modify path for Wazuh manager package

.env

@@ -1,3 +1,3 @@
-WAZUH_VERSION=4.4.5
+WAZUH_VERSION=4.3.11
-WAZUH_IMAGE_VERSION=4.4.5
+WAZUH_IMAGE_VERSION=4.3.11
 WAZUH_TAG_REVISION=1

.github/.goss.yaml

@@ -56,7 +56,7 @@ package:
   wazuh-manager:
     installed: true
     versions:
-    - 4.4.5-1
+    - 4.3.11-1
 port:
   tcp:1514:
     listening: true

.github/workflows/push.yml

@@ -126,7 +126,7 @@ jobs:
 
     - name: Check documents into wazuh-alerts index
       run: |
-       docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`"
+       docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_doc/_search" -u admin:SecretPassword -k -s | jq -r ".hits.total.value"`"
        if [[ $docs -gt 100 ]]; then
         echo "wazuh-alerts index documents: ${docs}"
        else
@@ -250,8 +250,8 @@ jobs:
 
     - name: Check documents into wazuh-alerts index
       run: |
-       docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`"
+       docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_doc/_search" -u admin:SecretPassword -k -s | jq -r ".hits.total.value"`"
-       if [[ $docs -gt 100 ]]; then
+       if [[ $docs -gt 200 ]]; then
         echo "wazuh-alerts index documents: ${docs}"
        else
         echo "wazuh-alerts index documents: ${docs}"

CHANGELOG.md

@@ -1,41 +1,12 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
-## Wazuh Docker v4.4.5
-### Added
-
-- Update Wazuh to version [4.4.5](https://github.com/wazuh/wazuh/blob/v4.4.5/CHANGELOG.md#v445)
-
-## Wazuh Docker v4.4.4
-### Added
-
-- Update Wazuh to version [4.4.4](https://github.com/wazuh/wazuh/blob/v4.4.4/CHANGELOG.md#v444)
-
-## Wazuh Docker v4.4.3
-### Added
-
-- Update Wazuh to version [4.4.3](https://github.com/wazuh/wazuh/blob/v4.4.3/CHANGELOG.md#v443)
-
-## Wazuh Docker v4.4.2
-### Added
-
-- Update Wazuh to version [4.4.2](https://github.com/wazuh/wazuh/blob/v4.4.2/CHANGELOG.md#v442)
-
-## Wazuh Docker v4.4.1
-### Added
-
-- Update Wazuh to version [4.4.1](https://github.com/wazuh/wazuh/blob/v4.4.1/CHANGELOG.md#v441)
-
-## Wazuh Docker v4.4.0
-### Added
-
-- Update Wazuh to version [4.4.0](https://github.com/wazuh/wazuh/blob/v4.4.0/CHANGELOG.md#v440)
-
 ## Wazuh Docker v4.3.11
 ### Added
 
 - Update Wazuh to version [4.3.11](https://github.com/wazuh/wazuh/blob/v4.3.11/CHANGELOG.md#v4311)
 
+
 ## Wazuh Docker v4.3.10
 ### Added
 

README.md

@@ -42,7 +42,7 @@ API_PASSWORD="MyS3cr37P450r.*-"                     # Wazuh API password - Must
 
 INDEXER_URL=https://wazuh.indexer:9200              # Wazuh indexer URL
 INDEXER_USERNAME=admin                              # Wazuh indexer Username
-INDEXER_PASSWORD=SecretPassword                     # Wazuh indexer Password
+INDEXER_PASSWORD=admin                              # Wazuh indexer Password
 FILEBEAT_SSL_VERIFICATION_MODE=full                 # Filebeat SSL Verification mode (full or none)
 SSL_CERTIFICATE_AUTHORITIES=""                      # Path of Filebeat SSL CA
 SSL_CERTIFICATE=""                                  # Path of Filebeat SSL Certificate
@@ -195,12 +195,6 @@ WAZUH_MONITORING_REPLICAS=0         ##
 
 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
-| v4.4.5        |         |        |
-| v4.4.4        |         |        |
-| v4.4.3        |         |        |
-| v4.4.2        |         |        |
-| v4.4.1        |         |        |
-| v4.4.0        |         |        |
 | v4.3.11       |         |        |
 | v4.3.10       |         |        |
 | v4.3.9        |         |        |

