Add Changelog

Delete service tag and modifiy docker-compose execution for a new version
2025-10-23 04:51:57 +00:00 · 2024-12-02 10:42:58 -03:00 · 2024-12-02 10:40:05 -03:00 · 2024-12-02 10:30:09 -03:00 · 2024-11-04 16:05:40 -03:00 · 2024-10-17 13:06:55 -03:00
36 changed files with 849 additions and 666 deletions
--- a/.env
+++ b/.env
@@ -1,6 +1,6 @@
-WAZUH_VERSION=4.10.2
-WAZUH_IMAGE_VERSION=4.10.2
+WAZUH_VERSION=5.0.0
+WAZUH_IMAGE_VERSION=5.0.0
 WAZUH_TAG_REVISION=1
-FILEBEAT_TEMPLATE_BRANCH=4.10.2
+FILEBEAT_TEMPLATE_BRANCH=5.0.0
 WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz
 WAZUH_UI_REVISION=1
--- a/.github/.goss.yaml
+++ b/.github/.goss.yaml
@@ -56,7 +56,7 @@ package:
  wazuh-manager:
    installed: true
    versions:
-    - 4.10.2-1
+    - 5.0.0-1
 port:
  tcp:1514:
    listening: true
--- a/.github/workflows/Procedure_push_docker_images.yml
+++ b/.github/workflows/Procedure_push_docker_images.yml
@@ -6,11 +6,11 @@ on:
    inputs:
      image_tag:
        description: 'Docker image tag'
-        default: '4.10.2'
+        default: '5.0.0'
        required: true
      docker_reference:
        description: 'wazuh-docker reference'
-        default: 'v4.10.2'
+        default: 'v5.0.0'
        required: true
      PRODUCTS:
        description: 'Comma-separated list of the image names to build and push'
@@ -42,12 +42,12 @@ on:
    inputs:
      image_tag:
        description: 'Docker image tag'
-        default: '4.10.0'
+        default: '5.0.0'
        required: true
        type: string
      docker_reference:
        description: 'wazuh-docker reference'
-        default: 'v4.10.0'
+        default: 'v5.0.0'
        required: false
        type: string
      products:
@@ -116,12 +116,6 @@ jobs:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_PASSWORD }}

-    - name: Install Docker Compose
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y docker-compose
-        echo "Installed Docker Compose version: $(docker-compose --version)"
-
    - name: Build Wazuh images
      run: |
        IMAGE_TAG=${{ inputs.image_tag }}
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -10,11 +10,6 @@ jobs:
    - name: Check out code
      uses: actions/checkout@v3

-    - name: Install docker-compose
-      run: |
-        curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-        chmod +x /usr/local/bin/docker-compose
-
    - name: Build Wazuh images
      run: build-docker-images/build-images.sh

@@ -27,6 +22,7 @@ jobs:
        docker save wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar
        docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar
        docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
+        docker save wazuh/wazuh-cert-tool:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar

    - name: Temporarily save Wazuh manager Docker image
      uses: actions/upload-artifact@v3
@@ -49,6 +45,13 @@ jobs:
        path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
        retention-days: 1

+    - name: Temporarily save Wazuh Cert Tool Docker image
+      uses: actions/upload-artifact@v3
+      with:
+        name: docker-artifact-cert-tool
+        path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar
+        retention-days: 1
+
    - name: Install Goss
      uses: e1himself/goss-installation-action@v1.0.3
      with:
@@ -68,11 +71,6 @@ jobs:
    - name: Check out code
      uses: actions/checkout@v3

-    - name: Install docker-compose
-      run: |
-        curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-        chmod +x /usr/local/bin/docker-compose
-
    - name: Create enviroment variables
      run: cat .env > $GITHUB_ENV

@@ -91,18 +89,25 @@ jobs:
      with:
        name: docker-artifact-dashboard

+    - name: Retrieve saved Wazuh Cert Tool Docker image
+      uses: actions/download-artifact@v3
+      with:
+        name: docker-artifact-cert-tool
+
    - name: Docker load
      run: |
        docker load --input ./wazuh-indexer.tar
        docker load --input ./wazuh-dashboard.tar
        docker load --input ./wazuh-manager.tar
+        docker load --input ./wazuh-cert-tool.tar
+        rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar


    - name: Create single node certficates
-      run: docker-compose -f single-node/generate-indexer-certs.yml run --rm generator
+      run: docker compose -f single-node/generate-certs.yml run --rm generator

    - name: Start single node stack
-      run: docker-compose -f single-node/docker-compose.yml up -d
+      run: docker compose -f single-node/docker-compose.yml up -d

    - name: Check Wazuh indexer start
      run: |
@@ -196,11 +201,6 @@ jobs:
    - name: Check out code
      uses: actions/checkout@v3

-    - name: Install docker-compose
-      run: |
-        curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-        chmod +x /usr/local/bin/docker-compose
-
    - name: Create enviroment variables
      run: cat .env > $GITHUB_ENV

@@ -227,18 +227,24 @@ jobs:
      with:
        name: docker-artifact-indexer

+    - name: Retrieve saved Wazuh Cert Tool Docker image
+      uses: actions/download-artifact@v3
+      with:
+        name: docker-artifact-cert-tool
+
    - name: Docker load
      run: |
-        docker load --input ./wazuh-manager.tar
        docker load --input ./wazuh-indexer.tar
        docker load --input ./wazuh-dashboard.tar
-        rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar
+        docker load --input ./wazuh-manager.tar
+        docker load --input ./wazuh-cert-tool.tar
+        rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar

    - name: Create multi node certficates
-      run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator
+      run: docker compose -f multi-node/generate-certs.yml run --rm generator

    - name: Start multi node stack
-      run: docker-compose -f multi-node/docker-compose.yml up -d
+      run: docker compose -f multi-node/docker-compose.yml up -d

    - name: Check Wazuh indexer start
      run: |
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,25 @@
 # Change Log
 All notable changes to this project will be documented in this file.

+## [5.0.0]
+
+### Added
+
+- none
+
+### Changed
+
+- Delete service tag and modifiy docker-compose execution for a new version ([#1632](https://github.com/wazuh/wazuh-docker/pull/1632))
+- Remove deprecated attribute version in docker-compose.yml ([#1595](https://github.com/wazuh/wazuh-docker/pull/1595)) by https://github.com/h3ssan
+
+### Fixed
+
+- None
+
+### Deleted
+
+- None
+
 ## [4.10.2]

 ### Added
--- a/README.md
+++ b/README.md
@@ -168,7 +168,6 @@ WAZUH_MONITORING_REPLICAS=0         ##
    └── VERSION


-
 ## Branches

 * `master` branch contains the latest code, be aware of possible bugs on this branch.
@@ -178,6 +177,7 @@ WAZUH_MONITORING_REPLICAS=0         ##

 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
+| v5.0.0        |         |        |
 | v4.10.2       |         |        |
 | v4.10.1       |         |        |
 | v4.10.0       |         |        |
--- a/4
+++ b/4
@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.10.2"
-REVISION="41020"
+WAZUH-DOCKER_VERSION="5.0.0"
+REVISION="50000"
--- a/build-docker-images/README.md
+++ b/build-docker-images/README.md
@@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im
 The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:

 ```
-$ build-docker-images/build-images.sh -v 4.10.2
+$ build-docker-images/build-images.sh -v 5.0.0
 ```

