build-docker-images/build-images.yml
+++ b/build-docker-images/build-images.yml
@@ -0,0 +1,94 @@
+# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+version: '3.7'
+
+services:
+  wazuh.manager:
+    build:
+      context: wazuh-manager/
+      args:
+        WAZUH_VERSION: ${WAZUH_VERSION}
+        WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
+        FILEBEAT_TEMPLATE_BRANCH: ${FILEBEAT_TEMPLATE_BRANCH}
+        WAZUH_FILEBEAT_MODULE: ${WAZUH_FILEBEAT_MODULE}
+    image: wazuh/wazuh-manager:${WAZUH_IMAGE_VERSION}
+    hostname: wazuh.manager
+    restart: always
+    ports:
+      - "1514:1514"
+      - "1515:1515"
+      - "514:514/udp"
+      - "55000:55000"
+    environment:
+      - INDEXER_URL=https://wazuh.indexer:9200
+      - INDEXER_USERNAME=admin
+      - INDEXER_PASSWORD=admin
+      - FILEBEAT_SSL_VERIFICATION_MODE=none
+    volumes:
+      - wazuh_api_configuration:/var/ossec/api/configuration
+      - wazuh_etc:/var/ossec/etc
+      - wazuh_logs:/var/ossec/logs
+      - wazuh_queue:/var/ossec/queue
+      - wazuh_var_multigroups:/var/ossec/var/multigroups
+      - wazuh_integrations:/var/ossec/integrations
+      - wazuh_active_response:/var/ossec/active-response/bin
+      - wazuh_agentless:/var/ossec/agentless
+      - wazuh_wodles:/var/ossec/wodles
+      - filebeat_etc:/etc/filebeat
+      - filebeat_var:/var/lib/filebeat
+
+  wazuh.indexer:
+    build:
+      context: wazuh-indexer/
+      args:
+        WAZUH_VERSION: ${WAZUH_VERSION}
+        WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
+    image: wazuh/wazuh-indexer:${WAZUH_IMAGE_VERSION}
+    hostname: wazuh.indexer
+    restart: always
+    ports:
+      - "9200:9200"
+    environment:
+      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+
+  wazuh.dashboard:
+    build:
+      context: wazuh-dashboard/
+      args:
+        WAZUH_VERSION: ${WAZUH_VERSION}
+        WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
+        WAZUH_UI_REVISION: ${WAZUH_UI_REVISION}
+    image: wazuh/wazuh-dashboard:${WAZUH_IMAGE_VERSION}
+    hostname: wazuh.dashboard
+    restart: always
+    ports:
+      - 443:443
+    environment:
+      - INDEXER_USERNAME=admin
+      - INDEXER_PASSWORD=admin
+      - SERVER_SSL_ENABLED=false
+      - WAZUH_API_URL=https://wazuh.manager
+    depends_on:
+      - wazuh.indexer
+    links:
+      - wazuh.indexer:wazuh.indexer
+      - wazuh.manager:wazuh.manager
+
+volumes:
+  wazuh_api_configuration:
+  wazuh_etc:
+  wazuh_logs:
+  wazuh_queue:
+  wazuh_var_multigroups:
+  wazuh_integrations:
+  wazuh_active_response:
+  wazuh_agentless:
+  wazuh_wodles:
+  filebeat_etc:
+  filebeat_var:
--- a/build-docker-images/wazuh-dashboard/Dockerfile
+++ b/build-docker-images/wazuh-dashboard/Dockerfile
@@ -0,0 +1,97 @@
+# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+FROM amazonlinux:2023 AS builder
+
+ARG WAZUH_VERSION
+ARG WAZUH_TAG_REVISION
+ARG WAZUH_UI_REVISION
+ARG INSTALL_DIR=/usr/share/wazuh-dashboard
+
+# Update and install dependencies
+RUN yum install curl-minimal libcap openssl -y
+
+COPY config/check_repository.sh /
+RUN chmod 775 /check_repository.sh && \
+    source /check_repository.sh
+
+RUN yum install wazuh-dashboard-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
+    yum clean all
+
+# Create and set permissions to data directories
+RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
+RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
+RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
+COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
+RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/bin/node
+RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/fallback/bin/node
+
+# Generate certificates
+COPY config/config.sh .
+COPY config/config.yml /
+RUN bash config.sh
+
+################################################################################
+# Build stage 1 (the current Wazuh dashboard image):
+#
+# Copy wazuh-dashboard from stage 0
+# Add entrypoint
+# Add wazuh_app_config
+################################################################################
+FROM amazonlinux:2023
+
+# Set environment variables
+ENV USER="wazuh-dashboard" \
+    GROUP="wazuh-dashboard" \
+    NAME="wazuh-dashboard" \
+    INSTALL_DIR="/usr/share/wazuh-dashboard"
+
+# Set Wazuh app variables
+ENV PATTERN="" \
+    CHECKS_PATTERN="" \
+    CHECKS_TEMPLATE="" \
+    CHECKS_API="" \
+    CHECKS_SETUP="" \
+    APP_TIMEOUT="" \
+    API_SELECTOR="" \
+    IP_SELECTOR="" \
+    IP_IGNORE="" \
+    WAZUH_MONITORING_ENABLED="" \
+    WAZUH_MONITORING_FREQUENCY="" \
+    WAZUH_MONITORING_SHARDS="" \
+    WAZUH_MONITORING_REPLICAS=""
+
+# Update and install dependencies
+RUN yum install shadow-utils -y
+
+# Create wazuh-dashboard user and group
+RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
+RUN useradd --system \
+            --uid 1000 \
+            --no-create-home \
+            --home-dir $INSTALL_DIR \
+            --gid $GROUP \
+            --shell /sbin/nologin \
+            --comment "$USER user" \
+            $USER
+
+# Copy and set permissions to scripts
+COPY config/entrypoint.sh /
+COPY config/wazuh_app_config.sh /
+RUN chmod 700 /entrypoint.sh
+RUN chmod 700 /wazuh_app_config.sh
+RUN chown 1000:1000 /*.sh
+
+# Copy Install dir from builder to current image
+COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
+
+# Create custom directory
+RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
+RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
+
+# Set workdir and user
+WORKDIR $INSTALL_DIR
+USER wazuh-dashboard
+
+# Services ports
+EXPOSE 443
+
+ENTRYPOINT [ "/entrypoint.sh" ]
--- a/build-docker-images/wazuh-dashboard/config/check_repository.sh
+++ b/build-docker-images/wazuh-dashboard/config/check_repository.sh
@@ -0,0 +1,15 @@
+## variables
+APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
+REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
+
+## check tag to use the correct repository
+if [[ -n "${WAZUH_TAG}" ]]; then
+  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
+  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
+fi
+
+rpm --import "${APT_KEY}"
+echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo
--- a/build-docker-images/wazuh-dashboard/config/config.sh
+++ b/build-docker-images/wazuh-dashboard/config/config.sh
@@ -0,0 +1,42 @@
+# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+# This has to be exported to make some magic below work.
+export DH_OPTIONS
+
+export NAME=wazuh-dashboard
+export TARGET_DIR=${CURDIR}/debian/${NAME}
+export INSTALLATION_DIR=/usr/share/${NAME}
+export CONFIG_DIR=${INSTALLATION_DIR}/config
+
+## Variables
+CERT_TOOL=wazuh-certs-tool.sh
+PACKAGES_URL=https://packages.wazuh.com/4.10/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.10/
+
+## Check if the cert tool exists in S3 buckets
+CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+
+## If cert tool exists in some bucket, download it, if not exit 1
+if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
+  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL
+  echo "Cert tool exists in Packages bucket"
+elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then
+  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL
+  echo "Cert tool exists in Packages-dev bucket"
+else
+  echo "Cert tool does not exist in any bucket"
+  exit 1
+fi
+
+chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
+
+# Create certs directory
+mkdir -p ${CONFIG_DIR}/certs
+
+# Copy Wazuh dashboard certs to install config dir
+cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
+cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
+cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
+
+chmod -R 500 ${CONFIG_DIR}/certs
+chmod -R 400 ${CONFIG_DIR}/certs/*
--- a/build-docker-images/wazuh-dashboard/config/config.yml
+++ b/build-docker-images/wazuh-dashboard/config/config.yml
@@ -0,0 +1,5 @@
+nodes:
+  # Wazuh dashboard server nodes
+  dashboard:
+    - name: demo.dashboard
+      ip: demo.dashboard
--- a/build-docker-images/wazuh-dashboard/config/entrypoint.sh
+++ b/build-docker-images/wazuh-dashboard/config/entrypoint.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+
+INSTALL_DIR=/usr/share/wazuh-dashboard
+DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
+DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
+
+# Create and configure Wazuh dashboard keystore
+
+yes | $INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \
+echo $DASHBOARD_USERNAME | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
+echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
+
+##############################################################################
+# Start Wazuh dashboard
+##############################################################################
+
+/wazuh_app_config.sh $WAZUH_UI_REVISION
+
+/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
--- a/build-docker-images/wazuh-dashboard/config/wazuh.yml
+++ b/build-docker-images/wazuh-dashboard/config/wazuh.yml
@@ -0,0 +1,155 @@
+---
+#
+# Wazuh app - App configuration file
+# Copyright (C) 2017, Wazuh Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Find more information about this on the LICENSE file.
+#
+# ======================== Wazuh app configuration file ========================
+#
+# Please check the documentation for more information on configuration options:
+# https://documentation.wazuh.com/current/installation-guide/index.html
+#
+# Also, you can check our repository:
+# https://github.com/wazuh/wazuh-dashboard-plugins
+#
+# ------------------------------- Index patterns -------------------------------
+#
+# Default index pattern to use.
+#pattern: wazuh-alerts-*
+#
+# ----------------------------------- Checks -----------------------------------
+#
+# Defines which checks must to be consider by the healthcheck
+# step once the Wazuh app starts. Values must to be true or false.
+#checks.pattern : true
+#checks.template: true
+#checks.api     : true
+#checks.setup   : true
+#checks.metaFields: true
+#
+# --------------------------------- Extensions ---------------------------------
+#
+# Defines which extensions should be activated when you add a new API entry.
+# You can change them after Wazuh app starts.
+# Values must to be true or false.
+#extensions.pci       : true
+#extensions.gdpr      : true
+#extensions.hipaa     : true
+#extensions.nist      : true
+#extensions.tsc       : true
+#extensions.audit     : true
+#extensions.oscap     : false
+#extensions.ciscat    : false
+#extensions.aws       : false
+#extensions.gcp       : false
+#extensions.virustotal: false
+#extensions.osquery   : false
+#extensions.docker    : false
+#
+# ---------------------------------- Time out ----------------------------------
+#
+# Defines maximum timeout to be used on the Wazuh app requests.
+# It will be ignored if it is bellow 1500.
+# It means milliseconds before we consider a request as failed.
+# Default: 20000
+#timeout: 20000
+#
+# -------------------------------- API selector --------------------------------
+#
+# Defines if the user is allowed to change the selected
+# API directly from the Wazuh app top menu.
+# Default: true
+#api.selector: true
+#
+# --------------------------- Index pattern selector ---------------------------
+#
+# Defines if the user is allowed to change the selected
+# index pattern directly from the Wazuh app top menu.
+# Default: true
+#ip.selector: true
+#
+# List of index patterns to be ignored
+#ip.ignore: []
+#
+# ------------------------------ wazuh-monitoring ------------------------------
+#
+# Custom setting to enable/disable wazuh-monitoring indices.
+# Values: true, false, worker
+# If worker is given as value, the app will show the Agents status
+# visualization but won't insert data on wazuh-monitoring indices.
+# Default: true
+#wazuh.monitoring.enabled: true
+#
+# Custom setting to set the frequency for wazuh-monitoring indices cron task.
+# Default: 900 (s)
+#wazuh.monitoring.frequency: 900
+#
+# Configure wazuh-monitoring-* indices shards and replicas.
+#wazuh.monitoring.shards: 2
+#wazuh.monitoring.replicas: 0
+#
+# Configure wazuh-monitoring-* indices custom creation interval.
+# Values: h (hourly), d (daily), w (weekly), m (monthly)
+# Default: d
+#wazuh.monitoring.creation: d
+#
+# Default index pattern to use for Wazuh monitoring
+#wazuh.monitoring.pattern: wazuh-monitoring-*
+#
+# --------------------------------- wazuh-cron ----------------------------------
+#
+# Customize the index prefix of predefined jobs
+# This change is not retroactive, if you change it new indexes will be created
+# cron.prefix: test
+#
+# ------------------------------ wazuh-statistics -------------------------------
+#
+# Custom setting to enable/disable statistics tasks.
+#cron.statistics.status: true
+#
+# Enter the ID of the APIs you want to save data from, leave this empty to run
+# the task on all configured APIs
+#cron.statistics.apis: []
+#
+# Define the frequency of task execution using cron schedule expressions
+#cron.statistics.interval: 0 0 * * * *
+#
+# Define the name of the index in which the documents are to be saved.
+#cron.statistics.index.name: statistics
+#
+# Define the interval in which the index will be created
+#cron.statistics.index.creation: w
+#
+# ------------------------------- App privileges --------------------------------
+#admin: true
+#
+# ---------------------------- Hide manager alerts ------------------------------
+# Hide the alerts of the manager in all dashboards and discover
+#hideManagerAlerts: false
+#
+# ------------------------------- App logging level -----------------------------
+# Set the logging level for the Wazuh App log files.
+# Default value: info
+# Allowed values: info, debug
+#logs.level: info
+#
+# -------------------------------- Enrollment DNS -------------------------------
+# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment.
+# Default value: ''
+#enrollment.dns: ''
+#
+#-------------------------------- API entries -----------------------------------
+#The following configuration is the default structure to define an API entry.
+#
+#hosts:
+#  - <id>:
+#     url: http(s)://<url>
+#     port: <port>
+#     username: <username>
+#     password: <password>
--- a/build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh
+++ b/build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+
+wazuh_url="${WAZUH_API_URL:-https://wazuh}"
+wazuh_port="${API_PORT:-55000}"
+api_username="${API_USERNAME:-wazuh-wui}"
+api_password="${API_PASSWORD:-wazuh-wui}"
+api_run_as="${RUN_AS:-false}"
+
+dashboard_config_file="/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml"
+
+declare -A CONFIG_MAP=(
+  [pattern]=$PATTERN
+  [checks.pattern]=$CHECKS_PATTERN
+  [checks.template]=$CHECKS_TEMPLATE
+  [checks.api]=$CHECKS_API
+  [checks.setup]=$CHECKS_SETUP
+  [timeout]=$APP_TIMEOUT
+  [api.selector]=$API_SELECTOR
+  [ip.selector]=$IP_SELECTOR
+  [ip.ignore]=$IP_IGNORE
+  [wazuh.monitoring.enabled]=$WAZUH_MONITORING_ENABLED
+  [wazuh.monitoring.frequency]=$WAZUH_MONITORING_FREQUENCY
+  [wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS
+  [wazuh.monitoring.replicas]=$WAZUH_MONITORING_REPLICAS
+)
+
+for i in "${!CONFIG_MAP[@]}"
+do
+    if [ "${CONFIG_MAP[$i]}" != "" ]; then
+        sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $dashboard_config_file
+    fi
+done
+
+
+grep -q 1513629884013 $dashboard_config_file
+_config_exists=$?
+
+if [[ $_config_exists -ne 0 ]]; then
+cat << EOF >> $dashboard_config_file
+hosts:
+  - 1513629884013:
+      url: $wazuh_url
+      port: $wazuh_port
+      username: $api_username
+      password: $api_password
+      run_as: $api_run_as
+EOF
+else
+  echo "Wazuh APP already configured"
+fi
+
--- a/build-docker-images/wazuh-indexer/Dockerfile
+++ b/build-docker-images/wazuh-indexer/Dockerfile
@@ -0,0 +1,92 @@
+# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+FROM amazonlinux:2023 AS builder
+
+ARG WAZUH_VERSION
+ARG WAZUH_TAG_REVISION
+
+RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y
+
+COPY config/check_repository.sh /
+RUN chmod 775 /check_repository.sh && \
+    source /check_repository.sh
+
+RUN yum install wazuh-indexer-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
+    yum clean all
+
+COPY config/opensearch.yml /
+
+COPY config/config.sh .
+
+COPY config/config.yml /
+
+COPY config/action_groups.yml /
+
+COPY config/internal_users.yml /
+
+COPY config/roles_mapping.yml /
+
+COPY config/roles.yml /
+
+RUN bash config.sh
+
+################################################################################
+# Build stage 1 (the actual Wazuh indexer image):
+#
+# Copy wazuh-indexer from stage 0
+# Add entrypoint
+
+################################################################################
+FROM amazonlinux:2023
+
+ENV USER="wazuh-indexer" \
+    GROUP="wazuh-indexer" \
+    NAME="wazuh-indexer" \
+    INSTALL_DIR="/usr/share/wazuh-indexer"
+
+RUN yum install curl-minimal shadow-utils findutils hostname -y
+
+RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
+
+RUN useradd --system \
+            --uid 1000 \
+            --no-create-home \
+            --home-dir $INSTALL_DIR \
+            --gid $GROUP \
+            --shell /sbin/nologin \
+            --comment "$USER user" \
+            $USER
+
+WORKDIR $INSTALL_DIR
+
+COPY config/entrypoint.sh /
+
+COPY config/securityadmin.sh /
+
+RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh
+
+RUN chown 1000:1000 /*.sh
+
+COPY --from=builder --chown=1000:1000 /usr/share/wazuh-indexer /usr/share/wazuh-indexer
+COPY --from=builder --chown=1000:1000 /etc/wazuh-indexer /usr/share/wazuh-indexer
+COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/systemd /usr/lib/systemd
+COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sysctl.d /usr/lib/sysctl.d
+COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tmpfiles.d /usr/lib/tmpfiles.d
+
+RUN chown -R 1000:1000 /usr/share/wazuh-indexer
+
+RUN mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer && \
+    mkdir -p /usr/share/wazuh-indexer/logs && chown 1000:1000 /usr/share/wazuh-indexer/logs && \
+    mkdir -p /run/wazuh-indexer && chown 1000:1000 /run/wazuh-indexer && \
+    mkdir -p /var/log/wazuh-indexer && chown 1000:1000 /var/log/wazuh-indexer && \
+    chmod 700 /usr/share/wazuh-indexer && \
+    chmod 600 /usr/share/wazuh-indexer/jvm.options && \
+    chmod 600 /usr/share/wazuh-indexer/opensearch.yml
+
+USER wazuh-indexer
+
+# Services ports
+EXPOSE 9200
+
+ENTRYPOINT ["/entrypoint.sh"]
+# Dummy overridable parameter parsed by entrypoint
+CMD ["opensearchwrapper"]
--- a/build-docker-images/wazuh-indexer/config/action_groups.yml
+++ b/build-docker-images/wazuh-indexer/config/action_groups.yml
@@ -0,0 +1,12 @@
+---
+_meta:
+  type: "actiongroups"
+  config_version: 2
+
+# ISM API permissions group
+manage_ism:
+  reserved: true
+  hidden: false
+  allowed_actions:
+  - "cluster:admin/opendistro/ism/*"
+  static: false
--- a/build-docker-images/wazuh-indexer/config/check_repository.sh
+++ b/build-docker-images/wazuh-indexer/config/check_repository.sh
@@ -0,0 +1,15 @@
+## variables
+APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
+REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
+
+## check tag to use the correct repository
+if [[ -n "${WAZUH_TAG}" ]]; then
+  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
+  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
+fi
+
+rpm --import "${APT_KEY}"
+echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo
--- a/build-docker-images/wazuh-indexer/config/config.sh
+++ b/build-docker-images/wazuh-indexer/config/config.sh
@@ -0,0 +1,102 @@
+# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+# This has to be exported to make some magic below work.
+export DH_OPTIONS
+
+export NAME=wazuh-indexer
+export TARGET_DIR=${CURDIR}/debian/${NAME}
+
+# Package build options
+export USER=${NAME}
+export GROUP=${NAME}
+export VERSION=${WAZUH_VERSION}-${WAZUH_TAG_REVISION}
+export LOG_DIR=/var/log/${NAME}
+export LIB_DIR=/var/lib/${NAME}
+export PID_DIR=/run/${NAME}
+export INSTALLATION_DIR=/usr/share/${NAME}
+export CONFIG_DIR=${INSTALLATION_DIR}
+export BASE_DIR=${NAME}-*
+export INDEXER_FILE=wazuh-indexer-base.tar.xz
+export BASE_FILE=wazuh-indexer-base-${VERSION}-linux-x64.tar.xz
+export REPO_DIR=/unattended_installer
+
+## Variables
+CERT_TOOL=wazuh-certs-tool.sh
+PASSWORD_TOOL=wazuh-passwords-tool.sh
+PACKAGES_URL=https://packages.wazuh.com/4.10/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.10/
+
+## Check if the cert tool exists in S3 buckets
+CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+
+## If cert tool exists in some bucket, download it, if not exit 1
+if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
+  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL
+  echo "Cert tool exists in Packages bucket"
+elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then
+  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL
+  echo "Cert tool exists in Packages-dev bucket"
+else
+  echo "Cert tool does not exist in any bucket"
+  exit 1
+fi
+
+
+## Check if the password tool exists in S3 buckets
+PASSWORD_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$PASSWORD_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+PASSWORD_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$PASSWORD_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+
+## If password tool exists in some bucket, download it, if not exit 1
+if [ "$PASSWORD_TOOL_PACKAGES" = "200" ]; then
+  curl -o $PASSWORD_TOOL $PACKAGES_URL$PASSWORD_TOOL
+  echo "Password tool exists in Packages bucket"
+elif [ "$PASSWORD_TOOL_PACKAGES_DEV" = "200" ]; then
+  curl -o $PASSWORD_TOOL $PACKAGES_DEV_URL$PASSWORD_TOOL
+  echo "Password tool exists in Packages-dev bucket"
+else
+  echo "Password tool does not exist in any bucket"
+  exit 1
+fi
+
+chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
+
+# copy to target
+mkdir -p ${TARGET_DIR}${INSTALLATION_DIR}
+mkdir -p ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
+mkdir -p ${TARGET_DIR}${CONFIG_DIR}
+mkdir -p ${TARGET_DIR}${LIB_DIR}
+mkdir -p ${TARGET_DIR}${LOG_DIR}
+mkdir -p ${TARGET_DIR}/etc/init.d
+mkdir -p ${TARGET_DIR}/etc/default
+mkdir -p ${TARGET_DIR}/usr/lib/tmpfiles.d
+mkdir -p ${TARGET_DIR}/usr/lib/sysctl.d
+mkdir -p ${TARGET_DIR}/usr/lib/systemd/system
+mkdir -p ${TARGET_DIR}${CONFIG_DIR}/certs
+# Copy Wazuh's config files for the security plugin
+cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
+cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
+cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
+cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
+cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
+# Copy Wazuh indexer's certificates
+cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem
+cp -pr /wazuh-certificates/demo.indexer-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer-key.pem
+cp -pr /wazuh-certificates/root-ca.key ${TARGET_DIR}${CONFIG_DIR}/certs/root-ca.key
+cp -pr /wazuh-certificates/root-ca.pem ${TARGET_DIR}${CONFIG_DIR}/certs/root-ca.pem
+cp -pr /wazuh-certificates/admin.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin.pem
+cp -pr /wazuh-certificates/admin-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin-key.pem
+
+# Delete xms and xmx parameters in jvm.options
+sed '/-Xms/d' -i /etc/wazuh-indexer/jvm.options
+sed '/-Xmx/d' -i /etc/wazuh-indexer/jvm.options
+sed -i 's/-Djava.security.policy=file:\/\/\/etc\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/-Djava.security.policy=file:\/\/\/usr\/share\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/g' /etc/wazuh-indexer/jvm.options
+
+
+chmod -R 500 ${TARGET_DIR}${CONFIG_DIR}/certs
+chmod -R 400 ${TARGET_DIR}${CONFIG_DIR}/certs/*
+
+find ${TARGET_DIR} -type d -exec chmod 750 {} \;
+find ${TARGET_DIR} -type f -perm 644 -exec chmod 640 {} \;
+find ${TARGET_DIR} -type f -perm 664 -exec chmod 660 {} \;
+find ${TARGET_DIR} -type f -perm 755 -exec chmod 750 {} \;
+find ${TARGET_DIR} -type f -perm 744 -exec chmod 740 {} \;
--- a/build-docker-images/wazuh-indexer/config/config.yml
+++ b/build-docker-images/wazuh-indexer/config/config.yml
@@ -0,0 +1,5 @@
+nodes:
+  # Wazuh indexer server nodes
+  indexer:
+    - name: demo.indexer
+      ip: demo.indexer
--- a/build-docker-images/wazuh-indexer/config/entrypoint.sh
+++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh
@@ -0,0 +1,93 @@
+#!/usr/bin/env bash
+# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+set -e
+
+umask 0002
+
+export USER=wazuh-indexer
+export INSTALLATION_DIR=/usr/share/wazuh-indexer
+export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}
+export JAVA_HOME=${INSTALLATION_DIR}/jdk
+export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
+export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
+export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem"
+export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem"
+
+run_as_other_user_if_needed() {
+  if [[ "$(id -u)" == "0" ]]; then
+    # If running as root, drop to specified UID and run command
+    exec chroot --userspec=1000:0 / "${@}"
+  else
+    # Either we are running in Openshift with random uid and are a member of the root group
+    # or with a custom --user
+    exec "${@}"
+  fi
+}
+
+# Allow user specify custom CMD, maybe bin/opensearch itself
+# for example to directly specify `-E` style parameters for opensearch on k8s
+# or simply to run /bin/bash to check the image
+if [[ "$1" != "opensearchwrapper" ]]; then
+  if [[ "$(id -u)" == "0" && $(basename "$1") == "opensearch" ]]; then
+    # Rewrite CMD args to replace $1 with `opensearch` explicitly,
+    # Without this, user could specify `opensearch -E x.y=z` but
+    # `bin/opensearch -E x.y=z` would not work.
+    set -- "opensearch" "${@:2}"
+    # Use chroot to switch to UID 1000 / GID 0
+    exec chroot --userspec=1000:0 / "$@"
+  else
+    # User probably wants to run something else, like /bin/bash, with another uid forced (Openshift?)
+    exec "$@"
+  fi
+fi
+
+# Allow environment variables to be set by creating a file with the
+# contents, and setting an environment variable with the suffix _FILE to
+# point to it. This can be used to provide secrets to a container, without
+# the values being specified explicitly when running the container.
+#
+# This is also sourced in opensearch-env, and is only needed here
+# as well because we use INDEXER_PASSWORD below. Sourcing this script
+# is idempotent.
+source /usr/share/wazuh-indexer/bin/opensearch-env-from-file
+
+if [[ -f bin/opensearch-users ]]; then
+  # Check for the INDEXER_PASSWORD environment variable to set the
+  # bootstrap password for Security.
+  #
+  # This is only required for the first node in a cluster with Security
+  # enabled, but we have no way of knowing which node we are yet. We'll just
+  # honor the variable if it's present.
+  if [[ -n "$INDEXER_PASSWORD" ]]; then
+    [[ -f /usr/share/wazuh-indexer/opensearch.keystore ]] || (run_as_other_user_if_needed opensearch-keystore create)
+    if ! (run_as_other_user_if_needed opensearch-keystore has-passwd --silent) ; then
+      # keystore is unencrypted
+      if ! (run_as_other_user_if_needed opensearch-keystore list | grep -q '^bootstrap.password$'); then
+        (run_as_other_user_if_needed echo "$INDEXER_PASSWORD" | opensearch-keystore add -x 'bootstrap.password')
+      fi
+    else
+      # keystore requires password
+      if ! (run_as_other_user_if_needed echo "$KEYSTORE_PASSWORD" \
+          | opensearch-keystore list | grep -q '^bootstrap.password$') ; then
+        COMMANDS="$(printf "%s\n%s" "$KEYSTORE_PASSWORD" "$INDEXER_PASSWORD")"
+        (run_as_other_user_if_needed echo "$COMMANDS" | opensearch-keystore add -x 'bootstrap.password')
+      fi
+    fi
+  fi
+fi
+
+if [[ "$(id -u)" == "0" ]]; then
+  # If requested and running as root, mutate the ownership of bind-mounts
+  if [[ -n "$TAKE_FILE_OWNERSHIP" ]]; then
+    chown -R 1000:0 /usr/share/wazuh-indexer/{data,logs}
+  fi
+fi
+
+
+#if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then
+  # run securityadmin.sh for single node with CACERT, CERT and KEY parameter
+#  nohup /securityadmin.sh &
+#  touch "/var/lib/wazuh-indexer/.flag"
+#fi
+
+run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD"
--- a/build-docker-images/wazuh-indexer/config/internal_users.yml
+++ b/build-docker-images/wazuh-indexer/config/internal_users.yml
@@ -0,0 +1,74 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+  type: "internalusers"
+  config_version: 2
+
+# Define your internal users here
+
+## Demo users
+
+admin:
+  hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG"
+  reserved: true
+  backend_roles:
+  - "admin"
+  description: "Demo admin user"
+
+kibanaserver:
+  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
+  reserved: true
+  description: "Demo kibanaserver user"
+
+kibanaro:
+  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
+  reserved: false
+  backend_roles:
+  - "kibanauser"
+  - "readall"
+  attributes:
+    attribute1: "value1"
+    attribute2: "value2"
+    attribute3: "value3"
+  description: "Demo kibanaro user"
+
+logstash:
+  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
+  reserved: false
+  backend_roles:
+  - "logstash"
+  description: "Demo logstash user"
+
+readall:
+  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
+  reserved: false
+  backend_roles:
+  - "readall"
+  description: "Demo readall user"
+
+snapshotrestore:
+  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
+  reserved: false
+  backend_roles:
+  - "snapshotrestore"
+  description: "Demo snapshotrestore user"
+
+wazuh_admin:
+  hash: "$2y$12$d2awHiOYvZjI88VfsDON.u6buoBol0gYPJEgdG1ArKVE0OMxViFfu"
+  reserved: true
+  hidden: false
+  backend_roles: []
+  attributes: {}
+  opendistro_security_roles: []
+  static: false
+  
+wazuh_user:
+  hash: "$2y$12$BQixeoQdRubZdVf/7sq1suHwiVRnSst1.lPI2M0.GPZms4bq2D9vO"
+  reserved: true
+  hidden: false
+  backend_roles: []
+  attributes: {}
+  opendistro_security_roles: []
+  static: false  
--- a/build-docker-images/wazuh-indexer/config/opensearch.yml
+++ b/build-docker-images/wazuh-indexer/config/opensearch.yml
@@ -0,0 +1,26 @@
+network.host: "0.0.0.0"
+node.name: "wazuh.indexer"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+discovery.type: single-node
+compatibility.override_main_response_version: true
+plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem
+plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem
+plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem
+plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+- "CN=demo.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+plugins.security.system_indices.enabled: true
+plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
--- a/build-docker-images/wazuh-indexer/config/roles.yml
+++ b/build-docker-images/wazuh-indexer/config/roles.yml
@@ -0,0 +1,171 @@
+_meta:
+  type: "roles"
+  config_version: 2
+
+# Restrict users so they can only view visualization and dashboards on kibana
+kibana_read_only:
+  reserved: true
+
+# The security REST API access role is used to assign specific users access to change the security settings through the REST API.
+security_rest_api_access:
+  reserved: true
+
+# Allows users to view monitors, destinations and alerts
+alerting_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/alerting/alerts/get'
+    - 'cluster:admin/opendistro/alerting/destination/get'
+    - 'cluster:admin/opendistro/alerting/monitor/get'
+    - 'cluster:admin/opendistro/alerting/monitor/search'
+
+# Allows users to view and acknowledge alerts
+alerting_ack_alerts:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/alerting/alerts/*'
+
+# Allows users to use all alerting functionality
+alerting_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster_monitor'
+    - 'cluster:admin/opendistro/alerting/*'
+  index_permissions:
+    - index_patterns:
+        - '*'
+      allowed_actions:
+        - 'indices_monitor'
+        - 'indices:admin/aliases/get'
+        - 'indices:admin/mappings/get'
+
+# Allow users to read Anomaly Detection detectors and results
+anomaly_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/ad/detector/info'
+    - 'cluster:admin/opendistro/ad/detector/search'
+    - 'cluster:admin/opendistro/ad/detectors/get'
+    - 'cluster:admin/opendistro/ad/result/search'
+    - 'cluster:admin/opendistro/ad/tasks/search'
+
+# Allows users to use all Anomaly Detection functionality
+anomaly_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster_monitor'
+    - 'cluster:admin/opendistro/ad/*'
+  index_permissions:
+    - index_patterns:
+        - '*'
+      allowed_actions:
+        - 'indices_monitor'
+        - 'indices:admin/aliases/get'
+        - 'indices:admin/mappings/get'
+
+# Allows users to read Notebooks
+notebooks_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/notebooks/list'
+    - 'cluster:admin/opendistro/notebooks/get'
+
+# Allows users to all Notebooks functionality
+notebooks_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/notebooks/create'
+    - 'cluster:admin/opendistro/notebooks/update'
+    - 'cluster:admin/opendistro/notebooks/delete'
+    - 'cluster:admin/opendistro/notebooks/get'
+    - 'cluster:admin/opendistro/notebooks/list'
+
+# Allows users to read and download Reports
+reports_instances_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/reports/instance/list'
+    - 'cluster:admin/opendistro/reports/instance/get'
+    - 'cluster:admin/opendistro/reports/menu/download'
+
+# Allows users to read and download Reports and Report-definitions
+reports_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/reports/definition/get'
+    - 'cluster:admin/opendistro/reports/definition/list'
+    - 'cluster:admin/opendistro/reports/instance/list'
+    - 'cluster:admin/opendistro/reports/instance/get'
+    - 'cluster:admin/opendistro/reports/menu/download'
+
+# Allows users to all Reports functionality
+reports_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/reports/definition/create'
+    - 'cluster:admin/opendistro/reports/definition/update'
+    - 'cluster:admin/opendistro/reports/definition/on_demand'
+    - 'cluster:admin/opendistro/reports/definition/delete'
+    - 'cluster:admin/opendistro/reports/definition/get'
+    - 'cluster:admin/opendistro/reports/definition/list'
+    - 'cluster:admin/opendistro/reports/instance/list'
+    - 'cluster:admin/opendistro/reports/instance/get'
+    - 'cluster:admin/opendistro/reports/menu/download'
+
+# Allows users to use all asynchronous-search functionality
+asynchronous_search_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/asynchronous_search/*'
+  index_permissions:
+    - index_patterns:
+        - '*'
+      allowed_actions:
+        - 'indices:data/read/search*'
+
+# Allows users to read stored asynchronous-search results
+asynchronous_search_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/asynchronous_search/get'
+
+wazuh_ui_user:
+  reserved: true
+  hidden: false
+  cluster_permissions: []
+  index_permissions:
+  - index_patterns:
+    - "wazuh-*"
+    dls: ""
+    fls: []
+    masked_fields: []
+    allowed_actions:
+    - "read"
+  tenant_permissions: []
+  static: false
+
+wazuh_ui_admin:
+  reserved: true
+  hidden: false
+  cluster_permissions: []
+  index_permissions:
+  - index_patterns:
+    - "wazuh-*"
+    dls: ""
+    fls: []
+    masked_fields: []
+    allowed_actions:
+    - "read"
+    - "delete"
+    - "manage"
+    - "index"
+  tenant_permissions: []
+  static: false
+
+# ISM API permissions role
+manage_ism:
+  reserved: true
+  hidden: false
+  cluster_permissions:
+  - "manage_ism"
+  static: false
--- a/build-docker-images/wazuh-indexer/config/roles_mapping.yml
+++ b/build-docker-images/wazuh-indexer/config/roles_mapping.yml
@@ -0,0 +1,78 @@
+---
+# In this file users, backendroles and hosts can be mapped to Wazuh indexer Security roles.
+# Permissions for Wazuh indexer roles are configured in roles.yml
+
+_meta:
+  type: "rolesmapping"
+  config_version: 2
+
+# Define your roles mapping here
+
+## Demo roles mapping
+
+all_access:
+  reserved: false
+  backend_roles:
+  - "admin"
+  description: "Maps admin to all_access"
+
+own_index:
+  reserved: false
+  users:
+  - "*"
+  description: "Allow full access to an index named like the username"
+
+logstash:
+  reserved: false
+  backend_roles:
+  - "logstash"
+
+kibana_user:
+  reserved: false
+  backend_roles:
+  - "kibanauser"
+  users:
+  - "wazuh_user"
+  - "wazuh_admin"
+  description: "Maps kibanauser to kibana_user"
+
+readall:
+  reserved: false
+  backend_roles:
+  - "readall"
+
+manage_snapshots:
+  reserved: false
+  backend_roles:
+  - "snapshotrestore"
+
+kibana_server:
+  reserved: true
+  users:
+  - "kibanaserver"
+
+wazuh_ui_admin:
+  reserved: true
+  hidden: false
+  backend_roles: []
+  hosts: []
+  users:
+  - "wazuh_admin"
+  - "kibanaserver"
+  and_backend_roles: []
+
+wazuh_ui_user:
+  reserved: true
+  hidden: false
+  backend_roles: []
+  hosts: []
+  users:
+  - "wazuh_user"
+  and_backend_roles: []
+
+# ISM API permissions role mapping
+manage_ism:
+  reserved: true
+  hidden: false
+  users:
+  - "kibanaserver"
--- a/build-docker-images/wazuh-indexer/config/securityadmin.sh
+++ b/build-docker-images/wazuh-indexer/config/securityadmin.sh
@@ -0,0 +1,3 @@
+# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+sleep 30
+bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/opensearch-security/ -nhnv -cacert  $CACERT -cert $CERT -key $KEY -p 9200 -icl
--- a/build-docker-images/wazuh-manager/Dockerfile
+++ b/build-docker-images/wazuh-manager/Dockerfile
@@ -0,0 +1,68 @@
+# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+FROM amazonlinux:2023
+
+RUN rm /bin/sh && ln -s /bin/bash /bin/sh
+
+ARG WAZUH_VERSION
+ARG WAZUH_TAG_REVISION
+ARG FILEBEAT_TEMPLATE_BRANCH
+ARG FILEBEAT_CHANNEL=filebeat-oss
+ARG FILEBEAT_VERSION=7.10.2
+ARG WAZUH_FILEBEAT_MODULE
+ARG S6_VERSION="v2.2.0.3"
+
+RUN yum install curl-minimal xz gnupg tar gzip openssl findutils procps -y &&\
+    yum clean all
+
+COPY config/check_repository.sh /
+COPY config/filebeat_module.sh /
+COPY config/permanent_data.env config/permanent_data.sh /
+
+RUN chmod 775 /check_repository.sh
+RUN source /check_repository.sh
+
+RUN yum install wazuh-manager-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
+    yum clean all && \
+    chmod 775 /filebeat_module.sh && \
+    source /filebeat_module.sh && \
+    rm /filebeat_module.sh && \
+    curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
+    -o /tmp/s6-overlay-amd64.tar.gz && \
+    tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \
+    tar xzf /tmp/s6-overlay-amd64.tar.gz -C /usr ./bin && \
+    rm  /tmp/s6-overlay-amd64.tar.gz
+
+COPY config/etc/ /etc/
+COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py
+
+COPY config/filebeat.yml /etc/filebeat/
+
+RUN chmod go-w /etc/filebeat/filebeat.yml
+
+ADD https://raw.githubusercontent.com/wazuh/wazuh/$FILEBEAT_TEMPLATE_BRANCH/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
+RUN chmod go-w /etc/filebeat/wazuh-template.json
+
+# Prepare permanent data
+# Sync calls are due to https://github.com/docker/docker/issues/9547
+
+#Make mount directories for keep permissions
+
+RUN mkdir -p /var/ossec/var/multigroups && \
+    chown root:wazuh /var/ossec/var/multigroups && \
+    chmod 770 /var/ossec/var/multigroups && \
+    mkdir -p /var/ossec/agentless && \
+    chown root:wazuh /var/ossec/agentless && \
+    chmod 770 /var/ossec/agentless && \
+    mkdir -p /var/ossec/active-response/bin && \
+    chown root:wazuh /var/ossec/active-response/bin && \
+    chmod 770 /var/ossec/active-response/bin && \
+    chmod 755 /permanent_data.sh && \
+    sync && /permanent_data.sh && \
+    sync && rm /permanent_data.sh
+
+RUN rm /etc/yum.repos.d/wazuh.repo
+
+# Services ports
+EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp
+
+ENTRYPOINT [ "/init" ]
--- a/build-docker-images/wazuh-manager/config/check_repository.sh
+++ b/build-docker-images/wazuh-manager/config/check_repository.sh
@@ -0,0 +1,15 @@
+## variables
+APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
+REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
+
+## check tag to use the correct repository
+if [[ -n "${WAZUH_TAG}" ]]; then
+  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
+  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
+fi
+
+rpm --import "${APT_KEY}"
+echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo
--- a/build-docker-images/wazuh-manager/config/create_user.py
+++ b/build-docker-images/wazuh-manager/config/create_user.py
@@ -0,0 +1,102 @@
+import logging
+import sys
+import json
+import random
+import string
+import os
+
+# Set framework path
+sys.path.append(os.path.dirname(sys.argv[0]) + "/../framework")
+
+USER_FILE_PATH = "/var/ossec/api/configuration/admin.json"
+SPECIAL_CHARS = "@$!%*?&-_"
+
+
+try:
+    from wazuh.rbac.orm import check_database_integrity
+    from wazuh.security import (
+        create_user,
+        get_users,
+        get_roles,
+        set_user_role,
+        update_user,
+    )
+except ModuleNotFoundError as e:
+    logging.error("No module 'wazuh' found.")
+    sys.exit(1)
+
+
+def read_user_file(path=USER_FILE_PATH):
+    with open(path) as user_file:
+        data = json.load(user_file)
+        return data["username"], data["password"]
+
+
+def db_users():
+    users_result = get_users()
+    return {user["username"]: user["id"] for user in users_result.affected_items}
+
+
+def db_roles():
+    roles_result = get_roles()
+    return {role["name"]: role["id"] for role in roles_result.affected_items}
+
+def disable_user(uid):
+    random_pass = "".join(
+                random.choices(
+                    string.ascii_uppercase
+                    + string.ascii_lowercase
+                    + string.digits
+                    + SPECIAL_CHARS,
+                    k=8,
+                )
+            )
+    # assure there must be at least one character from each group
+    random_pass = random_pass + ''.join([random.choice(chars) for chars in [string.ascii_lowercase, string.digits, string.ascii_uppercase, SPECIAL_CHARS]])
+    random_pass = ''.join(random.sample(random_pass,len(random_pass)))
+    update_user(
+        user_id=[
+            str(uid),
+        ],
+        password=random_pass,
+    )
+
+
+if __name__ == "__main__":
+    if not os.path.exists(USER_FILE_PATH):
+        # abort if no user file detected
+        sys.exit(0)
+    username, password = read_user_file()
+
+    # create RBAC database
+    check_database_integrity()
+
+    initial_users = db_users()
+    if username not in initial_users:
+        # create a new user
+        create_user(username=username, password=password)
+        users = db_users()
+        uid = users[username]
+        roles = db_roles()
+        rid = roles["administrator"]
+        set_user_role(
+            user_id=[
+                str(uid),
+            ],
+            role_ids=[
+                str(rid),
+            ],
+        )
+    else:
+        # modify an existing user ("wazuh" or "wazuh-wui")
+        uid = initial_users[username]
+        update_user(
+            user_id=[
+                str(uid),
+            ],
+            password=password,
+        )
+    # disable unused default users
+    for def_user in ['wazuh', 'wazuh-wui']:
+        if def_user != username:
+            disable_user(initial_users[def_user])
--- a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
+++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
@@ -0,0 +1,237 @@
+#!/usr/bin/with-contenv bash
+# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+
+# Variables
+source /permanent_data.env
+
+WAZUH_INSTALL_PATH=/var/ossec
+WAZUH_CONFIG_MOUNT=/wazuh-config-mount
+AUTO_ENROLLMENT_ENABLED=${AUTO_ENROLLMENT_ENABLED:-true}
+
+
+##############################################################################
+# Aux functions
+##############################################################################
+print() {
+  echo -e $1
+}
+
+error_and_exit() {
+  echo "Error executing command: '$1'."
+  echo 'Exiting.'
+  exit 1
+}
+
+exec_cmd() {
+  eval $1 > /dev/null 2>&1 || error_and_exit "$1"
+}
+
+exec_cmd_stdout() {
+  eval $1 2>&1 || error_and_exit "$1"
+}
+
+
+##############################################################################
+# This function will attempt to mount every directory in PERMANENT_DATA
+# into the respective path.
+# If the path is empty means permanent data volume is also empty, so a backup
+# will be copied into it. Otherwise it will not be copied because there is
+# already data inside the volume for the specified path.
+##############################################################################
+
+mount_permanent_data() {
+  for permanent_dir in "${PERMANENT_DATA[@]}"; do
+    data_tmp="${WAZUH_INSTALL_PATH}/data_tmp/permanent${permanent_dir}/"
+    print ${data_tmp}
+    # Check if the path is not empty
+    if find ${permanent_dir} -mindepth 1 | read; then
+      print "The path ${permanent_dir} is already mounted"
+    else
+      if find ${data_tmp} -mindepth 1 | read; then
+        print "Installing ${permanent_dir}"
+        exec_cmd "cp -a ${data_tmp}. ${permanent_dir}"
+      else
+        print "The path ${permanent_dir} is empty, skipped"
+      fi
+    fi
+  done
+}
+
+##############################################################################
+# This function will replace from the permanent data volume every file
+# contained in PERMANENT_DATA_EXCP
+# Some files as 'internal_options.conf' are saved as permanent data, but
+# they must be updated to work properly if wazuh version is changed.
+##############################################################################
+
+apply_exclusion_data() {
+  for exclusion_file in "${PERMANENT_DATA_EXCP[@]}"; do
+    if [  -e ${WAZUH_INSTALL_PATH}/data_tmp/exclusion/${exclusion_file}  ]
+    then
+      DIR=$(dirname "${exclusion_file}")
+      if [ ! -e ${DIR}  ]
+      then
+        mkdir -p ${DIR}
+      fi
+
+      print "Updating ${exclusion_file}"
+      exec_cmd "cp -p ${WAZUH_INSTALL_PATH}/data_tmp/exclusion/${exclusion_file} ${exclusion_file}"
+    fi
+  done
+}
+
+##############################################################################
+# This function will rename in the permanent data volume every file
+# contained in PERMANENT_DATA_MOVE
+##############################################################################
+
+move_data_files() {
+  for mov_file in "${PERMANENT_DATA_MOVE[@]}"; do
+    file_split=( $mov_file )
+    if [ -e ${file_split[0]} ]
+    then
+      print "moving ${mov_file}"
+      exec_cmd "mv -f ${mov_file}"
+    fi
+  done
+}
+
+
+##############################################################################
+# This function will delete from the permanent data volume every file
+# contained in PERMANENT_DATA_DEL
+##############################################################################
+
+remove_data_files() {
+  for del_file in "${PERMANENT_DATA_DEL[@]}"; do
+    if [ -e ${del_file} ]
+    then
+      print "Removing ${del_file}"
+      exec_cmd "rm -f ${del_file}"
+    fi
+  done
+}
+
+##############################################################################
+# Create certificates: Manager
+##############################################################################
+
+create_ossec_key_cert() {
+  print "Creating wazuh-authd key and cert"
+  exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096"
+  exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/"
+}
+
+##############################################################################
+# Copy all files from $WAZUH_CONFIG_MOUNT to $WAZUH_INSTALL_PATH and respect
+# destination files permissions
+#
+# For example, to mount the file /var/ossec/data/etc/ossec.conf, mount it at
+# $WAZUH_CONFIG_MOUNT/etc/ossec.conf in your container and this code will
+# replace the ossec.conf file in /var/ossec/data/etc with yours.
+##############################################################################
+
+mount_files() {
+  if [ -e "$WAZUH_CONFIG_MOUNT" ]
+  then
+    print "Identified Wazuh configuration files to mount..."
+    exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $WAZUH_INSTALL_PATH"
+  else
+    print "No Wazuh configuration files to mount..."
+  fi
+}
+
+
+##############################################################################
+# Allow users to set the container hostname as <node_name> dynamically on
+# container start.
+#
+# To use this:
+# 1. Create your own ossec.conf file
+# 2. In your ossec.conf file, set to_be_replaced_by_hostname as your node_name
+# 3. Mount your custom ossec.conf file at $WAZUH_CONFIG_MOUNT/etc/ossec.conf
+##############################################################################
+
+set_custom_hostname() {
+  sed -i 's/<node_name>to_be_replaced_by_hostname<\/node_name>/<node_name>'"${HOSTNAME}"'<\/node_name>/g' ${WAZUH_INSTALL_PATH}/etc/ossec.conf
+}
+
+##############################################################################
+# Allow users to set the container cluster key dynamically on
+# container start.
+#
+# To use this:
+# 1. Create your own ossec.conf file
+# 2. In your ossec.conf file, set to_be_replaced_by_cluster_key as your key
+# 3. Mount your custom ossec.conf file at $WAZUH_CONFIG_MOUNT/etc/ossec.conf
+##############################################################################
+
+set_custom_cluster_key() {
+  sed -i 's/<key>to_be_replaced_by_cluster_key<\/key>/<key>'"${WAZUH_CLUSTER_KEY}"'<\/key>/g' ${WAZUH_INSTALL_PATH}/etc/ossec.conf
+}
+
+##############################################################################
+# Modify /var/ossec/queue/rids directory owner on
+# container start.
+##############################################################################
+
+set_rids_owner() {
+  chown -R wazuh:wazuh /var/ossec/queue/rids
+}
+
+##############################################################################
+# Change any ossec user/group to wazuh user/group 
+##############################################################################
+
+set_correct_permOwner() {
+  find / -group 997 -exec chown :999 {} +;
+  find / -group 101 -exec chown :999 {} +;
+  find / -user 101 -exec chown 999 {} +;
+}
+
+##############################################################################
+# Main function
+##############################################################################
+
+main() {
+  # Mount permanent data  (i.e. ossec.conf)
+  mount_permanent_data
+
+  # Restore files stored in permanent data that are not permanent  (i.e. internal_options.conf)
+  apply_exclusion_data
+
+  # Apply correct permission and ownership
+  set_correct_permOwner
+
+  # Rename files stored in permanent data (i.e. queue/ossec)
+  move_data_files
+
+  # Remove some files in permanent_data (i.e. .template.db)
+  remove_data_files
+
+  # Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
+  if [ $AUTO_ENROLLMENT_ENABLED == true ]
+  then
+    if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]
+    then
+      create_ossec_key_cert
+    fi
+  fi
+
+  # Mount selected files (WAZUH_CONFIG_MOUNT) to container
+  mount_files
+
+  # Allow setting custom hostname
+  set_custom_hostname
+
+  # Allow setting custom cluster key
+  set_custom_cluster_key
+
+  # Delete temporary data folder
+  rm -rf ${WAZUH_INSTALL_PATH}/data_tmp
+
+  # Set rids directory owner
+  set_rids_owner
+}
+
+main
--- a/build-docker-images/wazuh-manager/config/etc/cont-init.d/1-config-filebeat
+++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/1-config-filebeat
@@ -0,0 +1,51 @@
+#!/usr/bin/with-contenv bash
+# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+
+set -e
+
+if [ "$INDEXER_URL" != "" ]; then
+  >&2 echo "Customize Elasticsearch output IP"
+  sed -i "s|hosts:.*|hosts: ['$INDEXER_URL']|g" /etc/filebeat/filebeat.yml
+fi
+
+# Configure filebeat.yml security settings
+
+if [ "$INDEXER_USERNAME" != "" ]; then
+  >&2 echo "Configuring username."
+  sed -i "s|#username:.*|username:|g" /etc/filebeat/filebeat.yml
+  sed -i "s|username:.*|username: '$INDEXER_USERNAME'|g" /etc/filebeat/filebeat.yml
+fi
+
+if [ "$INDEXER_PASSWORD" != "" ]; then
+  >&2 echo "Configuring password."
+  sed -i "s|#password:.*|password:|g" /etc/filebeat/filebeat.yml
+  sed -i "s|password:.*|password: '$INDEXER_PASSWORD'|g" /etc/filebeat/filebeat.yml
+fi
+
+if [ "$FILEBEAT_SSL_VERIFICATION_MODE" != "" ]; then
+  >&2 echo "Configuring SSL verification mode."
+  sed -i "s|#ssl.verification_mode:.*|ssl.verification_mode:|g" /etc/filebeat/filebeat.yml
+  sed -i "s|ssl.verification_mode:.*|ssl.verification_mode: '$FILEBEAT_SSL_VERIFICATION_MODE'|g" /etc/filebeat/filebeat.yml
+fi
+
+if [ "$SSL_CERTIFICATE_AUTHORITIES" != "" ]; then
+  >&2 echo "Configuring Certificate Authorities."
+  sed -i "s|#ssl.certificate_authorities:.*|ssl.certificate_authorities:|g" /etc/filebeat/filebeat.yml
+  sed -i "s|ssl.certificate_authorities:.*|ssl.certificate_authorities: ['$SSL_CERTIFICATE_AUTHORITIES']|g" /etc/filebeat/filebeat.yml
+fi
+
+if [ "$SSL_CERTIFICATE" != "" ]; then
+  >&2 echo "Configuring SSL Certificate."
+  sed -i "s|#ssl.certificate:.*|ssl.certificate:|g" /etc/filebeat/filebeat.yml
+  sed -i "s|ssl.certificate:.*|ssl.certificate: '$SSL_CERTIFICATE'|g" /etc/filebeat/filebeat.yml
+fi
+
+if [ "$SSL_KEY" != "" ]; then
+  >&2 echo "Configuring SSL Key."
+  sed -i "s|#ssl.key:.*|ssl.key:|g" /etc/filebeat/filebeat.yml
+  sed -i "s|ssl.key:.*|ssl.key: '$SSL_KEY'|g" /etc/filebeat/filebeat.yml
+fi
+
+
+chmod go-w /etc/filebeat/filebeat.yml || true
+chown root: /etc/filebeat/filebeat.yml || true
--- a/build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager
+++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager
@@ -0,0 +1,136 @@
+#!/usr/bin/with-contenv bash
+
+##############################################################################
+# Migration sequence
+# Detect if there is a mounted volume on /wazuh-migration and copy the data
+# to /var/ossec, finally it will create a flag ".migration-completed" inside
+# the mounted volume
+##############################################################################
+
+function __colortext()
+{
+  echo -e " \e[1;$2m$1\e[0m"
+}
+
+function echogreen()
+{
+  echo $(__colortext "$1" "32")
+}
+
+function echoyellow()
+{
+  echo $(__colortext "$1" "33")
+}
+
+function echored()
+{
+  echo $(__colortext "$1" "31")
+}
+
+function_wazuh_migration(){
+  if [ -d "/wazuh-migration" ]; then
+    if [ ! -e /wazuh-migration/.migration-completed ]; then
+      if [ ! -e /wazuh-migration/global.db ]; then
+        echoyellow "The volume mounted on /wazuh-migration does not contain all the correct files."
+        return
+      fi
+
+      \cp -f /wazuh-migration/data/etc/ossec.conf /var/ossec/etc/ossec.conf
+      chown root:wazuh /var/ossec/etc/ossec.conf
+      chmod 640 /var/ossec/etc/ossec.conf
+
+      \cp -f /wazuh-migration/data/etc/client.keys /var/ossec/etc/client.keys
+      chown wazuh:wazuh /var/ossec/etc/client.keys
+      chmod 640 /var/ossec/etc/client.keys
+
+      \cp -f /wazuh-migration/data/etc/sslmanager.cert /var/ossec/etc/sslmanager.cert
+      \cp -f /wazuh-migration/data/etc/sslmanager.key /var/ossec/etc/sslmanager.key
+      chown root:root /var/ossec/etc/sslmanager.cert /var/ossec/etc/sslmanager.key
+      chmod 640 /var/ossec/etc/sslmanager.cert /var/ossec/etc/sslmanager.key
+
+      \cp -f /wazuh-migration/data/etc/shared/default/agent.conf /var/ossec/etc/shared/default/agent.conf
+      chown wazuh:wazuh /var/ossec/etc/shared/default/agent.conf
+      chmod 660 /var/ossec/etc/shared/default/agent.conf
+
+      \cp -f /wazuh-migration/data/etc/decoders/* /var/ossec/etc/decoders/
+      chown wazuh:wazuh /var/ossec/etc/decoders/*
+      chmod 660 /var/ossec/etc/decoders/*
+
+      \cp -f /wazuh-migration/data/etc/rules/* /var/ossec/etc/rules/
+      chown wazuh:wazuh /var/ossec/etc/rules/*
+      chmod 660 /var/ossec/etc/rules/*
+
+      if [ -e /wazuh-migration/data/agentless/.passlist ]; then
+        \cp -f /wazuh-migration/data/agentless/.passlist /var/ossec/agentless/.passlist
+        chown root:wazuh /var/ossec/agentless/.passlist
+        chmod 640 /var/ossec/agentless/.passlist
+      fi
+
+      \cp -f /wazuh-migration/global.db /var/ossec/queue/db/global.db
+      chown wazuh:wazuh /var/ossec/queue/db/global.db
+      chmod 640 /var/ossec/queue/db/global.db
+
+      # mark volume as migrated
+      touch /wazuh-migration/.migration-completed
+
+      echogreen "Migration completed succesfully"
+    else
+      echoyellow "This volume has already been migrated. You may proceed and remove it from the mount point (/wazuh-migration)"
+    fi
+  fi
+}
+
+function_create_custom_user() {
+  if [[ ! -z $API_USERNAME ]] && [[ ! -z $API_PASSWORD ]]; then
+  cat << EOF > /var/ossec/api/configuration/admin.json
+{
+  "username": "$API_USERNAME",
+  "password": "$API_PASSWORD"
+}
+EOF
+
+    # create or customize API user
+    if /var/ossec/framework/python/bin/python3  /var/ossec/framework/scripts/create_user.py; then
+      # remove json if exit code is 0
+      rm /var/ossec/api/configuration/admin.json
+    else
+      echored "There was an error configuring the API user"
+      # terminate container to avoid unpredictable behavior
+      exec s6-svscanctl -t /var/run/s6/services
+      exit 1
+    fi
+  fi
+}
+
+function_entrypoint_scripts() {
+  # It will run every .sh script located in entrypoint-scripts folder in lexicographical order
+  if [ -d "/entrypoint-scripts/" ]
+  then
+    for script in `ls /entrypoint-scripts/*.sh | sort -n`; do
+      bash "$script"
+    done
+  fi
+}
+
+function_configure_vulnerability_detection() {
+if [ "$INDEXER_PASSWORD" != "" ]; then
+  >&2 echo "Configuring password."