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.4.5"
+WAZUH-DOCKER_VERSION="4.3.11"
-REVISION="40413"
+REVISION="40324"

build-docker-images/build-images.sh

@@ -1,4 +1,4 @@
-WAZUH_IMAGE_VERSION=4.4.5
+WAZUH_IMAGE_VERSION=4.3.11
 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
 WAZUH_TAG_REVISION=1
 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')

build-docker-images/wazuh-dashboard/config/config.sh

@@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config
 
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.4/
+PACKAGES_URL=https://packages.wazuh.com/4.3/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.4/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.3/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

build-docker-images/wazuh-dashboard/config/dl_base.sh

@@ -1,4 +1,3 @@
-REPOSITORY="packages.wazuh.com/4.x"
 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
 MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
 MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
@@ -8,18 +7,23 @@ MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
 MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
 
 ## check version to use the correct repository
-if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
+if [ "$MAJOR_BUILD" -ge "$MAJOR_CURRENT" ]; then
-  REPOSITORY="packages-dev.wazuh.com/pre-release"
+  REPOSITORY="packages-dev.wazuh.com"
 elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
-  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
+  if [ "$MID_BUILD" -ge "$MID_CURRENT" ]; then
-    REPOSITORY="packages-dev.wazuh.com/pre-release"
+    REPOSITORY="packages-dev.wazuh.com"
   elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
-    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
+    if [ "$MINOR_BUILD" -ge "$MINOR_CURRENT" ]; then
-      REPOSITORY="packages-dev.wazuh.com/pre-release"
+      REPOSITORY="packages-dev.wazuh.com"
+    else
+      REPOSITORY="packages.wazuh.com"
     fi
+  else
+    REPOSITORY="packages.wazuh.com"
   fi
+else
+  REPOSITORY="packages.wazuh.com"
 fi
 
-
+curl -o wazuh-dashboard-base.tar.xz https://${REPOSITORY}/stack/dashboard/base/wazuh-dashboard-base-${WAZUH_VERSION}-${WAZUH_TAG_REVISION}-linux-x64.tar.xz
-curl -o wazuh-dashboard-base.tar.xz https://${REPOSITORY}/stack/dashboard/wazuh-dashboard-base-${WAZUH_VERSION}-${WAZUH_TAG_REVISION}-linux-x64.tar.xz
 tar -xf wazuh-dashboard-base.tar.xz --directory  $INSTALL_DIR --strip-components=1

build-docker-images/wazuh-dashboard/config/install_wazuh_app.sh

@@ -1,24 +1,11 @@
-## variables
+## Variables
+WAZUH_IMAGE_VERSION=$(echo $WAZUH_VERSION | sed -e 's/\.//g')
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
+## If wazuh manager exists in apt dev repository, change variables, if not exit 1
+if [ "$WAZUH_IMAGE_VERSION" -le "$WAZUH_CURRENT_VERSION" ]; then
   WAZUH_APP=https://packages.wazuh.com/4.x/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
-WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+else
-MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
-MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
-MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
-MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
-MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
-MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
-
-## check version to use the correct repository
-if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
   WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
-elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
-  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
-    WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
-  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
-    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
-      WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
-    fi
-  fi
 fi
 
 # Install Wazuh App

build-docker-images/wazuh-indexer/Dockerfile

@@ -4,7 +4,7 @@ FROM ubuntu:focal AS builder
 ARG WAZUH_VERSION
 ARG WAZUH_TAG_REVISION
 
-RUN apt-get update -y && apt-get install curl openssl xz-utils -y
+RUN apt-get update -y && apt-get install curl openssl xz-utils wget -y
 
 COPY config/opensearch.yml /
 
@@ -67,7 +67,8 @@ RUN mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer &&
     mkdir -p /var/log/wazuh-indexer && chown 1000:1000 /var/log/wazuh-indexer && \
     chmod 700 /usr/share/wazuh-indexer && \
     chmod 600 /usr/share/wazuh-indexer/jvm.options && \
-    chmod 600 /usr/share/wazuh-indexer/opensearch.yml
+    chmod 600 /usr/share/wazuh-indexer/opensearch.yml && \
+    chmod 0600 /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh
 