 To get all the available script options use the -h or --help option:
@@ -26,7 +26,7 @@ Usage: build-docker-images/build-images.sh [OPTIONS]
    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
    -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default 0.4.
    -r, --revision <rev>         [Optional] Package revision. By default 1
-    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 4.10.2.
+    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 5.0.0.
    -h, --help                   Show this help.

 ```
--- a/build-docker-images/build-images.sh
+++ b/build-docker-images/build-images.sh
@@ -1,4 +1,4 @@
-WAZUH_IMAGE_VERSION=4.10.2
+WAZUH_IMAGE_VERSION=5.0.0
 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
 WAZUH_TAG_REVISION=1
 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
@@ -12,7 +12,7 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
 # License (version 2) as published by the FSF - Free Software
 # Foundation.

-WAZUH_IMAGE_VERSION="4.10.2"
+WAZUH_IMAGE_VERSION="5.0.0"
 WAZUH_TAG_REVISION="1"
 WAZUH_DEV_STAGE=""
 FILEBEAT_MODULE_VERSION="0.4"
@@ -70,7 +70,8 @@ build() {
    echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> .env
    echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env

-    docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache || clean 1
+    docker compose -f build-docker-images/build-images.yml --env-file .env build --no-cache
+    docker build -t wazuh/wazuh-cert-tool:$WAZUH_IMAGE_VERSION build-docker-images/cert-tool-image/

    return 0
 }
--- a/build-docker-images/build-images.yml
+++ b/build-docker-images/build-images.yml
@@ -1,6 +1,4 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-version: '3.7'
-
 services:
  wazuh.manager:
    build:
--- a/build-docker-images/wazuh-cert-tool/Dockerfile
+++ b/build-docker-images/wazuh-cert-tool/Dockerfile
@@ -1,7 +1,8 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-FROM ubuntu:focal
+FROM amazonlinux:2023

-RUN apt-get update && apt-get install openssl curl -y
+RUN yum install curl-minimal openssl -y &&\
+yum clean all

 WORKDIR /

--- a/build-docker-images/wazuh-cert-tool/config/entrypoint.sh
+++ b/build-docker-images/wazuh-cert-tool/config/entrypoint.sh
@@ -8,8 +8,8 @@
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.10/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.10/
+PACKAGES_URL=https://packages.wazuh.com/5.0/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/

 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
--- a/build-docker-images/wazuh-dashboard/Dockerfile
+++ b/build-docker-images/wazuh-dashboard/Dockerfile
@@ -85,6 +85,15 @@ COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
 RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom

+# Set $JAVA_HOME
+RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
+    echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
+ENV JAVA_HOME=$INSTALL_DIR/jdk
+ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
+
+# Add k-NN lib directory to library loading path variable
+ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
+
 # Set workdir and user
 WORKDIR $INSTALL_DIR
 USER wazuh-dashboard
@@ -93,3 +102,5 @@ USER wazuh-dashboard
 EXPOSE 443

 ENTRYPOINT [ "/entrypoint.sh" ]
+
+CMD ["opensearch-dashboards"]
--- a/build-docker-images/wazuh-dashboard/config/config.sh
+++ b/build-docker-images/wazuh-dashboard/config/config.sh
@@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config

 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.10/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.10/
+PACKAGES_URL=https://packages.wazuh.com/5.0/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/

 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
@@ -34,8 +34,8 @@ chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
 mkdir -p ${CONFIG_DIR}/certs

 # Copy Wazuh dashboard certs to install config dir
-cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
-cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
+cp /wazuh-certificates/dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
+cp /wazuh-certificates/dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
 cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem

 chmod -R 500 ${CONFIG_DIR}/certs
--- a/build-docker-images/wazuh-dashboard/config/config.yml
+++ b/build-docker-images/wazuh-dashboard/config/config.yml
@@ -1,5 +1,5 @@
 nodes:
  # Wazuh dashboard server nodes
  dashboard:
-    - name: demo.dashboard
-      ip: demo.dashboard
+    - name: dashboard
+      ip: wazuh.dashboard
--- a/build-docker-images/wazuh-dashboard/config/entrypoint.sh
+++ b/build-docker-images/wazuh-dashboard/config/entrypoint.sh
@@ -2,6 +2,215 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)

 INSTALL_DIR=/usr/share/wazuh-dashboard
+export OPENSEARCH_DASHBOARDS_HOME=$INSTALL_DIR
+WAZUH_CONFIG_MOUNT=/wazuh-config-mount
+
+opensearch_dashboards_vars=(
+    console.enabled
+    console.proxyConfig
+    console.proxyFilter
+    ops.cGroupOverrides.cpuPath
+    ops.cGroupOverrides.cpuAcctPath
+    cpu.cgroup.path.override
+    cpuacct.cgroup.path.override
+    server.basePath
+    server.customResponseHeaders
+    server.compression.enabled
+    server.compression.referrerWhitelist
+    server.cors
+    server.cors.origin
+    server.defaultRoute
+    server.host
+    server.keepAliveTimeout
+    server.maxPayloadBytes
+    server.name
+    server.port
+    csp.rules
+    csp.strict
+    csp.warnLegacyBrowsers
+    data.search.usageTelemetry.enabled
+    opensearch.customHeaders
+    opensearch.hosts
+    opensearch.logQueries
+    opensearch.memoryCircuitBreaker.enabled
+    opensearch.memoryCircuitBreaker.maxPercentage
+    opensearch.password
+    opensearch.pingTimeout
+    opensearch.requestHeadersWhitelist
+    opensearch.requestHeadersAllowlist
+    opensearch_security.multitenancy.enabled
+    opensearch_security.readonly_mode.roles
+    opensearch.requestTimeout
+    opensearch.shardTimeout
+    opensearch.sniffInterval
+    opensearch.sniffOnConnectionFault
+    opensearch.sniffOnStart
+    opensearch.ssl.alwaysPresentCertificate
+    opensearch.ssl.certificate
+    opensearch.ssl.key
+    opensearch.ssl.keyPassphrase
+    opensearch.ssl.keystore.path
+    opensearch.ssl.keystore.password
+    opensearch.ssl.truststore.path
+    opensearch.ssl.truststore.password
+    opensearch.ssl.verificationMode
+    opensearch.username
+    i18n.locale
+    interpreter.enableInVisualize
+    opensearchDashboards.autocompleteTerminateAfter
+    opensearchDashboards.autocompleteTimeout
+    opensearchDashboards.defaultAppId
+    opensearchDashboards.index
+    logging.dest
+    logging.json
+    logging.quiet
+    logging.rotate.enabled
+    logging.rotate.everyBytes
+    logging.rotate.keepFiles
+    logging.rotate.pollingInterval
+    logging.rotate.usePolling
+    logging.silent
+    logging.useUTC
+    logging.verbose
+    map.includeOpenSearchMapsService
+    map.proxyOpenSearchMapsServiceInMaps
+    map.regionmap
+    map.tilemap.options.attribution
+    map.tilemap.options.maxZoom
+    map.tilemap.options.minZoom
+    map.tilemap.options.subdomains
+    map.tilemap.url
+    monitoring.cluster_alerts.email_notifications.email_address
+    monitoring.enabled
+    monitoring.opensearchDashboards.collection.enabled
+    monitoring.opensearchDashboards.collection.interval
+    monitoring.ui.container.opensearch.enabled
+    monitoring.ui.container.logstash.enabled
+    monitoring.ui.opensearch.password
+    monitoring.ui.opensearch.pingTimeout
+    monitoring.ui.opensearch.hosts
+    monitoring.ui.opensearch.username
+    monitoring.ui.opensearch.logFetchCount
+    monitoring.ui.opensearch.ssl.certificateAuthorities
+    monitoring.ui.opensearch.ssl.verificationMode
+    monitoring.ui.enabled
+    monitoring.ui.max_bucket_size
+    monitoring.ui.min_interval_seconds
+    newsfeed.enabled
+    ops.interval
+    path.data
+    pid.file
+    regionmap
+    security.showInsecureClusterWarning
+    server.rewriteBasePath
+    server.socketTimeout
+    server.customResponseHeaders
+    server.ssl.enabled
+    server.ssl.key
+    server.ssl.keyPassphrase
+    server.ssl.keystore.path
+    server.ssl.keystore.password
+    server.ssl.truststore.path
+    server.ssl.truststore.password
+    server.ssl.cert
+    server.ssl.certificate
+    server.ssl.certificateAuthorities
+    server.ssl.cipherSuites
+    server.ssl.clientAuthentication
+    opensearch.ssl.certificateAuthorities
+    server.ssl.redirectHttpFromPort
+    server.ssl.supportedProtocols
+    server.xsrf.disableProtection
+    server.xsrf.whitelist
+    status.allowAnonymous
+    status.v6ApiFormat
+    tilemap.options.attribution
+    tilemap.options.maxZoom
+    tilemap.options.minZoom
+    tilemap.options.subdomains
+    tilemap.url
+    timeline.enabled
+    vega.enableExternalUrls
+    apm_oss.apmAgentConfigurationIndex
+    apm_oss.indexPattern
+    apm_oss.errorIndices
+    apm_oss.onboardingIndices
+    apm_oss.spanIndices
+    apm_oss.sourcemapIndices
+    apm_oss.transactionIndices
+    apm_oss.metricsIndices
+    telemetry.allowChangingOptInStatus
+    telemetry.enabled
+    telemetry.optIn
+    telemetry.optInStatusUrl
+    telemetry.sendUsageFrom
+    vis_builder.enabled
+    data_source.enabled
+    data_source.encryption.wrappingKeyName
+    data_source.encryption.wrappingKeyNamespace
+    data_source.encryption.wrappingKey
+    data_source.audit.enabled
+    data_source.audit.appender.kind
+    data_source.audit.appender.path
+    data_source.audit.appender.layout.kind
+    data_source.audit.appender.layout.highlight
+    data_source.audit.appender.layout.pattern
+    ml_commons_dashboards.enabled
+    assistant.chat.enabled
+    observability.query_assist.enabled
+    uiSettings.overrides.defaultRoute
+)
+
+print() {
+  echo -e $1
+}
+
+error_and_exit() {
+  echo "Error executing command: '$1'."
+  echo 'Exiting.'
+  exit 1
+}
+
+exec_cmd() {
+  eval $1 > /dev/null 2>&1 || error_and_exit "$1"
+}
+
+exec_cmd_stdout() {
+  eval $1 2>&1 || error_and_exit "$1"
+}
+
+function runOpensearchDashboards {
+    touch $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
+      for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
+        env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)
+        value=${!env_var}
+        if [[ -n $value ]]; then
+          longoptfile="${opensearch_dashboards_var}: ${value}"
+          if grep -q $opensearch_dashboards_var $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml; then
+            sed -i "/${opensearch_dashboards_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
+          else
+            echo $longoptfile >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
+          fi
+        fi
+      done
+
+    umask 0002
+
+    /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml \
+        --cpu.cgroup.path.override=/ \
+        --cpuacct.cgroup.path.override=/
+}
+
+mount_files() {
+  if [ -e $WAZUH_CONFIG_MOUNT/* ]
+  then
+    print "Identified Wazuh cdashboard onfiguration files to mount..."
+    exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $INSTALL_DIR"
+  else
+    print "No Wazuh dashboard configuration files to mount..."
+  fi
+}
+
 DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
 DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"

@@ -17,4 +226,14 @@ echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add o

 /wazuh_app_config.sh $WAZUH_UI_REVISION

-/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+mount_files
+
+if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
+    set -- opensearch-dashboards "$@"
+fi
+
+if [ "$1" = "opensearch-dashboards" ]; then
+    runOpensearchDashboards "$@"
+else
+    exec "$@"
+fi
--- a/build-docker-images/wazuh-indexer/Dockerfile
+++ b/build-docker-images/wazuh-indexer/Dockerfile
@@ -19,14 +19,6 @@ COPY config/config.sh .

 COPY config/config.yml /

-COPY config/action_groups.yml /
-
-COPY config/internal_users.yml /
-
-COPY config/roles_mapping.yml /
-
-COPY config/roles.yml /
-
 RUN bash config.sh

 ################################################################################
@@ -43,6 +35,15 @@ ENV USER="wazuh-indexer" \
    NAME="wazuh-indexer" \
    INSTALL_DIR="/usr/share/wazuh-indexer"

+# Set $JAVA_HOME
+RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
+    echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
+ENV JAVA_HOME="$INSTALL_DIR/jdk"
+ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
+
+# Add k-NN lib directory to library loading path variable
+ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
+
 RUN yum install curl-minimal shadow-utils findutils hostname -y

 RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
--- a/build-docker-images/wazuh-indexer/config/action_groups.yml
+++ b/build-docker-images/wazuh-indexer/config/action_groups.yml
@@ -1,12 +0,0 @@
---
-_meta:
-  type: "actiongroups"
-  config_version: 2
-
-# ISM API permissions group
-manage_ism:
-  reserved: true
-  hidden: false
-  allowed_actions:
-  - "cluster:admin/opendistro/ism/*"
-  static: false
--- a/build-docker-images/wazuh-indexer/config/config.sh
+++ b/build-docker-images/wazuh-indexer/config/config.sh
@@ -22,8 +22,8 @@ export REPO_DIR=/unattended_installer
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.10/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.10/
+PACKAGES_URL=https://packages.wazuh.com/5.0/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/

 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
--- a/build-docker-images/wazuh-indexer/config/entrypoint.sh
+++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh
@@ -7,12 +7,272 @@ umask 0002
 export USER=wazuh-indexer
 export INSTALLATION_DIR=/usr/share/wazuh-indexer
 export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}
-export JAVA_HOME=${INSTALLATION_DIR}/jdk
-export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
 export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
 export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem"
 export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem"

+opensearch_vars=(
+    cluster.name
+    node.name
+    node.roles
+    path.data
+    path.logs
+    bootstrap.memory_lock
+    network.host
+    http.port
+    transport.port
+    network.bind_host
+    network.publish_host
+    transport.tcp.port
+    compatibility.override_main_response_version
+    http.host
+    http.bind_host
+    http.publish_host
+    http.compression
+    transport.host
+    transport.bind_host
+    transport.publish_host
+    discovery.seed_hosts
+    discovery.seed_providers
+    discovery.type
+    cluster.initial_cluster_manager_nodes
+    cluster.initial_master_nodes
+    node.max_local_storage_nodes
+    gateway.recover_after_nodes
+    gateway.recover_after_data_nodes
+    gateway.expected_data_nodes
+    gateway.recover_after_time
+    plugins.security.nodes_dn
+    plugins.security.nodes_dn_dynamic_config_enabled
+    plugins.security.authcz.admin_dn
+    plugins.security.roles_mapping_resolution
+    plugins.security.dls.mode
+    plugins.security.compliance.salt
+    config.dynamic.http.anonymous_auth_enabled
+    plugins.security.restapi.roles_enabled
+    plugins.security.restapi.password_validation_regex
+    plugins.security.restapi.password_validation_error_message
+    plugins.security.restapi.password_min_length
+    plugins.security.restapi.password_score_based_validation_strength
+    plugins.security.unsupported.restapi.allow_securityconfig_modification
+    plugins.security.authcz.impersonation_dn
+    plugins.security.authcz.rest_impersonation_user
+    plugins.security.allow_default_init_securityindex
+    plugins.security.allow_unsafe_democertificates
+    plugins.security.system_indices.permission.enabled
+    plugins.security.config_index_name
+    plugins.security.cert.oid
+    plugins.security.cert.intercluster_request_evaluator_class
+    plugins.security.enable_snapshot_restore_privilege
+    plugins.security.check_snapshot_restore_write_privileges
+    plugins.security.cache.ttl_minutes
+    plugins.security.protected_indices.enabled
+    plugins.security.protected_indices.roles
+    plugins.security.protected_indices.indices
+    plugins.security.system_indices.enabled
+    plugins.security.system_indices.indices
+    plugins.security.audit.enable_rest
+    plugins.security.audit.enable_transport
+    plugins.security.audit.resolve_bulk_requests
+    plugins.security.audit.config.disabled_categories
+    plugins.security.audit.ignore_requests
+    plugins.security.audit.threadpool.size
+    plugins.security.audit.threadpool.max_queue_len
+    plugins.security.audit.ignore_users
+    plugins.security.audit.type
+    plugins.security.audit.config.http_endpoints
+    plugins.security.audit.config.index
+    plugins.security.audit.config.type
+    plugins.security.audit.config.username
+    plugins.security.audit.config.password
+    plugins.security.audit.config.enable_ssl
+    plugins.security.audit.config.verify_hostnames
+    plugins.security.audit.config.enable_ssl_client_auth
+    plugins.security.audit.config.cert_alias
+    plugins.security.audit.config.pemkey_filepath
+    plugins.security.audit.config.pemkey_content
+    plugins.security.audit.config.pemkey_password
+    plugins.security.audit.config.pemcert_filepath
+    plugins.security.audit.config.pemcert_content
+    plugins.security.audit.config.pemtrustedcas_filepath
+    plugins.security.audit.config.pemtrustedcas_content
+    plugins.security.audit.config.webhook.url
+    plugins.security.audit.config.webhook.format
+    plugins.security.audit.config.webhook.ssl.verify
+    plugins.security.audit.config.webhook.ssl.pemtrustedcas_filepath
+    plugins.security.audit.config.webhook.ssl.pemtrustedcas_content
+    plugins.security.audit.config.log4j.logger_name
+    plugins.security.audit.config.log4j.level
+    opendistro_security.audit.config.disabled_rest_categories
+    opendistro_security.audit.config.disabled_transport_categories
+    plugins.security.ssl.transport.enforce_hostname_verification
+    plugins.security.ssl.transport.resolve_hostname
+    plugins.security.ssl.http.clientauth_mode
+    plugins.security.ssl.http.enabled_ciphers
+    plugins.security.ssl.http.enabled_protocols
+    plugins.security.ssl.transport.enabled_ciphers
+    plugins.security.ssl.transport.enabled_protocols
+    plugins.security.ssl.transport.keystore_type
+    plugins.security.ssl.transport.keystore_filepath
+    plugins.security.ssl.transport.keystore_alias
+    plugins.security.ssl.transport.keystore_password
+    plugins.security.ssl.transport.truststore_type
+    plugins.security.ssl.transport.truststore_filepath
+    plugins.security.ssl.transport.truststore_alias
+    plugins.security.ssl.transport.truststore_password
+    plugins.security.ssl.http.enabled
+    plugins.security.ssl.http.keystore_type
+    plugins.security.ssl.http.keystore_filepath
+    plugins.security.ssl.http.keystore_alias
+    plugins.security.ssl.http.keystore_password
+    plugins.security.ssl.http.truststore_type
+    plugins.security.ssl.http.truststore_filepath
+    plugins.security.ssl.http.truststore_alias
+    plugins.security.ssl.http.truststore_password
+    plugins.security.ssl.transport.enable_openssl_if_available
+    plugins.security.ssl.http.enable_openssl_if_available
+    plugins.security.ssl.transport.pemkey_filepath
+    plugins.security.ssl.transport.pemkey_password
+    plugins.security.ssl.transport.pemcert_filepath
+    plugins.security.ssl.transport.pemtrustedcas_filepath
+    plugins.security.ssl.http.pemkey_filepath
+    plugins.security.ssl.http.pemkey_password
+    plugins.security.ssl.http.pemcert_filepath
+    plugins.security.ssl.http.pemtrustedcas_filepath
+    plugins.security.ssl.transport.enabled
+    plugins.security.ssl.transport.client.pemkey_password
+    plugins.security.ssl.transport.keystore_keypassword
+    plugins.security.ssl.transport.server.keystore_keypassword
+    plugins.sercurity.ssl.transport.server.keystore_alias
+    plugins.sercurity.ssl.transport.client.keystore_alias
+    plugins.sercurity.ssl.transport.server.truststore_alias
+    plugins.sercurity.ssl.transport.client.truststore_alias
+    plugins.security.ssl.client.external_context_id
+    plugins.secuirty.ssl.transport.principal_extractor_class
+    plugins.security.ssl.http.crl.file_path
+    plugins.security.ssl.http.crl.validate
+    plugins.security.ssl.http.crl.prefer_crlfile_over_ocsp
+    plugins.security.ssl.http.crl.check_only_end_entitites
+    plugins.security.ssl.http.crl.disable_ocsp
+    plugins.security.ssl.http.crl.disable_crldp
+    plugins.security.ssl.allow_client_initiated_renegotiation
+    indices.breaker.total.use_real_memory
+    indices.breaker.total.limit
+    indices.breaker.fielddata.limit
+    indices.breaker.fielddata.overhead
+    indices.breaker.request.limit
+    indices.breaker.request.overhead
+    network.breaker.inflight_requests.limit
+    network.breaker.inflight_requests.overhead
+    cluster.routing.allocation.enable
+    cluster.routing.allocation.node_concurrent_incoming_recoveries
+    cluster.routing.allocation.node_concurrent_outgoing_recoveries
+    cluster.routing.allocation.node_concurrent_recoveries
+    cluster.routing.allocation.node_initial_primaries_recoveries
+    cluster.routing.allocation.same_shard.host
+    cluster.routing.rebalance.enable
+    cluster.routing.allocation.allow_rebalance
+    cluster.routing.allocation.cluster_concurrent_rebalance
+    cluster.routing.allocation.balance.shard
+    cluster.routing.allocation.balance.index
+    cluster.routing.allocation.balance.threshold
+    cluster.routing.allocation.balance.prefer_primary
+    cluster.routing.allocation.disk.threshold_enabled
+    cluster.routing.allocation.disk.watermark.low
+    cluster.routing.allocation.disk.watermark.high
+    cluster.routing.allocation.disk.watermark.flood_stage
+    cluster.info.update.interval
+    cluster.routing.allocation.shard_movement_strategy
+    cluster.blocks.read_only
+    cluster.blocks.read_only_allow_delete
+    cluster.max_shards_per_node
+    cluster.persistent_tasks.allocation.enable
+    cluster.persistent_tasks.allocation.recheck_interval
+    cluster.search.request.slowlog.threshold.warn
+    cluster.search.request.slowlog.threshold.info
+    cluster.search.request.slowlog.threshold.debug
+    cluster.search.request.slowlog.threshold.trace
+    cluster.search.request.slowlog.level
+    cluster.fault_detection.leader_check.timeout
+    cluster.fault_detection.follower_check.timeout
+    action.auto_create_index
+    action.destructive_requires_name
+    cluster.default.index.refresh_interval
+    cluster.minimum.index.refresh_interval
+    cluster.indices.close.enable
+    indices.recovery.max_bytes_per_sec
+    indices.recovery.max_concurrent_file_chunks
+    indices.recovery.max_concurrent_operations
+    indices.recovery.max_concurrent_remote_store_streams
+    indices.time_series_index.default_index_merge_policy
+    indices.fielddata.cache.size
+    index.number_of_shards
+    index.number_of_routing_shards
+    index.shard.check_on_startup
+    index.codec
+    index.codec.compression_level
+    index.routing_partition_size
+    index.soft_deletes.retention_lease.period
+    index.load_fixed_bitset_filters_eagerly
+    index.hidden
+    index.merge.policy
+    index.merge_on_flush.enabled
+    index.merge_on_flush.max_full_flush_merge_wait_time
+    index.merge_on_flush.policy
+    index.check_pending_flush.enabled
+    index.number_of_replicas
+    index.auto_expand_replicas
+    index.search.idle.after
+    index.refresh_interval
+    index.max_result_window
+    index.max_inner_result_window
+    index.max_rescore_window
+    index.max_docvalue_fields_search
+    index.max_script_fields
+    index.max_ngram_diff
+    index.max_shingle_diff
+    index.max_refresh_listeners
+    index.analyze.max_token_count
+    index.highlight.max_analyzed_offset
+    index.max_terms_count
+    index.max_regex_length
+    index.query.default_field
+    index.query.max_nested_depth
+    index.routing.allocation.enable
+    index.routing.rebalance.enable
+    index.gc_deletes
+    index.default_pipeline
+    index.final_pipeline
+    index.optimize_doc_id_lookup.fuzzy_set.enabled
+    index.optimize_doc_id_lookup.fuzzy_set.false_positive_probability
+    search.max_buckets
+    search.phase_took_enabled
+    search.allow_expensive_queries
+    search.default_allow_partial_results
+    search.cancel_after_time_interval
+    search.default_search_timeout
+    search.default_keep_alive
+    search.keep_alive_interval
+    search.max_keep_alive
+    search.low_level_cancellation
+    search.max_open_scroll_context
+    search.request_stats_enabled
+    search.highlight.term_vector_multi_value
+    snapshot.max_concurrent_operations
+    cluster.remote_store.translog.buffer_interval
+    remote_store.moving_average_window_size
+    opensearch.notifications.core.allowed_config_types
+    opensearch.notifications.core.email.minimum_header_length
+    opensearch.notifications.core.email.size_limit
+    opensearch.notifications.core.http.connection_timeout
+    opensearch.notifications.core.http.host_deny_list
+    opensearch.notifications.core.http.max_connection_per_route
+    opensearch.notifications.core.http.max_connections
+    opensearch.notifications.core.http.socket_timeout
+    opensearch.notifications.core.tooltip_support
+    opensearch.notifications.general.filter_by_backend_roles
+)
+
 run_as_other_user_if_needed() {
  if [[ "$(id -u)" == "0" ]]; then
    # If running as root, drop to specified UID and run command
@@ -24,6 +284,37 @@ run_as_other_user_if_needed() {
  fi
 }

+function buildOpensearchConfig {
+    echo "" >> $OPENSEARCH_PATH_CONF/opensearch.yml
+      for opensearch_var in ${opensearch_vars[*]}; do
+        env_var=$(echo ${opensearch_var^^} | tr . _)
+        value=${!env_var}
+        if [[ -n $value ]]; then
+          if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then
+            lineNum="$(grep -n "$opensearch_var" $OPENSEARCH_PATH_CONF/opensearch.yml | head -n 1 | cut -d: -f1)"
+            sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml
+            charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1)
+          fi
+          while :
+          do
+            case "$charline" in
+              "-"| "#" |" ") sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml;;
+              *) break;;
+            esac
+            charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1)
+          done
+          longoptfile="${opensearch_var}: ${value}"
+          if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then
+            sed -i "/${opensearch_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_PATH_CONF/opensearch.yml
+          else
+            echo $longoptfile >> $OPENSEARCH_PATH_CONF/opensearch.yml
+          fi
+        fi
+      done
+}
+
+buildOpensearchConfig
+
 # Allow user specify custom CMD, maybe bin/opensearch itself
 # for example to directly specify `-E` style parameters for opensearch on k8s
 # or simply to run /bin/bash to check the image
@@ -84,10 +375,4 @@ if [[ "$(id -u)" == "0" ]]; then
 fi


-#if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then
-  # run securityadmin.sh for single node with CACERT, CERT and KEY parameter
-#  nohup /securityadmin.sh &
-#  touch "/var/lib/wazuh-indexer/.flag"
-#fi
-
 run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD"
--- a/build-docker-images/wazuh-indexer/config/internal_users.yml
+++ b/build-docker-images/wazuh-indexer/config/internal_users.yml
@@ -1,74 +0,0 @@
---
-# This is the internal user database
-# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
-
-_meta:
-  type: "internalusers"
-  config_version: 2
-
-# Define your internal users here
-
-## Demo users
-
-admin:
-  hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG"
-  reserved: true
-  backend_roles:
-  - "admin"
-  description: "Demo admin user"
-
-kibanaserver:
-  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
-  reserved: true
-  description: "Demo kibanaserver user"
-
-kibanaro:
-  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
-  reserved: false
-  backend_roles:
-  - "kibanauser"
-  - "readall"
-  attributes:
-    attribute1: "value1"
-    attribute2: "value2"
-    attribute3: "value3"
-  description: "Demo kibanaro user"
-
-logstash:
-  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
-  reserved: false
-  backend_roles:
-  - "logstash"
-  description: "Demo logstash user"
-
-readall:
-  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
-  reserved: false
-  backend_roles:
-  - "readall"
-  description: "Demo readall user"
-
-snapshotrestore:
-  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
-  reserved: false
-  backend_roles:
-  - "snapshotrestore"
-  description: "Demo snapshotrestore user"
-
-wazuh_admin:
-  hash: "$2y$12$d2awHiOYvZjI88VfsDON.u6buoBol0gYPJEgdG1ArKVE0OMxViFfu"
-  reserved: true
-  hidden: false
-  backend_roles: []
-  attributes: {}
-  opendistro_security_roles: []
-  static: false
-  
-wazuh_user:
-  hash: "$2y$12$BQixeoQdRubZdVf/7sq1suHwiVRnSst1.lPI2M0.GPZms4bq2D9vO"
-  reserved: true
-  hidden: false
-  backend_roles: []
-  attributes: {}
-  opendistro_security_roles: []
-  static: false  
--- a/build-docker-images/wazuh-indexer/config/opensearch.yml
+++ b/build-docker-images/wazuh-indexer/config/opensearch.yml
@@ -1,26 +0,0 @@
-network.host: "0.0.0.0"
-node.name: "wazuh.indexer"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-discovery.type: single-node
-compatibility.override_main_response_version: true
-plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem
-plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem
-plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem
-plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
- "CN=demo.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
-plugins.security.system_indices.enabled: true
-plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
--- a/build-docker-images/wazuh-indexer/config/roles.yml
+++ b/build-docker-images/wazuh-indexer/config/roles.yml
@@ -1,171 +0,0 @@
-_meta:
-  type: "roles"
-  config_version: 2
-
-# Restrict users so they can only view visualization and dashboards on kibana
-kibana_read_only:
-  reserved: true
-
-# The security REST API access role is used to assign specific users access to change the security settings through the REST API.
-security_rest_api_access:
-  reserved: true
-
-# Allows users to view monitors, destinations and alerts
-alerting_read_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/alerting/alerts/get'
-    - 'cluster:admin/opendistro/alerting/destination/get'
-    - 'cluster:admin/opendistro/alerting/monitor/get'
-    - 'cluster:admin/opendistro/alerting/monitor/search'
-
-# Allows users to view and acknowledge alerts
-alerting_ack_alerts:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/alerting/alerts/*'
-
-# Allows users to use all alerting functionality
-alerting_full_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster_monitor'
-    - 'cluster:admin/opendistro/alerting/*'
-  index_permissions:
-    - index_patterns:
-        - '*'
-      allowed_actions:
-        - 'indices_monitor'
-        - 'indices:admin/aliases/get'
-        - 'indices:admin/mappings/get'
-
-# Allow users to read Anomaly Detection detectors and results
-anomaly_read_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/ad/detector/info'
-    - 'cluster:admin/opendistro/ad/detector/search'
-    - 'cluster:admin/opendistro/ad/detectors/get'
-    - 'cluster:admin/opendistro/ad/result/search'
-    - 'cluster:admin/opendistro/ad/tasks/search'
-
-# Allows users to use all Anomaly Detection functionality
-anomaly_full_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster_monitor'
-    - 'cluster:admin/opendistro/ad/*'
-  index_permissions:
-    - index_patterns:
-        - '*'
-      allowed_actions:
-        - 'indices_monitor'
-        - 'indices:admin/aliases/get'
-        - 'indices:admin/mappings/get'
-
-# Allows users to read Notebooks
-notebooks_read_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/notebooks/list'
-    - 'cluster:admin/opendistro/notebooks/get'
-
-# Allows users to all Notebooks functionality
-notebooks_full_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/notebooks/create'
-    - 'cluster:admin/opendistro/notebooks/update'
-    - 'cluster:admin/opendistro/notebooks/delete'
-    - 'cluster:admin/opendistro/notebooks/get'
-    - 'cluster:admin/opendistro/notebooks/list'
-
-# Allows users to read and download Reports
-reports_instances_read_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/reports/instance/list'
-    - 'cluster:admin/opendistro/reports/instance/get'
-    - 'cluster:admin/opendistro/reports/menu/download'
-
-# Allows users to read and download Reports and Report-definitions
-reports_read_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/reports/definition/get'
-    - 'cluster:admin/opendistro/reports/definition/list'
-    - 'cluster:admin/opendistro/reports/instance/list'
-    - 'cluster:admin/opendistro/reports/instance/get'
-    - 'cluster:admin/opendistro/reports/menu/download'
-
-# Allows users to all Reports functionality
-reports_full_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/reports/definition/create'
-    - 'cluster:admin/opendistro/reports/definition/update'
-    - 'cluster:admin/opendistro/reports/definition/on_demand'
-    - 'cluster:admin/opendistro/reports/definition/delete'
-    - 'cluster:admin/opendistro/reports/definition/get'
-    - 'cluster:admin/opendistro/reports/definition/list'
-    - 'cluster:admin/opendistro/reports/instance/list'
-    - 'cluster:admin/opendistro/reports/instance/get'
-    - 'cluster:admin/opendistro/reports/menu/download'
-
-# Allows users to use all asynchronous-search functionality
-asynchronous_search_full_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/asynchronous_search/*'
-  index_permissions:
-    - index_patterns:
-        - '*'
-      allowed_actions:
-        - 'indices:data/read/search*'
-
-# Allows users to read stored asynchronous-search results
-asynchronous_search_read_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/asynchronous_search/get'
-
-wazuh_ui_user:
-  reserved: true
-  hidden: false
-  cluster_permissions: []
-  index_permissions:
-  - index_patterns:
-    - "wazuh-*"
-    dls: ""
-    fls: []
-    masked_fields: []
-    allowed_actions:
-    - "read"
-  tenant_permissions: []
-  static: false
-
-wazuh_ui_admin:
-  reserved: true
-  hidden: false
-  cluster_permissions: []
-  index_permissions:
-  - index_patterns:
-    - "wazuh-*"
-    dls: ""
-    fls: []
-    masked_fields: []
-    allowed_actions:
-    - "read"
-    - "delete"
-    - "manage"
-    - "index"
-  tenant_permissions: []
-  static: false
-
-# ISM API permissions role
-manage_ism:
-  reserved: true
-  hidden: false
-  cluster_permissions:
-  - "manage_ism"
-  static: false
--- a/build-docker-images/wazuh-indexer/config/roles_mapping.yml
+++ b/build-docker-images/wazuh-indexer/config/roles_mapping.yml
@@ -1,78 +0,0 @@
---
-# In this file users, backendroles and hosts can be mapped to Wazuh indexer Security roles.
-# Permissions for Wazuh indexer roles are configured in roles.yml
-
-_meta:
-  type: "rolesmapping"
-  config_version: 2
-
-# Define your roles mapping here
-
-## Demo roles mapping
-
-all_access:
-  reserved: false
-  backend_roles:
-  - "admin"
-  description: "Maps admin to all_access"
-
-own_index:
-  reserved: false
-  users:
-  - "*"
-  description: "Allow full access to an index named like the username"
-
-logstash:
-  reserved: false
-  backend_roles:
-  - "logstash"
-
-kibana_user:
-  reserved: false
-  backend_roles:
-  - "kibanauser"
-  users:
-  - "wazuh_user"
-  - "wazuh_admin"
-  description: "Maps kibanauser to kibana_user"
-
-readall:
-  reserved: false
-  backend_roles:
-  - "readall"
-
-manage_snapshots:
-  reserved: false
-  backend_roles:
-  - "snapshotrestore"
-
-kibana_server:
-  reserved: true
-  users:
-  - "kibanaserver"
-
-wazuh_ui_admin:
-  reserved: true
-  hidden: false
-  backend_roles: []
-  hosts: []
-  users:
-  - "wazuh_admin"
-  - "kibanaserver"
-  and_backend_roles: []
-
-wazuh_ui_user:
-  reserved: true
-  hidden: false
-  backend_roles: []
-  hosts: []
-  users:
-  - "wazuh_user"
-  and_backend_roles: []
-
-# ISM API permissions role mapping
-manage_ism:
-  reserved: true
-  hidden: false
-  users:
-  - "kibanaserver"
--- a/indexer-certs-creator/README.md
+++ b/indexer-certs-creator/README.md
@@ -1,9 +0,0 @@
-# Certificate creation image build
-
-The dockerfile hosted in this directory is used to build the image used to boot Wazuh's single node and multi node stacks.
-
-To create the image, the following command must be executed:
-
-```
-$ docker build -t wazuh/wazuh-certs-generator:0.0.1 .
-```
--- a/multi-node/Migration-to-Wazuh-4.4.md
+++ b/multi-node/Migration-to-Wazuh-4.4.md
@@ -354,7 +354,7 @@ docker container run --rm -it \
 ```
 git checkout 4.4
 cd multi-node
-docker-compose -f generate-indexer-certs.yml run --rm generator
+docker-compose -f generate-certs.yml run --rm generator
 docker-compose up -d
 ```

--- a/multi-node/README.md
+++ b/multi-node/README.md
@@ -1,6 +1,6 @@
 # Deploy Wazuh Docker in multi node configuration

-This deployment is defined in the `docker-compose.yml` file with two Wazuh manager containers, three Wazuh indexer containers, and one Wazuh dashboard container. It can be deployed by following these steps: 
+This deployment is defined in the `docker-compose.yml` file with two Wazuh manager containers, three Wazuh indexer containers, and one Wazuh dashboard container. It can be deployed by following these steps:

 1) Increase max_map_count on your host (Linux). This command must be run with root permissions:
 ```
@@ -8,18 +8,18 @@ $ sysctl -w vm.max_map_count=262144
 ```
 2) Run the certificate creation script:
 ```
-$ docker-compose -f generate-indexer-certs.yml run --rm generator
+$ docker compose -f generate-certs.yml run --rm generator
 ```
-3) Start the environment with docker-compose:
+3) Start the environment with docker compose:

 - In the foregroud:
 ```
-$ docker-compose up
+$ docker compose up
 ```

 - In the background:
 ```
-$ docker-compose up -d
+$ docker compose up -d
 ```


--- a/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml
+++ b/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml
@@ -1,12 +0,0 @@
-server.host: 0.0.0.0
-server.port: 5601
-opensearch.hosts: https://wazuh1.indexer:9200
-opensearch.ssl.verificationMode: certificate
-opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
-opensearch_security.multitenancy.enabled: false
-opensearch_security.readonly_mode.roles: ["kibana_read_only"]
-server.ssl.enabled: true
-server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
-server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
-opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
-uiSettings.overrides.defaultRoute: /app/wz-home
--- a/multi-node/config/wazuh_indexer/wazuh1.indexer.yml
+++ b/multi-node/config/wazuh_indexer/wazuh1.indexer.yml
@@ -1,38 +0,0 @@
-network.host: wazuh1.indexer
-node.name: wazuh1.indexer
-cluster.initial_master_nodes:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-cluster.name: "wazuh-cluster"
-discovery.seed_hosts:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-node.max_local_storage_nodes: "3"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
-plugins.security.allow_default_init_securityindex: true
-cluster.routing.allocation.disk.threshold_enabled: false
-compatibility.override_main_response_version: true
--- a/multi-node/config/wazuh_indexer/wazuh2.indexer.yml
+++ b/multi-node/config/wazuh_indexer/wazuh2.indexer.yml
@@ -1,38 +0,0 @@
-network.host: wazuh2.indexer
-node.name: wazuh2.indexer
-cluster.initial_master_nodes:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-cluster.name: "wazuh-cluster"
-discovery.seed_hosts:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-node.max_local_storage_nodes: "3"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
-plugins.security.allow_default_init_securityindex: true
-cluster.routing.allocation.disk.threshold_enabled: false
-compatibility.override_main_response_version: true
--- a/multi-node/config/wazuh_indexer/wazuh3.indexer.yml
+++ b/multi-node/config/wazuh_indexer/wazuh3.indexer.yml
@@ -1,38 +0,0 @@
-network.host: wazuh3.indexer
-node.name: wazuh3.indexer
-cluster.initial_master_nodes:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-cluster.name: "wazuh-cluster"
-discovery.seed_hosts:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-node.max_local_storage_nodes: "3"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
-plugins.security.allow_default_init_securityindex: true
-cluster.routing.allocation.disk.threshold_enabled: false
-compatibility.override_main_response_version: true
--- a/multi-node/docker-compose.yml
+++ b/multi-node/docker-compose.yml
@@ -3,7 +3,7 @@ version: '3.7'

 services:
  wazuh.master:
-    image: wazuh/wazuh-manager:4.10.2
+    image: wazuh/wazuh-manager:5.0.0
    hostname: wazuh.master
    restart: always
    ulimits:
@@ -18,15 +18,15 @@ services:
      - "514:514/udp"
      - "55000:55000"
    environment:
-      - INDEXER_URL=https://wazuh1.indexer:9200
-      - INDEXER_USERNAME=admin
-      - INDEXER_PASSWORD=SecretPassword
-      - FILEBEAT_SSL_VERIFICATION_MODE=full
-      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
-      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
-      - SSL_KEY=/etc/ssl/filebeat.key
-      - API_USERNAME=wazuh-wui
-      - API_PASSWORD=MyS3cr37P450r.*-
+      INDEXER_URL: https://wazuh1.indexer:9200
+      INDEXER_USERNAME: admin
+      INDEXER_PASSWORD: admin
+      FILEBEAT_SSL_VERIFICATION_MODE: full
+      SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
+      SSL_CERTIFICATE: /etc/ssl/filebeat.pem
+      SSL_KEY: /etc/ssl/filebeat.key
+      API_USERNAME: wazuh-wui
+      API_PASSWORD: MyS3cr37P450r.*-
    volumes:
      - master-wazuh-api-configuration:/var/ossec/api/configuration
      - master-wazuh-etc:/var/ossec/etc
@@ -45,7 +45,7 @@ services:
      - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf

  wazuh.worker:
-    image: wazuh/wazuh-manager:4.10.2
+    image: wazuh/wazuh-manager:5.0.0
    hostname: wazuh.worker
    restart: always
    ulimits:
@@ -56,13 +56,13 @@ services:
        soft: 655360
        hard: 655360
    environment:
-      - INDEXER_URL=https://wazuh1.indexer:9200
-      - INDEXER_USERNAME=admin
-      - INDEXER_PASSWORD=SecretPassword
-      - FILEBEAT_SSL_VERIFICATION_MODE=full
-      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
-      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
-      - SSL_KEY=/etc/ssl/filebeat.key
+      INDEXER_URL: https://wazuh1.indexer:9200
+      INDEXER_USERNAME: admin
+      INDEXER_PASSWORD: admin
+      FILEBEAT_SSL_VERIFICATION_MODE: full
+      SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
+      SSL_CERTIFICATE: /etc/ssl/filebeat.pem
+      SSL_KEY: /etc/ssl/filebeat.key
    volumes:
      - worker-wazuh-api-configuration:/var/ossec/api/configuration
      - worker-wazuh-etc:/var/ossec/etc
@@ -81,14 +81,9 @@ services:
      - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf

  wazuh1.indexer:
-    image: wazuh/wazuh-indexer:4.10.2
+    image: wazuh/wazuh-indexer:5.0.0
    hostname: wazuh1.indexer
    restart: always
-    ports:
-      - "9200:9200"
-    environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
-      - "bootstrap.memory_lock=true"
    ulimits:
      memlock:
        soft: -1
@@ -96,6 +91,38 @@ services:
      nofile:
        soft: 65536
        hard: 65536
+    ports:
+      - "9200:9200"
+    environment:
+      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
+      bootstrap.memory_lock: "true"
+      NETWORK_HOST: wazuh1.indexer
+      NODE_NAME: wazuh1.indexer
+      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      CLUSTER_NAME: "wazuh-cluster"
+      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      NODE_MAX_LOCAL_STORAGE_NODES: "3"
+      PATH_DATA: /var/lib/wazuh-indexer
+      PATH_LOGS: /var/log/wazuh-indexer
+      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
+      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key
+      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
+      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
+      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
+      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
+      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
+      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
+      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
+      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
+      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
+      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
+      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
+      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
    volumes:
      - wazuh-indexer-data-1:/var/lib/wazuh-indexer
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
@@ -103,16 +130,13 @@ services:
      - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
-      - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
-      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml

  wazuh2.indexer:
-    image: wazuh/wazuh-indexer:4.10.2
+    image: wazuh/wazuh-indexer:5.0.0
    hostname: wazuh2.indexer
    restart: always
-    environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
-      - "bootstrap.memory_lock=true"
    ulimits:
      memlock:
        soft: -1
@@ -120,21 +144,48 @@ services:
      nofile:
        soft: 65536
        hard: 65536
+    environment:
+      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
+      bootstrap.memory_lock: "true"
+      NETWORK_HOST: wazuh2.indexer
+      NODE_NAME: wazuh2.indexer
+      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      CLUSTER_NAME: "wazuh-cluster"
+      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      NODE_MAX_LOCAL_STORAGE_NODES: "3"
+      PATH_DATA: /var/lib/wazuh-indexer
+      PATH_LOGS: /var/log/wazuh-indexer
+      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
+      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key
+      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
+      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
+      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
+      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
+      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
+      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
+      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
+      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
+      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
+      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
+      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
+      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
    volumes:
      - wazuh-indexer-data-2:/var/lib/wazuh-indexer
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.key
      - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
-      - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
-      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml

  wazuh3.indexer:
-    image: wazuh/wazuh-indexer:4.10.2
+    image: wazuh/wazuh-indexer:5.0.0
    hostname: wazuh3.indexer
    restart: always
-    environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
-      - "bootstrap.memory_lock=true"
    ulimits:
      memlock:
        soft: -1
@@ -142,35 +193,84 @@ services:
      nofile:
        soft: 65536
        hard: 65536
+    environment:
+      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
+      bootstrap.memory_lock: "true"
+      NETWORK_HOST: wazuh3.indexer
+      NODE_NAME: wazuh3.indexer
+      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      CLUSTER_NAME: "wazuh-cluster"
+      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      NODE_MAX_LOCAL_STORAGE_NODES: "3"
+      PATH_DATA: /var/lib/wazuh-indexer
+      PATH_LOGS: /var/log/wazuh-indexer
+      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
+      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key
+      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
+      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
+      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
+      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
+      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
+      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
+      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
+      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
+      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
+      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
+      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
+      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
    volumes:
      - wazuh-indexer-data-3:/var/lib/wazuh-indexer
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.key
      - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
-      - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
-      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml

  wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.10.2
+    image: wazuh/wazuh-dashboard:5.0.0
    hostname: wazuh.dashboard
    restart: always
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
    ports:
      - 443:5601
    environment:
-      - OPENSEARCH_HOSTS="https://wazuh1.indexer:9200"
-      - WAZUH_API_URL="https://wazuh.master"
-      - API_USERNAME=wazuh-wui
-      - API_PASSWORD=MyS3cr37P450r.*-
-      - DASHBOARD_USERNAME=kibanaserver
-      - DASHBOARD_PASSWORD=kibanaserver
+      OPENSEARCH_HOSTS: "https://wazuh1.indexer:9200"
+      WAZUH_API_URL: "https://wazuh.master"
+      API_USERNAME: wazuh-wui
+      API_PASSWORD: MyS3cr37P450r.*-
+      DASHBOARD_USERNAME: kibanaserver
+      DASHBOARD_PASSWORD: kibanaserver
+      SERVER_HOST: "0.0.0.0"
+      SERVER_PORT: "5601"
+      OPENSEARCH_SSL_VERIFICATIONMODE: certificate
+      OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]'
+      OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false"
+      SERVER_SSL_ENABLED: "true"
+      OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]'
+      SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
+      SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
+      OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]'
+      UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home
    volumes:
+      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
+      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
-      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
-      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
-      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
+      #  if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
    depends_on:
      - wazuh1.indexer
    links:
--- a/multi-node/generate-indexer-certs.yml
+++ b/multi-node/generate-indexer-certs.yml
@@ -1,10 +1,9 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-version: '3'
-
 services:
  generator:
-    image: wazuh/wazuh-certs-generator:0.0.2
-    hostname: wazuh-certs-generator
+    image: wazuh/wazuh-cert-tool:5.0.0
+    hostname: wazuh-cert-tool
+    container_name: wazuh-cert-tool
    volumes:
      - ./config/wazuh_indexer_ssl_certs/:/certificates/
-      - ./config/certs.yml:/config/certs.yml
+      - ./config/certs.yml:/config/certs.yml
--- a/single-node/README.md
+++ b/single-node/README.md
@@ -8,17 +8,17 @@ $ sysctl -w vm.max_map_count=262144
 ```
 2) Run the certificate creation script:
 ```
-$ docker-compose -f generate-indexer-certs.yml run --rm generator
+$ docker compose -f generate-certs.yml run --rm generator
 ```
-3) Start the environment with docker-compose:
+3) Start the environment with docker compose:

 - In the foregroud:
 ```
-$ docker-compose up
+$ docker compose up
 ```
 - In the background:
 ```
-$ docker-compose up -d
+$ docker compose up -d
 ```

 The environment takes about 1 minute to get up (depending on your Docker host) for the first time since Wazuh Indexer must be started for the first time and the indexes and index patterns must be generated.
--- a/single-node/docker-compose.yml
+++ b/single-node/docker-compose.yml
@@ -3,7 +3,7 @@ version: '3.7'

 services:
  wazuh.manager:
-    image: wazuh/wazuh-manager:4.10.2
+    image: wazuh/wazuh-manager:5.0.0
    hostname: wazuh.manager
    restart: always
    ulimits:
@@ -19,15 +19,15 @@ services:
      - "514:514/udp"
      - "55000:55000"
    environment:
-      - INDEXER_URL=https://wazuh.indexer:9200
-      - INDEXER_USERNAME=admin
-      - INDEXER_PASSWORD=SecretPassword
-      - FILEBEAT_SSL_VERIFICATION_MODE=full
-      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
-      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
-      - SSL_KEY=/etc/ssl/filebeat.key
-      - API_USERNAME=wazuh-wui
-      - API_PASSWORD=MyS3cr37P450r.*-
+      INDEXER_URL: https://wazuh.indexer:9200
+      INDEXER_USERNAME: admin
+      INDEXER_PASSWORD: admin
+      FILEBEAT_SSL_VERIFICATION_MODE: full
+      SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
+      SSL_CERTIFICATE: /etc/ssl/filebeat.pem
+      SSL_KEY: /etc/ssl/filebeat.key
+      API_USERNAME: wazuh-wui
+      API_PASSWORD: MyS3cr37P450r.*-
    volumes:
      - wazuh_api_configuration:/var/ossec/api/configuration
      - wazuh_etc:/var/ossec/etc
@@ -46,13 +46,9 @@ services:
      - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf

  wazuh.indexer:
-    image: wazuh/wazuh-indexer:4.10.2
+    image: wazuh/wazuh-indexer:5.0.0
    hostname: wazuh.indexer
    restart: always
-    ports:
-      - "9200:9200"
-    environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
    ulimits:
      memlock:
        soft: -1
@@ -60,6 +56,37 @@ services:
      nofile:
        soft: 65536
        hard: 65536
+    ports:
+      - "9200:9200"
+    environment:
+      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
+      bootstrap.memory_lock: "true"
+      NODE_NAME: "wazuh.indexer"
+      CLUSTER_INITIAL_MASTER_NODES: "wazuh.indexer"
+      CLUSTER_NAME: "wazuh-cluster"
+      PATH_DATA: /var/lib/wazuh-indexer
+      PATH_LOGS: /var/log/wazuh-indexer
+      HTTP_PORT: 9200-9299
+      TRANSPORT_TCP_PORT: 9300-9399
+      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
+      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
+      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
+      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
+      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
+      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
+      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
+      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
+      PLUGINS_SECURITY_NODES_DN: "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
+      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
+      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
+      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
+      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
    volumes:
      - wazuh-indexer-data:/var/lib/wazuh-indexer
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
@@ -67,31 +94,49 @@ services:
      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
-      - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
-      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml

  wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.10.2
+    image: wazuh/wazuh-dashboard:5.0.0
    hostname: wazuh.dashboard
    restart: always
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
    ports:
      - 443:5601
    environment:
-      - INDEXER_USERNAME=admin
-      - INDEXER_PASSWORD=SecretPassword
-      - WAZUH_API_URL=https://wazuh.manager
-      - DASHBOARD_USERNAME=kibanaserver
-      - DASHBOARD_PASSWORD=kibanaserver
-      - API_USERNAME=wazuh-wui
-      - API_PASSWORD=MyS3cr37P450r.*-
+      WAZUH_API_URL: https://wazuh.manager
+      DASHBOARD_USERNAME: kibanaserver
+      DASHBOARD_PASSWORD: kibanaserver
+      API_USERNAME: wazuh-wui
+      API_PASSWORD: MyS3cr37P450r.*-
+      SERVER_HOST: 0.0.0.0
+      SERVER_PORT: 5601
+      OPENSEARCH_HOSTS: https://wazuh.indexer:9200
+      OPENSEARCH_SSL_VERIFICATIONMODE: certificate
+      OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]'
+      OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false"
+      SERVER_SSL_ENABLED: "true"
+      OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]'
+      SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
+      SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
+      OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]'
+      UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home
    volumes:
+      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
+      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
-      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
-      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
-      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
-      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
+      - ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml
+      #  if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml
    depends_on:
      - wazuh.indexer
    links:
--- a/single-node/generate-indexer-certs.yml
+++ b/single-node/generate-indexer-certs.yml
@@ -1,10 +1,10 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-version: '3'
-
 services:
  generator:
-    image: wazuh/wazuh-certs-generator:0.0.2
-    hostname: wazuh-certs-generator
+    image: wazuh/wazuh-cert-tool:5.0.0
+    hostname: wazuh-cert-tool
+    container_name: wazuh-cert-tool
    volumes:
      - ./config/wazuh_indexer_ssl_certs/:/certificates/
      - ./config/certs.yml:/config/certs.yml
+
Author	SHA1	Message	Date
vcerenu	e20e92e475	Add Changelog	2024-12-02 10:42:58 -03:00
vcerenu	61c32079fa	Add Changelog	2024-12-02 10:40:05 -03:00
vcerenu	5be199b9df	Delete service tag and modifiy docker-compose execution for a new version	2024-12-02 10:30:09 -03:00
Carlos Bordon	971858cddd	Merge pull request #1610 from wazuh/merge-4.10.2-into-master Merge 4.10.2 into master	2024-11-04 16:05:40 -03:00
Gonzalo Acuña	084530ef80	Merge pull request #1584 from wazuh/merge-4.10.2-into-master Merge 4.10.2 into master	2024-10-17 13:06:55 -03:00
vcerenu	69df531ca9	Resolve conflicts	2024-10-17 13:04:31 -03:00
Gonzalo Acuña	205983317f	Merge pull request #1521 from wazuh/maintenance/5651-merge-4.10.0-into-master Maintenance/5651 merge 4.10.0 into master	2024-09-10 11:36:17 -03:00
JESUS D. GARCIA	570bf081bc	Update default values in Procedure_push_docker_images.yml	2024-09-10 09:35:12 -05:00
Gonzalo Acuña	8522ec23b9	Merge pull request #1514 from wazuh/enhancement/1511-merge-4.10.0-into-master Merge 4.10.0 into master	2024-09-05 14:13:57 -03:00
David Correa Rodríguez	4f4edab1a9	Merge pull request #1496 from wazuh/merge-4.10.0-into-master Merge 4.10.0 into master	2024-08-21 12:48:11 +02:00
David Correa Rodríguez	d5a60b7264	Merge branch '4.10.0' into merge-4.10.0-into-master	2024-08-21 12:30:00 +02:00
Carlos Bordon	39554677bf	Merge pull request #1459 from wazuh/merge-4.10.0-into-master Merge 4.10.0 into master	2024-07-19 10:39:37 -03:00
David Correa Rodríguez	1a1bc2d72b	Merge branch 'master' into merge-4.10.0-into-master	2024-07-19 15:38:49 +02:00
Carlos Bordon	34bd04e5fc	Merge pull request #1462 from wazuh/revert-1451-maintenance/1445-revert-merge-4.9.0-into-master Revert "Revert merges of 4.9.0 branch into master branch"	2024-07-19 10:35:23 -03:00
Carlos Bordon	54b2d4ce33	Revert "Revert merges of 4.9.0 branch into master branch"	2024-07-19 10:34:13 -03:00
David Correa Rodríguez	096f0abb32	Merge branch '4.10.0' into merge-4.10.0-into-master	2024-07-19 13:19:41 +02:00
David Correa Rodríguez	8a1e5043c6	Merge pull request #1451 from wazuh/maintenance/1445-revert-merge-4.9.0-into-master Revert merges of 4.9.0 branch into master branch	2024-07-19 11:18:39 +02:00
David Correa Rodríguez	eded59bc25	Revert "Merge branch '4.9.0' into merge-4.9.0-into-master" This reverts commit `4923750ea4`, reversing changes made to `e1d70c35fe`.	2024-07-19 09:27:46 +02:00
David Correa Rodríguez	0110e696d0	Revert "Merge branch '4.9.0' into merge-4.9.0-into-master" This reverts commit `622c67d2cc`, reversing changes made to `55f209e57f`.	2024-07-19 09:27:32 +02:00
Carlos Bordon	6e30c077d6	Merge pull request #1450 from wazuh/merge-4.9.0-into-master Merge 4.9.0 into master	2024-07-18 10:35:54 -03:00
David Correa Rodríguez	622c67d2cc	Merge branch '4.9.0' into merge-4.9.0-into-master	2024-07-18 15:33:47 +02:00
David Correa Rodríguez	55f209e57f	Merge pull request #1447 from wazuh/merge-4.9.0-into-master Merge 4.9.0 into master	2024-07-18 15:03:02 +02:00
David Correa Rodríguez	4923750ea4	Merge branch '4.9.0' into merge-4.9.0-into-master	2024-07-18 14:48:50 +02:00
Gonzalo Acuña	e1d70c35fe	Merge pull request #1392 from wazuh/merge-4.9.0-into-master Merge 4.9.0 into master	2024-06-12 12:55:42 -03:00
Gonzalo Acuña	7eb5d0843c	Merge pull request #1385 from wazuh/enhancement/1256-wazuh-cert-tool Add Wazuh cert tool image build into Wazuh images build process	2024-06-12 07:09:12 -03:00
vcerenu	36e7160332	Add save and load process for Wazuh Cert Tool image	2024-06-11 10:19:50 -03:00
vcerenu	cf3eb61081	Add save and load process for Wazuh Cert Tool image	2024-06-11 10:16:22 -03:00
vcerenu	fda4a171f4	Add save and load process for Wazuh Cert Tool image	2024-06-11 10:14:19 -03:00
vcerenu	1e6f93b20a	Correct the name of the certificate generator script	2024-06-11 09:46:53 -03:00
vcerenu	aed1004471	Change the generator script in multi node deployment	2024-06-10 07:13:09 -03:00
vcerenu	450a59a7c8	Change the name dir to Wazuh cert tool Dockerfile	2024-06-10 07:11:20 -03:00
vcerenu	6d63befeb7	Modify yaml script name generator	2024-06-07 07:57:03 -03:00
vcerenu	1f32d2a358	Modify yaml script name generator	2024-06-07 07:42:13 -03:00
vcerenu	fc1ece705e	Add the build of Wazuh cert tool image to build image process	2024-06-07 05:44:14 -03:00
Gonzalo Acuña	4ba7cba72d	Merge pull request #1375 from wazuh/1371-merge-4.9.0-into-master Merge 4.9.0 into master	2024-05-31 12:41:01 -03:00
vcerenu	37918b47cd	Merge branch 'master' of github.com:wazuh/wazuh-docker into 4.9.0	2024-05-31 11:58:30 -03:00
Gonzalo Acuña	937b5fad87	Merge pull request #1312 from wazuh/461-conf-files-environment Add environment for configure wazuh indexer and dashboard files	2024-05-17 09:36:41 -03:00
Gonzalo Acuña	3d7c673671	Merge pull request #1327 from wazuh/merge-4.9.0-into-master Merge 4.9.0 into master	2024-04-30 08:21:30 -03:00
vcerenu	7ec98fedf9	correct environment settings in services	2024-04-24 05:57:27 -03:00
vcerenu	10f278cadb	add environment variables for configure wazuh indexer and dashboard files	2024-04-23 11:43:29 -03:00
Gonzalo Acuña	fa025c602e	Merge pull request #1292 from wazuh/enhancement/#1291-remove-commented-lines securityadmin commented lines in Wazuh indexer entrypoint removed	2024-04-09 10:22:32 -03:00
Carlos Anguita López	f4ccd4b0a6	Removed commented lines 87 to 91	2024-04-09 09:26:47 +02:00
David Correa Rodríguez	c95eb42902	Merge pull request #1285 from wazuh/merge-4.9.0-into-master Merge 4.9.0 into master	2024-04-01 11:31:30 +02:00
David Correa Rodríguez	f685bfaa9d	Merge branch 'master' into merge-4.9.0-into-master	2024-04-01 11:26:05 +02:00
David Correa Rodríguez	dc13ef3f72	Merge branch '4.9.0' into merge-4.9.0-into-master	2024-04-01 11:11:14 +02:00
Gonzalo Acuña	9918f95f3f	Merge pull request #1269 from wazuh/bug/1193-review-version-references-in-the-master-branch-5.0 Fixed references to 4.8 in `master`	2024-03-20 12:58:23 -03:00
David Correa Rodríguez	935aee6d2a	Fixed references to 4.8 in `master`	2024-03-19 11:39:01 +01:00
Gonzalo Acuña	e8d2463d99	Merge pull request #1251 from wazuh/merge-4.9.0-into-master Merge 4.9.0 into master	2024-03-04 13:47:24 -03:00
David Correa Rodríguez	4f0da7a58e	Merge branch '4.9.0' into merge-4.9.0-into-master	2024-03-04 17:44:19 +01:00
Gonzalo Acuña	799dadc1cf	Merge pull request #1243 from wazuh/merge-4.9.0-into-master Merge 4.9.0 into master	2024-03-01 15:55:14 -03:00
David Correa Rodríguez	b47361e4c9	Merge pull request #1207 from wazuh/bump-5.0.0 Bump version to 5.0.0	2024-02-13 10:37:26 +01:00
David Correa Rodríguez	d3d2ae7b86	Bump version to 5.0.0	2024-02-13 10:32:58 +01:00