+  /var/ossec/bin/wazuh-keystore -f indexer -k username -v $INDEXER_USERNAME
+  /var/ossec/bin/wazuh-keystore -f indexer -k password -v $INDEXER_PASSWORD
+fi
+}
+
+# Migrate data from /wazuh-migration volume
+function_wazuh_migration
+
+# create API custom user
+function_create_custom_user
+
+# configure Vulnerabilty detection
+function_configure_vulnerability_detection
+
+# run entrypoint scripts
+function_entrypoint_scripts
+
+# Start Wazuh
+/var/ossec/bin/wazuh-control start
--- a/build-docker-images/wazuh-manager/config/etc/services.d/filebeat/finish
+++ b/build-docker-images/wazuh-manager/config/etc/services.d/filebeat/finish
@@ -0,0 +1,6 @@
+#!/usr/bin/env sh
+echo >&2 "Filebeat exited. code=${1}"
+
+# terminate other services to exit from the container
+exec s6-svscanctl -t /var/run/s6/services
+
--- a/build-docker-images/wazuh-manager/config/etc/services.d/filebeat/run
+++ b/build-docker-images/wazuh-manager/config/etc/services.d/filebeat/run
@@ -0,0 +1,4 @@
+#!/usr/bin/with-contenv sh
+echo >&2 "starting Filebeat"
+
+exec /usr/share/filebeat/bin/filebeat -e -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat
--- a/build-docker-images/wazuh-manager/config/etc/services.d/ossec-logs/run
+++ b/build-docker-images/wazuh-manager/config/etc/services.d/ossec-logs/run
@@ -0,0 +1,4 @@
+#!/usr/bin/with-contenv sh
+
+# dumping ossec.log to standard output
+exec tail -F /var/ossec/logs/ossec.log
--- a/build-docker-images/wazuh-manager/config/filebeat.yml
+++ b/build-docker-images/wazuh-manager/config/filebeat.yml
@@ -0,0 +1,31 @@
+
+# Wazuh - Filebeat configuration file
+filebeat.modules:
+  - module: wazuh
+    alerts:
+      enabled: true
+    archives:
+      enabled: false
+
+setup.template.json.enabled: true
+setup.template.overwrite: true
+setup.template.json.path: '/etc/filebeat/wazuh-template.json'
+setup.template.json.name: 'wazuh'
+setup.ilm.enabled: false
+output.elasticsearch:
+  hosts: ['https://wazuh.indexer:9200']
+  #username:
+  #password:
+  #ssl.verification_mode:
+  #ssl.certificate_authorities:
+  #ssl.certificate:
+  #ssl.key:
+
+logging.metrics.enabled: false
+
+seccomp:
+  default_action: allow
+  syscalls:
+  - action: allow
+    names:
+    - rseq
--- a/build-docker-images/wazuh-manager/config/filebeat_module.sh
+++ b/build-docker-images/wazuh-manager/config/filebeat_module.sh
@@ -0,0 +1,12 @@
+## variables
+REPOSITORY="packages-dev.wazuh.com/pre-release"
+WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
+
+## check tag to use the correct repository
+if [[ -n "${WAZUH_TAG}" ]]; then
+  REPOSITORY="packages.wazuh.com/4.x"
+fi
+
+curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm &&\
+yum install -y ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && \
+curl -s https://${REPOSITORY}/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module
--- a/build-docker-images/wazuh-manager/config/permanent_data.env
+++ b/build-docker-images/wazuh-manager/config/permanent_data.env
@@ -0,0 +1,102 @@
+# Permanent data mounted in volumes
+i=0
+PERMANENT_DATA[((i++))]="/var/ossec/api/configuration"
+PERMANENT_DATA[((i++))]="/var/ossec/etc"
+PERMANENT_DATA[((i++))]="/var/ossec/logs"
+PERMANENT_DATA[((i++))]="/var/ossec/queue"
+PERMANENT_DATA[((i++))]="/var/ossec/agentless"
+PERMANENT_DATA[((i++))]="/var/ossec/var/multigroups"
+PERMANENT_DATA[((i++))]="/var/ossec/integrations"
+PERMANENT_DATA[((i++))]="/var/ossec/active-response/bin"
+PERMANENT_DATA[((i++))]="/var/ossec/wodles"
+PERMANENT_DATA[((i++))]="/etc/filebeat"
+
+export PERMANENT_DATA
+
+# Files mounted in a volume that should not be permanent
+i=0
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/internal_options.conf"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/maltiverse"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/maltiverse.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/wazuh-slack"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-wazuh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/sshlogin.exp"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_pixconfig_diff"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_asa-fwsmconfig_diff"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_integrity_check_bsd"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/main.exp"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/su.exp"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_integrity_check_linux"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/register_host.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_generic_diff"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_foundry_diff"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_nopass.exp"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh.exp"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/__init__.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws_tools.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/wazuh_integration.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/__init__.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/aws_bucket.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/cloudtrail.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/config.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/guardduty.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/load_balancers.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/server_access.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/umbrella.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/vpcflow.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/waf.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/services/__init__.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/services/aws_service.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/services/cloudwatchlogs.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/services/inspector.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/__init__.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/s3_log_handler.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/sqs_message_processor.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/sqs_queue.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/orm.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/utils.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/__init__.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py"
+export PERMANENT_DATA_EXCP
+
+# Files mounted in a volume that should be deleted
+i=0
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/db/.template.db"
+export PERMANENT_DATA_DEL
+
+i=0
+PERMANENT_DATA_MOVE[((i++))]="/var/ossec/logs/ossec /var/ossec/logs/wazuh"
+PERMANENT_DATA_MOVE[((i++))]="/var/ossec/queue/ossec /var/ossec/queue/sockets"
+export PERMANENT_DATA_MOVE
--- a/build-docker-images/wazuh-manager/config/permanent_data.sh
+++ b/build-docker-images/wazuh-manager/config/permanent_data.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+
+# Variables
+source /permanent_data.env
+
+WAZUH_INSTALL_PATH=/var/ossec
+DATA_TMP_PATH=${WAZUH_INSTALL_PATH}/data_tmp
+mkdir ${DATA_TMP_PATH}
+
+# Move exclusion files to EXCLUSION_PATH
+EXCLUSION_PATH=${DATA_TMP_PATH}/exclusion
+mkdir ${EXCLUSION_PATH}
+
+for exclusion_file in "${PERMANENT_DATA_EXCP[@]}"; do
+  # Create the directory for the exclusion file if it does not exist
+  DIR=$(dirname "${exclusion_file}")
+  if [ ! -e ${EXCLUSION_PATH}/${DIR}  ]
+  then
+    mkdir -p ${EXCLUSION_PATH}/${DIR}
+  fi
+
+  mv ${exclusion_file} ${EXCLUSION_PATH}/${exclusion_file}
+done
+
+# Move permanent files to PERMANENT_PATH
+PERMANENT_PATH=${DATA_TMP_PATH}/permanent
+mkdir ${PERMANENT_PATH}
+
+for permanent_dir in "${PERMANENT_DATA[@]}"; do
+  # Create the directory for the permanent file if it does not exist
+  DIR=$(dirname "${permanent_dir}")
+  if [ ! -e ${PERMANENT_PATH}${DIR}  ]
+  then
+    mkdir -p ${PERMANENT_PATH}${DIR}
+  fi
+  
+  mv ${permanent_dir} ${PERMANENT_PATH}${permanent_dir}
+
+done
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,54 +0,0 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-version: '2'
-
-services:
-  wazuh:
-    image: wazuh/wazuh:3.9.3_7.2.0
-    hostname: wazuh-manager
-    restart: always
-    ports:
-      - "1514:1514/udp"
-      - "1515:1515"
-      - "514:514/udp"
-      - "55000:55000"
-
-  elasticsearch:
-    image: wazuh/wazuh-elasticsearch:3.9.3_7.2.0
-    hostname: elasticsearch
-    restart: always
-    ports:
-      - "9200:9200"
-    environment:
-      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
-      - ELASTIC_CLUSTER=true
-      - CLUSTER_NODE_MASTER=true
-      - CLUSTER_MASTER_NODE_NAME=es01
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-    mem_limit: 2g
-
-  kibana:
-    image: wazuh/wazuh-kibana:3.9.3_7.2.0
-    hostname: kibana
-    restart: always
-    depends_on:
-      - elasticsearch
-    links:
-      - elasticsearch:elasticsearch
-      - wazuh:wazuh
-  nginx:
-    image: wazuh/wazuh-nginx:3.9.3_7.2.0
-    hostname: nginx
-    restart: always
-    environment:
-      - NGINX_PORT=443
-      - NGINX_CREDENTIALS
-    ports:
-      - "80:80"
-      - "443:443"
-    depends_on:
-      - kibana
-    links:
-      - kibana:kibana
--- a/elasticsearch/Dockerfile
+++ b/elasticsearch/Dockerfile
@@ -1,54 +0,0 @@
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-ARG ELASTIC_VERSION=7.2.0
-FROM docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}
-ARG S3_PLUGIN_URL="https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-s3/repository-s3-${ELASTIC_VERSION}.zip"
-
-ENV ELASTICSEARCH_URL="http://elasticsearch:9200"
-
-ENV ALERTS_SHARDS="1" \
-    ALERTS_REPLICAS="0"
-
-ENV API_USER="foo" \
-    API_PASS="bar"
-
-ENV XPACK_ML="true" 
-
-ENV ENABLE_CONFIGURE_S3="false"
-
-ARG TEMPLATE_VERSION=v3.9.3
-
-# Elasticearch cluster configuration environment variables
-# If ELASTIC_CLUSTER is set to "true" the following variables will be added to the Elasticsearch configuration
-# CLUSTER_INITIAL_MASTER_NODES set to own node by default.
-ENV ELASTIC_CLUSTER="false" \
-    CLUSTER_NAME="wazuh" \
-    CLUSTER_NODE_MASTER="false" \
-    CLUSTER_NODE_DATA="true" \
-    CLUSTER_NODE_INGEST="true" \
-    CLUSTER_NODE_NAME="wazuh-elasticsearch" \
-    CLUSTER_MASTER_NODE_NAME="master-node" \
-    CLUSTER_MEMORY_LOCK="true" \
-    CLUSTER_DISCOVERY_SERVICE="wazuh-elasticsearch" \
-    CLUSTER_NUMBER_OF_MASTERS="2" \
-    CLUSTER_MAX_NODES="1" \
-    CLUSTER_DELAYED_TIMEOUT="1m" \
-    CLUSTER_INITIAL_MASTER_NODES="wazuh-elasticsearch"
-
-COPY config/entrypoint.sh /entrypoint.sh 
-
-RUN chmod 755 /entrypoint.sh
-
-COPY --chown=elasticsearch:elasticsearch ./config/load_settings.sh ./
-
-RUN chmod +x ./load_settings.sh
-
-RUN ${bin/elasticsearch-plugin install --batch S3_PLUGIN_URL}
-
-COPY config/configure_s3.sh ./config/configure_s3.sh
-RUN chmod 755 ./config/configure_s3.sh
-
-COPY --chown=elasticsearch:elasticsearch ./config/config_cluster.sh ./
-RUN chmod +x ./config_cluster.sh
-
-ENTRYPOINT ["/entrypoint.sh"]
-CMD ["elasticsearch"]
--- a/elasticsearch/config/config_cluster.sh
+++ b/elasticsearch/config/config_cluster.sh
@@ -1,57 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-elastic_config_file="/usr/share/elasticsearch/config/elasticsearch.yml"
-
-remove_single_node_conf(){
-  if grep -Fq "discovery.type" $1; then
-    sed -i '/discovery.type\: /d' $1 
-  fi
-}
-
-remove_cluster_config(){
-  sed -i '/# cluster node/,/# end cluster config/d' $1
-}
-
-# If Elasticsearch cluster is enable, then set up the elasticsearch.yml
-if [[ $ELASTIC_CLUSTER == "true" && $CLUSTER_NODE_MASTER != "" && $CLUSTER_NODE_DATA != "" && $CLUSTER_NODE_INGEST != "" && $CLUSTER_MASTER_NODE_NAME != "" ]]; then
-  # Remove the old configuration
-  remove_single_node_conf $elastic_config_file
-  remove_cluster_config $elastic_config_file
-
-if [[ $CLUSTER_NODE_MASTER == "true" ]]; then
-# Add the master configuration
-# cluster.initial_master_nodes for bootstrap the cluster
-cat > $elastic_config_file << EOF
-# cluster node
-network.host: 0.0.0.0
-node.name: $CLUSTER_MASTER_NODE_NAME
-node.master: $CLUSTER_NODE_MASTER
-cluster.initial_master_nodes: 
-  - $CLUSTER_MASTER_NODE_NAME
-# end cluster config" 
-EOF
-
-elif [[ $CLUSTER_NODE_NAME != "" ]];then
-# Remove the old configuration
-remove_single_node_conf $elastic_config_file
-remove_cluster_config $elastic_config_file
-
-cat > $elastic_config_file << EOF
-# cluster node
-network.host: 0.0.0.0
-node.name: $CLUSTER_NODE_NAME
-node.master: false
-discovery.seed_hosts: 
-  - $CLUSTER_MASTER_NODE_NAME
-  - $CLUSTER_NODE_NAME
-# end cluster config" 
-EOF
-fi
-# If the cluster is disabled, then set a single-node configuration
-else
-  # Remove the old configuration
-  remove_single_node_conf $elastic_config_file
-  remove_cluster_config $elastic_config_file
-  echo "discovery.type: single-node" >> $elastic_config_file
-fi
--- a/elasticsearch/config/configure_s3.sh
+++ b/elasticsearch/config/configure_s3.sh
@@ -1,77 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-set -e
-
-# Check number of arguments passed to configure_s3.sh. If it is different from 4 or 5, the process will finish with error.
-# param 1: number of arguments passed to configure_s3.sh
-
-function CheckArgs()
-{
-    if [ $1 != 4 ] && [ $1 != 5 ];then
-        echo "Use: configure_s3.sh <Elastic_Server_IP:Port> <Bucket> <Path> <RepositoryName> (By default <current_elasticsearch_major_version> is added to the path and the repository name)"
-        echo "or use: configure_s3.sh <Elastic_Server_IP:Port> <Bucket> <Path> <RepositoryName> <Elasticsearch major version>" 
-        exit 1
-
-    fi
-}
-
-# Create S3 repository from base_path <path>/<elasticsearch_major_version> (if there is no <Elasticsearch major version> argument, current version is added)
-# Repository name would be <RepositoryName>-<elasticsearch_major_version> (if there is no <Elasticsearch major version> argument, current version is added)
-# param 1: <Elastic_Server_IP:Port>
-# param 2: <Bucket>
-# param 3: <Path>
-# param 4: <RepositoryName>
-# param 5: Optional <Elasticsearch major version>
-# output: It will show "acknowledged" if the repository has been successfully created
-
-function CreateRepo()
-{
-
-    elastic_ip_port="$2"
-    bucket_name="$3"
-    path="$4"
-    repository_name="$5"
-
-    if [ $1 == 5 ];then
-        version="$6"
-    else
-        version=`curl -s $elastic_ip_port | grep number | cut -d"\"" -f4 | cut -c1`
-    fi
-
-    if ! [[ "$version" =~ ^[0-9]+$ ]];then
-        echo "Elasticsearch major version must be an integer"
-        exit 1
-    fi
-
-    repository="$repository_name-$version"
-    s3_path="$path/$version"
-
-    curl -X PUT "$elastic_ip_port/_snapshot/$repository" -H 'Content-Type: application/json' -d'
-        {
-            "type": "s3",
-            "settings": {
-            "bucket": "'$bucket_name'",
-            "base_path": "'$s3_path'"
-        }
-    }
-    '
-
-}
-
-# Run functions CheckArgs and CreateRepo
-# param 1: number of arguments passed to configure_s3.sh
-# param 2: <Elastic_Server_IP:Port>
-# param 3: <Bucket>
-# param 4: <Path>
-# param 5: <RepositoryName>
-# param 6: Optional <Elasticsearch major version>
-
-function Main()
-{
-    CheckArgs $1
-
-    CreateRepo $1 $2 $3 $4 $5 $6
-}
-
-Main $# $1 $2 $3 $4 $5
--- a/elasticsearch/config/entrypoint.sh
+++ b/elasticsearch/config/entrypoint.sh
@@ -1,52 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-# For more information https://github.com/elastic/elasticsearch-docker/blob/6.8.0/build/elasticsearch/bin/docker-entrypoint.sh
-
-set -e
-
-# Files created by Elasticsearch should always be group writable too
-umask 0002
-
-run_as_other_user_if_needed() {
-  if [[ "$(id -u)" == "0" ]]; then
-    # If running as root, drop to specified UID and run command
-    exec chroot --userspec=1000 / "${@}"
-  else
-    # Either we are running in Openshift with random uid and are a member of the root group
-    # or with a custom --user
-    exec "${@}"
-  fi
-}
-
-
-#Disabling xpack features
-
-elasticsearch_config_file="/usr/share/elasticsearch/config/elasticsearch.yml"
-if grep -Fq  "#xpack features" "$elasticsearch_config_file";
-then 
-  declare -A CONFIG_MAP=(
-  [xpack.ml.enabled]=$XPACK_ML
-  )
-  for i in "${!CONFIG_MAP[@]}"
-  do
-    if [ "${CONFIG_MAP[$i]}" != "" ]; then
-      sed -i 's/.'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $elasticsearch_config_file
-    fi
-  done
-else
-  echo "
-#xpack features
-xpack.ml.enabled: $XPACK_ML
- " >> $elasticsearch_config_file
-fi
-
-# Run load settings script.
-
-./config_cluster.sh
-
-./load_settings.sh &
-
-# Execute elasticsearch
-
-run_as_other_user_if_needed /usr/share/elasticsearch/bin/elasticsearch 
--- a/elasticsearch/config/load_settings.sh
+++ b/elasticsearch/config/load_settings.sh
@@ -1,103 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-set -e
-
-el_url=${ELASTICSEARCH_URL}
-
-if [ "x${WAZUH_API_URL}" = "x" ]; then
-  wazuh_url="https://wazuh"
-else
-  wazuh_url="${WAZUH_API_URL}"
-fi
-
-if [[ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
-  auth=""
-else
-  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
-fi
-
-until curl ${auth} -XGET $el_url; do
-  >&2 echo "Elastic is unavailable - sleeping"
-  sleep 5
-done
-
->&2 echo "Elastic is up - executing command"
-
-if [ $ENABLE_CONFIGURE_S3 ]; then
-  #Wait for Elasticsearch to be ready to create the repository
-  sleep 10
-  IP_PORT="${ELASTICSEARCH_IP}:${ELASTICSEARCH_PORT}"
-
-  if [ "x$S3_PATH" != "x" ]; then 
-
-    if [ "x$S3_ELASTIC_MAJOR" != "x" ]; then 
-      ./config/configure_s3.sh $IP_PORT $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME $S3_ELASTIC_MAJOR 
-
-    else
-      ./config/configure_s3.sh $IP_PORT $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME 
-
-    fi
-
-  fi
-
-fi
-
-#Insert default templates
-
-API_PASS_Q=`echo "$API_PASS" | tr -d '"'`
-API_USER_Q=`echo "$API_USER" | tr -d '"'`
-API_PASSWORD=`echo -n $API_PASS_Q | base64`
-
-echo "Setting API credentials into Wazuh APP"
-CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013 ${auth})
-
-if [ "x$CONFIG_CODE" != "x200" ]; then
-  curl -s -XPOST $el_url/.wazuh/_doc/1513629884013 ${auth} -H 'Content-Type: application/json' -d'
-  {
-    "api_user": "'"$API_USER_Q"'",
-    "api_password": "'"$API_PASSWORD"'",
-    "url": "'"$wazuh_url"'",
-    "api_port": "55000",
-    "insecure": "true",
-    "component": "API",
-    "cluster_info": {
-      "manager": "wazuh-manager",
-      "cluster": "Disabled",
-      "status": "disabled"
-    },
-    "extensions": {
-      "oscap": true,
-      "audit": true,
-      "pci": true,
-      "aws": true,
-      "virustotal": true,
-      "gdpr": true,
-      "ciscat": true
-    }
-  }
-  ' > /dev/null
-else
-  echo "Wazuh APP already configured"
-fi
-sleep 5
-
-curl -XPUT "$el_url/_cluster/settings" ${auth} -H 'Content-Type: application/json' -d'
-{
-  "persistent": {
-    "xpack.monitoring.collection.enabled": true
-  }
-}
-'
-
-# Set cluster delayed timeout when node falls
-curl -X PUT "$el_url/_all/_settings" -H 'Content-Type: application/json' -d'
-{
-  "settings": {
-    "index.unassigned.node_left.delayed_timeout": "'"$CLUSTER_DELAYED_TIMEOUT"'"
-  }
-}
-'
-
-
-echo "Elasticsearch is ready."
--- a/indexer-certs-creator/Dockerfile
+++ b/indexer-certs-creator/Dockerfile
@@ -0,0 +1,12 @@
+# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+FROM ubuntu:focal
+
+RUN apt-get update && apt-get install openssl curl -y
+
+WORKDIR /
+
+COPY config/entrypoint.sh /
+
+RUN chmod 700 /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
--- a/indexer-certs-creator/README.md
+++ b/indexer-certs-creator/README.md
@@ -0,0 +1,9 @@
+# Certificate creation image build
+
+The dockerfile hosted in this directory is used to build the image used to boot Wazuh's single node and multi node stacks.
+
+To create the image, the following command must be executed:
+
+```
+$ docker build -t wazuh/wazuh-certs-generator:0.0.1 .
+```
--- a/indexer-certs-creator/config/entrypoint.sh
+++ b/indexer-certs-creator/config/entrypoint.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+
+##############################################################################
+# Downloading Cert Gen Tool
+##############################################################################
+
+## Variables
+CERT_TOOL=wazuh-certs-tool.sh
+PASSWORD_TOOL=wazuh-passwords-tool.sh
+PACKAGES_URL=https://packages.wazuh.com/4.10/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.10/
+
+## Check if the cert tool exists in S3 buckets
+CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+
+## If cert tool exists in some bucket, download it, if not exit 1
+if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
+  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL -s
+  echo "The tool to create the certificates exists in the in Packages bucket"
+elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then
+  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL -s
+  echo "The tool to create the certificates exists in Packages-dev bucket"
+else
+  echo "The tool to create the certificates does not exist in any bucket"
+  echo "ERROR: certificates were not created"
+  exit 1
+fi
+
+cp /config/certs.yml /config.yml
+
+chmod 700 /$CERT_TOOL
+
+##############################################################################
+# Creating Cluster certificates
+##############################################################################
+
+## Execute cert tool and parsin cert.yml to set UID permissions
+source /$CERT_TOOL -A
+nodes_server=$( cert_parseYaml /config.yml | grep -E "nodes[_]+server[_]+[0-9]+=" | sed -e 's/nodes__server__[0-9]=//' | sed 's/"//g' )
+node_names=($nodes_server)
+
+echo "Moving created certificates to the destination directory"
+cp /wazuh-certificates/* /certificates/
+echo "Changing certificate permissions"
+chmod -R 500 /certificates
+chmod -R 400 /certificates/*
+echo "Setting UID indexer and dashboard"
+chown 1000:1000 /certificates/*
+echo "Setting UID for wazuh manager and worker"
+cp /certificates/root-ca.pem /certificates/root-ca-manager.pem
+cp /certificates/root-ca.key /certificates/root-ca-manager.key
+chown 999:999 /certificates/root-ca-manager.pem
+chown 999:999 /certificates/root-ca-manager.key
+
+for i in ${node_names[@]};
+do
+  chown 999:999 "/certificates/${i}.pem"
+  chown 999:999 "/certificates/${i}-key.pem"
+done
+
--- a/kibana/Dockerfile
+++ b/kibana/Dockerfile
@@ -1,78 +0,0 @@
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-FROM docker.elastic.co/kibana/kibana:7.2.0
-ARG ELASTIC_VERSION=7.2.0
-ARG WAZUH_VERSION=3.9.3
-ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
-
-USER root
-
-ADD  https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip /tmp
-
-RUN /usr/share/kibana/bin/kibana-plugin install --allow-root file:///tmp/wazuhapp-${WAZUH_APP_VERSION}.zip 
-RUN rm -rf /tmp/wazuhapp-${WAZUH_APP_VERSION}.zip
-
-COPY config/entrypoint.sh ./entrypoint.sh
-RUN chmod 755 ./entrypoint.sh
-
-USER kibana
-
-ENV PATTERN="" \
-    CHECKS_PATTERN="" \
-    CHECKS_TEMPLATE="" \
-    CHECKS_API="" \
-    CHECKS_SETUP="" \
-    EXTENSIONS_PCI="" \
-    EXTENSIONS_GDPR="" \
-    EXTENSIONS_AUDIT="" \
-    EXTENSIONS_OSCAP="" \
-    EXTENSIONS_CISCAT="" \
-    EXTENSIONS_AWS="" \
-    EXTENSIONS_VIRUSTOTAL="" \
-    EXTENSIONS_OSQUERY="" \
-    APP_TIMEOUT="" \
-    WAZUH_SHARDS="" \
-    WAZUH_REPLICAS="" \
-    WAZUH_VERSION_SHARDS="" \
-    WAZUH_VERSION_REPLICAS="" \
-    IP_SELECTOR="" \
-    IP_IGNORE="" \
-    XPACK_RBAC_ENABLED="" \
-    WAZUH_MONITORING_ENABLED="" \
-    WAZUH_MONITORING_FREQUENCY="" \
-    WAZUH_MONITORING_SHARDS="" \
-    WAZUH_MONITORING_REPLICAS="" \
-    ADMIN_PRIVILEGES=""
-
-ARG XPACK_CANVAS="true"
-ARG XPACK_LOGS="true"
-ARG XPACK_INFRA="true"
-ARG XPACK_ML="true"
-ARG XPACK_DEVTOOLS="true"
-ARG XPACK_MONITORING="true"
-ARG XPACK_APM="true"
-
-ARG CHANGE_WELCOME="false"
-
-COPY --chown=kibana:kibana ./config/wazuh_app_config.sh ./
-
-RUN chmod +x ./wazuh_app_config.sh
-
-COPY --chown=kibana:kibana ./config/kibana_settings.sh ./
-
-RUN chmod +x ./kibana_settings.sh
-
-COPY --chown=kibana:kibana ./config/xpack_config.sh ./
-
-RUN chmod +x ./xpack_config.sh
-
-RUN ./xpack_config.sh
-
-COPY --chown=kibana:kibana ./config/welcome_wazuh.sh ./
-
-RUN chmod +x ./welcome_wazuh.sh
-
-RUN ./welcome_wazuh.sh
-
-RUN /usr/local/bin/kibana-docker --optimize
-
-ENTRYPOINT ./entrypoint.sh
--- a/kibana/config/entrypoint.sh
+++ b/kibana/config/entrypoint.sh
@@ -1,57 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-set -e
-
-##############################################################################
-# Waiting for elasticsearch
-##############################################################################
-
-if [ "x${ELASTICSEARCH_URL}" = "x" ]; then
-  el_url="http://elasticsearch:9200"
-else
-  el_url="${ELASTICSEARCH_URL}"
-fi
-
-if [[ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
-  auth=""
-else
-  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
-fi
-
-until curl -XGET $el_url ${auth}; do
-  >&2 echo "Elastic is unavailable - sleeping"
-  sleep 5
-done
-
-sleep 2
-
->&2 echo "Elasticsearch is up."
-
-
-##############################################################################
-# Waiting for wazuh alerts template
-##############################################################################
-
-strlen=0
-
-while [[ $strlen -eq 0 ]]
-do
-  template=$(curl $el_url/_cat/templates/wazuh -s)
-  strlen=${#template}
-  >&2 echo "Wazuh alerts template not loaded - sleeping."
-  sleep 2
-done
-
-sleep 2
-
->&2 echo "Wazuh alerts template is loaded."
-
-
-./wazuh_app_config.sh
-
-sleep 5
-
-./kibana_settings.sh &
-
-/usr/local/bin/kibana-docker
--- a/kibana/config/kibana_settings.sh
+++ b/kibana/config/kibana_settings.sh
@@ -1,79 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-WAZUH_MAJOR=3
-
-##############################################################################
-# Wait for the Kibana API to start. It is necessary to do it in this container
-# because the others are running Elastic Stack and we can not interrupt them. 
-# 
-# The following actions are performed:
-#
-# Add the wazuh alerts index as default.
-# Set the Discover time interval to 24 hours instead of 15 minutes.
-# Do not ask user to help providing usage statistics to Elastic.
-##############################################################################
-
-##############################################################################
-# Customize elasticsearch ip
-##############################################################################
-if [ "$ELASTICSEARCH_KIBANA_IP" != "" ]; then
-  sed -i "s:#elasticsearch.hosts:elasticsearch.hosts:g" /usr/share/kibana/config/kibana.yml
-  sed -i 's|http://elasticsearch:9200|'$ELASTICSEARCH_KIBANA_IP'|g' /usr/share/kibana/config/kibana.yml
-fi
-
-# If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate.
-if [ "$KIBANA_INDEX" != "" ]; then
-  if grep -q 'kibana.index' /usr/share/kibana/config/kibana.yml; then
-    sed -i '/kibana.index/d' /usr/share/kibana/config/kibana.yml
-  fi
-    echo "kibana.index: $KIBANA_INDEX" >> /usr/share/kibana/config/kibana.yml
-fi
-
-# If XPACK_SECURITY_ENABLED was set, then change the xpack.security.enabled option from true (default) to false.
-if [ "$XPACK_SECURITY_ENABLED" != "" ]; then
-  if grep -q 'xpack.security.enabled' /usr/share/kibana/config/kibana.yml; then
-    sed -i '/xpack.security.enabled/d' /usr/share/kibana/config/kibana.yml
-  fi
-    echo "xpack.security.enabled: $XPACK_SECURITY_ENABLED" >> /usr/share/kibana/config/kibana.yml
-fi
-
-if [ "$KIBANA_IP" != "" ]; then
-  kibana_ip="$KIBANA_IP"
-else
-  kibana_ip="kibana"
-fi
-
-while [[ "$(curl -XGET -I  -s -o /dev/null -w ''%{http_code}'' $kibana_ip:5601/status)" != "200" ]]; do
-  echo "Waiting for Kibana API. Sleeping 5 seconds"
-  sleep 5
-done
-
-# Prepare index selection. 
-echo "Kibana API is running"
-
-default_index="/tmp/default_index.json"
-
-cat > ${default_index} << EOF
-{
-  "changes": {
-    "defaultIndex": "wazuh-alerts-${WAZUH_MAJOR}.x-*"
-  }
-}
-EOF
-
-sleep 5
-# Add the wazuh alerts index as default.
-curl -POST "http://$kibana_ip:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d@${default_index}
-rm -f ${default_index}
-
-sleep 5
-# Configuring Kibana TimePicker.
-curl -POST "http://$kibana_ip:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
-'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-24h\",\n  \"to\": \"now\",\n  \"mode\": \"quick\"}"}}'
-
-sleep 5
-# Do not ask user to help providing usage statistics to Elastic
-curl -POST "http://$kibana_ip:5601/api/telemetry/v2/optIn" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d '{"enabled":false}'
-
-echo "End settings"
--- a/kibana/config/wazuh_app_config.sh
+++ b/kibana/config/wazuh_app_config.sh
@@ -1,40 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-kibana_config_file="/usr/share/kibana/plugins/wazuh/config.yml"
-
-declare -A CONFIG_MAP=(
-  [pattern]=$PATTERN
-  [checks.pattern]=$CHECKS_PATTERN
-  [checks.template]=$CHECKS_TEMPLATE
-  [checks.api]=$CHECKS_API
-  [checks.setup]=$CHECKS_SETUP
-  [extensions.pci]=$EXTENSIONS_PCI
-  [extensions.gdpr]=$EXTENSIONS_GDPR
-  [extensions.audit]=$EXTENSIONS_AUDIT
-  [extensions.oscap]=$EXTENSIONS_OSCAP
-  [extensions.ciscat]=$EXTENSIONS_CISCAT
-  [extensions.aws]=$EXTENSIONS_AWS
-  [extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL
-  [extensions.osquery]=$EXTENSIONS_OSQUERY
-  [timeout]=$APP_TIMEOUT
-  [wazuh.shards]=$WAZUH_SHARDS
-  [wazuh.replicas]=$WAZUH_REPLICAS
-  [wazuh-version.shards]=$WAZUH_VERSION_SHARDS
-  [wazuh-version.replicas]=$WAZUH_VERSION_REPLICAS
-  [ip.selector]=$IP_SELECTOR
-  [ip.ignore]=$IP_IGNORE
-  [xpack.rbac.enabled]=$XPACK_RBAC_ENABLED
-  [wazuh.monitoring.enabled]=$WAZUH_MONITORING_ENABLED
-  [wazuh.monitoring.frequency]=$WAZUH_MONITORING_FREQUENCY
-  [wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS
-  [wazuh.monitoring.replicas]=$WAZUH_MONITORING_REPLICAS
-  [admin]=$ADMIN_PRIVILEGES
-)
-
-for i in "${!CONFIG_MAP[@]}"
-do
-    if [ "${CONFIG_MAP[$i]}" != "" ]; then
-        sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file
-    fi
-done
--- a/kibana/config/welcome_wazuh.sh
+++ b/kibana/config/welcome_wazuh.sh
@@ -1,24 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-if [[ $CHANGE_WELCOME == "true" ]]
-then
-
-    rm -rf ./optimize/bundles
-
-    kibana_path="/usr/share/kibana"
-    # Set Wazuh app as the default landing page
-    echo "Set Wazuh app as the default landing page"
-    echo "server.defaultRoute: /app/wazuh" >> /usr/share/kibana/config/kibana.yml
-
-    # Redirect Kibana welcome screen to Discover
-    echo "Redirect Kibana welcome screen to Discover"
-    sed -i "s:'/app/kibana#/home':'/app/wazuh':g" $kibana_path/src/ui/public/chrome/directives/global_nav/global_nav.html
-    sed -i "s:'/app/kibana#/home':'/app/wazuh':g" $kibana_path/src/ui/public/chrome/directives/header_global_nav/header_global_nav.js
-
-    # Redirect Kibana welcome screen to Discover
-    echo "Hide undesired links"
-    sed -i 's#visible: true#visible: false#g' $kibana_path/node_modules/x-pack/plugins/rollup/public/crud_app/index.js
-    sed -i 's#visible: true#visible: false#g' $kibana_path/node_modules/x-pack/plugins/license_management/public/management_section.js
-fi
-
--- a/kibana/config/xpack_config.sh
+++ b/kibana/config/xpack_config.sh
@@ -1,35 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-kibana_config_file="/usr/share/kibana/config/kibana.yml"
-if grep -Fq  "#xpack features" "$kibana_config_file";
-then 
-  declare -A CONFIG_MAP=(
-    [xpack.apm.ui.enabled]=$XPACK_APM
-    [xpack.grokdebugger.enabled]=$XPACK_DEVTOOLS
-    [xpack.searchprofiler.enabled]=$XPACK_DEVTOOLS
-    [xpack.ml.enabled]=$XPACK_ML
-    [xpack.canvas.enabled]=$XPACK_CANVAS
-    [xpack.infra.enabled]=$XPACK_INFRA
-    [xpack.monitoring.enabled]=$XPACK_MONITORING
-    [console.enabled]=$XPACK_DEVTOOLS
-  )
-  for i in "${!CONFIG_MAP[@]}"
-  do
-    if [ "${CONFIG_MAP[$i]}" != "" ]; then
-      sed -i 's/.'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file
-    fi
-  done
-else
-  echo "
-#xpack features
-xpack.apm.ui.enabled: $XPACK_APM 
-xpack.grokdebugger.enabled: $XPACK_DEVTOOLS
-xpack.searchprofiler.enabled: $XPACK_DEVTOOLS
-xpack.ml.enabled: $XPACK_ML
-xpack.canvas.enabled: $XPACK_CANVAS
-xpack.infra.enabled: $XPACK_INFRA
-xpack.monitoring.enabled: $XPACK_MONITORING
-console.enabled: $XPACK_DEVTOOLS
-" >> $kibana_config_file
-fi
--- a/multi-node/Migration-to-Wazuh-4.4.md
+++ b/multi-node/Migration-to-Wazuh-4.4.md
@@ -0,0 +1,361 @@
+# Opendistro data migration to Wazuh indexer on docker.
+This procedure explains how to migrate Opendistro data from Opendistro to Wazuh indexer in docker production deployments.
+The example is migrating from v4.2 to v4.4.
+
+## Procedure
+Assuming that you have a v4.2 production deployment, perform the following steps.
+
+**1. Stop 4.2 environment**
+`docker-compose -f production-cluster.yml stop`
+
+**2. List elasticsearch volumes**
+`docker volume ls --filter name='wazuh-docker_elastic-data'`
+
+**3. Inspect elasticsearch volume**
+`docker volume inspect wazuh-docker_elastic-data-1`
+
+**4. Spin down the 4.2 environment.**
+`docker-compose -f production-cluster.yml down`
+
+**Steps 5 and 6 can be done with the volume-migrator.sh script, specifying Docker compose version and project name as parameters.**
+
+Ex: $ multi-node/volume-migrator.sh 1.25.0 multi-node
+
+**5. Run the volume create command:** create new indexer and Wazuh manager volumes using the `com.docker.compose.version` label value from the previous command.
+
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=wazuh-indexer-data-1 \
+           multi-node_wazuh-indexer-data-1
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=wazuh-indexer-data-2 \
+           multi-node_wazuh-indexer-data-2
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=wazuh-indexer-data-3 \
+           multi-node_wazuh-indexer-data-3
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=master_wazuh_api_configuration \
+           multi-node_master_wazuh_api_configuration
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=master_wazuh_etc \
+           multi-node_docker_wazuh_etc
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=master-wazuh-logs \
+           multi-node_master-wazuh-logs
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=master-wazuh-queue \
+           multi-node_master-wazuh-queue
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=master-wazuh-var-multigroups \
+           multi-node_master-wazuh-var-multigroups
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=master-wazuh-integrations \
+           multi-node_master-wazuh-integrations
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=master-wazuh-active-response \
+           multi-node_master-wazuh-active-response
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=master-wazuh-agentless \
+           multi-node_master-wazuh-agentless
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=master-wazuh-wodles \
+           multi-node_master-wazuh-wodles
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=master-filebeat-etc \
+           multi-node_master-filebeat-etc
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=master-filebeat-var \
+           multi-node_master-filebeat-var
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=worker_wazuh_api_configuration \
+           multi-node_worker_wazuh_api_configuration
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=worker_wazuh_etc \
+           multi-node_worker-wazuh-etc
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=worker-wazuh-logs \
+           multi-node_worker-wazuh-logs
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=worker-wazuh-queue \
+           multi-node_worker-wazuh-queue
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=worker-wazuh-var-multigroups \
+           multi-node_worker-wazuh-var-multigroups
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=worker-wazuh-integrations \
+           multi-node_worker-wazuh-integrations
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=worker-wazuh-active-response \
+           multi-node_worker-wazuh-active-response
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=worker-wazuh-agentless \
+           multi-node_worker-wazuh-agentless
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=worker-wazuh-wodles \
+           multi-node_worker-wazuh-wodles
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=worker-filebeat-etc \
+           multi-node_worker-filebeat-etc
+```
+```
+docker volume create \
+           --label com.docker.compose.project=multi-node \
+           --label com.docker.compose.version=1.25.0 \
+           --label com.docker.compose.volume=worker-filebeat-var \
+           multi-node_worker-filebeat-var
+```
+**6. Copy the volume content from elasticsearch to Wazuh indexer volumes and old Wazuh manager content to new volumes.**
+```
+docker container run --rm -it \
+           -v wazuh-docker_elastic-data-1:/from \
+           -v multi-node_wazuh-indexer-data-1:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_elastic-data-2:/from \
+           -v multi-node_wazuh-indexer-data-2:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_elastic-data-3:/from \
+           -v multi-node_wazuh-indexer-data-3:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_ossec-api-configuration:/from \
+           -v multi-node_master-wazuh-api-configuration:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_ossec-etc:/from \
+           -v multi-node_master-wazuh-etc:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_ossec-logs:/from \
+           -v multi-node_master-wazuh-logs:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_ossec-queue:/from \
+           -v multi-node_master-wazuh-queue:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_ossec-var-multigroups:/from \
+           -v multi-node_master-wazuh-var-multigroups:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_ossec-integrations:/from \
+           -v multi-node_master-wazuh-integrations:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_ossec-active-response:/from \
+           -v multi-node_master-wazuh-active-response:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_ossec-agentless:/from \
+           -v multi-node_master-wazuh-agentless:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_ossec-wodles:/from \
+           -v multi-node_master-wazuh-wodles:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_filebeat-etc:/from \
+           -v multi-node_master-filebeat-etc:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_filebeat-var:/from \
+           -v multi-node_master-filebeat-var:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_worker-ossec-api-configuration:/from \
+           -v multi-node_worker-wazuh-api-configuration:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_worker-ossec-etc:/from \
+           -v multi-node_worker-wazuh-etc:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_worker-ossec-logs:/from \
+           -v multi-node_worker-wazuh-logs:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_worker-ossec-queue:/from \
+           -v multi-node_worker-wazuh-queue:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_worker-ossec-var-multigroups:/from \
+           -v multi-node_worker-wazuh-var-multigroups:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_worker-ossec-integrations:/from \
+           -v multi-node_worker-wazuh-integrations:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_worker-ossec-active-response:/from \
+           -v multi-node_worker-wazuh-active-response:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_worker-ossec-agentless:/from \
+           -v multi-node_worker-wazuh-agentless:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_worker-ossec-wodles:/from \
+           -v multi-node_worker-wazuh-wodles:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_worker-filebeat-etc:/from \
+           -v multi-node_worker-filebeat-etc:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+```
+docker container run --rm -it \
+           -v wazuh-docker_worker-filebeat-var:/from \
+           -v multi-node_worker-filebeat-var:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+```
+
+**7. Start the 4.4 environment.**
+```
+git checkout 4.4
+cd multi-node
+docker-compose -f generate-indexer-certs.yml run --rm generator
+docker-compose up -d
+```
+
+**8. Check the access to Wazuh dashboard**: go to the Wazuh dashboard using the web browser and check the data.
--- a/multi-node/README.md
+++ b/multi-node/README.md
@@ -0,0 +1,26 @@
+# Deploy Wazuh Docker in multi node configuration
+
+This deployment is defined in the `docker-compose.yml` file with two Wazuh manager containers, three Wazuh indexer containers, and one Wazuh dashboard container. It can be deployed by following these steps: 
+
+1) Increase max_map_count on your host (Linux). This command must be run with root permissions:
+```
+$ sysctl -w vm.max_map_count=262144
+```
+2) Run the certificate creation script:
+```
+$ docker-compose -f generate-indexer-certs.yml run --rm generator
+```
+3) Start the environment with docker-compose:
+
+- In the foregroud:
+```
+$ docker-compose up
+```
+
+- In the background:
+```
+$ docker-compose up -d
+```
+
+
+The environment takes about 1 minute to get up (depending on your Docker host) for the first time since Wazuh Indexer must be started for the first time and the indexes and index patterns must be generated.
--- a/multi-node/config/certs.yml
+++ b/multi-node/config/certs.yml
@@ -0,0 +1,24 @@
+nodes:
+  # Wazuh indexer server nodes
+  indexer:
+    - name: wazuh1.indexer
+      ip: wazuh1.indexer
+    - name: wazuh2.indexer
+      ip: wazuh2.indexer
+    - name: wazuh3.indexer
+      ip: wazuh3.indexer
+
+  # Wazuh server nodes
+  # Use node_type only with more than one Wazuh manager
+  server:
+    - name: wazuh.master
+      ip: wazuh.master
+      node_type: master
+    - name: wazuh.worker
+      ip: wazuh.worker
+      node_type: worker
+
+  # Wazuh dashboard node
+  dashboard:
+    - name: wazuh.dashboard
+      ip: wazuh.dashboard
--- a/multi-node/config/nginx/nginx.conf
+++ b/multi-node/config/nginx/nginx.conf
@@ -0,0 +1,46 @@
+user  nginx;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    server_tokens off;
+    gzip  on;
+
+}
+
+
+
+# load balancer for Wazuh cluster
+stream {
+    upstream mycluster {
+        hash $remote_addr consistent;
+        server wazuh.master:1514;
+        server wazuh.worker:1514;
+    }
+    server {
+        listen 1514;
+        proxy_pass mycluster;
+    }
+}
--- a/multi-node/config/wazuh_cluster/wazuh_manager.conf
+++ b/multi-node/config/wazuh_cluster/wazuh_manager.conf
@@ -0,0 +1,310 @@
+<ossec_config>
+  <global>
+    <jsonout_output>yes</jsonout_output>
+    <alerts_log>yes</alerts_log>
+    <logall>no</logall>
+    <logall_json>no</logall_json>
+    <email_notification>no</email_notification>
+    <smtp_server>smtp.example.wazuh.com</smtp_server>
+    <email_from>wazuh@example.wazuh.com</email_from>
+    <email_to>recipient@example.wazuh.com</email_to>
+    <email_maxperhour>12</email_maxperhour>
+    <email_log_source>alerts.log</email_log_source>
+    <agents_disconnection_time>10m</agents_disconnection_time>
+    <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
+  </global>
+
+  <alerts>
+    <log_alert_level>3</log_alert_level>
+    <email_alert_level>12</email_alert_level>
+  </alerts>
+
+  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
+  <logging>
+    <log_format>plain</log_format>
+  </logging>
+
+  <remote>
+    <connection>secure</connection>
+    <port>1514</port>
+    <protocol>tcp</protocol>
+    <queue_size>131072</queue_size>
+  </remote>
+
+  <!-- Policy monitoring -->
+  <rootcheck>
+    <disabled>no</disabled>
+    <check_files>yes</check_files>
+    <check_trojans>yes</check_trojans>
+    <check_dev>yes</check_dev>
+    <check_sys>yes</check_sys>
+    <check_pids>yes</check_pids>
+    <check_ports>yes</check_ports>
+    <check_if>yes</check_if>
+
+    <!-- Frequency that rootcheck is executed - every 12 hours -->
+    <frequency>43200</frequency>
+
+    <rootkit_files>etc/rootcheck/rootkit_files.txt</rootkit_files>
+    <rootkit_trojans>etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
+
+    <skip_nfs>yes</skip_nfs>
+  </rootcheck>
+
+  <wodle name="cis-cat">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+
+    <java_path>wodles/java</java_path>
+    <ciscat_path>wodles/ciscat</ciscat_path>
+  </wodle>
+
+  <!-- Osquery integration -->
+  <wodle name="osquery">
+    <disabled>yes</disabled>
+    <run_daemon>yes</run_daemon>
+    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
+    <config_path>/etc/osquery/osquery.conf</config_path>
+    <add_labels>yes</add_labels>
+  </wodle>
+
+  <!-- System inventory -->
+  <wodle name="syscollector">
+    <disabled>no</disabled>
+    <interval>1h</interval>
+    <scan_on_start>yes</scan_on_start>
+    <hardware>yes</hardware>
+    <os>yes</os>
+    <network>yes</network>
+    <packages>yes</packages>
+    <ports all="no">yes</ports>
+    <processes>yes</processes>
+
+    <!-- Database synchronization settings -->
+    <synchronization>
+      <max_eps>10</max_eps>
+    </synchronization>
+  </wodle>
+
+  <sca>
+    <enabled>yes</enabled>
+    <scan_on_start>yes</scan_on_start>
+    <interval>12h</interval>
+    <skip_nfs>yes</skip_nfs>
+  </sca>
+
+  <vulnerability-detection>
+    <enabled>yes</enabled>
+    <index-status>yes</index-status>
+    <feed-update-interval>60m</feed-update-interval>
+  </vulnerability-detection>
+
+  <indexer>
+    <enabled>yes</enabled>
+    <hosts>
+      <host>https://wazuh1.indexer:9200</host>
+      <host>https://wazuh2.indexer:9200</host>
+      <host>https://wazuh3.indexer:9200</host>
+    </hosts>
+    <ssl>
+      <certificate_authorities>
+        <ca>/etc/ssl/root-ca.pem</ca>
+      </certificate_authorities>
+      <certificate>/etc/ssl/filebeat.pem</certificate>
+      <key>/etc/ssl/filebeat.key</key>
+    </ssl>
+  </indexer>
+
+  <!-- File integrity monitoring -->
+  <syscheck>
+    <disabled>no</disabled>
+
+    <!-- Frequency that syscheck is executed default every 12 hours -->
+    <frequency>43200</frequency>
+
+    <scan_on_start>yes</scan_on_start>
+
+    <!-- Generate alert when new file detected -->
+    <alert_new_files>yes</alert_new_files>
+
+    <!-- Don't ignore files that change more than 'frequency' times -->
+    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
+
+    <!-- Directories to check  (perform all possible verifications) -->
+    <directories>/etc,/usr/bin,/usr/sbin</directories>
+    <directories>/bin,/sbin,/boot</directories>
+
+    <!-- Files/directories to ignore -->
+    <ignore>/etc/mtab</ignore>
+    <ignore>/etc/hosts.deny</ignore>
+    <ignore>/etc/mail/statistics</ignore>
+    <ignore>/etc/random-seed</ignore>
+    <ignore>/etc/random.seed</ignore>
+    <ignore>/etc/adjtime</ignore>
+    <ignore>/etc/httpd/logs</ignore>
+    <ignore>/etc/utmpx</ignore>
+    <ignore>/etc/wtmpx</ignore>
+    <ignore>/etc/cups/certs</ignore>
+    <ignore>/etc/dumpdates</ignore>
+    <ignore>/etc/svc/volatile</ignore>
+
+    <!-- File types to ignore -->
+    <ignore type="sregex">.log$|.swp$</ignore>
+
+    <!-- Check the file, but never compute the diff -->
+    <nodiff>/etc/ssl/private.key</nodiff>
+
+    <skip_nfs>yes</skip_nfs>
+    <skip_dev>yes</skip_dev>
+    <skip_proc>yes</skip_proc>
+    <skip_sys>yes</skip_sys>
+
+    <!-- Nice value for Syscheck process -->
+    <process_priority>10</process_priority>
+
+    <!-- Maximum output throughput -->
+    <max_eps>100</max_eps>
+
+    <!-- Database synchronization settings -->
+    <synchronization>
+      <enabled>yes</enabled>
+      <interval>5m</interval>
+      <max_interval>1h</max_interval>
+      <max_eps>10</max_eps>
+    </synchronization>
+  </syscheck>
+
+  <!-- Active response -->
+  <global>
+    <white_list>127.0.0.1</white_list>
+    <white_list>^localhost.localdomain$</white_list>
+  </global>
+
+  <command>
+    <name>disable-account</name>
+    <executable>disable-account</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>restart-wazuh</name>
+    <executable>restart-wazuh</executable>
+  </command>
+
+  <command>
+    <name>firewall-drop</name>
+    <executable>firewall-drop</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>host-deny</name>
+    <executable>host-deny</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>route-null</name>
+    <executable>route-null</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>win_route-null</name>
+    <executable>route-null.exe</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>netsh</name>
+    <executable>netsh.exe</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <!--
+  <active-response>
+    active-response options here
+  </active-response>
+  -->
+
+  <!-- Log analysis -->
+  <localfile>
+    <log_format>command</log_format>
+    <command>df -P</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
+    <alias>netstat listening ports</alias>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>last -n 20</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <ruleset>
+    <!-- Default ruleset -->
+    <decoder_dir>ruleset/decoders</decoder_dir>
+    <rule_dir>ruleset/rules</rule_dir>
+    <rule_exclude>0215-policy_rules.xml</rule_exclude>
+    <list>etc/lists/audit-keys</list>
+    <list>etc/lists/amazon/aws-eventnames</list>
+    <list>etc/lists/security-eventchannel</list>
+
+    <!-- User-defined ruleset -->
+    <decoder_dir>etc/decoders</decoder_dir>
+    <rule_dir>etc/rules</rule_dir>
+  </ruleset>
+
+  <rule_test>
+    <enabled>yes</enabled>
+    <threads>1</threads>
+    <max_sessions>64</max_sessions>
+    <session_timeout>15m</session_timeout>
+  </rule_test>
+
+  <!-- Configuration for wazuh-authd -->
+  <auth>
+    <disabled>no</disabled>
+    <port>1515</port>
+    <use_source_ip>no</use_source_ip>
+    <purge>yes</purge>
+    <use_password>no</use_password>
+    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
+    <!-- <ssl_agent_ca></ssl_agent_ca> -->
+    <ssl_verify_host>no</ssl_verify_host>
+    <ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
+    <ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
+    <ssl_auto_negotiate>no</ssl_auto_negotiate>
+  </auth>
+
+  <cluster>
+    <name>wazuh</name>
+    <node_name>manager</node_name>
+    <node_type>master</node_type>
+    <key>c98b6ha9b6169zc5f67rae55ae4z5647</key>
+    <port>1516</port>
+    <bind_addr>0.0.0.0</bind_addr>
+    <nodes>
+        <node>wazuh.master</node>
+    </nodes>
+    <hidden>no</hidden>
+    <disabled>no</disabled>
+  </cluster>
+
+</ossec_config>
+
+<ossec_config>
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/ossec/logs/active-responses.log</location>
+  </localfile>
+
+</ossec_config>
--- a/multi-node/config/wazuh_cluster/wazuh_worker.conf
+++ b/multi-node/config/wazuh_cluster/wazuh_worker.conf
@@ -0,0 +1,310 @@
+<ossec_config>
+  <global>
+    <jsonout_output>yes</jsonout_output>
+    <alerts_log>yes</alerts_log>
+    <logall>no</logall>
+    <logall_json>no</logall_json>
+    <email_notification>no</email_notification>
+    <smtp_server>smtp.example.wazuh.com</smtp_server>
+    <email_from>wazuh@example.wazuh.com</email_from>
+    <email_to>recipient@example.wazuh.com</email_to>
+    <email_maxperhour>12</email_maxperhour>
+    <email_log_source>alerts.log</email_log_source>
+    <agents_disconnection_time>10m</agents_disconnection_time>
+    <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
+  </global>
+
+  <alerts>
+    <log_alert_level>3</log_alert_level>
+    <email_alert_level>12</email_alert_level>
+  </alerts>
+
+  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
+  <logging>
+    <log_format>plain</log_format>
+  </logging>
+
+  <remote>
+    <connection>secure</connection>
+    <port>1514</port>
+    <protocol>tcp</protocol>
+    <queue_size>131072</queue_size>
+  </remote>
+
+  <!-- Policy monitoring -->
+  <rootcheck>
+    <disabled>no</disabled>
+    <check_files>yes</check_files>
+    <check_trojans>yes</check_trojans>
+    <check_dev>yes</check_dev>
+    <check_sys>yes</check_sys>
+    <check_pids>yes</check_pids>
+    <check_ports>yes</check_ports>
+    <check_if>yes</check_if>
+
+    <!-- Frequency that rootcheck is executed - every 12 hours -->
+    <frequency>43200</frequency>
+
+    <rootkit_files>etc/rootcheck/rootkit_files.txt</rootkit_files>
+    <rootkit_trojans>etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
+
+    <skip_nfs>yes</skip_nfs>
+  </rootcheck>
+
+  <wodle name="cis-cat">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+
+    <java_path>wodles/java</java_path>
+    <ciscat_path>wodles/ciscat</ciscat_path>
+  </wodle>
+
+  <!-- Osquery integration -->
+  <wodle name="osquery">
+    <disabled>yes</disabled>
+    <run_daemon>yes</run_daemon>
+    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
+    <config_path>/etc/osquery/osquery.conf</config_path>
+    <add_labels>yes</add_labels>
+  </wodle>
+
+  <!-- System inventory -->
+  <wodle name="syscollector">
+    <disabled>no</disabled>
+    <interval>1h</interval>
+    <scan_on_start>yes</scan_on_start>
+    <hardware>yes</hardware>
+    <os>yes</os>
+    <network>yes</network>
+    <packages>yes</packages>
+    <ports all="no">yes</ports>
+    <processes>yes</processes>
+
+    <!-- Database synchronization settings -->
+    <synchronization>
+      <max_eps>10</max_eps>
+    </synchronization>
+  </wodle>
+
+  <sca>
+    <enabled>yes</enabled>
+    <scan_on_start>yes</scan_on_start>
+    <interval>12h</interval>
+    <skip_nfs>yes</skip_nfs>
+  </sca>
+
+  <vulnerability-detection>
+    <enabled>yes</enabled>
+    <index-status>yes</index-status>
+    <feed-update-interval>60m</feed-update-interval>
+  </vulnerability-detection>
+
+  <indexer>
+    <enabled>yes</enabled>
+    <hosts>
+      <host>https://wazuh1.indexer:9200</host>
+      <host>https://wazuh2.indexer:9200</host>
+      <host>https://wazuh3.indexer:9200</host>
+    </hosts>
+    <ssl>
+      <certificate_authorities>
+        <ca>/etc/ssl/root-ca.pem</ca>
+      </certificate_authorities>
+      <certificate>/etc/ssl/filebeat.pem</certificate>
+      <key>/etc/ssl/filebeat.key</key>
+    </ssl>
+  </indexer>
+
+  <!-- File integrity monitoring -->
+  <syscheck>
+    <disabled>no</disabled>
+
+    <!-- Frequency that syscheck is executed default every 12 hours -->
+    <frequency>43200</frequency>
+
+    <scan_on_start>yes</scan_on_start>
+
+    <!-- Generate alert when new file detected -->
+    <alert_new_files>yes</alert_new_files>
+
+    <!-- Don't ignore files that change more than 'frequency' times -->
+    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
+
+    <!-- Directories to check  (perform all possible verifications) -->
+    <directories>/etc,/usr/bin,/usr/sbin</directories>
+    <directories>/bin,/sbin,/boot</directories>
+
+    <!-- Files/directories to ignore -->
+    <ignore>/etc/mtab</ignore>
+    <ignore>/etc/hosts.deny</ignore>
+    <ignore>/etc/mail/statistics</ignore>
+    <ignore>/etc/random-seed</ignore>
+    <ignore>/etc/random.seed</ignore>
+    <ignore>/etc/adjtime</ignore>
+    <ignore>/etc/httpd/logs</ignore>
+    <ignore>/etc/utmpx</ignore>
+    <ignore>/etc/wtmpx</ignore>
+    <ignore>/etc/cups/certs</ignore>
+    <ignore>/etc/dumpdates</ignore>
+    <ignore>/etc/svc/volatile</ignore>
+
+    <!-- File types to ignore -->
+    <ignore type="sregex">.log$|.swp$</ignore>
+
+    <!-- Check the file, but never compute the diff -->
+    <nodiff>/etc/ssl/private.key</nodiff>
+
+    <skip_nfs>yes</skip_nfs>
+    <skip_dev>yes</skip_dev>
+    <skip_proc>yes</skip_proc>
+    <skip_sys>yes</skip_sys>
+
+    <!-- Nice value for Syscheck process -->
+    <process_priority>10</process_priority>
+
+    <!-- Maximum output throughput -->
+    <max_eps>100</max_eps>
+
+    <!-- Database synchronization settings -->
+    <synchronization>
+      <enabled>yes</enabled>
+      <interval>5m</interval>
+      <max_interval>1h</max_interval>
+      <max_eps>10</max_eps>
+    </synchronization>
+  </syscheck>
+
+  <!-- Active response -->
+  <global>
+    <white_list>127.0.0.1</white_list>
+    <white_list>^localhost.localdomain$</white_list>
+  </global>
+
+  <command>
+    <name>disable-account</name>
+    <executable>disable-account</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>restart-wazuh</name>
+    <executable>restart-wazuh</executable>
+  </command>
+
+  <command>
+    <name>firewall-drop</name>
+    <executable>firewall-drop</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>host-deny</name>
+    <executable>host-deny</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>route-null</name>
+    <executable>route-null</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>win_route-null</name>
+    <executable>route-null.exe</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>netsh</name>
+    <executable>netsh.exe</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <!--
+  <active-response>
+    active-response options here
+  </active-response>
+  -->
+
+  <!-- Log analysis -->
+  <localfile>
+    <log_format>command</log_format>
+    <command>df -P</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
+    <alias>netstat listening ports</alias>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>last -n 20</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <ruleset>
+    <!-- Default ruleset -->
+    <decoder_dir>ruleset/decoders</decoder_dir>
+    <rule_dir>ruleset/rules</rule_dir>
+    <rule_exclude>0215-policy_rules.xml</rule_exclude>
+    <list>etc/lists/audit-keys</list>
+    <list>etc/lists/amazon/aws-eventnames</list>
+    <list>etc/lists/security-eventchannel</list>
+
+    <!-- User-defined ruleset -->
+    <decoder_dir>etc/decoders</decoder_dir>
+    <rule_dir>etc/rules</rule_dir>
+  </ruleset>
+
+  <rule_test>
+    <enabled>yes</enabled>
+    <threads>1</threads>
+    <max_sessions>64</max_sessions>
+    <session_timeout>15m</session_timeout>
+  </rule_test>
+
+  <!-- Configuration for wazuh-authd -->
+  <auth>
+    <disabled>no</disabled>
+    <port>1515</port>
+    <use_source_ip>no</use_source_ip>
+    <purge>yes</purge>
+    <use_password>no</use_password>
+    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
+    <!-- <ssl_agent_ca></ssl_agent_ca> -->
+    <ssl_verify_host>no</ssl_verify_host>
+    <ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
+    <ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
+    <ssl_auto_negotiate>no</ssl_auto_negotiate>
+  </auth>
+
+  <cluster>
+    <name>wazuh</name>
+    <node_name>worker01</node_name>
+    <node_type>worker</node_type>
+    <key>c98b6ha9b6169zc5f67rae55ae4z5647</key>
+    <port>1516</port>
+    <bind_addr>0.0.0.0</bind_addr>
+    <nodes>
+        <node>wazuh.master</node>
+    </nodes>
+    <hidden>no</hidden>
+    <disabled>no</disabled>
+  </cluster>
+
+</ossec_config>
+
+<ossec_config>
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/ossec/logs/active-responses.log</location>
+  </localfile>
+
+</ossec_config>
--- a/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml
+++ b/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml
@@ -0,0 +1,12 @@
+server.host: 0.0.0.0
+server.port: 5601
+opensearch.hosts: https://wazuh1.indexer:9200
+opensearch.ssl.verificationMode: certificate
+opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: true
+server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
+server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
+opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
+uiSettings.overrides.defaultRoute: /app/wz-home
--- a/multi-node/config/wazuh_dashboard/wazuh.yml
+++ b/multi-node/config/wazuh_dashboard/wazuh.yml
@@ -0,0 +1,7 @@
+hosts:
+  - 1513629884013:
+      url: "https://wazuh.master"
+      port: 55000
+      username: wazuh-wui
+      password: "MyS3cr37P450r.*-"
+      run_as: false
--- a/multi-node/config/wazuh_indexer/internal_users.yml
+++ b/multi-node/config/wazuh_indexer/internal_users.yml
@@ -0,0 +1,56 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+  type: "internalusers"
+  config_version: 2
+
+# Define your internal users here
+
+## Demo users
+
+admin:
+  hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
+  reserved: true
+  backend_roles:
+  - "admin"
+  description: "Demo admin user"
+
+kibanaserver:
+  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
+  reserved: true
+  description: "Demo kibanaserver user"
+
+kibanaro:
+  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
+  reserved: false
+  backend_roles:
+  - "kibanauser"
+  - "readall"
+  attributes:
+    attribute1: "value1"
+    attribute2: "value2"
+    attribute3: "value3"
+  description: "Demo kibanaro user"
+
+logstash:
+  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
+  reserved: false
+  backend_roles:
+  - "logstash"
+  description: "Demo logstash user"
+
+readall:
+  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
+  reserved: false
+  backend_roles:
+  - "readall"
+  description: "Demo readall user"
+
+snapshotrestore:
+  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
+  reserved: false
+  backend_roles:
+  - "snapshotrestore"
+  description: "Demo snapshotrestore user"
--- a/multi-node/config/wazuh_indexer/wazuh1.indexer.yml
+++ b/multi-node/config/wazuh_indexer/wazuh1.indexer.yml
@@ -0,0 +1,38 @@
+network.host: wazuh1.indexer
+node.name: wazuh1.indexer
+cluster.initial_master_nodes:
+        - wazuh1.indexer
+        - wazuh2.indexer
+        - wazuh3.indexer
+cluster.name: "wazuh-cluster"
+discovery.seed_hosts:
+        - wazuh1.indexer
+        - wazuh2.indexer
+        - wazuh3.indexer
+node.max_local_storage_nodes: "3"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
+compatibility.override_main_response_version: true
--- a/multi-node/config/wazuh_indexer/wazuh2.indexer.yml
+++ b/multi-node/config/wazuh_indexer/wazuh2.indexer.yml
@@ -0,0 +1,38 @@
+network.host: wazuh2.indexer
+node.name: wazuh2.indexer
+cluster.initial_master_nodes:
+        - wazuh1.indexer
+        - wazuh2.indexer
+        - wazuh3.indexer
+cluster.name: "wazuh-cluster"
+discovery.seed_hosts:
+        - wazuh1.indexer
+        - wazuh2.indexer
+        - wazuh3.indexer
+node.max_local_storage_nodes: "3"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
+compatibility.override_main_response_version: true
--- a/multi-node/config/wazuh_indexer/wazuh3.indexer.yml
+++ b/multi-node/config/wazuh_indexer/wazuh3.indexer.yml
@@ -0,0 +1,38 @@
+network.host: wazuh3.indexer
+node.name: wazuh3.indexer
+cluster.initial_master_nodes:
+        - wazuh1.indexer
+        - wazuh2.indexer
+        - wazuh3.indexer
+cluster.name: "wazuh-cluster"
+discovery.seed_hosts:
+        - wazuh1.indexer
+        - wazuh2.indexer
+        - wazuh3.indexer
+node.max_local_storage_nodes: "3"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
+compatibility.override_main_response_version: true
--- a/multi-node/docker-compose.yml
+++ b/multi-node/docker-compose.yml
@@ -0,0 +1,224 @@
+# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+version: '3.7'
+
+services:
+  wazuh.master:
+    image: wazuh/wazuh-manager:4.10.0
+    hostname: wazuh.master
+    restart: always
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 655360
+        hard: 655360
+    ports:
+      - "1515:1515"
+      - "514:514/udp"
+      - "55000:55000"
+    environment:
+      - INDEXER_URL=https://wazuh1.indexer:9200
+      - INDEXER_USERNAME=admin
+      - INDEXER_PASSWORD=SecretPassword
+      - FILEBEAT_SSL_VERIFICATION_MODE=full
+      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
+      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
+      - SSL_KEY=/etc/ssl/filebeat.key
+      - API_USERNAME=wazuh-wui
+      - API_PASSWORD=MyS3cr37P450r.*-
+    volumes:
+      - master-wazuh-api-configuration:/var/ossec/api/configuration
+      - master-wazuh-etc:/var/ossec/etc
+      - master-wazuh-logs:/var/ossec/logs
+      - master-wazuh-queue:/var/ossec/queue
+      - master-wazuh-var-multigroups:/var/ossec/var/multigroups
+      - master-wazuh-integrations:/var/ossec/integrations
+      - master-wazuh-active-response:/var/ossec/active-response/bin
+      - master-wazuh-agentless:/var/ossec/agentless
+      - master-wazuh-wodles:/var/ossec/wodles
+      - master-filebeat-etc:/etc/filebeat
+      - master-filebeat-var:/var/lib/filebeat
+      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh.master.pem:/etc/ssl/filebeat.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh.master-key.pem:/etc/ssl/filebeat.key
+      - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
+
+  wazuh.worker:
+    image: wazuh/wazuh-manager:4.10.0
+    hostname: wazuh.worker
+    restart: always
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 655360
+        hard: 655360
+    environment:
+      - INDEXER_URL=https://wazuh1.indexer:9200
+      - INDEXER_USERNAME=admin
+      - INDEXER_PASSWORD=SecretPassword
+      - FILEBEAT_SSL_VERIFICATION_MODE=full
+      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
+      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
+      - SSL_KEY=/etc/ssl/filebeat.key
+    volumes:
+      - worker-wazuh-api-configuration:/var/ossec/api/configuration
+      - worker-wazuh-etc:/var/ossec/etc
+      - worker-wazuh-logs:/var/ossec/logs
+      - worker-wazuh-queue:/var/ossec/queue
+      - worker-wazuh-var-multigroups:/var/ossec/var/multigroups
+      - worker-wazuh-integrations:/var/ossec/integrations
+      - worker-wazuh-active-response:/var/ossec/active-response/bin
+      - worker-wazuh-agentless:/var/ossec/agentless
+      - worker-wazuh-wodles:/var/ossec/wodles
+      - worker-filebeat-etc:/etc/filebeat
+      - worker-filebeat-var:/var/lib/filebeat
+      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh.worker.pem:/etc/ssl/filebeat.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh.worker-key.pem:/etc/ssl/filebeat.key
+      - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
+
+  wazuh1.indexer:
+    image: wazuh/wazuh-indexer:4.10.0
+    hostname: wazuh1.indexer
+    restart: always
+    ports:
+      - "9200:9200"
+    environment:
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "bootstrap.memory_lock=true"
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    volumes:
+      - wazuh-indexer-data-1:/var/lib/wazuh-indexer
+      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.key
+      - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
+      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
+      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
+      - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+
+  wazuh2.indexer:
+    image: wazuh/wazuh-indexer:4.10.0
+    hostname: wazuh2.indexer
+    restart: always
+    environment:
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "bootstrap.memory_lock=true"
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    volumes:
+      - wazuh-indexer-data-2:/var/lib/wazuh-indexer
+      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.key
+      - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
+      - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+
+  wazuh3.indexer:
+    image: wazuh/wazuh-indexer:4.10.0
+    hostname: wazuh3.indexer
+    restart: always
+    environment:
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "bootstrap.memory_lock=true"
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    volumes:
+      - wazuh-indexer-data-3:/var/lib/wazuh-indexer
+      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.key
+      - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
+      - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+
+  wazuh.dashboard:
+    image: wazuh/wazuh-dashboard:4.10.0
+    hostname: wazuh.dashboard
+    restart: always
+    ports:
+      - 443:5601
+    environment:
+      - OPENSEARCH_HOSTS="https://wazuh1.indexer:9200"
+      - WAZUH_API_URL="https://wazuh.master"
+      - API_USERNAME=wazuh-wui
+      - API_PASSWORD=MyS3cr37P450r.*-
+      - DASHBOARD_USERNAME=kibanaserver
+      - DASHBOARD_PASSWORD=kibanaserver
+    volumes:
+      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
+      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
+      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
+      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
+    depends_on:
+      - wazuh1.indexer
+    links:
+      - wazuh1.indexer:wazuh1.indexer
+      - wazuh.master:wazuh.master
+
+  nginx:
+    image: nginx:stable
+    hostname: nginx
+    restart: always
+    ports:
+      - "1514:1514"
+    depends_on:
+      - wazuh.master
+      - wazuh.worker
+      - wazuh.dashboard
+    links:
+      - wazuh.master:wazuh.master
+      - wazuh.worker:wazuh.worker
+      - wazuh.dashboard:wazuh.dashboard
+    volumes:
+      - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+
+volumes:
+  master-wazuh-api-configuration:
+  master-wazuh-etc:
+  master-wazuh-logs:
+  master-wazuh-queue:
+  master-wazuh-var-multigroups:
+  master-wazuh-integrations:
+  master-wazuh-active-response:
+  master-wazuh-agentless:
+  master-wazuh-wodles:
+  master-filebeat-etc:
+  master-filebeat-var:
+  worker-wazuh-api-configuration:
+  worker-wazuh-etc:
+  worker-wazuh-logs:
+  worker-wazuh-queue:
+  worker-wazuh-var-multigroups:
+  worker-wazuh-integrations:
+  worker-wazuh-active-response:
+  worker-wazuh-agentless:
+  worker-wazuh-wodles:
+  worker-filebeat-etc:
+  worker-filebeat-var:
+  wazuh-indexer-data-1:
+  wazuh-indexer-data-2:
+  wazuh-indexer-data-3:
+  wazuh-dashboard-config:
+  wazuh-dashboard-custom:
--- a/multi-node/generate-indexer-certs.yml
+++ b/multi-node/generate-indexer-certs.yml
@@ -0,0 +1,10 @@
+# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+version: '3'
+
+services:
+  generator:
+    image: wazuh/wazuh-certs-generator:0.0.2
+    hostname: wazuh-certs-generator
+    volumes:
+      - ./config/wazuh_indexer_ssl_certs/:/certificates/
+      - ./config/certs.yml:/config/certs.yml
--- a/multi-node/volume-migrator.sh
+++ b/multi-node/volume-migrator.sh
@@ -0,0 +1,279 @@
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=wazuh-indexer-data-1 \
+           $2_wazuh-indexer-data-1
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=wazuh-indexer-data-2 \
+           $2_wazuh-indexer-data-2
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=wazuh-indexer-data-3 \
+           $2_wazuh-indexer-data-3
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=master_wazuh_api_configuration \
+           $2_master_wazuh_api_configuration
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=master_wazuh_etc \
+           $2_docker_wazuh_etc
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=master-wazuh-logs \
+           $2_master-wazuh-logs
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=master-wazuh-queue \
+           $2_master-wazuh-queue
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=master-wazuh-var-multigroups \
+           $2_master-wazuh-var-multigroups
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=master-wazuh-integrations \
+           $2_master-wazuh-integrations
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=master-wazuh-active-response \
+           $2_master-wazuh-active-response
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=master-wazuh-agentless \
+           $2_master-wazuh-agentless
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=master-wazuh-wodles \
+           $2_master-wazuh-wodles
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=master-filebeat-etc \
+           $2_master-filebeat-etc
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=master-filebeat-var \
+           $2_master-filebeat-var
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=worker_wazuh_api_configuration \
+           $2_worker_wazuh_api_configuration
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=worker_wazuh_etc \
+           $2_worker-wazuh-etc
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=worker-wazuh-logs \
+           $2_worker-wazuh-logs
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=worker-wazuh-queue \
+           $2_worker-wazuh-queue
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=worker-wazuh-var-multigroups \
+           $2_worker-wazuh-var-multigroups
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=worker-wazuh-integrations \
+           $2_worker-wazuh-integrations
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=worker-wazuh-active-response \
+           $2_worker-wazuh-active-response
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=worker-wazuh-agentless \
+           $2_worker-wazuh-agentless
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=worker-wazuh-wodles \
+           $2_worker-wazuh-wodles
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=worker-filebeat-etc \
+           $2_worker-filebeat-etc
+
+docker volume create \
+           --label com.docker.compose.project=$2 \
+           --label com.docker.compose.version=$1 \
+           --label com.docker.compose.volume=worker-filebeat-var \
+           $2_worker-filebeat-var
+
+docker container run --rm -it \
+           -v wazuh-docker_worker-filebeat-var:/from \
+           -v $2_worker-filebeat-var:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_elastic-data-1:/from \
+           -v $2_wazuh-indexer-data-1:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_elastic-data-2:/from \
+           -v $2_wazuh-indexer-data-2:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_elastic-data-3:/from \
+           -v $2_wazuh-indexer-data-3:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_ossec-api-configuration:/from \
+           -v $2_master-wazuh-api-configuration:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_ossec-etc:/from \
+           -v $2_master-wazuh-etc:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_ossec-logs:/from \
+           -v $2_master-wazuh-logs:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_ossec-queue:/from \
+           -v $2_master-wazuh-queue:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_ossec-var-multigroups:/from \
+           -v $2_master-wazuh-var-multigroups:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_ossec-integrations:/from \
+           -v $2_master-wazuh-integrations:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_ossec-active-response:/from \
+           -v $2_master-wazuh-active-response:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_ossec-agentless:/from \
+           -v $2_master-wazuh-agentless:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_ossec-wodles:/from \
+           -v $2_master-wazuh-wodles:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_filebeat-etc:/from \
+           -v $2_master-filebeat-etc:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_filebeat-var:/from \
+           -v $2_master-filebeat-var:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_worker-ossec-api-configuration:/from \
+           -v $2_worker-wazuh-api-configuration:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_worker-ossec-etc:/from \
+           -v $2_worker-wazuh-etc:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_worker-ossec-logs:/from \
+           -v $2_worker-wazuh-logs:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_worker-ossec-queue:/from \
+           -v $2_worker-wazuh-queue:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_worker-ossec-var-multigroups:/from \
+           -v $2_worker-wazuh-var-multigroups:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_worker-ossec-integrations:/from \
+           -v $2_worker-wazuh-integrations:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_worker-ossec-active-response:/from \
+           -v $2_worker-wazuh-active-response:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_worker-ossec-agentless:/from \
+           -v $2_worker-wazuh-agentless:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_worker-ossec-wodles:/from \
+           -v $2_worker-wazuh-wodles:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_worker-filebeat-etc:/from \
+           -v $2_worker-filebeat-etc:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
+
+docker container run --rm -it \
+           -v wazuh-docker_worker-filebeat-var:/from \
+           -v $2_worker-filebeat-var:/to \
+           alpine ash -c "cd /from ; cp -avp . /to"
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@@ -1,19 +0,0 @@
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-FROM nginx:latest
-
-ENV DEBIAN_FRONTEND noninteractive
-
-RUN apt-get update && apt-get install -y openssl apache2-utils
-
-COPY config/entrypoint.sh /entrypoint.sh
-
-RUN chmod 755 /entrypoint.sh
-
-RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-
-VOLUME ["/etc/nginx/conf.d"]
-
-ENV NGINX_NAME="foo" \
-    NGINX_PWD="bar"
-
-ENTRYPOINT /entrypoint.sh
--- a/nginx/config/entrypoint.sh
+++ b/nginx/config/entrypoint.sh
@@ -1,79 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-set -e
-
-# Generating certificates.
-if [ ! -d /etc/nginx/conf.d/ssl ]; then
-  echo "Generating SSL certificates"
-  mkdir -p /etc/nginx/conf.d/ssl/certs /etc/nginx/conf.d/ssl/private
-  openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/conf.d/ssl/private/kibana-access.key -out /etc/nginx/conf.d/ssl/certs/kibana-access.pem >/dev/null
-else
-  echo "SSL certificates already present"
-fi
-
-# Setting users credentials.
-# In order to set NGINX_CREDENTIALS, before "docker-compose up -d" run (a or b):
-#
-# a) export NGINX_CREDENTIALS="user1:pass1;user2:pass2;" or
-#    export NGINX_CREDENTIALS="user1:pass1;user2:pass2"
-#
-# b) Set NGINX_CREDENTIALS in docker-compose.yml:
-#    NGINX_CREDENTIALS=user1:pass1;user2:pass2; or
-#    NGINX_CREDENTIALS=user1:pass1;user2:pass2
-#
-if [ ! -f /etc/nginx/conf.d/kibana.htpasswd ]; then
-  echo "Setting users credentials"
-  if [ ! -z "$NGINX_CREDENTIALS" ]; then
-    IFS=';' read -r -a users <<< "$NGINX_CREDENTIALS"
-    for index in "${!users[@]}"
-    do
-      IFS=':' read -r -a credentials <<< "${users[index]}"
-      if [ $index -eq 0 ]; then
-        echo ${credentials[1]}|htpasswd -i -c /etc/nginx/conf.d/kibana.htpasswd ${credentials[0]} >/dev/null
-      else
-        echo ${credentials[1]}|htpasswd -i /etc/nginx/conf.d/kibana.htpasswd  ${credentials[0]} >/dev/null
-      fi
-    done
-  else
-    # NGINX_PWD and NGINX_NAME are declared in nginx/Dockerfile 
-    echo $NGINX_PWD|htpasswd -i -c /etc/nginx/conf.d/kibana.htpasswd $NGINX_NAME >/dev/null
-  fi
-else
-  echo "Kibana credentials already configured"
-fi
-
-if [ "x${NGINX_PORT}" = "x" ]; then
-  NGINX_PORT=443
-fi
-
-if [ "x${KIBANA_HOST}" = "x" ]; then
-  KIBANA_HOST="kibana:5601"
-fi
-
-echo "Configuring NGINX"
-cat > /etc/nginx/conf.d/default.conf <<EOF
-server {
-    listen 80;
-    listen [::]:80;
-    return 301 https://\$host:${NGINX_PORT}\$request_uri;
-}
-
-server {
-    listen ${NGINX_PORT} default_server;
-    listen [::]:${NGINX_PORT};
-    ssl on;
-    ssl_certificate /etc/nginx/conf.d/ssl/certs/kibana-access.pem;
-    ssl_certificate_key /etc/nginx/conf.d/ssl/private/kibana-access.key;
-    location / {
-        auth_basic "Restricted";
-        auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
-        proxy_pass http://${KIBANA_HOST}/;
-        proxy_buffer_size          128k;
-        proxy_buffers              4 256k;
-        proxy_busy_buffers_size    256k;
-    }
-}
-EOF
-
-nginx -g 'daemon off;'
--- a/single-node/README.md
+++ b/single-node/README.md
@@ -0,0 +1,24 @@
+# Deploy Wazuh Docker in single node configuration
+
+This deployment is defined in the `docker-compose.yml` file with one Wazuh manager containers, one Wazuh indexer containers, and one Wazuh dashboard container. It can be deployed by following these steps: 
+
+1) Increase max_map_count on your host (Linux). This command must be run with root permissions:
+```
+$ sysctl -w vm.max_map_count=262144
+```
+2) Run the certificate creation script:
+```
+$ docker-compose -f generate-indexer-certs.yml run --rm generator
+```
+3) Start the environment with docker-compose:
+
+- In the foregroud:
+```
+$ docker-compose up
+```
+- In the background:
+```
+$ docker-compose up -d
+```
+
+The environment takes about 1 minute to get up (depending on your Docker host) for the first time since Wazuh Indexer must be started for the first time and the indexes and index patterns must be generated.
--- a/single-node/config/certs.yml
+++ b/single-node/config/certs.yml
@@ -0,0 +1,16 @@
+nodes:
+  # Wazuh indexer server nodes
+  indexer:
+    - name: wazuh.indexer
+      ip: wazuh.indexer
+
+  # Wazuh server nodes
+  # Use node_type only with more than one Wazuh manager
+  server:
+    - name: wazuh.manager
+      ip: wazuh.manager
+
+  # Wazuh dashboard node
+  dashboard:
+    - name: wazuh.dashboard
+      ip: wazuh.dashboard
--- a/single-node/config/wazuh_cluster/wazuh_manager.conf
+++ b/single-node/config/wazuh_cluster/wazuh_manager.conf
@@ -0,0 +1,308 @@
+<ossec_config>
+  <global>
+    <jsonout_output>yes</jsonout_output>
+    <alerts_log>yes</alerts_log>
+    <logall>no</logall>
+    <logall_json>no</logall_json>
+    <email_notification>no</email_notification>
+    <smtp_server>smtp.example.wazuh.com</smtp_server>
+    <email_from>wazuh@example.wazuh.com</email_from>
+    <email_to>recipient@example.wazuh.com</email_to>
+    <email_maxperhour>12</email_maxperhour>
+    <email_log_source>alerts.log</email_log_source>
+    <agents_disconnection_time>10m</agents_disconnection_time>
+    <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
+  </global>
+
+  <alerts>
+    <log_alert_level>3</log_alert_level>
+    <email_alert_level>12</email_alert_level>
+  </alerts>
+
+  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
+  <logging>
+    <log_format>plain</log_format>
+  </logging>
+
+  <remote>
+    <connection>secure</connection>
+    <port>1514</port>
+    <protocol>tcp</protocol>
+    <queue_size>131072</queue_size>
+  </remote>
+
+  <!-- Policy monitoring -->
+  <rootcheck>
+    <disabled>no</disabled>
+    <check_files>yes</check_files>
+    <check_trojans>yes</check_trojans>
+    <check_dev>yes</check_dev>
+    <check_sys>yes</check_sys>
+    <check_pids>yes</check_pids>
+    <check_ports>yes</check_ports>
+    <check_if>yes</check_if>
+
+    <!-- Frequency that rootcheck is executed - every 12 hours -->
+    <frequency>43200</frequency>
+
+    <rootkit_files>etc/rootcheck/rootkit_files.txt</rootkit_files>
+    <rootkit_trojans>etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
+
+    <skip_nfs>yes</skip_nfs>
+  </rootcheck>
+
+  <wodle name="cis-cat">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+
+    <java_path>wodles/java</java_path>
+    <ciscat_path>wodles/ciscat</ciscat_path>
+  </wodle>
+
+  <!-- Osquery integration -->
+  <wodle name="osquery">
+    <disabled>yes</disabled>
+    <run_daemon>yes</run_daemon>
+    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
+    <config_path>/etc/osquery/osquery.conf</config_path>
+    <add_labels>yes</add_labels>
+  </wodle>
+
+  <!-- System inventory -->
+  <wodle name="syscollector">
+    <disabled>no</disabled>
+    <interval>1h</interval>
+    <scan_on_start>yes</scan_on_start>
+    <hardware>yes</hardware>
+    <os>yes</os>
+    <network>yes</network>
+    <packages>yes</packages>
+    <ports all="no">yes</ports>
+    <processes>yes</processes>
+
+    <!-- Database synchronization settings -->
+    <synchronization>
+      <max_eps>10</max_eps>
+    </synchronization>
+  </wodle>
+
+  <sca>
+    <enabled>yes</enabled>
+    <scan_on_start>yes</scan_on_start>
+    <interval>12h</interval>
+    <skip_nfs>yes</skip_nfs>
+  </sca>
+
+  <vulnerability-detection>
+    <enabled>yes</enabled>
+    <index-status>yes</index-status>
+    <feed-update-interval>60m</feed-update-interval>
+  </vulnerability-detection>
+
+  <indexer>
+    <enabled>yes</enabled>
+    <hosts>
+      <host>https://wazuh.indexer:9200</host>
+    </hosts>
+    <ssl>
+      <certificate_authorities>
+        <ca>/etc/ssl/root-ca.pem</ca>
+      </certificate_authorities>
+      <certificate>/etc/ssl/filebeat.pem</certificate>
+      <key>/etc/ssl/filebeat.key</key>
+    </ssl>
+  </indexer>
+
+  <!-- File integrity monitoring -->
+  <syscheck>
+    <disabled>no</disabled>
+
+    <!-- Frequency that syscheck is executed default every 12 hours -->
+    <frequency>43200</frequency>
+
+    <scan_on_start>yes</scan_on_start>
+
+    <!-- Generate alert when new file detected -->
+    <alert_new_files>yes</alert_new_files>
+
+    <!-- Don't ignore files that change more than 'frequency' times -->
+    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
+
+    <!-- Directories to check  (perform all possible verifications) -->
+    <directories>/etc,/usr/bin,/usr/sbin</directories>
+    <directories>/bin,/sbin,/boot</directories>
+
+    <!-- Files/directories to ignore -->
+    <ignore>/etc/mtab</ignore>
+    <ignore>/etc/hosts.deny</ignore>
+    <ignore>/etc/mail/statistics</ignore>
+    <ignore>/etc/random-seed</ignore>
+    <ignore>/etc/random.seed</ignore>
+    <ignore>/etc/adjtime</ignore>
+    <ignore>/etc/httpd/logs</ignore>
+    <ignore>/etc/utmpx</ignore>
+    <ignore>/etc/wtmpx</ignore>
+    <ignore>/etc/cups/certs</ignore>
+    <ignore>/etc/dumpdates</ignore>
+    <ignore>/etc/svc/volatile</ignore>
+
+    <!-- File types to ignore -->
+    <ignore type="sregex">.log$|.swp$</ignore>
+
+    <!-- Check the file, but never compute the diff -->
+    <nodiff>/etc/ssl/private.key</nodiff>
+
+    <skip_nfs>yes</skip_nfs>
+    <skip_dev>yes</skip_dev>
+    <skip_proc>yes</skip_proc>
+    <skip_sys>yes</skip_sys>
+
+    <!-- Nice value for Syscheck process -->
+    <process_priority>10</process_priority>
+
+    <!-- Maximum output throughput -->
+    <max_eps>100</max_eps>
+
+    <!-- Database synchronization settings -->
+    <synchronization>
+      <enabled>yes</enabled>
+      <interval>5m</interval>
+      <max_interval>1h</max_interval>
+      <max_eps>10</max_eps>
+    </synchronization>
+  </syscheck>
+
+  <!-- Active response -->
+  <global>
+    <white_list>127.0.0.1</white_list>
+    <white_list>^localhost.localdomain$</white_list>
+  </global>
+
+  <command>
+    <name>disable-account</name>
+    <executable>disable-account</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>restart-wazuh</name>
+    <executable>restart-wazuh</executable>
+  </command>
+
+  <command>
+    <name>firewall-drop</name>
+    <executable>firewall-drop</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>host-deny</name>
+    <executable>host-deny</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>route-null</name>
+    <executable>route-null</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>win_route-null</name>
+    <executable>route-null.exe</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>netsh</name>
+    <executable>netsh.exe</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <!--
+  <active-response>
+    active-response options here
+  </active-response>
+  -->
+
+  <!-- Log analysis -->
+  <localfile>
+    <log_format>command</log_format>
+    <command>df -P</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
+    <alias>netstat listening ports</alias>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>last -n 20</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <ruleset>
+    <!-- Default ruleset -->
+    <decoder_dir>ruleset/decoders</decoder_dir>
+    <rule_dir>ruleset/rules</rule_dir>
+    <rule_exclude>0215-policy_rules.xml</rule_exclude>
+    <list>etc/lists/audit-keys</list>
+    <list>etc/lists/amazon/aws-eventnames</list>
+    <list>etc/lists/security-eventchannel</list>
+
+    <!-- User-defined ruleset -->
+    <decoder_dir>etc/decoders</decoder_dir>
+    <rule_dir>etc/rules</rule_dir>
+  </ruleset>
+
+  <rule_test>
+    <enabled>yes</enabled>
+    <threads>1</threads>
+    <max_sessions>64</max_sessions>
+    <session_timeout>15m</session_timeout>
+  </rule_test>
+
+  <!-- Configuration for wazuh-authd -->
+  <auth>
+    <disabled>no</disabled>
+    <port>1515</port>
+    <use_source_ip>no</use_source_ip>
+    <purge>yes</purge>
+    <use_password>no</use_password>
+    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
+    <!-- <ssl_agent_ca></ssl_agent_ca> -->
+    <ssl_verify_host>no</ssl_verify_host>
+    <ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
+    <ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
+    <ssl_auto_negotiate>no</ssl_auto_negotiate>
+  </auth>
+
+  <cluster>
+    <name>wazuh</name>
+    <node_name>node01</node_name>
+    <node_type>master</node_type>
+    <key>aa093264ef885029653eea20dfcf51ae</key>
+    <port>1516</port>
+    <bind_addr>0.0.0.0</bind_addr>
+    <nodes>
+        <node>wazuh.manager</node>
+    </nodes>
+    <hidden>no</hidden>
+    <disabled>yes</disabled>
+  </cluster>
+
+</ossec_config>
+
+<ossec_config>
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/ossec/logs/active-responses.log</location>
+  </localfile>
+
+</ossec_config>
--- a/single-node/config/wazuh_dashboard/opensearch_dashboards.yml
+++ b/single-node/config/wazuh_dashboard/opensearch_dashboards.yml
@@ -0,0 +1,12 @@
+server.host: 0.0.0.0
+server.port: 5601
+opensearch.hosts: https://wazuh.indexer:9200
+opensearch.ssl.verificationMode: certificate
+opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: true
+server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
+server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
+opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
+uiSettings.overrides.defaultRoute: /app/wz-home
--- a/single-node/config/wazuh_dashboard/wazuh.yml
+++ b/single-node/config/wazuh_dashboard/wazuh.yml
@@ -0,0 +1,7 @@
+hosts:
+  - 1513629884013:
+      url: "https://wazuh.manager"
+      port: 55000
+      username: wazuh-wui
+      password: "MyS3cr37P450r.*-"
+      run_as: false
--- a/single-node/config/wazuh_indexer/internal_users.yml
+++ b/single-node/config/wazuh_indexer/internal_users.yml
@@ -0,0 +1,56 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+  type: "internalusers"
+  config_version: 2
+
+# Define your internal users here
+
+## Demo users
+
+admin:
+  hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
+  reserved: true
+  backend_roles:
+  - "admin"
+  description: "Demo admin user"
+
+kibanaserver:
+  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
+  reserved: true
+  description: "Demo kibanaserver user"
+
+kibanaro:
+  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
+  reserved: false
+  backend_roles:
+  - "kibanauser"
+  - "readall"
+  attributes:
+    attribute1: "value1"
+    attribute2: "value2"
+    attribute3: "value3"
+  description: "Demo kibanaro user"
+
+logstash:
+  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
+  reserved: false
+  backend_roles:
+  - "logstash"
+  description: "Demo logstash user"
+
+readall:
+  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
+  reserved: false
+  backend_roles:
+  - "readall"
+  description: "Demo readall user"
+
+snapshotrestore:
+  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
+  reserved: false
+  backend_roles:
+  - "snapshotrestore"
+  description: "Demo snapshotrestore user"
--- a/single-node/config/wazuh_indexer/wazuh.indexer.yml
+++ b/single-node/config/wazuh_indexer/wazuh.indexer.yml
@@ -0,0 +1,30 @@
+network.host: "0.0.0.0"
+node.name: "wazuh.indexer"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+discovery.type: single-node
+http.port: 9200-9299
+transport.tcp.port: 9300-9399
+compatibility.override_main_response_version: true
+plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
+plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
+plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+- "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+plugins.security.system_indices.enabled: true
+plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
--- a/single-node/docker-compose.yml
+++ b/single-node/docker-compose.yml
@@ -0,0 +1,115 @@
+# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+version: '3.7'
+
+services:
+  wazuh.manager:
+    image: wazuh/wazuh-manager:4.10.0
+    hostname: wazuh.manager
+    restart: always
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 655360
+        hard: 655360
+    ports:
+      - "1514:1514"
+      - "1515:1515"
+      - "514:514/udp"
+      - "55000:55000"
+    environment:
+      - INDEXER_URL=https://wazuh.indexer:9200
+      - INDEXER_USERNAME=admin
+      - INDEXER_PASSWORD=SecretPassword
+      - FILEBEAT_SSL_VERIFICATION_MODE=full
+      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
+      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
+      - SSL_KEY=/etc/ssl/filebeat.key
+      - API_USERNAME=wazuh-wui
+      - API_PASSWORD=MyS3cr37P450r.*-
+    volumes:
+      - wazuh_api_configuration:/var/ossec/api/configuration
+      - wazuh_etc:/var/ossec/etc
+      - wazuh_logs:/var/ossec/logs
+      - wazuh_queue:/var/ossec/queue
+      - wazuh_var_multigroups:/var/ossec/var/multigroups
+      - wazuh_integrations:/var/ossec/integrations
+      - wazuh_active_response:/var/ossec/active-response/bin
+      - wazuh_agentless:/var/ossec/agentless
+      - wazuh_wodles:/var/ossec/wodles
+      - filebeat_etc:/etc/filebeat
+      - filebeat_var:/var/lib/filebeat
+      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
+      - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
+
+  wazuh.indexer:
+    image: wazuh/wazuh-indexer:4.10.0
+    hostname: wazuh.indexer
+    restart: always
+    ports:
+      - "9200:9200"
+    environment:
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    volumes:
+      - wazuh-indexer-data:/var/lib/wazuh-indexer
+      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
+      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
+      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
+      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
+      - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+
+  wazuh.dashboard:
+    image: wazuh/wazuh-dashboard:4.10.0
+    hostname: wazuh.dashboard
+    restart: always
+    ports:
+      - 443:5601
+    environment:
+      - INDEXER_USERNAME=admin
+      - INDEXER_PASSWORD=SecretPassword
+      - WAZUH_API_URL=https://wazuh.manager
+      - DASHBOARD_USERNAME=kibanaserver
+      - DASHBOARD_PASSWORD=kibanaserver
+      - API_USERNAME=wazuh-wui
+      - API_PASSWORD=MyS3cr37P450r.*-
+    volumes:
+      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
+      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
+      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
+      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
+    depends_on:
+      - wazuh.indexer
+    links:
+      - wazuh.indexer:wazuh.indexer
+      - wazuh.manager:wazuh.manager
+
+volumes:
+  wazuh_api_configuration:
+  wazuh_etc:
+  wazuh_logs:
+  wazuh_queue:
+  wazuh_var_multigroups:
+  wazuh_integrations:
+  wazuh_active_response:
+  wazuh_agentless:
+  wazuh_wodles:
+  filebeat_etc:
+  filebeat_var:
+  wazuh-indexer-data:
+  wazuh-dashboard-config:
+  wazuh-dashboard-custom:
--- a/single-node/generate-indexer-certs.yml
+++ b/single-node/generate-indexer-certs.yml
@@ -0,0 +1,10 @@
+# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+version: '3'
+
+services:
+  generator:
+    image: wazuh/wazuh-certs-generator:0.0.2
+    hostname: wazuh-certs-generator
+    volumes:
+      - ./config/wazuh_indexer_ssl_certs/:/certificates/
+      - ./config/certs.yml:/config/certs.yml
--- a/wazuh/Dockerfile
+++ b/wazuh/Dockerfile
@@ -1,80 +0,0 @@
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-FROM phusion/baseimage:latest
-
-ARG FILEBEAT_VERSION=7.2.0
-
-ARG WAZUH_VERSION=3.9.3-1
-
-ENV API_USER="foo" \
-   API_PASS="bar"
-
-ARG TEMPLATE_VERSION="v3.9.3"
-
-# Set repositories.
-RUN set -x && echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list && \
-   curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - && \
-   curl --silent --location https://deb.nodesource.com/setup_8.x | bash - && \
-   echo "postfix postfix/mailname string wazuh-manager" | debconf-set-selections && \
-   echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections && \
-   groupadd -g 1000 ossec && useradd -u 1000 -g 1000 -d /var/ossec ossec
-
-RUN add-apt-repository universe && apt-get update && apt-get upgrade -y -o Dpkg::Options::="--force-confold" && \
-   apt-get --no-install-recommends --no-install-suggests -y install openssl postfix bsd-mailx python-boto python-pip  \
-   apt-transport-https vim expect nodejs python-cryptography mailutils libsasl2-modules wazuh-manager=${WAZUH_VERSION} \
-   wazuh-api=${WAZUH_VERSION} && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && rm -f \
-   /var/ossec/logs/alerts/*/*/*.log && rm -f /var/ossec/logs/alerts/*/*/*.json && rm -f \
-   /var/ossec/logs/archives/*/*/*.log && rm -f /var/ossec/logs/archives/*/*/*.json && rm -f \
-   /var/ossec/logs/firewall/*/*/*.log && rm -f /var/ossec/logs/firewall/*/*/*.json
-
-# Adding first run script and entrypoint
-COPY config/data_dirs.env /data_dirs.env
-COPY config/init.bash /init.bash
-RUN mkdir /entrypoint-scripts
-COPY config/entrypoint.sh /entrypoint.sh
-COPY config/00-wazuh.sh /entrypoint-scripts/00-wazuh.sh
-COPY config/01-config_filebeat.sh /entrypoint-scripts/01-config_filebeat.sh
-
-# Sync calls are due to https://github.com/docker/docker/issues/9547
-RUN chmod 755 /init.bash && \
-   sync && /init.bash && \
-   sync && rm /init.bash && \
-   curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-amd64.deb &&\
-   dpkg -i filebeat-${FILEBEAT_VERSION}-amd64.deb && rm -f filebeat-${FILEBEAT_VERSION}-amd64.deb && \
-   chmod 755 /entrypoint.sh && \
-   chmod 755 /entrypoint-scripts/00-wazuh.sh && \
-   chmod 755 /entrypoint-scripts/01-config_filebeat.sh
-
-COPY config/filebeat.yml /etc/filebeat/
-RUN chmod go-w /etc/filebeat/filebeat.yml
-
-# Setting volumes
-VOLUME ["/var/ossec/data"]
-VOLUME ["/etc/filebeat"]
-VOLUME ["/etc/postfix"]
-VOLUME ["/var/lib/filebeat"]
-
-# Services ports
-EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp
-
-# Adding services
-RUN mkdir /etc/service/wazuh && \
-   mkdir /etc/service/wazuh-api && \
-   mkdir /etc/service/postfix && \
-   mkdir /etc/service/filebeat
-
-COPY config/wazuh.runit.service /etc/service/wazuh/run
-COPY config/wazuh-api.runit.service /etc/service/wazuh-api/run
-COPY config/postfix.runit.service /etc/service/postfix/run
-COPY config/filebeat.runit.service /etc/service/filebeat/run
-
-RUN chmod +x /etc/service/wazuh-api/run && \
-   chmod +x /etc/service/wazuh/run && \
-   chmod +x /etc/service/postfix/run && \
-   chmod +x /etc/service/filebeat/run 
-
-
-ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
-RUN chmod go-w /etc/filebeat/wazuh-template.json 
-
-# Run all services
-ENTRYPOINT ["/entrypoint.sh"]
--- a/wazuh/config/00-wazuh.sh
+++ b/wazuh/config/00-wazuh.sh
@@ -1,135 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-# Wazuh container bootstrap. See the README for information of the environment
-# variables expected by this script.
-
-# Startup the services
-source /data_dirs.env
-
-FIRST_TIME_INSTALLATION=false
-
-WAZUH_INSTALL_PATH=/var/ossec
-DATA_PATH=${WAZUH_INSTALL_PATH}/data
-
-WAZUH_CONFIG_MOUNT=/wazuh-config-mount
-
-print() {
-    echo -e $1
-}
-
-error_and_exit() {
-    echo "Error executing command: '$1'."
-    echo 'Exiting.'
-    exit 1
-}
-
-exec_cmd() {
-    eval $1 > /dev/null 2>&1 || error_and_exit "$1"
-}
-
-exec_cmd_stdout() {
-    eval $1 2>&1 || error_and_exit "$1"
-}
-
-edit_configuration() { # $1 -> setting,  $2 -> value
-    sed -i "s/^config.$1\s=.*/config.$1 = \"$2\";/g" "${DATA_PATH}/api/configuration/config.js" || error_and_exit "sed (editing configuration)"
-}
-
-for ossecdir in "${DATA_DIRS[@]}"; do
-  if [ ! -e "${DATA_PATH}/${ossecdir}" ]
-  then
-    print "Installing ${ossecdir}"
-    exec_cmd "mkdir -p $(dirname ${DATA_PATH}/${ossecdir})"
-    exec_cmd "cp -pr /var/ossec/${ossecdir}-template ${DATA_PATH}/${ossecdir}"
-    FIRST_TIME_INSTALLATION=true
-  fi
-done
-
-if [  -e ${WAZUH_INSTALL_PATH}/etc-template  ]
-then
-    cp -p /var/ossec/etc-template/internal_options.conf /var/ossec/etc/internal_options.conf
-fi
-rm /var/ossec/queue/db/.template.db
-
-touch ${DATA_PATH}/process_list
-chgrp ossec ${DATA_PATH}/process_list
-chmod g+rw ${DATA_PATH}/process_list
-
-AUTO_ENROLLMENT_ENABLED=${AUTO_ENROLLMENT_ENABLED:-true}
-API_GENERATE_CERTS=${API_GENERATE_CERTS:-true}
-
-if [ $FIRST_TIME_INSTALLATION == true ]
-then
-  if [ $AUTO_ENROLLMENT_ENABLED == true ]
-  then
-    if [ ! -e ${DATA_PATH}/etc/sslmanager.key ]
-    then
-      print "Creating ossec-authd key and cert"
-      exec_cmd "openssl genrsa -out ${DATA_PATH}/etc/sslmanager.key 4096"
-      exec_cmd "openssl req -new -x509 -key ${DATA_PATH}/etc/sslmanager.key -out ${DATA_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/"
-    fi
-  fi
-  if [ $API_GENERATE_CERTS == true ]
-  then
-    if [ ! -e ${DATA_PATH}/api/configuration/ssl/server.crt ]
-    then
-      print "Enabling Wazuh API HTTPS"
-      edit_configuration "https" "yes"
-      print "Create Wazuh API key and cert"
-      exec_cmd "openssl genrsa -out ${DATA_PATH}/api/configuration/ssl/server.key 4096"
-      exec_cmd "openssl req -new -x509 -key ${DATA_PATH}/api/configuration/ssl/server.key -out ${DATA_PATH}/api/configuration/ssl/server.crt -days 3650 -subj /CN=${HOSTNAME}/"
-    fi
-  fi
-fi
-
-##############################################################################
-# Copy all files from $WAZUH_CONFIG_MOUNT to $DATA_PATH and respect
-# destination files permissions
-#
-# For example, to mount the file /var/ossec/data/etc/ossec.conf, mount it at
-# $WAZUH_CONFIG_MOUNT/etc/ossec.conf in your container and this code will
-# replace the ossec.conf file in /var/ossec/data/etc with yours.
-##############################################################################
-if [ -e "$WAZUH_CONFIG_MOUNT" ]
-then
-  print "Identified Wazuh configuration files to mount..."
-
-  exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $DATA_PATH"
-else
-  print "No Wazuh configuration files to mount..."
-fi
-
-function ossec_shutdown(){
-  ${WAZUH_INSTALL_PATH}/bin/ossec-control stop;
-}
-
-# Trap exit signals and do a proper shutdown
-trap "ossec_shutdown; exit" SIGINT SIGTERM
-
-chmod -R g+rw ${DATA_PATH}
-
-##############################################################################
-# Interpret any passed arguments (via docker command to this entrypoint) as
-# paths or commands, and execute them.
-#
-# This can be useful for actions that need to be run before the services are
-# started, such as "/var/ossec/bin/ossec-control enable agentless".
-##############################################################################
-for CUSTOM_COMMAND in "$@"
-do
-  echo "Executing command \`${CUSTOM_COMMAND}\`"
-  exec_cmd_stdout "${CUSTOM_COMMAND}"
-done
-
-##############################################################################
-# Change Wazuh API user credentials.
-##############################################################################
-
-pushd /var/ossec/api/configuration/auth/
-
-echo "Change Wazuh API user credentials"
-change_user="node htpasswd -b -c user $API_USER $API_PASS"
-eval $change_user
-
-popd
--- a/wazuh/config/01-config_filebeat.sh
+++ b/wazuh/config/01-config_filebeat.sh
@@ -1,10 +0,0 @@
-#!/bin/bash
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-set -e
-
-# Modify the output to Elasticsearch if th ELASTICSEARCH_URL is set
-if [ "$ELASTICSEARCH_URL" != "" ]; then
-  >&2 echo "Customize Elasticsearch ouput IP."
-  sed -i 's|http://elasticsearch:9200|'$ELASTICSEARCH_URL'|g' /etc/filebeat/filebeat.yml
-fi
--- a/wazuh/config/data_dirs.env
+++ b/wazuh/config/data_dirs.env
@@ -1,15 +0,0 @@
-i=0
-DATA_DIRS[((i++))]="api/configuration"
-DATA_DIRS[((i++))]="etc"
-DATA_DIRS[((i++))]="logs"
-DATA_DIRS[((i++))]="queue/db"
-DATA_DIRS[((i++))]="queue/rootcheck"
-DATA_DIRS[((i++))]="queue/agent-groups"
-DATA_DIRS[((i++))]="queue/agent-info"
-DATA_DIRS[((i++))]="queue/agents-timestamp"
-DATA_DIRS[((i++))]="queue/agentless"
-DATA_DIRS[((i++))]="queue/cluster"
-DATA_DIRS[((i++))]="queue/rids"
-DATA_DIRS[((i++))]="queue/fts"
-DATA_DIRS[((i++))]="var/multigroups"
-export DATA_DIRS
--- a/wazuh/config/entrypoint.sh
+++ b/wazuh/config/entrypoint.sh
@@ -1,14 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-# It will run every .sh script located in entrypoint-scripts folder in lexicographical order
-for script in `ls /entrypoint-scripts/*.sh | sort -n`; do
-  bash "$script"
-
-done
-
-##############################################################################
-# Start Wazuh Server.
-##############################################################################
-
-/sbin/my_init 
--- a/wazuh/config/filebeat.runit.service
+++ b/wazuh/config/filebeat.runit.service
@@ -1,4 +0,0 @@
-#!/bin/sh
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-service filebeat start
-tail -f /var/log/filebeat/filebeat
--- a/wazuh/config/filebeat.yml
+++ b/wazuh/config/filebeat.yml
@@ -1,53 +0,0 @@
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-filebeat.inputs:
-  - type: log
-    paths:
-      - '/var/ossec/logs/alerts/alerts.json'
-
-setup.template.json.enabled: true
-setup.template.json.path: "/etc/filebeat/wazuh-template.json"
-setup.template.json.name: "wazuh"
-setup.template.overwrite: true
-
-processors:
-  - decode_json_fields:
-      fields: ['message']
-      process_array: true
-      max_depth: 200
-      target: ''
-      overwrite_keys: true
-  - drop_fields:
-      fields: ['message', 'ecs', 'beat', 'input_type', 'tags', 'count', '@version', 'log', 'offset', 'type', 'host']
-  - rename:
-      fields:
-        - from: "data.aws.sourceIPAddress"
-          to: "@src_ip"
-      ignore_missing: true
-      fail_on_error: false
-      when:
-        regexp:
-          data.aws.sourceIPAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
-  - rename:
-      fields:
-        - from: "data.srcip"
-          to: "@src_ip"
-      ignore_missing: true
-      fail_on_error: false
-      when:
-        regexp:
-          data.srcip: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
-  - rename:
-      fields:
-        - from: "data.win.eventdata.ipAddress"
-          to: "@src_ip"
-      ignore_missing: true
-      fail_on_error: false
-      when:
-        regexp:
-          data.win.eventdata.ipAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
-
-output.elasticsearch:
-  hosts: ['http://elasticsearch:9200']
-  #pipeline: geoip
-  indices:
-    - index: 'wazuh-alerts-3.x-%{+yyyy.MM.dd}'
--- a/wazuh/config/init.bash
+++ b/wazuh/config/init.bash
@@ -1,11 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-# Initialize the custom data directory layout
-source /data_dirs.env
-
-cd /var/ossec
-for ossecdir in "${DATA_DIRS[@]}"; do
-  mv ${ossecdir} ${ossecdir}-template
-  ln -s $(realpath --relative-to=$(dirname ${ossecdir}) data)/${ossecdir} ${ossecdir}
-done
--- a/Show More
+++ b/Show More