 USER wazuh-indexer
 

build-docker-images/wazuh-indexer/config/config.sh

@@ -22,7 +22,7 @@ export REPO_DIR=/unattended_installer
 rm -rf ${INSTALLATION_DIR}/
 
 ## variables
-REPOSITORY="packages.wazuh.com/4.x"
+REPOSITORY="packages.wazuh.com"
 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
 MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
 MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
@@ -33,19 +33,19 @@ MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
 
 ## check version to use the correct repository
 if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
-  REPOSITORY="packages-dev.wazuh.com/pre-release"
+  REPOSITORY="packages-dev.wazuh.com"
 elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
   if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
-    REPOSITORY="packages-dev.wazuh.com/pre-release"
+    REPOSITORY="packages-dev.wazuh.com"
   elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
     if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
-      REPOSITORY="packages-dev.wazuh.com/pre-release"
+      REPOSITORY="packages-dev.wazuh.com"
     fi
   fi
 fi
 
 
-curl -o ${INDEXER_FILE} https://${REPOSITORY}/stack/indexer/${BASE_FILE}
+wget -O ${INDEXER_FILE} https://${REPOSITORY}/stack/indexer/base/${BASE_FILE}
 tar -xf ${INDEXER_FILE}
 
 ## TOOLS
@@ -53,8 +53,8 @@ tar -xf ${INDEXER_FILE}
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.4/
+PACKAGES_URL=https://packages.wazuh.com/4.3/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.4/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.3/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

build-docker-images/wazuh-indexer/config/entrypoint.sh

@@ -84,10 +84,10 @@ if [[ "$(id -u)" == "0" ]]; then
 fi
 
 
-#if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then
+if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then
   # run securityadmin.sh for single node with CACERT, CERT and KEY parameter
-#  nohup /securityadmin.sh &
+  nohup /securityadmin.sh &
-#  touch "/var/lib/wazuh-indexer/.flag"
+  touch "/var/lib/wazuh-indexer/.flag"
-#fi
+fi
 
 run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD"

build-docker-images/wazuh-indexer/config/opensearch.yml

@@ -4,12 +4,12 @@ path.data: /var/lib/wazuh-indexer
 path.logs: /var/log/wazuh-indexer
 discovery.type: single-node
 compatibility.override_main_response_version: true
-plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/indexer.pem
-plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/indexer-key.pem
-plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/indexer-key.pem
-plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false

build-docker-images/wazuh-manager/Dockerfile

@@ -5,7 +5,7 @@ RUN rm /bin/sh && ln -s /bin/bash /bin/sh
 
 ARG WAZUH_VERSION
 ARG WAZUH_TAG_REVISION
-ARG TEMPLATE_VERSION=4.4
+ARG TEMPLATE_VERSION=4.3
 ARG FILEBEAT_CHANNEL=filebeat-oss
 ARG FILEBEAT_VERSION=7.10.2
 ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.2.tar.gz"
@@ -18,7 +18,10 @@ RUN chmod 775 /check_repository.sh
 RUN source /check_repository.sh
 
 RUN apt-get update && \
-    apt-get install wazuh-manager=${WAZUH_VERSION}-${WAZUH_TAG_REVISION}
+    apt-get install wget && \
+    wget https://packages.wazuh.com/custom/4.3.11/deb/var/wazuh-manager_4.3.11-1_amd64.deb && \
+    apt-get install ./wazuh-manager_4.3.11-1_amd64.deb && \
+    rm -f wazuh-manager_4.3.11-1_amd64.deb
 
 RUN curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb &&\
     dpkg -i ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && \

indexer-certs-creator/config/entrypoint.sh

@@ -8,8 +8,8 @@
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.4/
+PACKAGES_URL=https://packages.wazuh.com/4.3/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.4/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.3/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

multi-node/Migration-to-Wazuh-4.3.md

@@ -1,6 +1,6 @@
 # Opendistro data migration to Wazuh indexer on docker.
 This procedure explains how to migrate Opendistro data from Opendistro to Wazuh indexer in docker production deployments.
-The example is migrating from v4.2 to v4.4.
+The example is migrating from v4.2 to v4.3.
 
 ## Procedure
 Assuming that you have a v4.2 production deployment, perform the following steps.
@@ -350,9 +350,9 @@ docker container run --rm -it \
            alpine ash -c "cd /from ; cp -avp . /to"
 ```
 
-**7. Start the 4.4 environment.**
+**7. Start the 4.3 environment.**
 ```
-git checkout 4.4
+git checkout 4.3
 cd multi-node
 docker-compose -f generate-indexer-certs.yml run --rm generator
 docker-compose up -d

multi-node/docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh.master:
-    image: wazuh/wazuh-manager:4.4.5
+    image: wazuh/wazuh-manager:4.3.11-dev
     hostname: wazuh.master
     restart: always
     ports:
@@ -38,7 +38,7 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.worker:
-    image: wazuh/wazuh-manager:4.4.5
+    image: wazuh/wazuh-manager:4.3.11-dev
     hostname: wazuh.worker
     restart: always
     environment:
@@ -67,7 +67,7 @@ services:
       - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh1.indexer:
-    image: wazuh/wazuh-indexer:4.4.5
+    image: wazuh/wazuh-indexer:4.3.11-dev
     hostname: wazuh1.indexer
     restart: always
     ports:
@@ -93,7 +93,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh2.indexer:
-    image: wazuh/wazuh-indexer:4.4.5
+    image: wazuh/wazuh-indexer:4.3.11-dev
     hostname: wazuh2.indexer
     restart: always
     environment:
@@ -115,7 +115,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh3.indexer:
-    image: wazuh/wazuh-indexer:4.4.5
+    image: wazuh/wazuh-indexer:4.3.11-dev
     hostname: wazuh3.indexer
     restart: always
     environment:
@@ -137,7 +137,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.4.5
+    image: wazuh/wazuh-dashboard:4.3.11-dev
     hostname: wazuh.dashboard
     restart: always
     ports:
@@ -147,8 +147,6 @@ services:
       - WAZUH_API_URL="https://wazuh.master"
       - API_USERNAME=wazuh-wui
       - API_PASSWORD=MyS3cr37P450r.*-
-      - DASHBOARD_USERNAME=kibanaserver
-      - DASHBOARD_PASSWORD=kibanaserver
     volumes:
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem

single-node/config/wazuh_cluster/wazuh_manager.conf

@@ -331,11 +331,11 @@
     <name>wazuh</name>
     <node_name>node01</node_name>
     <node_type>master</node_type>
-    <key>aa093264ef885029653eea20dfcf51ae</key>
+    <key></key>
     <port>1516</port>
     <bind_addr>0.0.0.0</bind_addr>
     <nodes>
-        <node>wazuh.manager</node>
+        <node>NODE_IP</node>
     </nodes>
     <hidden>no</hidden>
     <disabled>yes</disabled>

single-node/config/wazuh_indexer/wazuh.indexer.yml

@@ -3,15 +3,13 @@ node.name: "wazuh.indexer"
 path.data: /var/lib/wazuh-indexer
 path.logs: /var/log/wazuh-indexer
 discovery.type: single-node
-http.port: 9200-9299
-transport.tcp.port: 9300-9399
 compatibility.override_main_response_version: true
-plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false

single-node/docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh.manager:
-    image: wazuh/wazuh-manager:4.4.5
+    image: wazuh/wazuh-manager:4.3.11-dev
     hostname: wazuh.manager
     restart: always
     ports:
@@ -39,7 +39,7 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.indexer:
-    image: wazuh/wazuh-indexer:4.4.5
+    image: wazuh/wazuh-indexer:4.3.11-dev
     hostname: wazuh.indexer
     restart: always
     ports:
@@ -64,7 +64,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.4.5
+    image: wazuh/wazuh-dashboard:4.3.11-dev
     hostname: wazuh.dashboard
     restart: always
     ports:
@@ -73,8 +73,6 @@ services:
       - INDEXER_USERNAME=admin
       - INDEXER_PASSWORD=SecretPassword
       - WAZUH_API_URL=https://wazuh.manager
-      - DASHBOARD_USERNAME=kibanaserver
-      - DASHBOARD_PASSWORD=kibanaserver
       - API_USERNAME=wazuh-wui
       - API_PASSWORD=MyS3cr37P450r.*-
     volumes: