Merge pull request #1896 from wazuh/enhancement/1892-bumper-6.0.0

Enhancement/1892 bumper 6.0.0
Conflicts resolution
2025-11-16 11:52:04 +00:00 · 2025-06-19 13:54:52 -03:00 · 2025-06-19 12:28:14 -03:00 · 2025-06-19 11:51:03 -03:00 · 2025-05-13 14:42:44 -03:00 · 2025-05-13 14:38:22 -03:00
76 changed files with 3013 additions and 971 deletions
--- a/.env
+++ b/.env
@@ -1,6 +1,6 @@
-WAZUH_VERSION=main
+WAZUH_VERSION=6.0.0
-WAZUH_IMAGE_VERSION=main
+WAZUH_IMAGE_VERSION=6.0.0
 WAZUH_TAG_REVISION=1
 FILEBEAT_TEMPLATE_BRANCH=6.0.0
 WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz
 WAZUH_UI_REVISION=1
 WAZUH_REGISTRY=docker.io
 IMAGE_TAG=main
--- a/.github/.goss.yaml
+++ b/.github/.goss.yaml
@@ -56,7 +56,7 @@ package:
  wazuh-manager:
    installed: true
    versions:
-    - 5.0.0
+    - 6.0.0
 port:
  tcp:1514:
    listening: true
--- a/.github/workflows/Procedure_push_docker_images.yml
+++ b/.github/workflows/Procedure_push_docker_images.yml
@@ -6,19 +6,28 @@ on:
    inputs:
      image_tag:
        description: 'Docker image tag'
-        default: '5.0.0'
+        default: '6.0.0'
        required: true
      docker_reference:
        description: 'wazuh-docker reference'
        required: true
      products:
        description: 'Comma-separated list of the image names to build and push'
        default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer,wazuh-agent'
        required: true
      filebeat_module_version:
        description: 'Filebeat module version'
        default: '0.4'
        required: true
      revision:
        description: 'Package revision'
        default: '1'
        required: true
-      reference:
+      push_images:
-        description: 'Dev reference'
+        description: 'Push images'
-        type: string
+        type: boolean
-        default: latest 
+        default: true
        required: true
      id:
        description: "ID used to identify the workflow uniquely."
        type: string
@@ -32,22 +41,33 @@ on:
    inputs:
      image_tag:
        description: 'Docker image tag'
-        default: '5.0.0'
+        default: '6.0.0'
        required: true
        type: string
      docker_reference:
        description: 'wazuh-docker reference'
        required: false
        type: string
      products:
        description: 'Comma-separated list of the image names to build and push'
        default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer,wazuh-agent'
        required: true
        type: string
      filebeat_module_version:
        description: 'Filebeat module version'
        default: '0.4'
        required: true
        type: string
      revision:
        description: 'Package revision'
        default: '1'
        required: true
        type: string
-      reference:
+      push_images:
-        description: 'Dev reference'
+        description: 'Push images'
-        type: string
+        type: boolean
-        default: latest 
+        default: true
        required: true
      id:
        description: "ID used to identify the workflow uniquely."
        type: string
@@ -62,15 +82,6 @@ jobs:
  build-and-push:
    runs-on: ubuntu-22.04
    permissions:
      id-token: write
      contents: read
    env:
      IMAGE_REGISTRY: ${{ inputs.dev && vars.IMAGE_REGISTRY_DEV || vars.IMAGE_REGISTRY_PROD }}
      IMAGE_TAG: ${{ inputs.image_tag }}
      REVISION: ${{ inputs.revision }}
    steps:
    - name: Print inputs
      run: |
@@ -85,9 +96,11 @@ jobs:
        echo "* id: ${{ inputs.id }}"
        echo "* image_tag: ${{ inputs.image_tag }}"
        echo "* docker_reference: ${{ inputs.docker_reference }}"
        echo "* products: ${{ inputs.products }}"
        echo "* filebeat_module_version: ${{ inputs.filebeat_module_version }}"
        echo "* revision: ${{ inputs.revision }}"
        echo "* push_images: ${{ inputs.push_images }}"
        echo "* dev: ${{ inputs.dev }}"
        echo "* dev reference: ${{ inputs.reference }}"
        echo "---------------------------------------------"
    - name: Checkout repository
@@ -95,82 +108,33 @@ jobs:
      with:
        ref: ${{ inputs.docker_reference }}
    - name: free disk space
      uses: ./.github/free-disk-space
    - name: Set up QEMU
      uses: docker/setup-qemu-action@v3
    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v3
    - name: Configure aws credentials
      if: ${{ inputs.dev == true }}
      uses: aws-actions/configure-aws-credentials@v4
      with:
        role-to-assume: ${{ secrets.AWS_IAM_DOCKER_ROLE }}
        aws-region: "${{ secrets.AWS_REGION }}"
    - name: Log in to Amazon ECR
      if: ${{ inputs.dev == true }}
      uses: aws-actions/amazon-ecr-login@v2
    - name: Log in to Docker Hub
      if: ${{ inputs.dev == false }}
      uses: docker/login-action@v3
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_PASSWORD }}
    - name: Create packages_url.txt file
      if : ${{ inputs.dev == true }}
      run: |
          cat << EOF > packages_url.txt
          wazuh_manager_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
          wazuh_manager_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
          wazuh_manager_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
          wazuh_manager_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
          wazuh_indexer_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
          wazuh_indexer_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
          wazuh_indexer_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
          wazuh_indexer_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
          wazuh_dashboard_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
          wazuh_dashboard_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
          wazuh_dashboard_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
          wazuh_dashboard_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
          wazuh_agent_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
          wazuh_agent_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
          wazuh_agent_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
          wazuh_agent_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
          wazuh_agent_url_i386_msi: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.i386.msi --expires-in 3600 --region us-west-1)"
          wazuh_agent_url_intel64_pkg: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.intel64.pkg --expires-in 3600 --region us-west-1)"
          wazuh_agent_url_arm64_pkg: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.arm64.pkg --expires-in 3600 --region us-west-1)"
          wazuh_cert_tool: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/secondary/installation-assistant/5.0.0/wazuh-certs-tool.sh --expires-in 3600 --region us-west-1)"
          wazuh_config_yml: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/secondary/installation-assistant/5.0.0/config.yml --expires-in 3600 --region us-west-1)"
          EOF
      working-directory: ./build-docker-images
    - name: Build Wazuh images
      run: |
-        if [ "${{ inputs.dev }}" = true ]; then
+        IMAGE_TAG=${{ inputs.image_tag }}
-          IMAGE_TAG="${{ inputs.image_tag }}-${{ inputs.reference }}"
+        FILEBEAT_MODULE_VERSION=${{ inputs.filebeat_module_version }}
-          ./build-images.sh -v ${{ inputs.image_tag }} -r $REVISION -d "dev" -rg $IMAGE_REGISTRY -m -ref ${{ inputs.reference }}
+        REVISION=${{ inputs.revision }}
-        else  
+
-          if [[ "$IMAGE_TAG" == *"-"* ]]; then
+        if [[ "$IMAGE_TAG" == *"-"* ]]; then
-            IFS='-' read -r -a tokens <<< "$IMAGE_TAG"
+          IFS='-' read -r -a tokens <<< "$IMAGE_TAG"
-            if [ -z "${tokens[1]}" ]; then
+          if [ -z "${tokens[1]}" ]; then
-              echo "Invalid image tag: $IMAGE_TAG"
+            echo "Invalid image tag: $IMAGE_TAG"
-              exit 1
+            exit 1
            fi
            DEV_STAGE=${tokens[1]}
            WAZUH_VER=${tokens[0]}
            ./build-images.sh -v $WAZUH_VER -r $REVISION -d $DEV_STAGE -rg $IMAGE_REGISTRY -m
          else
            ./build-images.sh -v $IMAGE_TAG -r $REVISION -rg $IMAGE_REGISTRY -m
          fi
          DEV_STAGE=${tokens[1]}
          WAZUH_VER=${tokens[0]}
          ./build-docker-images/build-images.sh -v $WAZUH_VER -r $REVISION -d $DEV_STAGE -f $FILEBEAT_MODULE_VERSION
        else
          ./build-docker-images/build-images.sh -v $IMAGE_TAG -r $REVISION -f $FILEBEAT_MODULE_VERSION
        fi
        # Save .env file (generated by build-images.sh) contents to $GITHUB_ENV
-        ENV_FILE_PATH="../.env"
+        ENV_FILE_PATH=".env"
        if [ -f $ENV_FILE_PATH ]; then
          while IFS= read -r line || [ -n "$line" ]; do
@@ -180,4 +144,16 @@ jobs:
          echo "The environment file $ENV_FILE_PATH does not exist!"
          exit 1
        fi
-      working-directory: ./build-docker-images
+
    - name: Tag and Push Wazuh images
      if: ${{ inputs.push_images }}
      run: |
        IMAGE_TAG="${{ inputs.image_tag }}$( [ "${{ inputs.dev }}" == "true" ] && echo '-dev' || true )"
        IMAGE_NAMES=${{ inputs.products }}
        IFS=',' read -r -a images <<< "$IMAGE_NAMES"
        for image in "${images[@]}"; do
          echo "Tagging and pushing wazuh/$image:${WAZUH_VERSION} to wazuh/$image:$IMAGE_TAG"
          docker tag wazuh/$image:${WAZUH_VERSION} wazuh/$image:$IMAGE_TAG
          echo "Pushing wazuh/$image:$IMAGE_TAG ..."
          docker push wazuh/$image:$IMAGE_TAG
        done
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -23,6 +23,7 @@ jobs:
        docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar
        docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
        docker save wazuh/wazuh-agent:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-agent.tar
        docker save wazuh/wazuh-cert-tool:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar
    - name: Temporarily save Wazuh manager Docker image
      uses: actions/upload-artifact@v4
@@ -50,6 +51,11 @@ jobs:
      with:
        name: docker-artifact-agent
        path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-agent.tar
    - name: Temporarily save Wazuh Cert Tool Docker image
      uses: actions/upload-artifact@v3
      with:
        name: docker-artifact-cert-tool
        path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar
        retention-days: 1
    - name: Install Goss
@@ -93,6 +99,10 @@ jobs:
      uses: actions/download-artifact@v4
      with:
        name: docker-artifact-agent
    - name: Retrieve saved Wazuh Cert Tool Docker image
      uses: actions/download-artifact@v3
      with:
        name: docker-artifact-cert-tool
    - name: Docker load
      run: |
@@ -102,7 +112,13 @@ jobs:
        docker load --input ./wazuh-agent.tar
    - name: Create single node certficates
-      run: docker compose -f single-node/generate-indexer-certs.yml run --rm generator
+      run: docker compose -f single-node/generate-certs.yml run --rm generator
        docker load --input ./wazuh-cert-tool.tar
        rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar
    - name: Create single node certficates
      run: docker-compose -f single-node/generate-certs.yml run --rm generator
    - name: Start single node stack
      run: docker compose -f single-node/docker-compose.yml up -d
@@ -192,7 +208,7 @@ jobs:
      run: sed -i "s/<WAZUH_MANAGER_IP>/$(ip addr show docker0 | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1)/g" wazuh-agent/docker-compose.yml
    - name: Start Wazuh agent
-      run: docker compose -f wazuh-agent/docker-compose.yml up -d
+      run: docker-compose -f wazuh-agent/docker-compose.yml up -d
    - name: Check Wazuh agent enrollment
      run: |
@@ -237,17 +253,26 @@ jobs:
      uses: actions/download-artifact@v4
      with:
        name: docker-artifact-agent
    - name: Retrieve saved Wazuh Cert Tool Docker image
      uses: actions/download-artifact@v3
      with:
        name: docker-artifact-cert-tool
    - name: Docker load
      run: |
        docker load --input ./wazuh-manager.tar
        docker load --input ./wazuh-indexer.tar
        docker load --input ./wazuh-dashboard.tar
        docker load --input ./wazuh-agent.tar
        rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-agent.tar
    - name: Create multi node certficates
-      run: docker compose -f multi-node/generate-indexer-certs.yml run --rm generator
+      run: docker compose -f multi-node/generate-certs.yml run --rm generator
        docker load --input ./wazuh-manager.tar
        docker load --input ./wazuh-cert-tool.tar
        rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar
    - name: Create multi node certficates
      run: docker-compose -f multi-node/generate-certs.yml run --rm generator
    - name: Start multi node stack
      run: docker compose -f multi-node/docker-compose.yml up -d
@@ -355,7 +380,7 @@ jobs:
      run: sed -i "s/<WAZUH_MANAGER_IP>/$(ip addr show docker0 | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1)/g" wazuh-agent/docker-compose.yml
    - name: Start Wazuh agent
-      run: docker compose -f wazuh-agent/docker-compose.yml up -d
+      run: docker-compose -f wazuh-agent/docker-compose.yml up -d
    - name: Check Wazuh agent enrollment
      run: |
--- a/.gitignore
+++ b/.gitignore
@@ -1,13 +1,5 @@
 single-node/config/wazuh_indexer_ssl_certs/*.pem
 single-node/config/wazuh_indexer_ssl_certs/*.key
 multi-node/config/wazuh_indexer_ssl_certs/*.pem
 multi-node/config/wazuh_indexer_ssl_certs/*.key
 *.log
 build-docker-images/packages_env.txt
 build-docker-images/packages_url.txt
 single-node/wazuh-certificates
 single-node/wazuh-certificates/*
 single-node/wazuh-certificates-tool.log
 single-node/config.yml
 single-node/wazuh-certs-tool.sh
 multi-node/wazuh-certificates
 multi-node/wazuh-certificates/*
 multi-node/wazuh-certificates-tool.log
 multi-node/config.yml
 multi-node/wazuh-certs-tool.sh
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,19 +1,33 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 ## [6.0.0]
 ### Added
 - none
 ### Changed
 - None
 ### Fixed
 - None
 ### Deleted
 - None
 ## [5.0.0]
 ### Added
- None
+- none
 ### Changed
- Configure deployment with environment variables ([#2081](https://github.com/wazuh/wazuh-puppet/issues/2081))
+- None
 - Modify Wazuh components install method ([#2058](https://github.com/wazuh/wazuh-puppet/issues/2058))
 - Image builder Workflow Rebuild ([#2054](https://github.com/wazuh/wazuh-puppet/issues/2054))
 - Wazuh server clean-up ([#2030](https://github.com/wazuh/wazuh-puppet/issues/2030))
 - Fix OpenSearch deprecated settings ([#1366](https://github.com/wazuh/wazuh-puppet/issues/1366))
 ### Fixed
@@ -23,7 +37,7 @@ All notable changes to this project will be documented in this file.
 - None
-## [4.14.2]
+## [4.10.2]
 ### Added
@@ -31,26 +45,8 @@ All notable changes to this project will be documented in this file.
 ### Changed
 - 
 ### Fixed
 - None
 ### Deleted
 - None
 ## [4.14.1]
 ### Added
 - None
 ### Changed
 - Wazuh cert tool generator improvements ([#2027](https://github.com/wazuh/wazuh-docker/pull/2027))
 ### Fixed
 - None
@@ -67,19 +63,11 @@ All notable changes to this project will be documented in this file.
 ### Changed
 - Change filebeat install method ([#2020](https://github.com/wazuh/wazuh-docker/pull/2020))
 - Remove dashboard chat setting ([#2021](https://github.com/wazuh/wazuh-docker/pull/2021))
 - Rollback data source setting ([#1999](https://github.com/wazuh/wazuh-docker/pull/1999))
 - Dashboard settings added ([#1998](https://github.com/wazuh/wazuh-docker/pull/1998))
 - Add filebeat config file in the PERMANENT_DATA_EXCP list ([#1898](https://github.com/wazuh/wazuh-docker/pull/1898))
 - Change validation of existing certs tool in S3 buckets ([#1880](https://github.com/wazuh/wazuh-docker/pull/1880))
 ### Fixed
- Change Wazuh indexer directory owner ([#2029](https://github.com/wazuh/wazuh-docker/pull/2029))
+- None
 - Double the amount of space consumed in Wazuh Indexer ([#1953](https://github.com/wazuh/wazuh-docker/pull/1953))
 - Fix config directory for opensearch_security plugin work ([#1951](https://github.com/wazuh/wazuh-docker/pull/1951))
 - Update Dockerfile to copy opensearch-security files ([#1928](https://github.com/wazuh/wazuh-docker/pull/1928))
 ### Deleted
@@ -107,9 +95,6 @@ All notable changes to this project will be documented in this file.
 ### Added
 - Add opensearch_dashboard.yml parameters. ([#1985](https://github.com/wazuh/wazuh-docker/pull/1985))
 - Set right ownership for malicious-ioc files on container start ([#1926](https://github.com/wazuh/wazuh-docker/pull/1926))
 - Delete services statement in wazuh agent deployment. ([#1925](https://github.com/wazuh/wazuh-docker/pull/1925))
 - Add permanent_data exceptions. ([#1890](https://github.com/wazuh/wazuh-docker/pull/1890))
 - Integrate bumper script via GitHub action. ([#1863](https://github.com/wazuh/wazuh-docker/pull/1863))
 - Add missing malicious-ioc ruleset lists ([#1870](https://github.com/wazuh/wazuh-docker/pull/1870))
@@ -121,12 +106,11 @@ All notable changes to this project will be documented in this file.
 ### Changed
 - Syscollector configuration change ([#1994](https://github.com/wazuh/wazuh-docker/pull/1994))
 - Modify wazuh-keystore use ([#1750](https://github.com/wazuh/wazuh-docker/pull/1750)) \- (wazuh-keystore)
 ### Fixed
- Add wazuh-template.json into permanent data exception ([#1968](https://github.com/wazuh/wazuh-docker/pull/1968))
+- None
 ### Deleted
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ The `wazuh/wazuh-docker` repository provides resources to deploy the Wazuh cyber
 ## Branch Convention
 - `main`: Developing and testing of new features.
- `X.Y.Z`: Version-specific branches (e.g., `5.0.0`, `4.14.0`, etc.).
+- `X.Y.Z`: Version-specific branches (e.g., `6.0.0`, `4.14.0`, etc.).
 ## Documentation
--- a/VERSION.json
+++ b/VERSION.json
@@ -1,4 +1,4 @@
 {
-    "version": "5.0.0",
+    "version": "6.0.0",
    "stage": "alpha0"
 }
--- a/build-docker-images/README.md
+++ b/build-docker-images/README.md
@@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im
 The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
 ```
-$ build-docker-images/build-images.sh -v 5.0.0
+$ build-docker-images/build-images.sh -v 6.0.0
 ```
 To get all the available script options use the -h or --help option:
@@ -26,7 +26,7 @@ Usage: build-docker-images/build-images.sh [OPTIONS]
    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
    -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default 0.4.
    -r, --revision <rev>         [Optional] Package revision. By default 1
-    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 5.0.0.
+    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 6.0.0.
    -h, --help                   Show this help.
 ```
--- a/build-docker-images/build-images.sh
+++ b/build-docker-images/build-images.sh
@@ -1,10 +1,8 @@
-WAZUH_IMAGE_VERSION=main
+WAZUH_IMAGE_VERSION=6.0.0
 IMAGE_TAG=main
 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
 WAZUH_TAG_REVISION=1
 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
 IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
 WAZUH_REGISTRY=docker.io
 # Wazuh package generator
 # Copyright (C) 2023, Wazuh Inc.
@@ -14,10 +12,10 @@ WAZUH_REGISTRY=docker.io
 # License (version 2) as published by the FSF - Free Software
 # Foundation.
-WAZUH_IMAGE_VERSION="main"
+WAZUH_IMAGE_VERSION="6.0.0"
 WAZUH_TAG_REVISION="1"
 WAZUH_DEV_STAGE=""
-WAZUH_TAG_REFERENCE=""
+FILEBEAT_MODULE_VERSION="0.4"
 # -----------------------------------------------------------------------------
@@ -39,44 +37,37 @@ ctrl_c() {
 build() {
    WAZUH_VERSION="$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')"
-    WAZUH_MINOR_VERSION="${WAZUH_IMAGE_VERSION%.*}"
+    FILEBEAT_TEMPLATE_BRANCH="${WAZUH_IMAGE_VERSION}"
    WAZUH_FILEBEAT_MODULE="wazuh-filebeat-${FILEBEAT_MODULE_VERSION}.tar.gz"
    WAZUH_UI_REVISION="${WAZUH_TAG_REVISION}"
-    # Variables
+    if  [ "${WAZUH_DEV_STAGE}" ];then
-    FILE="packages_url.txt"
+        FILEBEAT_TEMPLATE_BRANCH="v${FILEBEAT_TEMPLATE_BRANCH}-${WAZUH_DEV_STAGE,,}"
-
+        if ! curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/${FILEBEAT_TEMPLATE_BRANCH}"; then
-    if [[ -f "$FILE" ]]; then
+            echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}"
-        echo "$FILE exists. Using existing file."
+            clean 1
        fi
    else
-        TAG="v${WAZUH_VERSION}"
+        if curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/v${FILEBEAT_TEMPLATE_BRANCH}"; then
-        REPO="wazuh/wazuh-docker"
+            FILEBEAT_TEMPLATE_BRANCH="v${FILEBEAT_TEMPLATE_BRANCH}"
-        GH_URL="https://api.github.com/repos/${REPO}/git/refs/tags/${TAG}"
+        elif curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/${FILEBEAT_TEMPLATE_BRANCH}"; then
-
+            FILEBEAT_TEMPLATE_BRANCH="${FILEBEAT_TEMPLATE_BRANCH}"
        if curl -fsSL "$GH_URL" >/dev/null 2>&1; then
            curl -fsSL -o "$FILE" "https://packages.wazuh.com/${WAZUH_MINOR_VERSION}/packages_url.txt"
        else
-            curl -fsSL -o "$FILE" "https://packages-dev.wazuh.com/${WAZUH_MINOR_VERSION}/packages_url.txt"
+            echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}"
            clean 1
        fi
    fi
    awk -F':' '{name=$1; val=substr($0,length(name)+3); gsub(/[-.]/,"_",name); print name "=" val}' $FILE > packages_env.txt
-    echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > ../.env
+    echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > .env
-    echo WAZUH_IMAGE_VERSION=$WAZUH_IMAGE_VERSION >> ../.env
+    echo WAZUH_IMAGE_VERSION=$WAZUH_IMAGE_VERSION >> .env
-    echo WAZUH_TAG_REVISION=$WAZUH_TAG_REVISION >> ../.env
+    echo WAZUH_TAG_REVISION=$WAZUH_TAG_REVISION >> .env
-    echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> ../.env
+    echo FILEBEAT_TEMPLATE_BRANCH=$FILEBEAT_TEMPLATE_BRANCH >> .env
-    echo WAZUH_REGISTRY=$WAZUH_REGISTRY >> ../.env
+    echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> .env
-    echo IMAGE_TAG=$IMAGE_TAG >> ../.env
+    echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env
-    set -a
+    docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache
-    source ../.env
+    docker build -t wazuh/wazuh-cert-tool:$WAZUH_IMAGE_VERSION build-docker-images/cert-tool-image/
    source ./packages_env.txt
    set +a
    if  [ "${MULTIARCH}" ];then
        docker buildx bake --file build-images.yml --push --set *.platform=linux/amd64,linux/arm64 --no-cache|| clean 1
    else
        docker buildx bake --file build-images.yml --no-cache|| clean 1
    fi
    return 0
 }
@@ -86,12 +77,10 @@ help() {
    echo
    echo "Usage: $0 [OPTIONS]"
    echo
-    echo "    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc2 or beta1, not used by default."
+    echo "    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default."
    echo "    -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default ${FILEBEAT_MODULE_VERSION}."
    echo "    -r, --revision <rev>         [Optional] Package revision. By default ${WAZUH_TAG_REVISION}"
    echo "    -ref, --reference <ref>      [Optional] Set the Wazuh reference to build development images. By default, the latest stable release."
    echo "    -rg, --registry <reg>        [Optional] Set the Docker registry to push the images."
    echo "    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, ${WAZUH_IMAGE_VERSION}."
    echo "    -m, --multiarch              [Optional] Enable multi-architecture builds."
    echo "    -h, --help                   Show this help."
    echo
    exit $1
@@ -114,9 +103,13 @@ main() {
                help 1
            fi
            ;;
-        "-m"|"--multiarch")
+        "-f"|"--filebeat-module")
-            MULTIARCH="true"
+            if [ -n "${2}" ]; then
-                shift
+                FILEBEAT_MODULE_VERSION="${2}"
                shift 2
            else
                help 1
            fi
            ;;
        "-r"|"--revision")
            if [ -n "${2}" ]; then
@@ -126,22 +119,6 @@ main() {
                help 1
            fi
            ;;
        "-ref"|"--reference")
            if [ -n "${2}" ]; then
                WAZUH_TAG_REFERENCE="${2}"
                shift 2
            else
                help 1
            fi
            ;;
        "-rg"|"--registry")
            if [ -n "${2}" ]; then
                WAZUH_REGISTRY="${2}"
                shift 2
            else
                help 1
            fi
            ;;
        "-v"|"--version")
            if [ -n "$2" ]; then
                WAZUH_IMAGE_VERSION="$2"
--- a/build-docker-images/build-images.yml
+++ b/build-docker-images/build-images.yml
@@ -6,11 +6,9 @@ services:
      args:
        WAZUH_VERSION: ${WAZUH_VERSION}
        WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
-        wazuh_manager_url_amd64_rpm: ${wazuh_manager_url_x86_64_rpm}
+        FILEBEAT_TEMPLATE_BRANCH: ${FILEBEAT_TEMPLATE_BRANCH}
-        wazuh_manager_url_arm64_rpm: ${wazuh_manager_url_aarch64_rpm}
+        WAZUH_FILEBEAT_MODULE: ${WAZUH_FILEBEAT_MODULE}
-        wazuh_cert_tool: ${wazuh_cert_tool}
+    image: wazuh/wazuh-manager:${WAZUH_IMAGE_VERSION}
        wazuh_config_yml: ${wazuh_config_yml}
    image: ${WAZUH_REGISTRY}/wazuh/wazuh-manager:${IMAGE_TAG}
    hostname: wazuh.manager
    restart: always
    ports:
@@ -22,14 +20,19 @@ services:
      - INDEXER_URL=https://wazuh.indexer:9200
      - INDEXER_USERNAME=admin
      - INDEXER_PASSWORD=admin
      - FILEBEAT_SSL_VERIFICATION_MODE=none
    volumes:
      - wazuh_api_configuration:/var/ossec/api/configuration
      - wazuh_etc:/var/ossec/etc
      - wazuh_logs:/var/ossec/logs
      - wazuh_queue:/var/ossec/queue
      - wazuh_var_multigroups:/var/ossec/var/multigroups
      - wazuh_integrations:/var/ossec/integrations
      - wazuh_active_response:/var/ossec/active-response/bin
      - wazuh_agentless:/var/ossec/agentless
      - wazuh_wodles:/var/ossec/wodles
      - filebeat_etc:/etc/filebeat
      - filebeat_var:/var/lib/filebeat
  wazuh.agent:
    build:
@@ -37,9 +40,7 @@ services:
      args:
        WAZUH_VERSION: ${WAZUH_VERSION}
        WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
-        wazuh_agent_url_amd64_rpm: ${wazuh_agent_url_x86_64_rpm}
+    image: wazuh/wazuh-agent:${WAZUH_IMAGE_VERSION}
        wazuh_agent_url_arm64_rpm: ${wazuh_agent_url_aarch64_rpm}
    image: ${WAZUH_REGISTRY}/wazuh/wazuh-agent:${IMAGE_TAG}
    hostname: wazuh.agent
    restart: always
@@ -49,11 +50,7 @@ services:
      args:
        WAZUH_VERSION: ${WAZUH_VERSION}
        WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
-        wazuh_indexer_url_amd64_rpm: ${wazuh_indexer_url_x86_64_rpm}
+    image: wazuh/wazuh-indexer:${WAZUH_IMAGE_VERSION}
        wazuh_indexer_url_arm64_rpm: ${wazuh_indexer_url_aarch64_rpm}
        wazuh_cert_tool: ${wazuh_cert_tool}
        wazuh_config_yml: ${wazuh_config_yml}
    image: ${WAZUH_REGISTRY}/wazuh/wazuh-indexer:${IMAGE_TAG}
    hostname: wazuh.indexer
    restart: always
    ports:
@@ -75,11 +72,7 @@ services:
        WAZUH_VERSION: ${WAZUH_VERSION}
        WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
        WAZUH_UI_REVISION: ${WAZUH_UI_REVISION}
-        wazuh_dashboard_url_amd64_rpm: ${wazuh_dashboard_url_x86_64_rpm}
+    image: wazuh/wazuh-dashboard:${WAZUH_IMAGE_VERSION}
        wazuh_dashboard_url_arm64_rpm: ${wazuh_dashboard_url_aarch64_rpm}
        wazuh_cert_tool: ${wazuh_cert_tool}
        wazuh_config_yml: ${wazuh_config_yml}
    image: ${WAZUH_REGISTRY}/wazuh/wazuh-dashboard:${IMAGE_TAG}
    hostname: wazuh.dashboard
    restart: always
    ports:
@@ -101,6 +94,9 @@ volumes:
  wazuh_logs:
  wazuh_queue:
  wazuh_var_multigroups:
  wazuh_integrations:
  wazuh_active_response:
  wazuh_agentless:
  wazuh_wodles:
-
+  filebeat_etc:
  filebeat_var:
--- a/build-docker-images/wazuh-agent/Dockerfile
+++ b/build-docker-images/wazuh-agent/Dockerfile
@@ -10,18 +10,18 @@ ARG WAZUH_MANAGER='CHANGE_MANAGER_IP'
 ARG WAZUH_MANAGER_PORT='CHANGE_MANAGER_PORT'
 ARG WAZUH_REGISTRATION_SERVER='CHANGE_ENROLL_IP'
 ARG WAZUH_REGISTRATION_PORT='CHANGE_ENROLL_PORT'
-ARG WAZUH_AGENT_NAME='CHANGE_AGENT_NAME'
+ARG WAZUH_AGENT_NAME='CHANGEE_AGENT_NAME'
 ARG TARGETARCH
 ARG wazuh_agent_url_amd64_rpm
 ARG wazuh_agent_url_arm64_rpm
-RUN URL_VAR="wazuh_agent_url_${TARGETARCH}_rpm" && \
+COPY config/check_repository.sh /
-    agent_url="${!URL_VAR}" && \
+
-    dnf install curl-minimal tar gzip procps -y &&\
+RUN yum install curl-minimal tar gzip procps -y &&\
-    curl -o /wazuh-agent.rpm "${agent_url}" && \
+    yum clean all
-    dnf install /wazuh-agent.rpm -y && \
+
-    rm -rf /wazuh-agent.rpm && \
+RUN chmod 775 /check_repository.sh
-    dnf clean all && \
+RUN source /check_repository.sh
 RUN yum install wazuh-agent-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
    yum clean all && \
    sed -i '/<authorization_pass_path>/d' /var/ossec/etc/ossec.conf && \
    curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
    -o /tmp/s6-overlay-amd64.tar.gz && \
@@ -31,4 +31,6 @@ RUN URL_VAR="wazuh_agent_url_${TARGETARCH}_rpm" && \
 COPY config/etc/ /etc/
 RUN rm /etc/yum.repos.d/wazuh.repo
 ENTRYPOINT [ "/init" ]
--- a/build-docker-images/wazuh-agent/config/check_repository.sh
+++ b/build-docker-images/wazuh-agent/config/check_repository.sh
@@ -0,0 +1,15 @@
 ## variables
 APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
 GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
 REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
 WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
 ## check tag to use the correct repository
 if [[ -n "${WAZUH_TAG}" ]]; then
  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
 fi
 rpm --import "${APT_KEY}"
 echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo
--- a/build-docker-images/wazuh-cert-tool/Dockerfile
+++ b/build-docker-images/wazuh-cert-tool/Dockerfile
@@ -1,7 +1,8 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 FROM amazonlinux:2023
-RUN yum update -y && yum install openssl curl-minimal -y
+RUN yum install curl-minimal openssl -y &&\
 yum clean all
 WORKDIR /
--- a/build-docker-images/wazuh-cert-tool/config/entrypoint.sh
+++ b/build-docker-images/wazuh-cert-tool/config/entrypoint.sh
@@ -8,35 +8,29 @@
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/$CERT_TOOL_VERSION/
+PACKAGES_URL=https://packages.wazuh.com/6.0/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/$CERT_TOOL_VERSION/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/6.0/
-OUTPUT_FILE="/$CERT_TOOL"
+## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent --head --location --output /dev/null --write-out "%{http_code}" "$PACKAGES_URL$CERT_TOOL")
 CERT_TOOL_PACKAGES_DEV=$(curl --silent --head --location --output /dev/null --write-out "%{http_code}" "$PACKAGES_DEV_URL$CERT_TOOL")
-download_package() {
+## If cert tool exists in some bucket, download it, if not exit 1
-    local url=$1
+if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
-    echo "Checking $url$CERT_TOOL ..."
+  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL -s
-    if curl -fsL "$url$CERT_TOOL" -o "$OUTPUT_FILE"; then
+  echo "The tool to create the certificates exists in the in Packages bucket"
-        echo "Downloaded $CERT_TOOL from $url"
+elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then
-        return 0
+  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL -s
-    else
+  echo "The tool to create the certificates exists in Packages-dev bucket"
        return 1
    fi
 }
 # Try first the prod URL, if it fails try the dev URL
 if download_package "$PACKAGES_URL"; then
    :
 elif download_package "$PACKAGES_DEV_URL"; then
    :
 else
-    echo "The tool to create the certificates does not exist in any bucket"
+  echo "The tool to create the certificates does not exist in any bucket"
-    echo "ERROR: certificates were not created"
+  echo "ERROR: certificates were not created"
-    exit 1
+  exit 1
 fi
 cp /config/certs.yml /config.yml
-chmod 700 "$OUTPUT_FILE"
+
 chmod 700 /$CERT_TOOL
 ##############################################################################
 # Creating Cluster certificates
--- a/build-docker-images/wazuh-dashboard/Dockerfile
+++ b/build-docker-images/wazuh-dashboard/Dockerfile
@@ -5,30 +5,28 @@ ARG WAZUH_VERSION
 ARG WAZUH_TAG_REVISION
 ARG WAZUH_UI_REVISION
 ARG INSTALL_DIR=/usr/share/wazuh-dashboard
 ARG TARGETARCH
 ARG wazuh_dashboard_url_amd64_rpm
 ARG wazuh_dashboard_url_arm64_rpm
 ARG wazuh_cert_tool
 ARG wazuh_config_yml
 # Update and install dependencies
-RUN URL_VAR="wazuh_dashboard_url_${TARGETARCH}_rpm" && \
+RUN yum install curl-minimal libcap openssl -y
-    dashboard_url="${!URL_VAR}" && \
+
-    dnf install curl-minimal libcap openssl -y && \
+COPY config/check_repository.sh /
-    curl -o /wazuh-dashboard.rpm "${dashboard_url}" && \
+RUN chmod 775 /check_repository.sh && \
-    dnf install /wazuh-dashboard.rpm -y && \
+    source /check_repository.sh
-    rm -rf /wazuh-dashboard.rpm && \
+
-    dnf clean all
+RUN yum install wazuh-dashboard-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
    yum clean all
 # Create and set permissions to data directories
 RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
 RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
 RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
 COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
 RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/bin/node
 RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/fallback/bin/node
 # Generate certificates
 COPY config/config.sh .
 COPY config/config.yml /
 RUN bash config.sh
 ################################################################################
@@ -44,8 +42,10 @@ FROM amazonlinux:2023
 ENV USER="wazuh-dashboard" \
    GROUP="wazuh-dashboard" \
    NAME="wazuh-dashboard" \
-    INSTALL_DIR="/usr/share/wazuh-dashboard" \
+    INSTALL_DIR="/usr/share/wazuh-dashboard"
-    PATTERN="" \
+
 # Set Wazuh app variables
 ENV PATTERN="" \
    CHECKS_PATTERN="" \
    CHECKS_TEMPLATE="" \
    CHECKS_API="" \
@@ -59,32 +59,43 @@ ENV USER="wazuh-dashboard" \
    WAZUH_MONITORING_SHARDS="" \
    WAZUH_MONITORING_REPLICAS=""
 # Copy and set permissions to scripts
 COPY config/entrypoint.sh /
 COPY config/wazuh_app_config.sh /
 # Update and install dependencies
-RUN yum install shadow-utils -y && \
+RUN yum install shadow-utils -y
-    yum clean all && \
+
-    getent group $GROUP || groupadd -r -g 1000 $GROUP && \
+# Create wazuh-dashboard user and group
-    useradd --system \
+RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
 RUN useradd --system \
            --uid 1000 \
            --no-create-home \
            --home-dir $INSTALL_DIR \
            --gid $GROUP \
            --shell /sbin/nologin \
            --comment "$USER user" \
-            $USER && \
+            $USER
-    chmod 700 /entrypoint.sh && \
+
-    chmod 700 /wazuh_app_config.sh && \
+# Copy and set permissions to scripts
-    mkdir -p $INSTALL_DIR && \
+COPY config/entrypoint.sh /
-    chown 1000:1000 $INSTALL_DIR && \
+COPY config/wazuh_app_config.sh /
-    chown 1000:1000 /*.sh && \
+RUN chmod 700 /entrypoint.sh
-    mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
+RUN chmod 700 /wazuh_app_config.sh
 RUN chown 1000:1000 /*.sh
 # Copy Install dir from builder to current image
 COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
 # Create custom directory
 RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 # Set $JAVA_HOME
 RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
    echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
 ENV JAVA_HOME=$INSTALL_DIR/jdk
 ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
 # Add k-NN lib directory to library loading path variable
 ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
 # Set workdir and user
 WORKDIR $INSTALL_DIR
 USER wazuh-dashboard
@@ -93,3 +104,5 @@ USER wazuh-dashboard
 EXPOSE 443
 ENTRYPOINT [ "/entrypoint.sh" ]
 CMD ["opensearch-dashboards"]
--- a/build-docker-images/wazuh-dashboard/config/check_repository.sh
+++ b/build-docker-images/wazuh-dashboard/config/check_repository.sh
@@ -0,0 +1,15 @@
 ## variables
 APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
 GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
 REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
 WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
 ## check tag to use the correct repository
 if [[ -n "${WAZUH_TAG}" ]]; then
  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/5.x/yum/\nprotect=1"
 fi
 rpm --import "${APT_KEY}"
 echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo
--- a/build-docker-images/wazuh-dashboard/config/config.sh
+++ b/build-docker-images/wazuh-dashboard/config/config.sh
@@ -7,51 +7,36 @@ export TARGET_DIR=${CURDIR}/debian/${NAME}
 export INSTALLATION_DIR=/usr/share/${NAME}
 export CONFIG_DIR=${INSTALLATION_DIR}/config
-##############################################################################
+## Variables
-# Downloading Cert Gen Tool
+CERT_TOOL=wazuh-certs-tool.sh
-##############################################################################
+PACKAGES_URL=https://packages.wazuh.com/6.0/
-# Variables for certificate generation
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/6.0/
 CERT_TOOL="wazuh-certs-tool.sh"
 CERT_CONFIG_FILE="config.yml"
 download_package() {
    local url=$1
    local package=$2
    if curl -fsL "$url" -o "$package"; then
        echo "Downloaded $package"
        return 0
    else
        echo "Error downloading $package from $url"
        return 1
    fi
 }
 # Download the tool to create the certificates
 echo "Downloading the tool to create the certificates..."
 download_package "$wazuh_cert_tool" $CERT_TOOL
 # Download the config file for the certificate tool
 echo "Downloading the config file for the certificate tool..."
 download_package "$wazuh_config_yml" $CERT_CONFIG_FILE
-# Modify the config file to set the IP to localhost
+## Check if the cert tool exists in S3 buckets
-sed -i 's/  ip:.*/  ip: "127.0.0.1"/' $CERT_CONFIG_FILE
+CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
 CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
-chmod 700 "$CERT_CONFIG_FILE"
+## If cert tool exists in some bucket, download it, if not exit 1
-# Create the certificates
+if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
-chmod 755 "$CERT_TOOL" && bash "$CERT_TOOL" -A
+  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL
  echo "Cert tool exists in Packages bucket"
 elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then
  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL
  echo "Cert tool exists in Packages-dev bucket"
 else
  echo "Cert tool does not exist in any bucket"
  exit 1
 fi
 chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
 # Create certs directory
 mkdir -p ${CONFIG_DIR}/certs
 # Copy Wazuh dashboard certs to install config dir
-mv /etc/wazuh-dashboard/* ${CONFIG_DIR}/
+cp /wazuh-certificates/dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
-cp -pr /wazuh-certificates/dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
+cp /wazuh-certificates/dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
-cp -pr /wazuh-certificates/dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
+cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
 cp -pr /wazuh-certificates/root-ca.key ${CONFIG_DIR}/certs/root-ca.key
 cp -pr /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
 cp -pr /wazuh-certificates/admin.pem ${CONFIG_DIR}/certs/admin.pem
 cp -pr /wazuh-certificates/admin-key.pem ${CONFIG_DIR}/certs/admin-key.pem
 # Modify opensearch.yml config paths
 sed -i "s|/etc/wazuh-dashboard|${CONFIG_DIR}|g" ${CONFIG_DIR}/opensearch_dashboards.yml
 chmod -R 500 ${CONFIG_DIR}/certs
 chmod -R 400 ${CONFIG_DIR}/certs/*
--- a/build-docker-images/wazuh-dashboard/config/config.yml
+++ b/build-docker-images/wazuh-dashboard/config/config.yml
@@ -0,0 +1,5 @@
 nodes:
  # Wazuh dashboard server nodes
  dashboard:
    - name: dashboard
      ip: wazuh.dashboard
--- a/build-docker-images/wazuh-dashboard/config/entrypoint.sh
+++ b/build-docker-images/wazuh-dashboard/config/entrypoint.sh
@@ -1,79 +1,233 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-# Run Wazuh dashboard, using environment variables to
+INSTALL_DIR=/usr/share/wazuh-dashboard
-# set longopts defining Wazuh dashboard's configuration.
+export OPENSEARCH_DASHBOARDS_HOME=$INSTALL_DIR
-#
+WAZUH_CONFIG_MOUNT=/wazuh-config-mount
-# eg. Setting the environment variable:
+
-#
+opensearch_dashboards_vars=(
-#       OPENSEARCH_STARTUPTIMEOUT=60
+    console.enabled
-#
+    console.proxyConfig
-# will cause OpenSearch-Dashboards to be invoked with:
+    console.proxyFilter
-#
+    ops.cGroupOverrides.cpuPath
-#       --opensearch.startupTimeout=60
+    ops.cGroupOverrides.cpuAcctPath
    cpu.cgroup.path.override
    cpuacct.cgroup.path.override
    server.basePath
    server.customResponseHeaders
    server.compression.enabled
    server.compression.referrerWhitelist
    server.cors
    server.cors.origin
    server.defaultRoute
    server.host
    server.keepAliveTimeout
    server.maxPayloadBytes
    server.name
    server.port
    csp.rules
    csp.strict
    csp.warnLegacyBrowsers
    data.search.usageTelemetry.enabled
    opensearch.customHeaders
    opensearch.hosts
    opensearch.logQueries
    opensearch.memoryCircuitBreaker.enabled
    opensearch.memoryCircuitBreaker.maxPercentage
    opensearch.password
    opensearch.pingTimeout
    opensearch.requestHeadersWhitelist
    opensearch.requestHeadersAllowlist
    opensearch_security.multitenancy.enabled
    opensearch_security.readonly_mode.roles
    opensearch.requestTimeout
    opensearch.shardTimeout
    opensearch.sniffInterval
    opensearch.sniffOnConnectionFault
    opensearch.sniffOnStart
    opensearch.ssl.alwaysPresentCertificate
    opensearch.ssl.certificate
    opensearch.ssl.key
    opensearch.ssl.keyPassphrase
    opensearch.ssl.keystore.path
    opensearch.ssl.keystore.password
    opensearch.ssl.truststore.path
    opensearch.ssl.truststore.password
    opensearch.ssl.verificationMode
    opensearch.username
    i18n.locale
    interpreter.enableInVisualize
    opensearchDashboards.autocompleteTerminateAfter
    opensearchDashboards.autocompleteTimeout
    opensearchDashboards.defaultAppId
    opensearchDashboards.index
    logging.dest
    logging.json
    logging.quiet
    logging.rotate.enabled
    logging.rotate.everyBytes
    logging.rotate.keepFiles
    logging.rotate.pollingInterval
    logging.rotate.usePolling
    logging.silent
    logging.useUTC
    logging.verbose
    map.includeOpenSearchMapsService
    map.proxyOpenSearchMapsServiceInMaps
    map.regionmap
    map.tilemap.options.attribution
    map.tilemap.options.maxZoom
    map.tilemap.options.minZoom
    map.tilemap.options.subdomains
    map.tilemap.url
    monitoring.cluster_alerts.email_notifications.email_address
    monitoring.enabled
    monitoring.opensearchDashboards.collection.enabled
    monitoring.opensearchDashboards.collection.interval
    monitoring.ui.container.opensearch.enabled
    monitoring.ui.container.logstash.enabled
    monitoring.ui.opensearch.password
    monitoring.ui.opensearch.pingTimeout
    monitoring.ui.opensearch.hosts
    monitoring.ui.opensearch.username
    monitoring.ui.opensearch.logFetchCount
    monitoring.ui.opensearch.ssl.certificateAuthorities
    monitoring.ui.opensearch.ssl.verificationMode
    monitoring.ui.enabled
    monitoring.ui.max_bucket_size
    monitoring.ui.min_interval_seconds
    newsfeed.enabled
    ops.interval
    path.data
    pid.file
    regionmap
    security.showInsecureClusterWarning
    server.rewriteBasePath
    server.socketTimeout
    server.customResponseHeaders
    server.ssl.enabled
    server.ssl.key
    server.ssl.keyPassphrase
    server.ssl.keystore.path
    server.ssl.keystore.password
    server.ssl.truststore.path
    server.ssl.truststore.password
    server.ssl.cert
    server.ssl.certificate
    server.ssl.certificateAuthorities
    server.ssl.cipherSuites
    server.ssl.clientAuthentication
    opensearch.ssl.certificateAuthorities
    server.ssl.redirectHttpFromPort
    server.ssl.supportedProtocols
    server.xsrf.disableProtection
    server.xsrf.whitelist
    status.allowAnonymous
    status.v6ApiFormat
    tilemap.options.attribution
    tilemap.options.maxZoom
    tilemap.options.minZoom
    tilemap.options.subdomains
    tilemap.url
    timeline.enabled
    vega.enableExternalUrls
    apm_oss.apmAgentConfigurationIndex
    apm_oss.indexPattern
    apm_oss.errorIndices
    apm_oss.onboardingIndices
    apm_oss.spanIndices
    apm_oss.sourcemapIndices
    apm_oss.transactionIndices
    apm_oss.metricsIndices
    telemetry.allowChangingOptInStatus
    telemetry.enabled
    telemetry.optIn
    telemetry.optInStatusUrl
    telemetry.sendUsageFrom
    vis_builder.enabled
    data_source.enabled
    data_source.encryption.wrappingKeyName
    data_source.encryption.wrappingKeyNamespace
    data_source.encryption.wrappingKey
    data_source.audit.enabled
    data_source.audit.appender.kind
    data_source.audit.appender.path
    data_source.audit.appender.layout.kind
    data_source.audit.appender.layout.highlight
    data_source.audit.appender.layout.pattern
    ml_commons_dashboards.enabled
    assistant.chat.enabled
    observability.query_assist.enabled
    uiSettings.overrides.defaultRoute
 )
 print() {
  echo -e $1
 }
 error_and_exit() {
  echo "Error executing command: '$1'."
  echo 'Exiting.'
  exit 1
 }
 exec_cmd() {
  eval $1 > /dev/null 2>&1 || error_and_exit "$1"
 }
 exec_cmd_stdout() {
  eval $1 2>&1 || error_and_exit "$1"
 }
 function runOpensearchDashboards {
    touch $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
      for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
        env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)
        value=${!env_var}
        if [[ -n $value ]]; then
          longoptfile="${opensearch_dashboards_var}: ${value}"
          if grep -q $opensearch_dashboards_var $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml; then
            sed -i "/${opensearch_dashboards_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
          else
            echo $longoptfile >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
          fi
        fi
      done
    umask 0002
    /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml \
        --cpu.cgroup.path.override=/ \
        --cpuacct.cgroup.path.override=/
 }
 mount_files() {
  if [ -e $WAZUH_CONFIG_MOUNT/* ]
  then
    print "Identified Wazuh cdashboard onfiguration files to mount..."
    exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $INSTALL_DIR"
  else
    print "No Wazuh dashboard configuration files to mount..."
  fi
 }
 # Setup Home Directory
 export OPENSEARCH_DASHBOARDS_HOME=/usr/share/wazuh-dashboard
 export PATH=$OPENSEARCH_DASHBOARDS_HOME/bin:$PATH
 DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
 DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
 # Create and configure Wazuh dashboard keystore
-yes | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards-keystore create --allow-root && \
+yes | $INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \
-echo $DASHBOARD_USERNAME | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
+echo $DASHBOARD_USERNAME | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
-echo $DASHBOARD_PASSWORD | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
+echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
-opensearch_dashboards_vars=(
+##############################################################################
-    opensearch.hosts
+# Start Wazuh dashboard
-    server.port
+##############################################################################
    server.host
    opensearch.username
    opensearch.password
 )
-function runOpensearchDashboards {
+/wazuh_app_config.sh $WAZUH_UI_REVISION
    longopts=()
    for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
        # 'opensearch.hosts' -> 'OPENSEARCH_URL'
        env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)
-        # Indirectly lookup env var values via the name of the var.
+mount_files
        # REF: http://tldp.org/LDP/abs/html/bashver2.html#EX78
        value=${!env_var}
        if [[ -n $value ]]; then
            longopt="--${opensearch_dashboards_var}=${value}"
            longopts+=("${longopt}")
        fi
    done
    # Files created at run-time should be group-writable, for Openshift's sake.
    umask 0002
    # TO DO:
    # Confirm with Mihir if this is necessary
    # The virtual file /proc/self/cgroup should list the current cgroup
    # membership. For each hierarchy, you can follow the cgroup path from
    # this file to the cgroup filesystem (usually /sys/fs/cgroup/) and
    # introspect the statistics for the cgroup for the given
    # hierarchy. Alas, Docker breaks this by mounting the container
    # statistics at the root while leaving the cgroup paths as the actual
    # paths. Therefore, OpenSearch-Dashboards provides a mechanism to override
    # reading the cgroup path from /proc/self/cgroup and instead uses the
    # cgroup path defined the configuration properties
    # cpu.cgroup.path.override and cpuacct.cgroup.path.override.
    # Therefore, we set this value here so that cgroup statistics are
    # available for the container this process will run in.
    exec "$@" \
        --ops.cGroupOverrides.cpuPath=/ \
        --ops.cGroupOverrides.cpuAcctPath=/ \
        "${longopts[@]}"
 }
 # Prepend "opensearch-dashboards" command if no argument was provided or if the
 # first argument looks like a flag (i.e. starts with a dash).
 if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
    set -- opensearch-dashboards "$@"
 fi
--- a/build-docker-images/wazuh-dashboard/config/wazuh.yml
+++ b/build-docker-images/wazuh-dashboard/config/wazuh.yml
@@ -0,0 +1,155 @@
 ---
 #
 # Wazuh app - App configuration file
 # Copyright (C) 2017, Wazuh Inc.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 2 of the License, or
 # (at your option) any later version.
 #
 # Find more information about this on the LICENSE file.
 #
 # ======================== Wazuh app configuration file ========================
 #
 # Please check the documentation for more information on configuration options:
 # https://documentation.wazuh.com/current/installation-guide/index.html
 #
 # Also, you can check our repository:
 # https://github.com/wazuh/wazuh-dashboard-plugins
 #
 # ------------------------------- Index patterns -------------------------------
 #
 # Default index pattern to use.
 #pattern: wazuh-alerts-*
 #
 # ----------------------------------- Checks -----------------------------------
 #
 # Defines which checks must to be consider by the healthcheck
 # step once the Wazuh app starts. Values must to be true or false.
 #checks.pattern : true
 #checks.template: true
 #checks.api     : true
 #checks.setup   : true
 #checks.metaFields: true
 #
 # --------------------------------- Extensions ---------------------------------
 #
 # Defines which extensions should be activated when you add a new API entry.
 # You can change them after Wazuh app starts.
 # Values must to be true or false.
 #extensions.pci       : true
 #extensions.gdpr      : true
 #extensions.hipaa     : true
 #extensions.nist      : true
 #extensions.tsc       : true
 #extensions.audit     : true
 #extensions.oscap     : false
 #extensions.ciscat    : false
 #extensions.aws       : false
 #extensions.gcp       : false
 #extensions.virustotal: false
 #extensions.osquery   : false
 #extensions.docker    : false
 #
 # ---------------------------------- Time out ----------------------------------
 #
 # Defines maximum timeout to be used on the Wazuh app requests.
 # It will be ignored if it is bellow 1500.
 # It means milliseconds before we consider a request as failed.
 # Default: 20000
 #timeout: 20000
 #
 # -------------------------------- API selector --------------------------------
 #
 # Defines if the user is allowed to change the selected
 # API directly from the Wazuh app top menu.
 # Default: true
 #api.selector: true
 #
 # --------------------------- Index pattern selector ---------------------------
 #
 # Defines if the user is allowed to change the selected
 # index pattern directly from the Wazuh app top menu.
 # Default: true
 #ip.selector: true
 #
 # List of index patterns to be ignored
 #ip.ignore: []
 #
 # ------------------------------ wazuh-monitoring ------------------------------
 #
 # Custom setting to enable/disable wazuh-monitoring indices.
 # Values: true, false, worker
 # If worker is given as value, the app will show the Agents status
 # visualization but won't insert data on wazuh-monitoring indices.
 # Default: true
 #wazuh.monitoring.enabled: true
 #
 # Custom setting to set the frequency for wazuh-monitoring indices cron task.
 # Default: 900 (s)
 #wazuh.monitoring.frequency: 900
 #
 # Configure wazuh-monitoring-* indices shards and replicas.
 #wazuh.monitoring.shards: 2
 #wazuh.monitoring.replicas: 0
 #
 # Configure wazuh-monitoring-* indices custom creation interval.
 # Values: h (hourly), d (daily), w (weekly), m (monthly)
 # Default: d
 #wazuh.monitoring.creation: d
 #
 # Default index pattern to use for Wazuh monitoring
 #wazuh.monitoring.pattern: wazuh-monitoring-*
 #
 # --------------------------------- wazuh-cron ----------------------------------
 #
 # Customize the index prefix of predefined jobs
 # This change is not retroactive, if you change it new indexes will be created
 # cron.prefix: test
 #
 # ------------------------------ wazuh-statistics -------------------------------
 #
 # Custom setting to enable/disable statistics tasks.
 #cron.statistics.status: true
 #
 # Enter the ID of the APIs you want to save data from, leave this empty to run
 # the task on all configured APIs
 #cron.statistics.apis: []
 #
 # Define the frequency of task execution using cron schedule expressions
 #cron.statistics.interval: 0 0 * * * *
 #
 # Define the name of the index in which the documents are to be saved.
 #cron.statistics.index.name: statistics
 #
 # Define the interval in which the index will be created
 #cron.statistics.index.creation: w
 #
 # ------------------------------- App privileges --------------------------------
 #admin: true
 #
 # ---------------------------- Hide manager alerts ------------------------------
 # Hide the alerts of the manager in all dashboards and discover
 #hideManagerAlerts: false
 #
 # ------------------------------- App logging level -----------------------------
 # Set the logging level for the Wazuh App log files.
 # Default value: info
 # Allowed values: info, debug
 #logs.level: info
 #
 # -------------------------------- Enrollment DNS -------------------------------
 # Set the variable WAZUH_REGISTRATION_SERVER in agents deployment.
 # Default value: ''
 #enrollment.dns: ''
 #
 #-------------------------------- API entries -----------------------------------
 #The following configuration is the default structure to define an API entry.
 #
 #hosts:
 #  - <id>:
 #     url: http(s)://<url>
 #     port: <port>
 #     username: <username>
 #     password: <password>
--- a/build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh
+++ b/build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh
@@ -32,19 +32,21 @@ do
    fi
 done
 grep -q 1513629884013 $dashboard_config_file
 _config_exists=$?
 if [[ $_config_exists -ne 0 ]]; then
-  cat << EOF >> $dashboard_config_file
+cat << EOF >> $dashboard_config_file
-  hosts:
+hosts:
-    - 1513629884013:
+  - 1513629884013:
-        url: $wazuh_url
+      url: $wazuh_url
-        port: $wazuh_port
+      port: $wazuh_port
-        username: $api_username
+      username: $api_username
-        password: $api_password
+      password: $api_password
-        run_as: $api_run_as
+      run_as: $api_run_as
-  EOF
+EOF
 else
  echo "Wazuh APP already configured"
 fi
--- a/build-docker-images/wazuh-indexer/Dockerfile
+++ b/build-docker-images/wazuh-indexer/Dockerfile
@@ -3,28 +3,30 @@ FROM amazonlinux:2023 AS builder
 ARG WAZUH_VERSION
 ARG WAZUH_TAG_REVISION
-ARG TARGETARCH
+
-ARG wazuh_indexer_url_amd64_rpm
+RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y
-ARG wazuh_indexer_url_arm64_rpm
+
-ARG wazuh_cert_tool
+COPY config/check_repository.sh /
-ARG wazuh_config_yml
+RUN chmod 775 /check_repository.sh && \
    source /check_repository.sh
 RUN yum install wazuh-indexer-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
    yum clean all
 COPY config/opensearch.yml /
 COPY config/config.sh .
-RUN URL_VAR="wazuh_indexer_url_${TARGETARCH}_rpm" && \
+COPY config/config.yml /
-    indexer_url="${!URL_VAR}" && \
+
-    dnf install curl-minimal openssl xz tar findutils shadow-utils -y &&\
+RUN bash config.sh
    curl -o /wazuh-indexer.rpm "${indexer_url}" && \
    dnf install /wazuh-indexer.rpm -y && \
    rm -rf /wazuh-indexer.rpm && \
    dnf clean all && \
    bash config.sh
 ################################################################################
 # Build stage 1 (the actual Wazuh indexer image):
 #
 # Copy wazuh-indexer from stage 0
 # Add entrypoint
 ################################################################################
 FROM amazonlinux:2023
@@ -33,43 +35,59 @@ ENV USER="wazuh-indexer" \
    NAME="wazuh-indexer" \
    INSTALL_DIR="/usr/share/wazuh-indexer"
 # Set $JAVA_HOME
 RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
    echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
 ENV JAVA_HOME="$INSTALL_DIR/jdk"
 ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
-COPY config/entrypoint.sh /
+# Add k-NN lib directory to library loading path variable
-COPY config/securityadmin.sh /
+ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
-RUN yum install curl-minimal shadow-utils findutils hostname -y && \
+RUN yum install curl-minimal shadow-utils findutils hostname -y
-    yum clean all && \
+
-    getent group $GROUP || groupadd -r -g 1000 $GROUP && \
+RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
-    useradd --system \
+
 RUN useradd --system \
            --uid 1000 \
            --no-create-home \
            --home-dir $INSTALL_DIR \
            --gid $GROUP \
            --shell /sbin/nologin \
            --comment "$USER user" \
-            $USER && \
+            $USER
-    chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh && \
+
-    mkdir -p $INSTALL_DIR && \
+WORKDIR $INSTALL_DIR
-    chown 1000:1000 $INSTALL_DIR && \
+
-    chown 1000:1000 /*.sh && \
+COPY config/entrypoint.sh /
-    mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer && \
+
-    mkdir -p $INSTALL_DIR/logs && chown 1000:1000 $INSTALL_DIR/logs && \
+COPY config/securityadmin.sh /
 RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh
 RUN chown 1000:1000 /*.sh
 COPY --from=builder --chown=1000:1000 /usr/share/wazuh-indexer /usr/share/wazuh-indexer
 COPY --from=builder --chown=1000:1000 /etc/wazuh-indexer /usr/share/wazuh-indexer
 COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/systemd /usr/lib/systemd
 COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sysctl.d /usr/lib/sysctl.d
 COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tmpfiles.d /usr/lib/tmpfiles.d
 RUN chown -R 1000:1000 /usr/share/wazuh-indexer
 RUN mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer && \
    mkdir -p /usr/share/wazuh-indexer/logs && chown 1000:1000 /usr/share/wazuh-indexer/logs && \
    mkdir -p /run/wazuh-indexer && chown 1000:1000 /run/wazuh-indexer && \
-    mkdir -p /var/log/wazuh-indexer && chown 1000:1000 /var/log/wazuh-indexer    
+    mkdir -p /var/log/wazuh-indexer && chown 1000:1000 /var/log/wazuh-indexer && \
-
+    chmod 700 /usr/share/wazuh-indexer && \
-COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
+    chmod 600 /usr/share/wazuh-indexer/jvm.options && \
-
+    chmod 600 /usr/share/wazuh-indexer/opensearch.yml
 RUN chmod 700 $INSTALL_DIR && \
    chmod 700 $INSTALL_DIR/config && \
    chmod 600 $INSTALL_DIR/config/jvm.options && \
    chmod 600 $INSTALL_DIR/config/opensearch.yml
 USER wazuh-indexer
 WORKDIR $INSTALL_DIR
 # Services ports
 EXPOSE 9200
 ENTRYPOINT ["/entrypoint.sh"]
 # Dummy overridable parameter parsed by entrypoint
-CMD ["opensearch"]
+CMD ["opensearchwrapper"]
--- a/build-docker-images/wazuh-indexer/config/check_repository.sh
+++ b/build-docker-images/wazuh-indexer/config/check_repository.sh
@@ -0,0 +1,15 @@
 ## variables
 APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
 GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
 REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
 WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
 ## check tag to use the correct repository
 if [[ -n "${WAZUH_TAG}" ]]; then
  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/5.x/yum/\nprotect=1"
 fi
 rpm --import "${APT_KEY}"
 echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo
--- a/build-docker-images/wazuh-indexer/config/config.sh
+++ b/build-docker-images/wazuh-indexer/config/config.sh
@@ -3,6 +3,7 @@
 export DH_OPTIONS
 export NAME=wazuh-indexer
 export TARGET_DIR=${CURDIR}/debian/${NAME}
 # Package build options
 export USER=${NAME}
@@ -12,55 +13,90 @@ export LOG_DIR=/var/log/${NAME}
 export LIB_DIR=/var/lib/${NAME}
 export PID_DIR=/run/${NAME}
 export INSTALLATION_DIR=/usr/share/${NAME}
-export CONFIG_DIR=${INSTALLATION_DIR}/config
+export CONFIG_DIR=${INSTALLATION_DIR}
 export BASE_DIR=${NAME}-*
 export INDEXER_FILE=wazuh-indexer-base.tar.xz
 export BASE_FILE=wazuh-indexer-base-${VERSION}-linux-x64.tar.xz
 export REPO_DIR=/unattended_installer
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
 PACKAGES_URL=https://packages.wazuh.com/6.0/
 PACKAGES_DEV_URL=https://packages-dev.wazuh.com/6.0/
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
 CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
 ## If cert tool exists in some bucket, download it, if not exit 1
 if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL
  echo "Cert tool exists in Packages bucket"
 elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then
  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL
  echo "Cert tool exists in Packages-dev bucket"
 else
  echo "Cert tool does not exist in any bucket"
  exit 1
 fi
-##############################################################################
+## Check if the password tool exists in S3 buckets
-# Downloading Cert Gen Tool
+PASSWORD_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$PASSWORD_TOOL | grep -E "^HTTP" | awk  '{print $2}')
-##############################################################################
+PASSWORD_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$PASSWORD_TOOL | grep -E "^HTTP" | awk  '{print $2}')
 # Variables for certificate generation
 CERT_TOOL="wazuh-certs-tool.sh"
 CERT_CONFIG_FILE="config.yml"
 download_package() {
    local url=$1
    local package=$2
    if curl -fsL "$url" -o "$package"; then
        echo "Downloaded $package"
        return 0
    else
        echo "Error downloading $package from $url"
        return 1
    fi
 }
 # Download the tool to create the certificates
 echo "Downloading the tool to create the certificates..."
 download_package "$wazuh_cert_tool" $CERT_TOOL
 # Download the config file for the certificate tool
 echo "Downloading the config file for the certificate tool..."
 download_package "$wazuh_config_yml" $CERT_CONFIG_FILE
-# Modify the config file to set the IP to localhost
+## If password tool exists in some bucket, download it, if not exit 1
-sed -i 's/  ip:.*/  ip: "127.0.0.1"/' $CERT_CONFIG_FILE
+if [ "$PASSWORD_TOOL_PACKAGES" = "200" ]; then
  curl -o $PASSWORD_TOOL $PACKAGES_URL$PASSWORD_TOOL
  echo "Password tool exists in Packages bucket"
 elif [ "$PASSWORD_TOOL_PACKAGES_DEV" = "200" ]; then
  curl -o $PASSWORD_TOOL $PACKAGES_DEV_URL$PASSWORD_TOOL
  echo "Password tool exists in Packages-dev bucket"
 else
  echo "Password tool does not exist in any bucket"
  exit 1
 fi
-chmod 700 "$CERT_CONFIG_FILE"
+chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
 # Create the certificates
 chmod 755 "$CERT_TOOL" && bash "$CERT_TOOL" -A
-# Copy Wazuh indexer's certificates and config files to $CONFIG_DIR
+# copy to target
-mkdir -p ${CONFIG_DIR}/certs
+mkdir -p ${TARGET_DIR}${INSTALLATION_DIR}
-mv /etc/wazuh-indexer/* ${CONFIG_DIR}/
+mkdir -p ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /wazuh-certificates/node-1.pem ${CONFIG_DIR}/certs/indexer.pem
+mkdir -p ${TARGET_DIR}${CONFIG_DIR}
-cp -pr /wazuh-certificates/node-1-key.pem ${CONFIG_DIR}/certs/indexer-key.pem
+mkdir -p ${TARGET_DIR}${LIB_DIR}
-cp -pr /wazuh-certificates/root-ca.key ${CONFIG_DIR}/certs/root-ca.key
+mkdir -p ${TARGET_DIR}${LOG_DIR}
-cp -pr /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
+mkdir -p ${TARGET_DIR}/etc/init.d
-cp -pr /wazuh-certificates/admin.pem ${CONFIG_DIR}/certs/admin.pem
+mkdir -p ${TARGET_DIR}/etc/default
-cp -pr /wazuh-certificates/admin-key.pem ${CONFIG_DIR}/certs/admin-key.pem
+mkdir -p ${TARGET_DIR}/usr/lib/tmpfiles.d
-
+mkdir -p ${TARGET_DIR}/usr/lib/sysctl.d
-# Modify opensearch.yml config paths
+mkdir -p ${TARGET_DIR}/usr/lib/systemd/system
-sed -i "s|/etc/wazuh-indexer|${CONFIG_DIR}|g" ${CONFIG_DIR}/opensearch.yml
+mkdir -p ${TARGET_DIR}${CONFIG_DIR}/certs
 # Copy Wazuh's config files for the security plugin
 cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
 # Copy Wazuh indexer's certificates
 cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem
 cp -pr /wazuh-certificates/demo.indexer-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer-key.pem
 cp -pr /wazuh-certificates/root-ca.key ${TARGET_DIR}${CONFIG_DIR}/certs/root-ca.key
 cp -pr /wazuh-certificates/root-ca.pem ${TARGET_DIR}${CONFIG_DIR}/certs/root-ca.pem
 cp -pr /wazuh-certificates/admin.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin.pem
 cp -pr /wazuh-certificates/admin-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin-key.pem
 # Delete xms and xmx parameters in jvm.options
 sed '/-Xms/d' -i /etc/wazuh-indexer/jvm.options
 sed '/-Xmx/d' -i /etc/wazuh-indexer/jvm.options
 sed -i 's/-Djava.security.policy=file:\/\/\/etc\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/-Djava.security.policy=file:\/\/\/usr\/share\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/g' /etc/wazuh-indexer/jvm.options
-chown -R ${USER}:${GROUP} ${CONFIG_DIR}
+
-chmod -R 500 ${CONFIG_DIR}/certs
+chmod -R 500 ${TARGET_DIR}${CONFIG_DIR}/certs
-chmod -R 400 ${CONFIG_DIR}/certs/*
+chmod -R 400 ${TARGET_DIR}${CONFIG_DIR}/certs/*
 find ${TARGET_DIR} -type d -exec chmod 750 {} \;
 find ${TARGET_DIR} -type f -perm 644 -exec chmod 640 {} \;
 find ${TARGET_DIR} -type f -perm 664 -exec chmod 660 {} \;
 find ${TARGET_DIR} -type f -perm 755 -exec chmod 750 {} \;
 find ${TARGET_DIR} -type f -perm 744 -exec chmod 740 {} \;
--- a/build-docker-images/wazuh-indexer/config/config.yml
+++ b/build-docker-images/wazuh-indexer/config/config.yml
@@ -0,0 +1,5 @@
 nodes:
  # Wazuh indexer server nodes
  indexer:
    - name: demo.indexer
      ip: demo.indexer
--- a/build-docker-images/wazuh-indexer/config/entrypoint.sh
+++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh
@@ -1,109 +1,378 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 set -e
-# Copyright OpenSearch Contributors
+umask 0002
 # SPDX-License-Identifier: Apache-2.0
-# This script specify the entrypoint startup actions for opensearch
+export USER=wazuh-indexer
-# It will start both opensearch and performance analyzer plugin cli
+export INSTALLATION_DIR=/usr/share/wazuh-indexer
-# If either process failed, the entire docker container will be removed
+export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}
-# in favor of a newly started container
+export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
 export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem"
 export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem"
-# Export OpenSearch Home
+opensearch_vars=(
-export OPENSEARCH_HOME=/usr/share/wazuh-indexer
+    cluster.name
-export OPENSEARCH_PATH_CONF=$OPENSEARCH_HOME/config
+    node.name
-export CONFIG_FILE=${OPENSEARCH_PATH_CONF}/opensearch.yml
+    node.roles
-export PATH=$OPENSEARCH_HOME/bin:$PATH
+    path.data
    path.logs
    bootstrap.memory_lock
    network.host
    http.port
    transport.port
    network.bind_host
    network.publish_host
    transport.tcp.port
    compatibility.override_main_response_version
    http.host
    http.bind_host
    http.publish_host
    http.compression
    transport.host
    transport.bind_host
    transport.publish_host
    discovery.seed_hosts
    discovery.seed_providers
    discovery.type
    cluster.initial_cluster_manager_nodes
    cluster.initial_master_nodes
    node.max_local_storage_nodes
    gateway.recover_after_nodes
    gateway.recover_after_data_nodes
    gateway.expected_data_nodes
    gateway.recover_after_time
    plugins.security.nodes_dn
    plugins.security.nodes_dn_dynamic_config_enabled
    plugins.security.authcz.admin_dn
    plugins.security.roles_mapping_resolution
    plugins.security.dls.mode
    plugins.security.compliance.salt
    config.dynamic.http.anonymous_auth_enabled
    plugins.security.restapi.roles_enabled
    plugins.security.restapi.password_validation_regex
    plugins.security.restapi.password_validation_error_message
    plugins.security.restapi.password_min_length
    plugins.security.restapi.password_score_based_validation_strength
    plugins.security.unsupported.restapi.allow_securityconfig_modification
    plugins.security.authcz.impersonation_dn
    plugins.security.authcz.rest_impersonation_user
    plugins.security.allow_default_init_securityindex
    plugins.security.allow_unsafe_democertificates
    plugins.security.system_indices.permission.enabled
    plugins.security.config_index_name
    plugins.security.cert.oid
    plugins.security.cert.intercluster_request_evaluator_class
    plugins.security.enable_snapshot_restore_privilege
    plugins.security.check_snapshot_restore_write_privileges
    plugins.security.cache.ttl_minutes
    plugins.security.protected_indices.enabled
    plugins.security.protected_indices.roles
    plugins.security.protected_indices.indices
    plugins.security.system_indices.enabled
    plugins.security.system_indices.indices
    plugins.security.audit.enable_rest
    plugins.security.audit.enable_transport
    plugins.security.audit.resolve_bulk_requests
    plugins.security.audit.config.disabled_categories
    plugins.security.audit.ignore_requests
    plugins.security.audit.threadpool.size
    plugins.security.audit.threadpool.max_queue_len
    plugins.security.audit.ignore_users
    plugins.security.audit.type
    plugins.security.audit.config.http_endpoints
    plugins.security.audit.config.index
    plugins.security.audit.config.type
    plugins.security.audit.config.username
    plugins.security.audit.config.password
    plugins.security.audit.config.enable_ssl
    plugins.security.audit.config.verify_hostnames
    plugins.security.audit.config.enable_ssl_client_auth
    plugins.security.audit.config.cert_alias
    plugins.security.audit.config.pemkey_filepath
    plugins.security.audit.config.pemkey_content
    plugins.security.audit.config.pemkey_password
    plugins.security.audit.config.pemcert_filepath
    plugins.security.audit.config.pemcert_content
    plugins.security.audit.config.pemtrustedcas_filepath
    plugins.security.audit.config.pemtrustedcas_content
    plugins.security.audit.config.webhook.url
    plugins.security.audit.config.webhook.format
    plugins.security.audit.config.webhook.ssl.verify
    plugins.security.audit.config.webhook.ssl.pemtrustedcas_filepath
    plugins.security.audit.config.webhook.ssl.pemtrustedcas_content
    plugins.security.audit.config.log4j.logger_name
    plugins.security.audit.config.log4j.level
    opendistro_security.audit.config.disabled_rest_categories
    opendistro_security.audit.config.disabled_transport_categories
    plugins.security.ssl.transport.enforce_hostname_verification
    plugins.security.ssl.transport.resolve_hostname
    plugins.security.ssl.http.clientauth_mode
    plugins.security.ssl.http.enabled_ciphers
    plugins.security.ssl.http.enabled_protocols
    plugins.security.ssl.transport.enabled_ciphers
    plugins.security.ssl.transport.enabled_protocols
    plugins.security.ssl.transport.keystore_type
    plugins.security.ssl.transport.keystore_filepath
    plugins.security.ssl.transport.keystore_alias
    plugins.security.ssl.transport.keystore_password
    plugins.security.ssl.transport.truststore_type
    plugins.security.ssl.transport.truststore_filepath
    plugins.security.ssl.transport.truststore_alias
    plugins.security.ssl.transport.truststore_password
    plugins.security.ssl.http.enabled
    plugins.security.ssl.http.keystore_type
    plugins.security.ssl.http.keystore_filepath
    plugins.security.ssl.http.keystore_alias
    plugins.security.ssl.http.keystore_password
    plugins.security.ssl.http.truststore_type
    plugins.security.ssl.http.truststore_filepath
    plugins.security.ssl.http.truststore_alias
    plugins.security.ssl.http.truststore_password
    plugins.security.ssl.transport.enable_openssl_if_available
    plugins.security.ssl.http.enable_openssl_if_available
    plugins.security.ssl.transport.pemkey_filepath
    plugins.security.ssl.transport.pemkey_password
    plugins.security.ssl.transport.pemcert_filepath
    plugins.security.ssl.transport.pemtrustedcas_filepath
    plugins.security.ssl.http.pemkey_filepath
    plugins.security.ssl.http.pemkey_password
    plugins.security.ssl.http.pemcert_filepath
    plugins.security.ssl.http.pemtrustedcas_filepath
    plugins.security.ssl.transport.enabled
    plugins.security.ssl.transport.client.pemkey_password
    plugins.security.ssl.transport.keystore_keypassword
    plugins.security.ssl.transport.server.keystore_keypassword
    plugins.sercurity.ssl.transport.server.keystore_alias
    plugins.sercurity.ssl.transport.client.keystore_alias
    plugins.sercurity.ssl.transport.server.truststore_alias
    plugins.sercurity.ssl.transport.client.truststore_alias
    plugins.security.ssl.client.external_context_id
    plugins.secuirty.ssl.transport.principal_extractor_class
    plugins.security.ssl.http.crl.file_path
    plugins.security.ssl.http.crl.validate
    plugins.security.ssl.http.crl.prefer_crlfile_over_ocsp
    plugins.security.ssl.http.crl.check_only_end_entitites
    plugins.security.ssl.http.crl.disable_ocsp
    plugins.security.ssl.http.crl.disable_crldp
    plugins.security.ssl.allow_client_initiated_renegotiation
    indices.breaker.total.use_real_memory
    indices.breaker.total.limit
    indices.breaker.fielddata.limit
    indices.breaker.fielddata.overhead
    indices.breaker.request.limit
    indices.breaker.request.overhead
    network.breaker.inflight_requests.limit
    network.breaker.inflight_requests.overhead
    cluster.routing.allocation.enable
    cluster.routing.allocation.node_concurrent_incoming_recoveries
    cluster.routing.allocation.node_concurrent_outgoing_recoveries
    cluster.routing.allocation.node_concurrent_recoveries
    cluster.routing.allocation.node_initial_primaries_recoveries
    cluster.routing.allocation.same_shard.host
    cluster.routing.rebalance.enable
    cluster.routing.allocation.allow_rebalance
    cluster.routing.allocation.cluster_concurrent_rebalance
    cluster.routing.allocation.balance.shard
    cluster.routing.allocation.balance.index
    cluster.routing.allocation.balance.threshold
    cluster.routing.allocation.balance.prefer_primary
    cluster.routing.allocation.disk.threshold_enabled
    cluster.routing.allocation.disk.watermark.low
    cluster.routing.allocation.disk.watermark.high
    cluster.routing.allocation.disk.watermark.flood_stage
    cluster.info.update.interval
    cluster.routing.allocation.shard_movement_strategy
    cluster.blocks.read_only
    cluster.blocks.read_only_allow_delete
    cluster.max_shards_per_node
    cluster.persistent_tasks.allocation.enable
    cluster.persistent_tasks.allocation.recheck_interval
    cluster.search.request.slowlog.threshold.warn
    cluster.search.request.slowlog.threshold.info
    cluster.search.request.slowlog.threshold.debug
    cluster.search.request.slowlog.threshold.trace
    cluster.search.request.slowlog.level
    cluster.fault_detection.leader_check.timeout
    cluster.fault_detection.follower_check.timeout
    action.auto_create_index
    action.destructive_requires_name
    cluster.default.index.refresh_interval
    cluster.minimum.index.refresh_interval
    cluster.indices.close.enable
    indices.recovery.max_bytes_per_sec
    indices.recovery.max_concurrent_file_chunks
    indices.recovery.max_concurrent_operations
    indices.recovery.max_concurrent_remote_store_streams
    indices.time_series_index.default_index_merge_policy
    indices.fielddata.cache.size
    index.number_of_shards
    index.number_of_routing_shards
    index.shard.check_on_startup
    index.codec
    index.codec.compression_level
    index.routing_partition_size
    index.soft_deletes.retention_lease.period
    index.load_fixed_bitset_filters_eagerly
    index.hidden
    index.merge.policy
    index.merge_on_flush.enabled
    index.merge_on_flush.max_full_flush_merge_wait_time
    index.merge_on_flush.policy
    index.check_pending_flush.enabled
    index.number_of_replicas
    index.auto_expand_replicas
    index.search.idle.after
    index.refresh_interval
    index.max_result_window
    index.max_inner_result_window
    index.max_rescore_window
    index.max_docvalue_fields_search
    index.max_script_fields
    index.max_ngram_diff
    index.max_shingle_diff
    index.max_refresh_listeners
    index.analyze.max_token_count
    index.highlight.max_analyzed_offset
    index.max_terms_count
    index.max_regex_length
    index.query.default_field
    index.query.max_nested_depth
    index.routing.allocation.enable
    index.routing.rebalance.enable
    index.gc_deletes
    index.default_pipeline
    index.final_pipeline
    index.optimize_doc_id_lookup.fuzzy_set.enabled
    index.optimize_doc_id_lookup.fuzzy_set.false_positive_probability
    search.max_buckets
    search.phase_took_enabled
    search.allow_expensive_queries
    search.default_allow_partial_results
    search.cancel_after_time_interval
    search.default_search_timeout
    search.default_keep_alive
    search.keep_alive_interval
    search.max_keep_alive
    search.low_level_cancellation
    search.max_open_scroll_context
    search.request_stats_enabled
    search.highlight.term_vector_multi_value
    snapshot.max_concurrent_operations
    cluster.remote_store.translog.buffer_interval
    remote_store.moving_average_window_size
    opensearch.notifications.core.allowed_config_types
    opensearch.notifications.core.email.minimum_header_length
    opensearch.notifications.core.email.size_limit
    opensearch.notifications.core.http.connection_timeout
    opensearch.notifications.core.http.host_deny_list
    opensearch.notifications.core.http.max_connection_per_route
    opensearch.notifications.core.http.max_connections
    opensearch.notifications.core.http.socket_timeout
    opensearch.notifications.core.tooltip_support
    opensearch.notifications.general.filter_by_backend_roles
 )
 run_as_other_user_if_needed() {
  if [[ "$(id -u)" == "0" ]]; then
    # If running as root, drop to specified UID and run command
    exec chroot --userspec=1000:0 / "${@}"
  else
    # Either we are running in Openshift with random uid and are a member of the root group
    # or with a custom --user
    exec "${@}"
  fi
 }
-# The virtual file /proc/self/cgroup should list the current cgroup
+function buildOpensearchConfig {
-# membership. For each hierarchy, you can follow the cgroup path from
+    echo "" >> $OPENSEARCH_PATH_CONF/opensearch.yml
-# this file to the cgroup filesystem (usually /sys/fs/cgroup/) and
+      for opensearch_var in ${opensearch_vars[*]}; do
-# introspect the statistics for the cgroup for the given
+        env_var=$(echo ${opensearch_var^^} | tr . _)
-# hierarchy. Alas, Docker breaks this by mounting the container
+        value=${!env_var}
-# statistics at the root while leaving the cgroup paths as the actual
+        if [[ -n $value ]]; then
-# paths. Therefore, OpenSearch provides a mechanism to override
+          if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then
-# reading the cgroup path from /proc/self/cgroup and instead uses the
+            lineNum="$(grep -n "$opensearch_var" $OPENSEARCH_PATH_CONF/opensearch.yml | head -n 1 | cut -d: -f1)"
-# cgroup path defined the JVM system property
+            sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml
-# opensearch.cgroups.hierarchy.override. Therefore, we set this value here so
+            charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1)
-# that cgroup statistics are available for the container this process
+          fi
-# will run in.
+          while :
-export OPENSEARCH_JAVA_OPTS="-Dopensearch.cgroups.hierarchy.override=/ $OPENSEARCH_JAVA_OPTS"
+          do
-
+            case "$charline" in
-# Start up the opensearch and performance analyzer agent processes.
+              "-"| "#" |" ") sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml;;
-# When either of them halts, this script exits, or we receive a SIGTERM or SIGINT signal then we want to kill both these processes.
+              *) break;;
-function runOpensearch {
+            esac
-    # Files created by OpenSearch should always be group writable too
+            charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1)
-    umask 0002
+          done
-
+          longoptfile="${opensearch_var}: ${value}"
-    if [[ "$(id -u)" == "0" ]]; then
+          if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then
-        echo "Wazuh indexer cannot run as root. Please start your container as another user."
+            sed -i "/${opensearch_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_PATH_CONF/opensearch.yml
-        exit 1
+          else
-    fi
+            echo $longoptfile >> $OPENSEARCH_PATH_CONF/opensearch.yml
-
+          fi
    # Parse Docker env vars to customize Wazuh indexer / OpenSearch configuration
    #
    # e.g. Setting the env var cluster.name=testcluster
    # will cause Wazuh indexer to be invoked with -Ecluster.name=testcluster
    opensearch_opts=()
    while IFS='=' read -r envvar_key envvar_value
    do
        # OpenSearch settings need to have at least two dot separated lowercase
        # words, e.g. `cluster.name`, except for `processors` which we handle
        # specially
        if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ || "$envvar_key" == "processors" ]]; then
            if [[ ! -z $envvar_value ]]; then
            opensearch_opt="-E${envvar_key}=${envvar_value}"
            opensearch_opts+=("${opensearch_opt}")
            fi
        fi
-    done < <(env)
+      done
    # Start opensearch
    exec "$@" "${opensearch_opts[@]}"
 }
-function configureOpensearch {
+buildOpensearchConfig
 # Update opensearch.yml with NODES_DN if set
 if [ -n "$NODES_DN" ]; then
-  CLEAN_NODES_DN=$(echo "$NODES_DN" | sed 's/^["'\'']//; s/["'\'']$//; s/""/"/g')
+# Allow user specify custom CMD, maybe bin/opensearch itself
-  NODES_DN_YAML=$(echo $CLEAN_NODES_DN | tr ';' '\n' | sed 's/^/- "/; s/$/"/')
+# for example to directly specify `-E` style parameters for opensearch on k8s
-
+# or simply to run /bin/bash to check the image
-  awk '
+if [[ "$1" != "opensearchwrapper" ]]; then
-    /^plugins\.security\.nodes_dn:/ {in_block=1; print; next}
+  if [[ "$(id -u)" == "0" && $(basename "$1") == "opensearch" ]]; then
-    in_block && /^[^#[:space:]-]/ {in_block=0}
+    # Rewrite CMD args to replace $1 with `opensearch` explicitly,
-    !in_block || /^plugins\.security\.nodes_dn:/ {next}
+    # Without this, user could specify `opensearch -E x.y=z` but
-    {print}
+    # `bin/opensearch -E x.y=z` would not work.
-  ' "$CONFIG_FILE" > "${CONFIG_FILE}.tmp"
+    set -- "opensearch" "${@:2}"
-
+    # Use chroot to switch to UID 1000 / GID 0
-  awk -v repl="$NODES_DN_YAML" '
+    exec chroot --userspec=1000:0 / "$@"
-    /^plugins\.security\.nodes_dn:/ {
+  else
-      print "plugins.security.nodes_dn:";
+    # User probably wants to run something else, like /bin/bash, with another uid forced (Openshift?)
      print repl;
      skip=1; next
    }
    skip && /^[^#[:space:]-]/ {skip=0}
    !skip
  ' "${CONFIG_FILE}" > "${CONFIG_FILE}.new"
  mv "${CONFIG_FILE}.new" "$CONFIG_FILE"
  rm -f "${CONFIG_FILE}.tmp"
 fi
 }
 # Prepend "opensearch" command if no argument was provided or if the first
 # argument looks like a flag (i.e. starts with a dash).
 configureOpensearch
 if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
    set -- opensearch "$@"
 fi
 if [ "$1" = "opensearch" ]; then
    # If the first argument is opensearch, then run the setup script.
    runOpensearch "$@"
 else
    # Otherwise, just exec the command.
    exec "$@"
  fi
 fi
 # Allow environment variables to be set by creating a file with the
 # contents, and setting an environment variable with the suffix _FILE to
 # point to it. This can be used to provide secrets to a container, without
 # the values being specified explicitly when running the container.
 #
 # This is also sourced in opensearch-env, and is only needed here
 # as well because we use INDEXER_PASSWORD below. Sourcing this script
 # is idempotent.
 source /usr/share/wazuh-indexer/bin/opensearch-env-from-file
 if [[ -f bin/opensearch-users ]]; then
  # Check for the INDEXER_PASSWORD environment variable to set the
  # bootstrap password for Security.
  #
  # This is only required for the first node in a cluster with Security
  # enabled, but we have no way of knowing which node we are yet. We'll just
  # honor the variable if it's present.
  if [[ -n "$INDEXER_PASSWORD" ]]; then
    [[ -f /usr/share/wazuh-indexer/opensearch.keystore ]] || (run_as_other_user_if_needed opensearch-keystore create)
    if ! (run_as_other_user_if_needed opensearch-keystore has-passwd --silent) ; then
      # keystore is unencrypted
      if ! (run_as_other_user_if_needed opensearch-keystore list | grep -q '^bootstrap.password$'); then
        (run_as_other_user_if_needed echo "$INDEXER_PASSWORD" | opensearch-keystore add -x 'bootstrap.password')
      fi
    else
      # keystore requires password
      if ! (run_as_other_user_if_needed echo "$KEYSTORE_PASSWORD" \
          | opensearch-keystore list | grep -q '^bootstrap.password$') ; then
        COMMANDS="$(printf "%s\n%s" "$KEYSTORE_PASSWORD" "$INDEXER_PASSWORD")"
        (run_as_other_user_if_needed echo "$COMMANDS" | opensearch-keystore add -x 'bootstrap.password')
      fi
    fi
  fi
 fi
 if [[ "$(id -u)" == "0" ]]; then
  # If requested and running as root, mutate the ownership of bind-mounts
  if [[ -n "$TAKE_FILE_OWNERSHIP" ]]; then
    chown -R 1000:0 /usr/share/wazuh-indexer/{data,logs}
  fi
 fi
 run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD"
--- a/build-docker-images/wazuh-manager/Dockerfile
+++ b/build-docker-images/wazuh-manager/Dockerfile
@@ -5,25 +5,27 @@ RUN rm /bin/sh && ln -s /bin/bash /bin/sh
 ARG WAZUH_VERSION
 ARG WAZUH_TAG_REVISION
 ARG FILEBEAT_TEMPLATE_BRANCH
 ARG FILEBEAT_CHANNEL=filebeat-oss
 ARG FILEBEAT_VERSION=7.10.2
 ARG WAZUH_FILEBEAT_MODULE
 ARG S6_VERSION="v2.2.0.3"
 ARG TARGETARCH
 ARG wazuh_manager_url_amd64_rpm
 ARG wazuh_manager_url_arm64_rpm
 ARG wazuh_cert_tool
 ARG wazuh_config_yml
-COPY config/config.sh .
+RUN yum install curl-minimal xz gnupg tar gzip openssl findutils procps -y &&\
    yum clean all
-RUN URL_VAR="wazuh_manager_url_${TARGETARCH}_rpm" && \
+COPY config/check_repository.sh /
-    manager_url="${!URL_VAR}" && \
+COPY config/filebeat_module.sh /
-    dnf install curl-minimal xz gnupg tar gzip openssl findutils procps -y &&\
+COPY config/permanent_data.env config/permanent_data.sh /
-    dnf clean all && \
+
-    curl -o /wazuh-manager.rpm "${manager_url}" && \
+RUN chmod 775 /check_repository.sh
-    dnf install /wazuh-manager.rpm -y && \
+RUN source /check_repository.sh
-    rm -rf /wazuh-manager.rpm && \
+
-    dnf clean all && \
+RUN yum install wazuh-manager-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
-    chmod 755 /config.sh && \
+    yum clean all && \
-    /config.sh && \
+    chmod 775 /filebeat_module.sh && \
    source /filebeat_module.sh && \
    rm /filebeat_module.sh && \
    curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
    -o /tmp/s6-overlay-amd64.tar.gz && \
    tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \
@@ -33,16 +35,24 @@ RUN URL_VAR="wazuh_manager_url_${TARGETARCH}_rpm" && \
 COPY config/etc/ /etc/
 COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py
 COPY config/filebeat.yml /etc/filebeat/
 RUN chmod go-w /etc/filebeat/filebeat.yml
 ADD https://raw.githubusercontent.com/wazuh/wazuh/$FILEBEAT_TEMPLATE_BRANCH/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
 RUN chmod go-w /etc/filebeat/wazuh-template.json
 # Prepare permanent data
 # Sync calls are due to https://github.com/docker/docker/issues/9547
 COPY config/permanent_data.env config/permanent_data.sh /
 #Make mount directories for keep permissions
 RUN mkdir -p /var/ossec/var/multigroups && \
    chown root:wazuh /var/ossec/var/multigroups && \
    chmod 770 /var/ossec/var/multigroups && \
    mkdir -p /var/ossec/agentless && \
    chown root:wazuh /var/ossec/agentless && \
    chmod 770 /var/ossec/agentless && \
    mkdir -p /var/ossec/active-response/bin && \
    chown root:wazuh /var/ossec/active-response/bin && \
    chmod 770 /var/ossec/active-response/bin && \
@@ -50,6 +60,8 @@ RUN mkdir -p /var/ossec/var/multigroups && \
    sync && /permanent_data.sh && \
    sync && rm /permanent_data.sh
 RUN rm /etc/yum.repos.d/wazuh.repo
 # Services ports
 EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp
--- a/build-docker-images/wazuh-manager/config/check_repository.sh
+++ b/build-docker-images/wazuh-manager/config/check_repository.sh
@@ -0,0 +1,15 @@
 ## variables
 APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
 GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
 REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
 WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
 ## check tag to use the correct repository
 if [[ -n "${WAZUH_TAG}" ]]; then
  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/5.x/yum/\nprotect=1"
 fi
 rpm --import "${APT_KEY}"
 echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo
--- a/build-docker-images/wazuh-manager/config/config.sh
+++ b/build-docker-images/wazuh-manager/config/config.sh
@@ -1,40 +0,0 @@
 ##############################################################################
 # Downloading Cert Gen Tool
 ##############################################################################
 # Variables for certificate generation
 CERT_TOOL="wazuh-certs-tool.sh"
 CERT_CONFIG_FILE="config.yml"
 CERT_DIR=/etc/filebeat/certs
 download_package() {
    local url=$1
    local package=$2
    if curl -fsL "$url" -o "$package"; then
        echo "Downloaded $package"
        return 0
    else
        echo "Error downloading $package from $url"
        return 1
    fi
 }
 mkdir -p $CERT_DIR
 # Download the tool to create the certificates
 echo "Downloading the tool to create the certificates..."
 download_package "$wazuh_cert_tool" $CERT_TOOL
 # Download the config file for the certificate tool
 echo "Downloading the config file for the certificate tool..."
 download_package "$wazuh_config_yml" $CERT_CONFIG_FILE
 # Modify the config file to set the IP to localhost
 sed -i 's/  ip:.*/  ip: "127.0.0.1"/' $CERT_CONFIG_FILE
 chmod 700 "$CERT_CONFIG_FILE"
 # Create the certificates
 chmod 755 "$CERT_TOOL" && bash "$CERT_TOOL" -A
 # Copy Wazuh manager certs
 cp -pr /wazuh-certificates/wazuh-1.pem ${CERT_DIR}/wazuh-1.pem
 cp -pr /wazuh-certificates/wazuh-1-key.pem ${CERT_DIR}/wazuh-1-key.pem
 cp -pr /wazuh-certificates/root-ca.key ${CERT_DIR}/root-ca.key
 cp -pr /wazuh-certificates/root-ca.pem ${CERT_DIR}/root-ca.pem
 cp -pr /wazuh-certificates/admin.pem ${CERT_DIR}/admin.pem
 cp -pr /wazuh-certificates/admin-key.pem ${CERT_DIR}/admin-key.pem
--- a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
+++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
@@ -152,91 +152,27 @@ set_custom_hostname() {
  sed -i 's/<node_name>to_be_replaced_by_hostname<\/node_name>/<node_name>'"${HOSTNAME}"'<\/node_name>/g' ${WAZUH_INSTALL_PATH}/etc/ossec.conf
 }
-function_configure_ossec_conf() {
+##############################################################################
-OSSEC_CONF="${WAZUH_INSTALL_PATH}/etc/ossec.conf"
+# Allow users to set the container cluster key dynamically on
 # container start.
 #
 # To use this:
 # 1. Create your own ossec.conf file
 # 2. In your ossec.conf file, set to_be_replaced_by_cluster_key as your key
 # 3. Mount your custom ossec.conf file at $WAZUH_CONFIG_MOUNT/etc/ossec.conf
 ##############################################################################
-# --------------------------
+set_custom_cluster_key() {
-# Defaults based on OSSEC_CONF
+  sed -i 's/<key>to_be_replaced_by_cluster_key<\/key>/<key>'"${WAZUH_CLUSTER_KEY}"'<\/key>/g' ${WAZUH_INSTALL_PATH}/etc/ossec.conf
 # --------------------------
 if [[ -z "$WAZUH_CLUSTER_KEY" ]]; then
    WAZUH_CLUSTER_KEY=$(sed -n '/<cluster>/,/<\/cluster>/s/.*<key>\(.*\)<\/key>.*/\1/p' "$OSSEC_CONF" | head -n1)
 fi
 # Node type logic
 if [[ "$WAZUH_NODE_TYPE" != "worker" ]]; then
    WAZUH_NODE_TYPE="master"
 fi
 # Default node name → HOSTNAME if not defined
 WAZUH_NODE_NAME="${WAZUH_NODE_NAME:-$HOSTNAME}"
 # --------------------------
 # Replace Indexer Hosts
 # --------------------------
 if [[ -n "$WAZUH_INDEXER_HOSTS" ]]; then
    TMP_HOSTS=$(mktemp)
    {
        echo "    <hosts>"
        for NODE in $WAZUH_INDEXER_HOSTS; do
            IP="${NODE%:*}"
            PORT="${NODE#*:}"
            echo "      <host>https://$IP:$PORT</host>"
        done
        echo "    </hosts>"
    } > "$TMP_HOSTS";
    sed -i -e '/<indexer>/,/<\/indexer>/{ /<hosts>/,/<\/hosts>/{ /<hosts>/r '"$TMP_HOSTS" \
            -e 'd }}' "$OSSEC_CONF";
    rm -f "$TMP_HOSTS";
 fi
 # --------------------------
 # Cluster: node_name
 # --------------------------
 sed -i "/<cluster>/,/<\/cluster>/ s|<node_name>.*</node_name>|<node_name>$WAZUH_NODE_NAME</node_name>|" "$OSSEC_CONF"
 # --------------------------
 # Cluster: node_type
 # --------------------------
 sed -i "/<cluster>/,/<\/cluster>/ s|<node_type>.*</node_type>|<node_type>$WAZUH_NODE_TYPE</node_type>|" "$OSSEC_CONF"
 # --------------------------
 # Cluster: key
 # --------------------------
 sed -i "/<cluster>/,/<\/cluster>/ s|<key>.*</key>|<key>$WAZUH_CLUSTER_KEY</key>|" "$OSSEC_CONF"
 # --------------------------
 # Cluster: bind_addr
 # --------------------------
 sed -i "/<cluster>/,/<\/cluster>/ s|<bind_addr>.*</bind_addr>|<bind_addr>$WAZUH_CLUSTER_BIND_ADDR</bind_addr>|" "$OSSEC_CONF"
 # --------------------------
 # Cluster: nodes list
 # --------------------------
 if [[ -n "$WAZUH_CLUSTER_NODES" ]]; then
    TMP_NODES=$(mktemp)
    {
        echo "    <nodes>"
        for N in $WAZUH_CLUSTER_NODES; do
            echo "        <node>$N</node>"
        done
        echo "    </nodes>"
    } > "$TMP_NODES";
    sed -i -e '/<cluster>/,/<\/cluster>/{ /<nodes>/,/<\/nodes>/{ /<nodes>/r '"$TMP_NODES" \
            -e 'd }}' "$OSSEC_CONF";
    rm -f "$TMP_NODES";
 fi
 echo "Wazuh manager config modified successfully."
 }
 ##############################################################################
-# Set correct ownership for Wazuh related directories
+# Modify /var/ossec/queue/rids directory owner on
-# on container start.
+# container start.
 ##############################################################################
-configure_permissions() {
+set_rids_owner() {
  chown -R wazuh:wazuh /var/ossec/queue/rids
  chown -R wazuh:wazuh /var/ossec/etc/lists
 }
 ##############################################################################
@@ -284,14 +220,14 @@ main() {
  # Allow setting custom hostname
  set_custom_hostname
-  # Configure ossec.conf based on environment variables
+  # Allow setting custom cluster key
-  function_configure_ossec_conf
+  set_custom_cluster_key
  # Delete temporary data folder
  rm -rf ${WAZUH_INSTALL_PATH}/data_tmp
-  # Set correct ownership for Wazuh related directories
+  # Set rids directory owner
-  configure_permissions
+  set_rids_owner
 }
 main
--- a/build-docker-images/wazuh-manager/config/etc/cont-init.d/1-config-filebeat
+++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/1-config-filebeat
@@ -0,0 +1,51 @@
 #!/usr/bin/with-contenv bash
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 set -e
 if [ "$INDEXER_URL" != "" ]; then
  >&2 echo "Customize Elasticsearch output IP"
  sed -i "s|hosts:.*|hosts: ['$INDEXER_URL']|g" /etc/filebeat/filebeat.yml
 fi
 # Configure filebeat.yml security settings
 if [ "$INDEXER_USERNAME" != "" ]; then
  >&2 echo "Configuring username."
  sed -i "s|#username:.*|username:|g" /etc/filebeat/filebeat.yml
  sed -i "s|username:.*|username: '$INDEXER_USERNAME'|g" /etc/filebeat/filebeat.yml
 fi
 if [ "$INDEXER_PASSWORD" != "" ]; then
  >&2 echo "Configuring password."
  sed -i "s|#password:.*|password:|g" /etc/filebeat/filebeat.yml
  sed -i "s|password:.*|password: '$INDEXER_PASSWORD'|g" /etc/filebeat/filebeat.yml
 fi
 if [ "$FILEBEAT_SSL_VERIFICATION_MODE" != "" ]; then
  >&2 echo "Configuring SSL verification mode."
  sed -i "s|#ssl.verification_mode:.*|ssl.verification_mode:|g" /etc/filebeat/filebeat.yml
  sed -i "s|ssl.verification_mode:.*|ssl.verification_mode: '$FILEBEAT_SSL_VERIFICATION_MODE'|g" /etc/filebeat/filebeat.yml
 fi
 if [ "$SSL_CERTIFICATE_AUTHORITIES" != "" ]; then
  >&2 echo "Configuring Certificate Authorities."
  sed -i "s|#ssl.certificate_authorities:.*|ssl.certificate_authorities:|g" /etc/filebeat/filebeat.yml
  sed -i "s|ssl.certificate_authorities:.*|ssl.certificate_authorities: ['$SSL_CERTIFICATE_AUTHORITIES']|g" /etc/filebeat/filebeat.yml
 fi
 if [ "$SSL_CERTIFICATE" != "" ]; then
  >&2 echo "Configuring SSL Certificate."
  sed -i "s|#ssl.certificate:.*|ssl.certificate:|g" /etc/filebeat/filebeat.yml
  sed -i "s|ssl.certificate:.*|ssl.certificate: '$SSL_CERTIFICATE'|g" /etc/filebeat/filebeat.yml
 fi
 if [ "$SSL_KEY" != "" ]; then
  >&2 echo "Configuring SSL Key."
  sed -i "s|#ssl.key:.*|ssl.key:|g" /etc/filebeat/filebeat.yml
  sed -i "s|ssl.key:.*|ssl.key: '$SSL_KEY'|g" /etc/filebeat/filebeat.yml
 fi
 chmod go-w /etc/filebeat/filebeat.yml || true
 chown root: /etc/filebeat/filebeat.yml || true
--- a/build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager
+++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager
@@ -60,6 +60,12 @@ function_wazuh_migration(){
      chown wazuh:wazuh /var/ossec/etc/rules/*
      chmod 660 /var/ossec/etc/rules/*
      if [ -e /wazuh-migration/data/agentless/.passlist ]; then
        \cp -f /wazuh-migration/data/agentless/.passlist /var/ossec/agentless/.passlist
        chown root:wazuh /var/ossec/agentless/.passlist
        chmod 640 /var/ossec/agentless/.passlist
      fi
      \cp -f /wazuh-migration/global.db /var/ossec/queue/db/global.db
      chown wazuh:wazuh /var/ossec/queue/db/global.db
      chmod 640 /var/ossec/queue/db/global.db
--- a/build-docker-images/wazuh-manager/config/etc/services.d/filebeat/finish
+++ b/build-docker-images/wazuh-manager/config/etc/services.d/filebeat/finish
@@ -0,0 +1,6 @@
 #!/usr/bin/env sh
 echo >&2 "Filebeat exited. code=${1}"
 # terminate other services to exit from the container
 exec s6-svscanctl -t /var/run/s6/services
--- a/build-docker-images/wazuh-manager/config/etc/services.d/filebeat/run
+++ b/build-docker-images/wazuh-manager/config/etc/services.d/filebeat/run
@@ -0,0 +1,4 @@
 #!/usr/bin/with-contenv sh
 echo >&2 "starting Filebeat"
 exec /usr/share/filebeat/bin/filebeat -e -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat
--- a/build-docker-images/wazuh-manager/config/filebeat.yml
+++ b/build-docker-images/wazuh-manager/config/filebeat.yml
@@ -0,0 +1,31 @@
 # Wazuh - Filebeat configuration file
 filebeat.modules:
  - module: wazuh
    alerts:
      enabled: true
    archives:
      enabled: false
 setup.template.json.enabled: true
 setup.template.overwrite: true
 setup.template.json.path: '/etc/filebeat/wazuh-template.json'
 setup.template.json.name: 'wazuh'
 setup.ilm.enabled: false
 output.elasticsearch:
  hosts: ['https://wazuh.indexer:9200']
  #username:
  #password:
  #ssl.verification_mode:
  #ssl.certificate_authorities:
  #ssl.certificate:
  #ssl.key:
 logging.metrics.enabled: false
 seccomp:
  default_action: allow
  syscalls:
  - action: allow
    names:
    - rseq
--- a/build-docker-images/wazuh-manager/config/filebeat_module.sh
+++ b/build-docker-images/wazuh-manager/config/filebeat_module.sh
@@ -0,0 +1,12 @@
 ## variables
 REPOSITORY="packages-dev.wazuh.com/pre-release"
 WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
 ## check tag to use the correct repository
 if [[ -n "${WAZUH_TAG}" ]]; then
  REPOSITORY="packages.wazuh.com/5.x"
 fi
 curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm &&\
 yum install -y ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && \
 curl -s https://${REPOSITORY}/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module
--- a/build-docker-images/wazuh-manager/config/permanent_data.env
+++ b/build-docker-images/wazuh-manager/config/permanent_data.env
@@ -4,15 +4,28 @@ PERMANENT_DATA[((i++))]="/var/ossec/api/configuration"
 PERMANENT_DATA[((i++))]="/var/ossec/etc"
 PERMANENT_DATA[((i++))]="/var/ossec/logs"
 PERMANENT_DATA[((i++))]="/var/ossec/queue"
 PERMANENT_DATA[((i++))]="/var/ossec/agentless"
 PERMANENT_DATA[((i++))]="/var/ossec/var/multigroups"
 PERMANENT_DATA[((i++))]="/var/ossec/integrations"
 PERMANENT_DATA[((i++))]="/var/ossec/active-response/bin"
 PERMANENT_DATA[((i++))]="/var/ossec/wodles"
 PERMANENT_DATA[((i++))]="/etc/filebeat"
 export PERMANENT_DATA
 # Files mounted in a volume that should not be permanent
 i=0
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/internal_options.conf"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/maltiverse"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/maltiverse.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
@@ -28,6 +41,18 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-wazuh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/sshlogin.exp"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_pixconfig_diff"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_asa-fwsmconfig_diff"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_integrity_check_bsd"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/main.exp"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/su.exp"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_integrity_check_linux"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/register_host.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_generic_diff"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_foundry_diff"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_nopass.exp"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh.exp"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3.py"
@@ -72,6 +97,9 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/bucket.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/access_logs.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/lists/malicious-ioc/malicious-ip"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/lists/malicious-ioc/malicious-domains"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/lists/malicious-ioc/malware-hashes"
 export PERMANENT_DATA_EXCP
 # Files mounted in a volume that should be deleted
--- a/docs/README.md
+++ b/docs/README.md
@@ -138,7 +138,7 @@ The folder `wazuh-agent` contains a README explaining how to run a container wit
 	│   │       ├── wazuh2.indexer.yml
 	│   │       └── wazuh3.indexer.yml
 	│   ├── docker-compose.yml
-	│   ├── generate-indexer-certs.yml
+	│   ├── generate-certs.yml
 	│   ├── Migration-to-Wazuh-4.4.md
 	│   ├── README.md
 	│   └── volume-migrator.sh
@@ -157,7 +157,7 @@ The folder `wazuh-agent` contains a README explaining how to run a container wit
 	│   │   │   └── wazuh.indexer.yml
 	│   │   └── wazuh_indexer_ssl_certs  [error opening dir]
 	│   ├── docker-compose.yml
-	│   ├── generate-indexer-certs.yml
+	│   ├── generate-certs.yml
 	│   └── README.md
 	├── VERSION.json
 	└── wazuh-agent
--- a/docs/dev/build-image.md
+++ b/docs/dev/build-image.md
@@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im
 The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
 ```
-$ build-docker-images/build-images.sh -v 5.0.0
+$ build-docker-images/build-images.sh -v 6.0.0
 ```
 To get all the available script options use the -h or --help option:
@@ -23,9 +23,10 @@ $ build-docker-images/build-images.sh -h
 Usage: build-docker-images/build-images.sh [OPTIONS]
-    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc2 or beta1, not used by default.
+    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
    -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default 0.4.
    -r, --revision <rev>         [Optional] Package revision. By default 1
-    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 5.0.0.
+    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 6.0.0.
    -h, --help                   Show this help.
 ```
--- a/docs/dev/introduction.md
+++ b/docs/dev/introduction.md
@@ -1,6 +1,6 @@
 # Development Guide - Introduction
-Welcome to the Development Guide for Wazuh-docker version 5.0.0 This guide is intended for developers, contributors, and advanced users who wish to understand the development aspects of the Wazuh-Docker project, build custom Docker images, or contribute to its development.
+Welcome to the Development Guide for Wazuh-docker version 6.0.0 This guide is intended for developers, contributors, and advanced users who wish to understand the development aspects of the Wazuh-Docker project, build custom Docker images, or contribute to its development.
 ## Purpose of This Guide
--- a/docs/dev/setup.md
+++ b/docs/dev/setup.md
@@ -1,6 +1,6 @@
 # Development Guide - Setup Environment
-This section outlines the steps required to set up your local development environment for working with the Wazuh-Docker project (version 5.0.0). A proper setup is crucial for building images, running tests, and contributing effectively.
+This section outlines the steps required to set up your local development environment for working with the Wazuh-Docker project (version 6.0.0). A proper setup is crucial for building images, running tests, and contributing effectively.
 ## Prerequisites
@@ -26,12 +26,12 @@ Before you begin, ensure your system meets the following requirements:
 Follow these steps to prepare your development environment:
 1.  **Clone the Repository**:
-    Clone the `wazuh-docker` repository from GitHub. It's important to check out the specific branch you intend to work with, in this case, `5.0.0`.
+    Clone the `wazuh-docker` repository from GitHub. It's important to check out the specific branch you intend to work with, in this case, `6.0.0`.
    ```bash
    git clone [https://github.com/wazuh/wazuh-docker.git](https://github.com/wazuh/wazuh-docker.git)
    cd wazuh-docker
-    git checkout v5.0.0
+    git checkout v6.0.0
    ```
 2.  **Verify Docker Installation**:
--- a/docs/ref/Introduction/description.md
+++ b/docs/ref/Introduction/description.md
@@ -1,6 +1,6 @@
 # Reference Manual - Description
-This section provides a detailed description of Wazuh-docker (version 5.0.0), its components, and its architecture when deployed using Docker containers. Understanding these aspects is key to effectively deploying and managing your Wazuh environment.
+This section provides a detailed description of Wazuh-docker (version 6.0.0), its components, and its architecture when deployed using Docker containers. Understanding these aspects is key to effectively deploying and managing your Wazuh environment.
 ## What is Wazuh?
@@ -18,7 +18,7 @@ Wazuh-docker is a project that provides Docker images and `docker compose` confi
 ## Core Components in Wazuh-Docker
-The Wazuh-Docker project typically provides images for the following core Wazuh components, adapted for version 5.0.0:
+The Wazuh-Docker project typically provides images for the following core Wazuh components, adapted for version 6.0.0:
 1.  **Wazuh Manager**:
    -   The central component that collects and analyzes data from deployed Wazuh agents.
@@ -28,7 +28,7 @@ The Wazuh-Docker project typically provides images for the following core Wazuh
 2.  **Wazuh Indexer**:
    -   A highly scalable, full-text search and analytics engine.
    -   Based on OpenSearch (or historically Elasticsearch), it stores and indexes alerts and monitoring data generated by the Wazuh manager.
-    -   The Wazuh indexer container provides the data persistence layer for Wazuh alerts and events. For version 5.0.0, this is typically an OpenSearch-based component.
+    -   The Wazuh indexer container provides the data persistence layer for Wazuh alerts and events. For version 6.0.0, this is typically an OpenSearch-based component.
 3.  **Wazuh Dashboard**:
    -   A flexible visualization tool based on OpenSearch Dashboards (or historically Kibana).
--- a/docs/ref/Introduction/introduction.md
+++ b/docs/ref/Introduction/introduction.md
@@ -1,6 +1,6 @@
 # Reference Manual - Introduction
-Welcome to the Reference Manual for Wazuh-Docker, version 5.0.0. This manual provides comprehensive information about deploying, configuring, and managing your Wazuh environment using Docker.
+Welcome to the Reference Manual for Wazuh-Docker, version 6.0.0. This manual provides comprehensive information about deploying, configuring, and managing your Wazuh environment using Docker.
 ## Purpose of This Manual
@@ -44,4 +44,4 @@ This manual is structured to help you find information efficiently:
 -   If you need to customize your deployment, refer to the [Configuration](configuration/configuration.md) section.
 -   For specific terms or concepts, consult the [Glossary](glossary.md).
-This manual refers to version 5.0.0 of Wazuh-Docker. Ensure you are using the documentation that corresponds to your deployed version.
+This manual refers to version 6.0.0 of Wazuh-Docker. Ensure you are using the documentation that corresponds to your deployed version.
--- a/docs/ref/configuration/configuration-files.md
+++ b/docs/ref/configuration/configuration-files.md
@@ -2,7 +2,7 @@
 ### 1. Wazuh Manager Configuration
-* **`ossec.conf`**: The main configuration file for the Wazuh manager. It controls rules, decoders, agent enrollment, active responses, clustering, and more.
+* **`ossec.conf`**: The main configuration file for the Wazuh manager. It controls rules, decoders, agent enrollment, active responses, integrations, clustering, and more.
    * **Customization**: Mount a custom `ossec.conf` or specific configuration snippets (e.g., local rules in `local_rules.xml`) into the manager container at `/wazuh-mount-point/`, which will be copied to the path `/var/ossec` (e.g., the file `/var/ossec/etc/ossec.conf` must be mounted at `/wazuh-mount-point/etc/ossec.conf`) .
 ### 2. Wazuh Indexer Configuration
@@ -29,4 +29,4 @@
        ```
-Consult the official Wazuh documentation for version 5.0.0 for detailed information on all possible configuration parameters for each component.
+Consult the official Wazuh documentation for version 6.0.0 for detailed information on all possible configuration parameters for each component.
--- a/docs/ref/configuration/configuration.md
+++ b/docs/ref/configuration/configuration.md
@@ -1,6 +1,6 @@
 # Reference Manual - Configuration
-This section details how to configure your Wazuh-Docker deployment (version 5.0.0). Proper configuration is key to tailoring the Wazuh stack to your specific needs, managing data persistence, and integrating with your environment.
+This section details how to configure your Wazuh-Docker deployment (version 6.0.0). Proper configuration is key to tailoring the Wazuh stack to your specific needs, managing data persistence, and integrating with your environment.
 ## Overview of Configuration Methods
--- a/docs/ref/getting-started/deployment/deployment.md
+++ b/docs/ref/getting-started/deployment/deployment.md
@@ -1,6 +1,6 @@
 # Reference Manual - Deployment
-This section provides detailed instructions for deploying Wazuh-Docker (version 5.0.0) in various configurations. Choose the deployment model that best suits your needs, from simple single-node setups for testing to more robust multi-node configurations for production environments.
+This section provides detailed instructions for deploying Wazuh-Docker (version 6.0.0) in various configurations. Choose the deployment model that best suits your needs, from simple single-node setups for testing to more robust multi-node configurations for production environments.
 ## Overview of Deployment Options
@@ -24,11 +24,11 @@ Ensure you have:
 -   Met all the [System Requirements](ref/getting-started/requirements.md).
 -   Installed Docker and Docker Compose on your host(s).
-   Cloned the `wazuh-docker` repository (version `5.0.0`) or downloaded the necessary deployment files.
+-   Cloned the `wazuh-docker` repository (version `6.0.0`) or downloaded the necessary deployment files.
    ```bash
    git clone [https://github.com/wazuh/wazuh-docker.git](https://github.com/wazuh/wazuh-docker.git)
    cd wazuh-docker
-    git checkout v5.0.0
+    git checkout v6.0.0
    ```
 -   Made a backup of any existing Wazuh data if you are migrating or upgrading.
--- a/docs/ref/getting-started/deployment/multi-node.md
+++ b/docs/ref/getting-started/deployment/multi-node.md
@@ -17,18 +17,18 @@ This deployment utilizes the `multi-node/docker-compose.yml` file, which defines
 3.  Run the script to generate the necessary certificates for the Wazuh Stack. This ensures secure communication between the nodes:
    ```bash
-    docker compose -f generate-indexer-certs.yml run --rm generator
+    docker-compose -f generate-certs.yml run --rm generator
    ```
-4.  Start the Wazuh environment using `docker compose`:
+4.  Start the Wazuh environment using `docker-compose`:
    * To run in the foreground (logs will be displayed in your current terminal; press `Ctrl+C` to stop):
        ```bash
-        docker compose up
+        docker-compose up
        ```
    * To run in the background (detached mode, allowing the containers to run independently of your terminal):
        ```bash
-        docker compose up -d
+        docker-compose up -d
        ```
 Please allow some time for the environment to initialize, especially on the first run. A multi-node setup can take a few minutes (depending on your host resources and network) as the Wazuh Indexer cluster forms, and the necessary indexes and index patterns are generated.
--- a/docs/ref/getting-started/deployment/single-node.md
+++ b/docs/ref/getting-started/deployment/single-node.md
@@ -17,18 +17,18 @@ This deployment uses the `single-node/docker-compose.yml` file, which defines a
 3.  Run the script to generate the necessary certificates for the Wazuh Stack. This ensures secure communication between the nodes:
    ```bash
-    docker compose -f generate-indexer-certs.yml run --rm generator
+    docker-compose -f generate-certs.yml run --rm generator
    ```
-4.  Start the Wazuh environment using `docker compose`:
+4.  Start the Wazuh environment using `docker-compose`:
    * To run in the foreground (logs will be displayed in your current terminal; press `Ctrl+C` to stop):
        ```bash
-        docker compose up
+        docker-compose up
        ```
    * To run in the background (detached mode, allowing the containers to run independently of your terminal):
        ```bash
-        docker compose up -d
+        docker-compose up -d
        ```
 Please allow some time for the environment to initialize, especially on the first run. It can take approximately a minute or two (depending on your host's resources) as the Wazuh Indexer starts up and generates the necessary indexes and index patterns.
--- a/docs/ref/getting-started/deployment/wazuh-agent.md
+++ b/docs/ref/getting-started/deployment/wazuh-agent.md
@@ -23,14 +23,14 @@ Follow these steps to deploy the Wazuh agent using Docker.
    ```
    **Note:** Replace `<YOUR_WAZUH_MANAGER_IP_OR_HOSTNAME>` with the actual IP address or hostname of your Wazuh manager.
-3.  Start the environment using `docker compose`:
+3.  Start the environment using `docker-compose`:
    * To run in the foreground (logs will be displayed in your current terminal, and you can stop it with `Ctrl+C`):
        ```bash
-        docker compose up
+        docker-compose up
        ```
    * To run in the background (detached mode, allowing the container to run independently of your terminal):
        ```bash
-        docker compose up -d
+        docker-compose up -d
        ```
--- a/docs/ref/getting-started/getting-started.md
+++ b/docs/ref/getting-started/getting-started.md
@@ -1,6 +1,6 @@
 # Reference Manual - Getting Started
-This section guides you through the initial steps to get your Wazuh-docker (version 5.0.0) environment up and running. We will cover the prerequisites and point you to the deployment instructions.
+This section guides you through the initial steps to get your Wazuh-docker (version 6.0.0) environment up and running. We will cover the prerequisites and point you to the deployment instructions.
 ## Overview
@@ -27,11 +27,11 @@ Before diving into the deployment, please ensure you have reviewed:
    Verify that your host system has sufficient RAM, CPU, and disk space. Ensure Docker and Docker Compose are installed and functioning correctly.
 2.  **Obtain Wazuh-docker Configuration**:
-    You'll need the Docker Compose files and any associated configuration files from the `wazuh-docker` repository for version 5.0.0.
+    You'll need the Docker Compose files and any associated configuration files from the `wazuh-docker` repository for version 6.0.0.
    ```bash
    git clone [https://github.com/wazuh/wazuh-docker.git](https://github.com/wazuh/wazuh-docker.git)
    cd wazuh-docker
-    git checkout v5.0.0
+    git checkout v6.0.0
    # Navigate to the specific docker-compose directory, e.g., single-node or multi-node
    # cd docker-compose/single-node/ (example path)
    ```
--- a/docs/ref/getting-started/requirements.md
+++ b/docs/ref/getting-started/requirements.md
@@ -1,6 +1,6 @@
 # Reference Manual - Requirements
-Before deploying Wazuh-Docker (version 5.0.0), it's essential to ensure your environment meets the necessary hardware and software requirements. Meeting these prerequisites will help ensure a stable and performant Wazuh deployment.
+Before deploying Wazuh-Docker (version 6.0.0), it's essential to ensure your environment meets the necessary hardware and software requirements. Meeting these prerequisites will help ensure a stable and performant Wazuh deployment.
 ## Host System Requirements
--- a/docs/ref/glossary.md
+++ b/docs/ref/glossary.md
@@ -1,6 +1,6 @@
 # Reference Manual - Glossary
-This glossary defines key terms and concepts related to Wazuh, Docker, and their use together in the Wazuh-Docker project (version 5.0.0).
+This glossary defines key terms and concepts related to Wazuh, Docker, and their use together in the Wazuh-Docker project (version 6.0.0).
 ---
@@ -22,7 +22,7 @@ This glossary defines key terms and concepts related to Wazuh, Docker, and their
 **D**
-   **Dashboard (Wazuh Dashboard / OpenSearch Dashboards / Kibana)**: A web-based visualization tool used to explore, analyze, and visualize data stored in the Wazuh Indexer. It provides dashboards, visualizations, and a query interface for security events and alerts. For Wazuh 5.0.0, this is typically OpenSearch Dashboards.
+-   **Dashboard (Wazuh Dashboard / OpenSearch Dashboards / Kibana)**: A web-based visualization tool used to explore, analyze, and visualize data stored in the Wazuh Indexer. It provides dashboards, visualizations, and a query interface for security events and alerts. For Wazuh 6.0.0, this is typically OpenSearch Dashboards.
 -   **Decoder**: A component in the Wazuh Manager that parses and extracts relevant information (fields) from raw log messages or event data.
 -   **Docker**: An open platform for developing, shipping, and running applications inside containers.
 -   **Docker Compose**: A tool for defining and running multi-container Docker applications. It uses a YAML file (`docker-compose.yml`) to configure the application's services, networks, and volumes.
@@ -42,7 +42,7 @@ This glossary defines key terms and concepts related to Wazuh, Docker, and their
 **I**
-   **Indexer (Wazuh Indexer / OpenSearch / Elasticsearch)**: The component responsible for storing, indexing, and making searchable the alerts and event data generated by the Wazuh Manager. For Wazuh 5.0.0, this is typically OpenSearch.
+-   **Indexer (Wazuh Indexer / OpenSearch / Elasticsearch)**: The component responsible for storing, indexing, and making searchable the alerts and event data generated by the Wazuh Manager. For Wazuh 6.0.0, this is typically OpenSearch.
 **L**
--- a/indexer-certs-creator/README.md
+++ b/indexer-certs-creator/README.md
@@ -5,5 +5,5 @@ The dockerfile hosted in this directory is used to build the image used to boot
 To create the image, the following command must be executed:
 ```
-$ docker build -t wazuh/wazuh-certs-generator:0.0.3 .
+$ docker build -t wazuh/wazuh-certs-generator:0.0.2 .
 ```
--- a/multi-node/Migration-to-Wazuh-4.4.md
+++ b/multi-node/Migration-to-Wazuh-4.4.md
@@ -80,6 +80,13 @@ docker volume create \
           multi-node_master-wazuh-var-multigroups
 ```
 ```
 docker volume create \
           --label com.docker.compose.project=multi-node \
           --label com.docker.compose.version=1.25.0 \
           --label com.docker.compose.volume=master-wazuh-integrations \
           multi-node_master-wazuh-integrations
 ```
 ```
 docker volume create \
           --label com.docker.compose.project=multi-node \
           --label com.docker.compose.version=1.25.0 \
@@ -87,6 +94,13 @@ docker volume create \
           multi-node_master-wazuh-active-response
 ```
 ```
 docker volume create \
           --label com.docker.compose.project=multi-node \
           --label com.docker.compose.version=1.25.0 \
           --label com.docker.compose.volume=master-wazuh-agentless \
           multi-node_master-wazuh-agentless
 ```
 ```
 docker volume create \
           --label com.docker.compose.project=multi-node \
           --label com.docker.compose.version=1.25.0 \
@@ -143,6 +157,13 @@ docker volume create \
           multi-node_worker-wazuh-var-multigroups
 ```
 ```
 docker volume create \
           --label com.docker.compose.project=multi-node \
           --label com.docker.compose.version=1.25.0 \
           --label com.docker.compose.volume=worker-wazuh-integrations \
           multi-node_worker-wazuh-integrations
 ```
 ```
 docker volume create \
           --label com.docker.compose.project=multi-node \
           --label com.docker.compose.version=1.25.0 \
@@ -150,6 +171,13 @@ docker volume create \
           multi-node_worker-wazuh-active-response
 ```
 ```
 docker volume create \
           --label com.docker.compose.project=multi-node \
           --label com.docker.compose.version=1.25.0 \
           --label com.docker.compose.volume=worker-wazuh-agentless \
           multi-node_worker-wazuh-agentless
 ```
 ```
 docker volume create \
           --label com.docker.compose.project=multi-node \
           --label com.docker.compose.version=1.25.0 \
@@ -220,12 +248,24 @@ docker container run --rm -it \
           alpine ash -c "cd /from ; cp -avp . /to"
 ```
 ```
 docker container run --rm -it \
           -v wazuh-docker_ossec-integrations:/from \
           -v multi-node_master-wazuh-integrations:/to \
           alpine ash -c "cd /from ; cp -avp . /to"
 ```
 ```
 docker container run --rm -it \
           -v wazuh-docker_ossec-active-response:/from \
           -v multi-node_master-wazuh-active-response:/to \
           alpine ash -c "cd /from ; cp -avp . /to"
 ```
 ```
 docker container run --rm -it \
           -v wazuh-docker_ossec-agentless:/from \
           -v multi-node_master-wazuh-agentless:/to \
           alpine ash -c "cd /from ; cp -avp . /to"
 ```
 ```
 docker container run --rm -it \
           -v wazuh-docker_ossec-wodles:/from \
           -v multi-node_master-wazuh-wodles:/to \
@@ -274,12 +314,24 @@ docker container run --rm -it \
           alpine ash -c "cd /from ; cp -avp . /to"
 ```
 ```
 docker container run --rm -it \
           -v wazuh-docker_worker-ossec-integrations:/from \
           -v multi-node_worker-wazuh-integrations:/to \
           alpine ash -c "cd /from ; cp -avp . /to"
 ```
 ```
 docker container run --rm -it \
           -v wazuh-docker_worker-ossec-active-response:/from \
           -v multi-node_worker-wazuh-active-response:/to \
           alpine ash -c "cd /from ; cp -avp . /to"
 ```
 ```
 docker container run --rm -it \
           -v wazuh-docker_worker-ossec-agentless:/from \
           -v multi-node_worker-wazuh-agentless:/to \
           alpine ash -c "cd /from ; cp -avp . /to"
 ```
 ```
 docker container run --rm -it \
           -v wazuh-docker_worker-ossec-wodles:/from \
           -v multi-node_worker-wazuh-wodles:/to \
@@ -302,7 +354,7 @@ docker container run --rm -it \
 ```
 git checkout 4.4
 cd multi-node
-docker-compose -f generate-indexer-certs.yml run --rm generator
+docker-compose -f generate-certs.yml run --rm generator
 docker-compose up -d
 ```
--- a/multi-node/README.md
+++ b/multi-node/README.md
@@ -6,47 +6,11 @@ This deployment is defined in the `docker-compose.yml` file with two Wazuh manag
 ```
 $ sysctl -w vm.max_map_count=262144
 ```
-
+2) Run the certificate creation script:
 2) Download the certificate creation script and config.yml file:
 ```
-$ curl -sO https://packages.wazuh.com/5.0/wazuh-certs-tool.sh
+$ docker compose -f generate-certs.yml run --rm generator
 $ curl -sO https://packages.wazuh.com/5.0/config.yml
 ```
-
+3) Start the environment with docker compose:
 3) Edit the config.yml file with the configuration of the Wazuh components to be deployed
 ```
 nodes:
  # Wazuh indexer server nodes
  indexer:
    - name: wazuh1.indexer
      ip: wazuh1.indexer
    - name: wazuh2.indexer
      ip: wazuh2.indexer
    - name: wazuh3.indexer
      ip: wazuh3.indexer
  # Wazuh server nodes
  # Use node_type only with more than one Wazuh manager
  server:
    - name: wazuh.master
      ip: wazuh.master
      node_type: master
    - name: wazuh.worker
      ip: wazuh.worker
      node_type: worker
  # Wazuh dashboard node
  dashboard:
    - name: wazuh.dashboard
      ip: wazuh.dashboard
 ```
 4) Run the certificate creation script:
 ```
 bash ./wazuh-certs-tool.sh -A
 ```
 5) Start the environment with docker compose:
 - In the foregroud:
 ```
--- a/multi-node/config/certs.yml
+++ b/multi-node/config/certs.yml
@@ -0,0 +1,24 @@
 nodes:
  # Wazuh indexer server nodes
  indexer:
    - name: wazuh1.indexer
      ip: wazuh1.indexer
    - name: wazuh2.indexer
      ip: wazuh2.indexer
    - name: wazuh3.indexer
      ip: wazuh3.indexer
  # Wazuh server nodes
  # Use node_type only with more than one Wazuh manager
  server:
    - name: wazuh.master
      ip: wazuh.master
      node_type: master
    - name: wazuh.worker
      ip: wazuh.worker
      node_type: worker
  # Wazuh dashboard node
  dashboard:
    - name: wazuh.dashboard
      ip: wazuh.dashboard
--- a/multi-node/config/wazuh_cluster/wazuh_manager.conf
+++ b/multi-node/config/wazuh_cluster/wazuh_manager.conf
@@ -0,0 +1,313 @@
 <ossec_config>
  <global>
    <jsonout_output>yes</jsonout_output>
    <alerts_log>yes</alerts_log>
    <logall>no</logall>
    <logall_json>no</logall_json>
    <email_notification>no</email_notification>
    <smtp_server>smtp.example.wazuh.com</smtp_server>
    <email_from>wazuh@example.wazuh.com</email_from>
    <email_to>recipient@example.wazuh.com</email_to>
    <email_maxperhour>12</email_maxperhour>
    <email_log_source>alerts.log</email_log_source>
    <agents_disconnection_time>10m</agents_disconnection_time>
    <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
  </global>
  <alerts>
    <log_alert_level>3</log_alert_level>
    <email_alert_level>12</email_alert_level>
  </alerts>
  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
  <logging>
    <log_format>plain</log_format>
  </logging>
  <remote>
    <connection>secure</connection>
    <port>1514</port>
    <protocol>tcp</protocol>
    <queue_size>131072</queue_size>
  </remote>
  <!-- Policy monitoring -->
  <rootcheck>
    <disabled>no</disabled>
    <check_files>yes</check_files>
    <check_trojans>yes</check_trojans>
    <check_dev>yes</check_dev>
    <check_sys>yes</check_sys>
    <check_pids>yes</check_pids>
    <check_ports>yes</check_ports>
    <check_if>yes</check_if>
    <!-- Frequency that rootcheck is executed - every 12 hours -->
    <frequency>43200</frequency>
    <rootkit_files>etc/rootcheck/rootkit_files.txt</rootkit_files>
    <rootkit_trojans>etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
    <skip_nfs>yes</skip_nfs>
  </rootcheck>
  <wodle name="cis-cat">
    <disabled>yes</disabled>
    <timeout>1800</timeout>
    <interval>1d</interval>
    <scan-on-start>yes</scan-on-start>
    <java_path>wodles/java</java_path>
    <ciscat_path>wodles/ciscat</ciscat_path>
  </wodle>
  <!-- Osquery integration -->
  <wodle name="osquery">
    <disabled>yes</disabled>
    <run_daemon>yes</run_daemon>
    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
    <config_path>/etc/osquery/osquery.conf</config_path>
    <add_labels>yes</add_labels>
  </wodle>
  <!-- System inventory -->
  <wodle name="syscollector">
    <disabled>no</disabled>
    <interval>1h</interval>
    <scan_on_start>yes</scan_on_start>
    <hardware>yes</hardware>
    <os>yes</os>
    <network>yes</network>
    <packages>yes</packages>
    <ports all="no">yes</ports>
    <processes>yes</processes>
    <!-- Database synchronization settings -->
    <synchronization>
      <max_eps>10</max_eps>
    </synchronization>
  </wodle>
  <sca>
    <enabled>yes</enabled>
    <scan_on_start>yes</scan_on_start>
    <interval>12h</interval>
    <skip_nfs>yes</skip_nfs>
  </sca>
  <vulnerability-detection>
    <enabled>yes</enabled>
    <index-status>yes</index-status>
    <feed-update-interval>60m</feed-update-interval>
  </vulnerability-detection>
  <indexer>
    <enabled>yes</enabled>
    <hosts>
      <host>https://wazuh1.indexer:9200</host>
      <host>https://wazuh2.indexer:9200</host>
      <host>https://wazuh3.indexer:9200</host>
    </hosts>
    <ssl>
      <certificate_authorities>
        <ca>/etc/ssl/root-ca.pem</ca>
      </certificate_authorities>
      <certificate>/etc/ssl/filebeat.pem</certificate>
      <key>/etc/ssl/filebeat.key</key>
    </ssl>
  </indexer>
  <!-- File integrity monitoring -->
  <syscheck>
    <disabled>no</disabled>
    <!-- Frequency that syscheck is executed default every 12 hours -->
    <frequency>43200</frequency>
    <scan_on_start>yes</scan_on_start>
    <!-- Generate alert when new file detected -->
    <alert_new_files>yes</alert_new_files>
    <!-- Don't ignore files that change more than 'frequency' times -->
    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
    <!-- Directories to check  (perform all possible verifications) -->
    <directories>/etc,/usr/bin,/usr/sbin</directories>
    <directories>/bin,/sbin,/boot</directories>
    <!-- Files/directories to ignore -->
    <ignore>/etc/mtab</ignore>
    <ignore>/etc/hosts.deny</ignore>
    <ignore>/etc/mail/statistics</ignore>
    <ignore>/etc/random-seed</ignore>
    <ignore>/etc/random.seed</ignore>
    <ignore>/etc/adjtime</ignore>
    <ignore>/etc/httpd/logs</ignore>
    <ignore>/etc/utmpx</ignore>
    <ignore>/etc/wtmpx</ignore>
    <ignore>/etc/cups/certs</ignore>
    <ignore>/etc/dumpdates</ignore>
    <ignore>/etc/svc/volatile</ignore>
    <!-- File types to ignore -->
    <ignore type="sregex">.log$|.swp$</ignore>
    <!-- Check the file, but never compute the diff -->
    <nodiff>/etc/ssl/private.key</nodiff>
    <skip_nfs>yes</skip_nfs>
    <skip_dev>yes</skip_dev>
    <skip_proc>yes</skip_proc>
    <skip_sys>yes</skip_sys>
    <!-- Nice value for Syscheck process -->
    <process_priority>10</process_priority>
    <!-- Maximum output throughput -->
    <max_eps>100</max_eps>
    <!-- Database synchronization settings -->
    <synchronization>
      <enabled>yes</enabled>
      <interval>5m</interval>
      <max_interval>1h</max_interval>
      <max_eps>10</max_eps>
    </synchronization>
  </syscheck>
  <!-- Active response -->
  <global>
    <white_list>127.0.0.1</white_list>
    <white_list>^localhost.localdomain$</white_list>
  </global>
  <command>
    <name>disable-account</name>
    <executable>disable-account</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>restart-wazuh</name>
    <executable>restart-wazuh</executable>
  </command>
  <command>
    <name>firewall-drop</name>
    <executable>firewall-drop</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>host-deny</name>
    <executable>host-deny</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>route-null</name>
    <executable>route-null</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>win_route-null</name>
    <executable>route-null.exe</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>netsh</name>
    <executable>netsh.exe</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <!--
  <active-response>
    active-response options here
  </active-response>
  -->
  <!-- Log analysis -->
  <localfile>
    <log_format>command</log_format>
    <command>df -P</command>
    <frequency>360</frequency>
  </localfile>
  <localfile>
    <log_format>full_command</log_format>
    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
    <alias>netstat listening ports</alias>
    <frequency>360</frequency>
  </localfile>
  <localfile>
    <log_format>full_command</log_format>
    <command>last -n 20</command>
    <frequency>360</frequency>
  </localfile>
  <ruleset>
    <!-- Default ruleset -->
    <decoder_dir>ruleset/decoders</decoder_dir>
    <rule_dir>ruleset/rules</rule_dir>
    <rule_exclude>0215-policy_rules.xml</rule_exclude>
    <list>etc/lists/audit-keys</list>
    <list>etc/lists/amazon/aws-eventnames</list>
    <list>etc/lists/security-eventchannel</list>
    <list>etc/lists/malicious-ioc/malicious-ip</list>
    <list>etc/lists/malicious-ioc/malicious-domains</list>
    <list>etc/lists/malicious-ioc/malware-hashes</list>
    <!-- User-defined ruleset -->
    <decoder_dir>etc/decoders</decoder_dir>
    <rule_dir>etc/rules</rule_dir>
  </ruleset>
  <rule_test>
    <enabled>yes</enabled>
    <threads>1</threads>
    <max_sessions>64</max_sessions>
    <session_timeout>15m</session_timeout>
  </rule_test>
  <!-- Configuration for wazuh-authd -->
  <auth>
    <disabled>no</disabled>
    <port>1515</port>
    <use_source_ip>no</use_source_ip>
    <purge>yes</purge>
    <use_password>no</use_password>
    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
    <!-- <ssl_agent_ca></ssl_agent_ca> -->
    <ssl_verify_host>no</ssl_verify_host>
    <ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
    <ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
    <ssl_auto_negotiate>no</ssl_auto_negotiate>
  </auth>
  <cluster>
    <name>wazuh</name>
    <node_name>manager</node_name>
    <node_type>master</node_type>
    <key>c98b6ha9b6169zc5f67rae55ae4z5647</key>
    <port>1516</port>
    <bind_addr>0.0.0.0</bind_addr>
    <nodes>
        <node>wazuh.master</node>
    </nodes>
    <hidden>no</hidden>
    <disabled>no</disabled>
  </cluster>
 </ossec_config>
 <ossec_config>
  <localfile>
    <log_format>syslog</log_format>
    <location>/var/ossec/logs/active-responses.log</location>
  </localfile>
 </ossec_config>
--- a/multi-node/config/wazuh_cluster/wazuh_worker.conf
+++ b/multi-node/config/wazuh_cluster/wazuh_worker.conf
@@ -0,0 +1,313 @@
 <ossec_config>
  <global>
    <jsonout_output>yes</jsonout_output>
    <alerts_log>yes</alerts_log>
    <logall>no</logall>
    <logall_json>no</logall_json>
    <email_notification>no</email_notification>
    <smtp_server>smtp.example.wazuh.com</smtp_server>
    <email_from>wazuh@example.wazuh.com</email_from>
    <email_to>recipient@example.wazuh.com</email_to>
    <email_maxperhour>12</email_maxperhour>
    <email_log_source>alerts.log</email_log_source>
    <agents_disconnection_time>10m</agents_disconnection_time>
    <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
  </global>
  <alerts>
    <log_alert_level>3</log_alert_level>
    <email_alert_level>12</email_alert_level>
  </alerts>
  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
  <logging>
    <log_format>plain</log_format>
  </logging>
  <remote>
    <connection>secure</connection>
    <port>1514</port>
    <protocol>tcp</protocol>
    <queue_size>131072</queue_size>
  </remote>
  <!-- Policy monitoring -->
  <rootcheck>
    <disabled>no</disabled>
    <check_files>yes</check_files>
    <check_trojans>yes</check_trojans>
    <check_dev>yes</check_dev>
    <check_sys>yes</check_sys>
    <check_pids>yes</check_pids>
    <check_ports>yes</check_ports>
    <check_if>yes</check_if>
    <!-- Frequency that rootcheck is executed - every 12 hours -->
    <frequency>43200</frequency>
    <rootkit_files>etc/rootcheck/rootkit_files.txt</rootkit_files>
    <rootkit_trojans>etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
    <skip_nfs>yes</skip_nfs>
  </rootcheck>
  <wodle name="cis-cat">
    <disabled>yes</disabled>
    <timeout>1800</timeout>
    <interval>1d</interval>
    <scan-on-start>yes</scan-on-start>
    <java_path>wodles/java</java_path>
    <ciscat_path>wodles/ciscat</ciscat_path>
  </wodle>
  <!-- Osquery integration -->
  <wodle name="osquery">
    <disabled>yes</disabled>
    <run_daemon>yes</run_daemon>
    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
    <config_path>/etc/osquery/osquery.conf</config_path>
    <add_labels>yes</add_labels>
  </wodle>
  <!-- System inventory -->
  <wodle name="syscollector">
    <disabled>no</disabled>
    <interval>1h</interval>
    <scan_on_start>yes</scan_on_start>
    <hardware>yes</hardware>
    <os>yes</os>
    <network>yes</network>
    <packages>yes</packages>
    <ports all="no">yes</ports>
    <processes>yes</processes>
    <!-- Database synchronization settings -->
    <synchronization>
      <max_eps>10</max_eps>
    </synchronization>
  </wodle>
  <sca>
    <enabled>yes</enabled>
    <scan_on_start>yes</scan_on_start>
    <interval>12h</interval>
    <skip_nfs>yes</skip_nfs>
  </sca>
  <vulnerability-detection>
    <enabled>yes</enabled>
    <index-status>yes</index-status>
    <feed-update-interval>60m</feed-update-interval>
  </vulnerability-detection>
  <indexer>
    <enabled>yes</enabled>
    <hosts>
      <host>https://wazuh1.indexer:9200</host>
      <host>https://wazuh2.indexer:9200</host>
      <host>https://wazuh3.indexer:9200</host>
    </hosts>
    <ssl>
      <certificate_authorities>
        <ca>/etc/ssl/root-ca.pem</ca>
      </certificate_authorities>
      <certificate>/etc/ssl/filebeat.pem</certificate>
      <key>/etc/ssl/filebeat.key</key>
    </ssl>
  </indexer>
  <!-- File integrity monitoring -->
  <syscheck>
    <disabled>no</disabled>
    <!-- Frequency that syscheck is executed default every 12 hours -->
    <frequency>43200</frequency>
    <scan_on_start>yes</scan_on_start>
    <!-- Generate alert when new file detected -->
    <alert_new_files>yes</alert_new_files>
    <!-- Don't ignore files that change more than 'frequency' times -->
    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
    <!-- Directories to check  (perform all possible verifications) -->
    <directories>/etc,/usr/bin,/usr/sbin</directories>
    <directories>/bin,/sbin,/boot</directories>
    <!-- Files/directories to ignore -->
    <ignore>/etc/mtab</ignore>
    <ignore>/etc/hosts.deny</ignore>
    <ignore>/etc/mail/statistics</ignore>
    <ignore>/etc/random-seed</ignore>
    <ignore>/etc/random.seed</ignore>
    <ignore>/etc/adjtime</ignore>
    <ignore>/etc/httpd/logs</ignore>
    <ignore>/etc/utmpx</ignore>
    <ignore>/etc/wtmpx</ignore>
    <ignore>/etc/cups/certs</ignore>
    <ignore>/etc/dumpdates</ignore>
    <ignore>/etc/svc/volatile</ignore>
    <!-- File types to ignore -->
    <ignore type="sregex">.log$|.swp$</ignore>
    <!-- Check the file, but never compute the diff -->
    <nodiff>/etc/ssl/private.key</nodiff>
    <skip_nfs>yes</skip_nfs>
    <skip_dev>yes</skip_dev>
    <skip_proc>yes</skip_proc>
    <skip_sys>yes</skip_sys>
    <!-- Nice value for Syscheck process -->
    <process_priority>10</process_priority>
    <!-- Maximum output throughput -->
    <max_eps>100</max_eps>
    <!-- Database synchronization settings -->
    <synchronization>
      <enabled>yes</enabled>
      <interval>5m</interval>
      <max_interval>1h</max_interval>
      <max_eps>10</max_eps>
    </synchronization>
  </syscheck>
  <!-- Active response -->
  <global>
    <white_list>127.0.0.1</white_list>
    <white_list>^localhost.localdomain$</white_list>
  </global>
  <command>
    <name>disable-account</name>
    <executable>disable-account</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>restart-wazuh</name>
    <executable>restart-wazuh</executable>
  </command>
  <command>
    <name>firewall-drop</name>
    <executable>firewall-drop</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>host-deny</name>
    <executable>host-deny</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>route-null</name>
    <executable>route-null</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>win_route-null</name>
    <executable>route-null.exe</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>netsh</name>
    <executable>netsh.exe</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <!--
  <active-response>
    active-response options here
  </active-response>
  -->
  <!-- Log analysis -->
  <localfile>
    <log_format>command</log_format>
    <command>df -P</command>
    <frequency>360</frequency>
  </localfile>
  <localfile>
    <log_format>full_command</log_format>
    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
    <alias>netstat listening ports</alias>
    <frequency>360</frequency>
  </localfile>
  <localfile>
    <log_format>full_command</log_format>
    <command>last -n 20</command>
    <frequency>360</frequency>
  </localfile>
  <ruleset>
    <!-- Default ruleset -->
    <decoder_dir>ruleset/decoders</decoder_dir>
    <rule_dir>ruleset/rules</rule_dir>
    <rule_exclude>0215-policy_rules.xml</rule_exclude>
    <list>etc/lists/audit-keys</list>
    <list>etc/lists/amazon/aws-eventnames</list>
    <list>etc/lists/security-eventchannel</list>
    <list>etc/lists/malicious-ioc/malicious-ip</list>
    <list>etc/lists/malicious-ioc/malicious-domains</list>
    <list>etc/lists/malicious-ioc/malware-hashes</list>
    <!-- User-defined ruleset -->
    <decoder_dir>etc/decoders</decoder_dir>
    <rule_dir>etc/rules</rule_dir>
  </ruleset>
  <rule_test>
    <enabled>yes</enabled>
    <threads>1</threads>
    <max_sessions>64</max_sessions>
    <session_timeout>15m</session_timeout>
  </rule_test>
  <!-- Configuration for wazuh-authd -->
  <auth>
    <disabled>no</disabled>
    <port>1515</port>
    <use_source_ip>no</use_source_ip>
    <purge>yes</purge>
    <use_password>no</use_password>
    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
    <!-- <ssl_agent_ca></ssl_agent_ca> -->
    <ssl_verify_host>no</ssl_verify_host>
    <ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
    <ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
    <ssl_auto_negotiate>no</ssl_auto_negotiate>
  </auth>
  <cluster>
    <name>wazuh</name>
    <node_name>worker01</node_name>
    <node_type>worker</node_type>
    <key>c98b6ha9b6169zc5f67rae55ae4z5647</key>
    <port>1516</port>
    <bind_addr>0.0.0.0</bind_addr>
    <nodes>
        <node>wazuh.master</node>
    </nodes>
    <hidden>no</hidden>
    <disabled>no</disabled>
  </cluster>
 </ossec_config>
 <ossec_config>
  <localfile>
    <log_format>syslog</log_format>
    <location>/var/ossec/logs/active-responses.log</location>
  </localfile>
 </ossec_config>
--- a/multi-node/config/wazuh_dashboard/wazuh.yml
+++ b/multi-node/config/wazuh_dashboard/wazuh.yml
@@ -0,0 +1,7 @@
 hosts:
  - 1513629884013:
      url: "https://wazuh.master"
      port: 55000
      username: wazuh-wui
      password: "MyS3cr37P450r.*-"
      run_as: false
--- a/multi-node/config/wazuh_indexer/internal_users.yml
+++ b/multi-node/config/wazuh_indexer/internal_users.yml
@@ -0,0 +1,56 @@
 ---
 # This is the internal user database
 # The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
 _meta:
  type: "internalusers"
  config_version: 2
 # Define your internal users here
 ## Demo users
 admin:
  hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
  reserved: true
  backend_roles:
  - "admin"
  description: "Demo admin user"
 kibanaserver:
  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
  reserved: true
  description: "Demo kibanaserver user"
 kibanaro:
  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
  reserved: false
  backend_roles:
  - "kibanauser"
  - "readall"
  attributes:
    attribute1: "value1"
    attribute2: "value2"
    attribute3: "value3"
  description: "Demo kibanaro user"
 logstash:
  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
  reserved: false
  backend_roles:
  - "logstash"
  description: "Demo logstash user"
 readall:
  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
  reserved: false
  backend_roles:
  - "readall"
  description: "Demo readall user"
 snapshotrestore:
  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
  reserved: false
  backend_roles:
  - "snapshotrestore"
  description: "Demo snapshotrestore user"
--- a/multi-node/docker-compose.yml
+++ b/multi-node/docker-compose.yml
@@ -1,7 +1,7 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 services:
  wazuh.master:
-    image: wazuh/wazuh-manager:main
+    image: wazuh/wazuh-manager:6.0.0
    hostname: wazuh.master
    restart: always
    ulimits:
@@ -16,28 +16,34 @@ services:
      - "514:514/udp"
      - "55000:55000"
    environment:
-      - WAZUH_INDEXER_HOSTS=wazuh1.indexer:9200,wazuh2.indexer:9200,wazuh3.indexer:9200
+      INDEXER_URL: https://wazuh1.indexer:9200
-      - WAZUH_NODE_NAME=master
+      INDEXER_USERNAME: admin
-      - WAZUH_NODE_TYPE=master
+      INDEXER_PASSWORD: admin
-      - WAZUH_CLUSTER_BIND_ADDR=0.0.0.0
+      FILEBEAT_SSL_VERIFICATION_MODE: full
-      - WAZUH_CLUSTER_NODES=wazuh.master
+      SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
-      - INDEXER_USERNAME=admin
+      SSL_CERTIFICATE: /etc/ssl/filebeat.pem
-      - INDEXER_PASSWORD=admin
+      SSL_KEY: /etc/ssl/filebeat.key
-      - API_USERNAME=wazuh-wui
+      API_USERNAME: wazuh-wui
-      - API_PASSWORD=MyS3cr37P450r.*-
+      API_PASSWORD: MyS3cr37P450r.*-
    volumes:
      - master-wazuh-api-configuration:/var/ossec/api/configuration
      - master-wazuh-etc:/var/ossec/etc
      - master-wazuh-logs:/var/ossec/logs
      - master-wazuh-queue:/var/ossec/queue
      - master-wazuh-var-multigroups:/var/ossec/var/multigroups
      - master-wazuh-integrations:/var/ossec/integrations
      - master-wazuh-active-response:/var/ossec/active-response/bin
      - master-wazuh-agentless:/var/ossec/agentless
      - master-wazuh-wodles:/var/ossec/wodles
-      - ./wazuh-certificates/root-ca.pem:/etc/ssl/root-ca.pem
+      - master-filebeat-etc:/etc/filebeat
-      - ./wazuh-certificates/wazuh.master.pem:/etc/ssl/filebeat.pem
+      - master-filebeat-var:/var/lib/filebeat
-      - ./wazuh-certificates/wazuh.master-key.pem:/etc/ssl/filebeat.key
+      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.master.pem:/etc/ssl/filebeat.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.master-key.pem:/etc/ssl/filebeat.key
      - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
  wazuh.worker:
-    image: wazuh/wazuh-manager:main
+    image: wazuh/wazuh-manager:6.0.0
    hostname: wazuh.worker
    restart: always
    ulimits:
@@ -48,72 +54,87 @@ services:
        soft: 655360
        hard: 655360
    environment:
-      - WAZUH_INDEXER_HOSTS=wazuh1.indexer:9200,wazuh2.indexer:9200,wazuh3.indexer:9200
+      INDEXER_URL: https://wazuh1.indexer:9200
-      - WAZUH_NODE_NAME=worker01
+      INDEXER_USERNAME: admin
-      - WAZUH_NODE_TYPE=worker
+      INDEXER_PASSWORD: admin
-      - WAZUH_CLUSTER_BIND_ADDR=0.0.0.0
+      FILEBEAT_SSL_VERIFICATION_MODE: full
-      - WAZUH_CLUSTER_NODES=wazuh.master
+      SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
-      - INDEXER_USERNAME=admin
+      SSL_CERTIFICATE: /etc/ssl/filebeat.pem
-      - INDEXER_PASSWORD=admin
+      SSL_KEY: /etc/ssl/filebeat.key
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
      - worker-wazuh-api-configuration:/var/ossec/api/configuration
      - worker-wazuh-etc:/var/ossec/etc
      - worker-wazuh-logs:/var/ossec/logs
      - worker-wazuh-queue:/var/ossec/queue
      - worker-wazuh-var-multigroups:/var/ossec/var/multigroups
      - worker-wazuh-integrations:/var/ossec/integrations
      - worker-wazuh-active-response:/var/ossec/active-response/bin
      - worker-wazuh-agentless:/var/ossec/agentless
      - worker-wazuh-wodles:/var/ossec/wodles
-      - ./wazuh-certificates/root-ca.pem:/etc/filebeat/certs/root-ca.pem
+      - worker-filebeat-etc:/etc/filebeat
-      - ./wazuh-certificates/wazuh.worker.pem:/etc/filebeat/certs/filebeat.pem
+      - worker-filebeat-var:/var/lib/filebeat
-      - ./wazuh-certificates/wazuh.worker-key.pem:/etc/filebeat/certs/filebeat-key.pem
+      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.worker.pem:/etc/ssl/filebeat.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.worker-key.pem:/etc/ssl/filebeat.key
      - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
  wazuh1.indexer:
-    image: wazuh/wazuh-indexer:main
+    image: wazuh/wazuh-indexer:6.0.0
    hostname: wazuh1.indexer
    restart: always
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    ports:
      - "9200:9200"
    environment:
-      - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g
+      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
-      - bootstrap.memory_lock=true
+      bootstrap.memory_lock: "true"
-      - network.host=wazuh1.indexer
+      NETWORK_HOST: wazuh1.indexer
-      - node.name=wazuh1.indexer
+      NODE_NAME: wazuh1.indexer
-      - cluster.initial_cluster_manager_nodes=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer
+      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
-      - discovery.seed_hosts=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer
+      CLUSTER_NAME: "wazuh-cluster"
-      - node.max_local_storage_nodes=3
+      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
-      - plugins.security.allow_default_init_securityindex=true
+      NODE_MAX_LOCAL_STORAGE_NODES: "3"
-      - NODES_DN=CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US
+      PATH_DATA: /var/lib/wazuh-indexer
-    ulimits:
+      PATH_LOGS: /var/log/wazuh-indexer
-      memlock:
+      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
-        soft: -1
+      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key
-        hard: -1
+      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
-      nofile:
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
-        soft: 65536
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key
-        hard: 65536
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
    volumes:
      - wazuh-indexer-data-1:/var/lib/wazuh-indexer
-      - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
+      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
-      - ./wazuh-certificates/wazuh1.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/indexer-key.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.key
-      - ./wazuh-certificates/wazuh1.indexer.pem:/usr/share/wazuh-indexer/config/certs/indexer.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
-      - ./wazuh-certificates/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem
+      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
-      - ./wazuh-certificates/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem
+      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
      # - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
  wazuh2.indexer:
-    image: wazuh/wazuh-indexer:main
+    image: wazuh/wazuh-indexer:6.0.0
    hostname: wazuh2.indexer
    restart: always
    environment:
      - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g
      - bootstrap.memory_lock=true
      - network.host=wazuh2.indexer
      - node.name=wazuh2.indexer
      - cluster.initial_cluster_manager_nodes=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer
      - discovery.seed_hosts=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer
      - node.max_local_storage_nodes=3
      - plugins.security.allow_default_init_securityindex=true
      - NODES_DN=CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US
    ulimits:
      memlock:
        soft: -1
@@ -121,26 +142,48 @@ services:
      nofile:
        soft: 65536
        hard: 65536
    environment:
      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
      bootstrap.memory_lock: "true"
      NETWORK_HOST: wazuh2.indexer
      NODE_NAME: wazuh2.indexer
      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
      CLUSTER_NAME: "wazuh-cluster"
      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
      NODE_MAX_LOCAL_STORAGE_NODES: "3"
      PATH_DATA: /var/lib/wazuh-indexer
      PATH_LOGS: /var/log/wazuh-indexer
      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key
      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key
      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
    volumes:
      - wazuh-indexer-data-2:/var/lib/wazuh-indexer
-      - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
+      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
-      - ./wazuh-certificates/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/indexer-key.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.key
-      - ./wazuh-certificates/wazuh2.indexer.pem:/usr/share/wazuh-indexer/config/certs/indexer.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
      # - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
  wazuh3.indexer:
-    image: wazuh/wazuh-indexer:main
+    image: wazuh/wazuh-indexer:6.0.0
    hostname: wazuh3.indexer
    restart: always
    environment:
      - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g
      - bootstrap.memory_lock=true
      - network.host=wazuh3.indexer
      - node.name=wazuh3.indexer
      - cluster.initial_cluster_manager_nodes=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer
      - discovery.seed_hosts=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer
      - node.max_local_storage_nodes=3
      - plugins.security.allow_default_init_securityindex=true
      - NODES_DN=CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US
    ulimits:
      memlock:
        soft: -1
@@ -148,38 +191,86 @@ services:
      nofile:
        soft: 65536
        hard: 65536
    environment:
      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
      bootstrap.memory_lock: "true"
      NETWORK_HOST: wazuh3.indexer
      NODE_NAME: wazuh3.indexer
      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
      CLUSTER_NAME: "wazuh-cluster"
      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
      NODE_MAX_LOCAL_STORAGE_NODES: "3"
      PATH_DATA: /var/lib/wazuh-indexer
      PATH_LOGS: /var/log/wazuh-indexer
      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key
      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key
      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
    volumes:
      - wazuh-indexer-data-3:/var/lib/wazuh-indexer
-      - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
+      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
-      - ./wazuh-certificates/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/indexer-key.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.key
-      - ./wazuh-certificates/wazuh3.indexer.pem:/usr/share/wazuh-indexer/config/certs/indexer.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
      # - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
  wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:main
+    image: wazuh/wazuh-dashboard:6.0.0
    hostname: wazuh.dashboard
    restart: always
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    ports:
      - 443:5601
    environment:
-      - SERVER_PORT=5601
+      OPENSEARCH_HOSTS: "https://wazuh1.indexer:9200"
-      - SERVER_HOST=0.0.0.0
+      WAZUH_API_URL: "https://wazuh.master"
-      - OPENSEARCH_HOSTS=["https://wazuh1.indexer:9200","https://wazuh2.indexer:9200","https://wazuh3.indexer:9200"]
+      API_USERNAME: wazuh-wui
-      - INDEXER_USERNAME=admin
+      API_PASSWORD: MyS3cr37P450r.*-
-      - INDEXER_PASSWORD=admin
+      DASHBOARD_USERNAME: kibanaserver
-      - WAZUH_API_URL=https://wazuh.master
+      DASHBOARD_PASSWORD: kibanaserver
-      - DASHBOARD_USERNAME=kibanaserver
+      SERVER_HOST: "0.0.0.0"
-      - DASHBOARD_PASSWORD=kibanaserver
+      SERVER_PORT: "5601"
-      - API_USERNAME=wazuh-wui
+      OPENSEARCH_SSL_VERIFICATIONMODE: certificate
-      - API_PASSWORD=MyS3cr37P450r.*-
+      OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]'
      OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false"
      SERVER_SSL_ENABLED: "true"
      OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]'
      SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
      SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
      OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]'
      UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home
    volumes:
      - ./wazuh-certificates/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/config/certs/wazuh-dashboard.pem
      - ./wazuh-certificates/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/config/certs/wazuh-dashboard-key.pem
      - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-dashboard/config/certs/root-ca.pem
      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
      #  if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables
      # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
    depends_on:
      - wazuh1.indexer
      - wazuh.master
    links:
      - wazuh1.indexer:wazuh1.indexer
      - wazuh.master:wazuh.master
@@ -207,15 +298,23 @@ volumes:
  master-wazuh-logs:
  master-wazuh-queue:
  master-wazuh-var-multigroups:
  master-wazuh-integrations:
  master-wazuh-active-response:
  master-wazuh-agentless:
  master-wazuh-wodles:
  master-filebeat-etc:
  master-filebeat-var:
  worker-wazuh-api-configuration:
  worker-wazuh-etc:
  worker-wazuh-logs:
  worker-wazuh-queue:
  worker-wazuh-var-multigroups:
  worker-wazuh-integrations:
  worker-wazuh-active-response:
  worker-wazuh-agentless:
  worker-wazuh-wodles:
  worker-filebeat-etc:
  worker-filebeat-var:
  wazuh-indexer-data-1:
  wazuh-indexer-data-2:
  wazuh-indexer-data-3:
--- a/multi-node/generate-certs.yml
+++ b/multi-node/generate-certs.yml
@@ -0,0 +1,9 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 services:
  generator:
    image: wazuh/wazuh-cert-tool:6.0.0
    hostname: wazuh-cert-tool
    container_name: wazuh-cert-tool
    volumes:
      - ./config/wazuh_indexer_ssl_certs/:/certificates/
      - ./config/certs.yml:/config/certs.yml
--- a/multi-node/volume-migrator.sh
+++ b/multi-node/volume-migrator.sh
@@ -46,12 +46,24 @@ docker volume create \
           --label com.docker.compose.volume=master-wazuh-var-multigroups \
           $2_master-wazuh-var-multigroups
 docker volume create \
           --label com.docker.compose.project=$2 \
           --label com.docker.compose.version=$1 \
           --label com.docker.compose.volume=master-wazuh-integrations \
           $2_master-wazuh-integrations
 docker volume create \
           --label com.docker.compose.project=$2 \
           --label com.docker.compose.version=$1 \
           --label com.docker.compose.volume=master-wazuh-active-response \
           $2_master-wazuh-active-response
 docker volume create \
           --label com.docker.compose.project=$2 \
           --label com.docker.compose.version=$1 \
           --label com.docker.compose.volume=master-wazuh-agentless \
           $2_master-wazuh-agentless
 docker volume create \
           --label com.docker.compose.project=$2 \
           --label com.docker.compose.version=$1 \
@@ -100,12 +112,24 @@ docker volume create \
           --label com.docker.compose.volume=worker-wazuh-var-multigroups \
           $2_worker-wazuh-var-multigroups
 docker volume create \
           --label com.docker.compose.project=$2 \
           --label com.docker.compose.version=$1 \
           --label com.docker.compose.volume=worker-wazuh-integrations \
           $2_worker-wazuh-integrations
 docker volume create \
           --label com.docker.compose.project=$2 \
           --label com.docker.compose.version=$1 \
           --label com.docker.compose.volume=worker-wazuh-active-response \
           $2_worker-wazuh-active-response
 docker volume create \
           --label com.docker.compose.project=$2 \
           --label com.docker.compose.version=$1 \
           --label com.docker.compose.volume=worker-wazuh-agentless \
           $2_worker-wazuh-agentless
 docker volume create \
           --label com.docker.compose.project=$2 \
           --label com.docker.compose.version=$1 \
@@ -169,11 +193,21 @@ docker container run --rm -it \
           -v $2_master-wazuh-var-multigroups:/to \
           alpine ash -c "cd /from ; cp -avp . /to"
 docker container run --rm -it \
           -v wazuh-docker_ossec-integrations:/from \
           -v $2_master-wazuh-integrations:/to \
           alpine ash -c "cd /from ; cp -avp . /to"
 docker container run --rm -it \
           -v wazuh-docker_ossec-active-response:/from \
           -v $2_master-wazuh-active-response:/to \
           alpine ash -c "cd /from ; cp -avp . /to"
 docker container run --rm -it \
           -v wazuh-docker_ossec-agentless:/from \
           -v $2_master-wazuh-agentless:/to \
           alpine ash -c "cd /from ; cp -avp . /to"
 docker container run --rm -it \
           -v wazuh-docker_ossec-wodles:/from \
           -v $2_master-wazuh-wodles:/to \
@@ -214,11 +248,21 @@ docker container run --rm -it \
           -v $2_worker-wazuh-var-multigroups:/to \
           alpine ash -c "cd /from ; cp -avp . /to"
 docker container run --rm -it \
           -v wazuh-docker_worker-ossec-integrations:/from \
           -v $2_worker-wazuh-integrations:/to \
           alpine ash -c "cd /from ; cp -avp . /to"
 docker container run --rm -it \
           -v wazuh-docker_worker-ossec-active-response:/from \
           -v $2_worker-wazuh-active-response:/to \
           alpine ash -c "cd /from ; cp -avp . /to"
 docker container run --rm -it \
           -v wazuh-docker_worker-ossec-agentless:/from \
           -v $2_worker-wazuh-agentless:/to \
           alpine ash -c "cd /from ; cp -avp . /to"
 docker container run --rm -it \
           -v wazuh-docker_worker-ossec-wodles:/from \
           -v $2_worker-wazuh-wodles:/to \
--- a/single-node/README.md
+++ b/single-node/README.md
@@ -6,45 +6,16 @@ This deployment is defined in the `docker-compose.yml` file with one Wazuh manag
 ```
 $ sysctl -w vm.max_map_count=262144
 ```
-
+2) Run the certificate creation script:
 2) Download the certificate creation script and config.yml file:
 ```
-$ curl -sO https://packages.wazuh.com/5.0/wazuh-certs-tool.sh
+$ docker-compose -f generate-certs.yml run --rm generator
 $ curl -sO https://packages.wazuh.com/5.0/config.yml
 ```
-
+3) Start the environment with docker compose:
 3) Edit the config.yml file with the configuration of the Wazuh components to be deployed
 ```
 nodes:
  # Wazuh indexer server nodes
  indexer:
    - name: wazuh.indexer
      ip: wazuh.indexer
  # Wazuh server nodes
  # Use node_type only with more than one Wazuh manager
  server:
    - name: wazuh.manager
      ip: wazuh.manager
  # Wazuh dashboard node
  dashboard:
    - name: wazuh.dashboard
      ip: wazuh.dashboard
 ```
 4) Run the certificate creation script:
 ```
 bash ./wazuh-certs-tool.sh -A
 ```
 5) Start the environment with docker compose:
 - In the foregroud:
 ```
 $ docker compose up
 ```
 - In the background:
 ```
 $ docker compose up -d
--- a/single-node/config/certs.yml
+++ b/single-node/config/certs.yml
@@ -0,0 +1,16 @@
 nodes:
  # Wazuh indexer server nodes
  indexer:
    - name: wazuh.indexer
      ip: wazuh.indexer
  # Wazuh server nodes
  # Use node_type only with more than one Wazuh manager
  server:
    - name: wazuh.manager
      ip: wazuh.manager
  # Wazuh dashboard node
  dashboard:
    - name: wazuh.dashboard
      ip: wazuh.dashboard
--- a/single-node/config/wazuh_cluster/wazuh_manager.conf
+++ b/single-node/config/wazuh_cluster/wazuh_manager.conf
@@ -0,0 +1,311 @@
 <ossec_config>
  <global>
    <jsonout_output>yes</jsonout_output>
    <alerts_log>yes</alerts_log>
    <logall>no</logall>
    <logall_json>no</logall_json>
    <email_notification>no</email_notification>
    <smtp_server>smtp.example.wazuh.com</smtp_server>
    <email_from>wazuh@example.wazuh.com</email_from>
    <email_to>recipient@example.wazuh.com</email_to>
    <email_maxperhour>12</email_maxperhour>
    <email_log_source>alerts.log</email_log_source>
    <agents_disconnection_time>10m</agents_disconnection_time>
    <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
  </global>
  <alerts>
    <log_alert_level>3</log_alert_level>
    <email_alert_level>12</email_alert_level>
  </alerts>
  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
  <logging>
    <log_format>plain</log_format>
  </logging>
  <remote>
    <connection>secure</connection>
    <port>1514</port>
    <protocol>tcp</protocol>
    <queue_size>131072</queue_size>
  </remote>
  <!-- Policy monitoring -->
  <rootcheck>
    <disabled>no</disabled>
    <check_files>yes</check_files>
    <check_trojans>yes</check_trojans>
    <check_dev>yes</check_dev>
    <check_sys>yes</check_sys>
    <check_pids>yes</check_pids>
    <check_ports>yes</check_ports>
    <check_if>yes</check_if>
    <!-- Frequency that rootcheck is executed - every 12 hours -->
    <frequency>43200</frequency>
    <rootkit_files>etc/rootcheck/rootkit_files.txt</rootkit_files>
    <rootkit_trojans>etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
    <skip_nfs>yes</skip_nfs>
  </rootcheck>
  <wodle name="cis-cat">
    <disabled>yes</disabled>
    <timeout>1800</timeout>
    <interval>1d</interval>
    <scan-on-start>yes</scan-on-start>
    <java_path>wodles/java</java_path>
    <ciscat_path>wodles/ciscat</ciscat_path>
  </wodle>
  <!-- Osquery integration -->
  <wodle name="osquery">
    <disabled>yes</disabled>
    <run_daemon>yes</run_daemon>
    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
    <config_path>/etc/osquery/osquery.conf</config_path>
    <add_labels>yes</add_labels>
  </wodle>
  <!-- System inventory -->
  <wodle name="syscollector">
    <disabled>no</disabled>
    <interval>1h</interval>
    <scan_on_start>yes</scan_on_start>
    <hardware>yes</hardware>
    <os>yes</os>
    <network>yes</network>
    <packages>yes</packages>
    <ports all="no">yes</ports>
    <processes>yes</processes>
    <!-- Database synchronization settings -->
    <synchronization>
      <max_eps>10</max_eps>
    </synchronization>
  </wodle>
  <sca>
    <enabled>yes</enabled>
    <scan_on_start>yes</scan_on_start>
    <interval>12h</interval>
    <skip_nfs>yes</skip_nfs>
  </sca>
  <vulnerability-detection>
    <enabled>yes</enabled>
    <index-status>yes</index-status>
    <feed-update-interval>60m</feed-update-interval>
  </vulnerability-detection>
  <indexer>
    <enabled>yes</enabled>
    <hosts>
      <host>https://wazuh.indexer:9200</host>
    </hosts>
    <ssl>
      <certificate_authorities>
        <ca>/etc/ssl/root-ca.pem</ca>
      </certificate_authorities>
      <certificate>/etc/ssl/filebeat.pem</certificate>
      <key>/etc/ssl/filebeat.key</key>
    </ssl>
  </indexer>
  <!-- File integrity monitoring -->
  <syscheck>
    <disabled>no</disabled>
    <!-- Frequency that syscheck is executed default every 12 hours -->
    <frequency>43200</frequency>
    <scan_on_start>yes</scan_on_start>
    <!-- Generate alert when new file detected -->
    <alert_new_files>yes</alert_new_files>
    <!-- Don't ignore files that change more than 'frequency' times -->
    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
    <!-- Directories to check  (perform all possible verifications) -->
    <directories>/etc,/usr/bin,/usr/sbin</directories>
    <directories>/bin,/sbin,/boot</directories>
    <!-- Files/directories to ignore -->
    <ignore>/etc/mtab</ignore>
    <ignore>/etc/hosts.deny</ignore>
    <ignore>/etc/mail/statistics</ignore>
    <ignore>/etc/random-seed</ignore>
    <ignore>/etc/random.seed</ignore>
    <ignore>/etc/adjtime</ignore>
    <ignore>/etc/httpd/logs</ignore>
    <ignore>/etc/utmpx</ignore>
    <ignore>/etc/wtmpx</ignore>
    <ignore>/etc/cups/certs</ignore>
    <ignore>/etc/dumpdates</ignore>
    <ignore>/etc/svc/volatile</ignore>
    <!-- File types to ignore -->
    <ignore type="sregex">.log$|.swp$</ignore>
    <!-- Check the file, but never compute the diff -->
    <nodiff>/etc/ssl/private.key</nodiff>
    <skip_nfs>yes</skip_nfs>
    <skip_dev>yes</skip_dev>
    <skip_proc>yes</skip_proc>
    <skip_sys>yes</skip_sys>
    <!-- Nice value for Syscheck process -->
    <process_priority>10</process_priority>
    <!-- Maximum output throughput -->
    <max_eps>100</max_eps>
    <!-- Database synchronization settings -->
    <synchronization>
      <enabled>yes</enabled>
      <interval>5m</interval>
      <max_interval>1h</max_interval>
      <max_eps>10</max_eps>
    </synchronization>
  </syscheck>
  <!-- Active response -->
  <global>
    <white_list>127.0.0.1</white_list>
    <white_list>^localhost.localdomain$</white_list>
  </global>
  <command>
    <name>disable-account</name>
    <executable>disable-account</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>restart-wazuh</name>
    <executable>restart-wazuh</executable>
  </command>
  <command>
    <name>firewall-drop</name>
    <executable>firewall-drop</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>host-deny</name>
    <executable>host-deny</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>route-null</name>
    <executable>route-null</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>win_route-null</name>
    <executable>route-null.exe</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>netsh</name>
    <executable>netsh.exe</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <!--
  <active-response>
    active-response options here
  </active-response>
  -->
  <!-- Log analysis -->
  <localfile>
    <log_format>command</log_format>
    <command>df -P</command>
    <frequency>360</frequency>
  </localfile>
  <localfile>
    <log_format>full_command</log_format>
    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
    <alias>netstat listening ports</alias>
    <frequency>360</frequency>
  </localfile>
  <localfile>
    <log_format>full_command</log_format>
    <command>last -n 20</command>
    <frequency>360</frequency>
  </localfile>
  <ruleset>
    <!-- Default ruleset -->
    <decoder_dir>ruleset/decoders</decoder_dir>
    <rule_dir>ruleset/rules</rule_dir>
    <rule_exclude>0215-policy_rules.xml</rule_exclude>
    <list>etc/lists/audit-keys</list>
    <list>etc/lists/amazon/aws-eventnames</list>
    <list>etc/lists/security-eventchannel</list>
    <list>etc/lists/malicious-ioc/malicious-ip</list>
    <list>etc/lists/malicious-ioc/malicious-domains</list>
    <list>etc/lists/malicious-ioc/malware-hashes</list>
    <!-- User-defined ruleset -->
    <decoder_dir>etc/decoders</decoder_dir>
    <rule_dir>etc/rules</rule_dir>
  </ruleset>
  <rule_test>
    <enabled>yes</enabled>
    <threads>1</threads>
    <max_sessions>64</max_sessions>
    <session_timeout>15m</session_timeout>
  </rule_test>
  <!-- Configuration for wazuh-authd -->
  <auth>
    <disabled>no</disabled>
    <port>1515</port>
    <use_source_ip>no</use_source_ip>
    <purge>yes</purge>
    <use_password>no</use_password>
    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
    <!-- <ssl_agent_ca></ssl_agent_ca> -->
    <ssl_verify_host>no</ssl_verify_host>
    <ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
    <ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
    <ssl_auto_negotiate>no</ssl_auto_negotiate>
  </auth>
  <cluster>
    <name>wazuh</name>
    <node_name>node01</node_name>
    <node_type>master</node_type>
    <key>aa093264ef885029653eea20dfcf51ae</key>
    <port>1516</port>
    <bind_addr>0.0.0.0</bind_addr>
    <nodes>
        <node>wazuh.manager</node>
    </nodes>
    <hidden>no</hidden>
    <disabled>yes</disabled>
  </cluster>
 </ossec_config>
 <ossec_config>
  <localfile>
    <log_format>syslog</log_format>
    <location>/var/ossec/logs/active-responses.log</location>
  </localfile>
 </ossec_config>
--- a/single-node/config/wazuh_dashboard/opensearch_dashboards.yml
+++ b/single-node/config/wazuh_dashboard/opensearch_dashboards.yml
@@ -0,0 +1,12 @@
 server.host: 0.0.0.0
 server.port: 5601
 opensearch.hosts: https://wazuh.indexer:9200
 opensearch.ssl.verificationMode: certificate
 opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
 opensearch_security.multitenancy.enabled: false
 opensearch_security.readonly_mode.roles: ["kibana_read_only"]
 server.ssl.enabled: true
 server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
 server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
 opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
 uiSettings.overrides.defaultRoute: /app/wz-home
--- a/single-node/config/wazuh_dashboard/wazuh.yml
+++ b/single-node/config/wazuh_dashboard/wazuh.yml
@@ -0,0 +1,7 @@
 hosts:
  - 1513629884013:
      url: "https://wazuh.manager"
      port: 55000
      username: wazuh-wui
      password: "MyS3cr37P450r.*-"
      run_as: false
--- a/single-node/config/wazuh_indexer/internal_users.yml
+++ b/single-node/config/wazuh_indexer/internal_users.yml
@@ -0,0 +1,56 @@
 ---
 # This is the internal user database
 # The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
 _meta:
  type: "internalusers"
  config_version: 2
 # Define your internal users here
 ## Demo users
 admin:
  hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
  reserved: true
  backend_roles:
  - "admin"
  description: "Demo admin user"
 kibanaserver:
  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
  reserved: true
  description: "Demo kibanaserver user"
 kibanaro:
  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
  reserved: false
  backend_roles:
  - "kibanauser"
  - "readall"
  attributes:
    attribute1: "value1"
    attribute2: "value2"
    attribute3: "value3"
  description: "Demo kibanaro user"
 logstash:
  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
  reserved: false
  backend_roles:
  - "logstash"
  description: "Demo logstash user"
 readall:
  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
  reserved: false
  backend_roles:
  - "readall"
  description: "Demo readall user"
 snapshotrestore:
  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
  reserved: false
  backend_roles:
  - "snapshotrestore"
  description: "Demo snapshotrestore user"
--- a/single-node/config/wazuh_indexer/wazuh.indexer.yml
+++ b/single-node/config/wazuh_indexer/wazuh.indexer.yml
@@ -0,0 +1,30 @@
 network.host: "0.0.0.0"
 node.name: "wazuh.indexer"
 path.data: /var/lib/wazuh-indexer
 path.logs: /var/log/wazuh-indexer
 discovery.type: single-node
 http.port: 9200-9299
 transport.tcp.port: 9300-9399
 compatibility.override_main_response_version: true
 plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
 plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
 plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
 plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
 plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
 plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false
 plugins.security.authcz.admin_dn:
 - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.check_snapshot_restore_write_privileges: true
 plugins.security.enable_snapshot_restore_privilege: true
 plugins.security.nodes_dn:
 - "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.restapi.roles_enabled:
 - "all_access"
 - "security_rest_api_access"
 plugins.security.system_indices.enabled: true
 plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
 plugins.security.allow_default_init_securityindex: true
 cluster.routing.allocation.disk.threshold_enabled: false
--- a/single-node/docker-compose.yml
+++ b/single-node/docker-compose.yml
@@ -1,7 +1,7 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 services:
  wazuh.manager:
-    image: wazuh/wazuh-manager:main
+    image: wazuh/wazuh-manager:6.0.0
    hostname: wazuh.manager
    restart: always
    ulimits:
@@ -17,40 +17,36 @@ services:
      - "514:514/udp"
      - "55000:55000"
    environment:
-      - WAZUH_INDEXER_HOSTS=wazuh.indexer:9200
+      INDEXER_URL: https://wazuh.indexer:9200
-      - WAZUH_NODE_NAME=manager
+      INDEXER_USERNAME: admin
-      - WAZUH_CLUSTER_NODES=wazuh.manager
+      INDEXER_PASSWORD: admin
-      - INDEXER_USERNAME=admin
+      FILEBEAT_SSL_VERIFICATION_MODE: full
-      - INDEXER_PASSWORD=admin
+      SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
-      - API_USERNAME=wazuh-wui
+      SSL_CERTIFICATE: /etc/ssl/filebeat.pem
-      - API_PASSWORD=MyS3cr37P450r.*-
+      SSL_KEY: /etc/ssl/filebeat.key
      API_USERNAME: wazuh-wui
      API_PASSWORD: MyS3cr37P450r.*-
    volumes:
      - wazuh_api_configuration:/var/ossec/api/configuration
      - wazuh_etc:/var/ossec/etc
      - wazuh_logs:/var/ossec/logs
      - wazuh_queue:/var/ossec/queue
      - wazuh_var_multigroups:/var/ossec/var/multigroups
      - wazuh_integrations:/var/ossec/integrations
      - wazuh_active_response:/var/ossec/active-response/bin
      - wazuh_agentless:/var/ossec/agentless
      - wazuh_wodles:/var/ossec/wodles
-      - ./wazuh-certificates/root-ca.pem:/etc/filebeat/certs/root-ca.pem
+      - filebeat_etc:/etc/filebeat
-      - ./wazuh-certificates/wazuh.manager.pem:/etc/filebeat/certs/filebeat.pem
+      - filebeat_var:/var/lib/filebeat
-      - ./wazuh-certificates/wazuh.manager-key.pem:/etc/filebeat/certs/filebeat-key.pem
+      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
      - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
  wazuh.indexer:
-    image: wazuh/wazuh-indexer:main
+    image: wazuh/wazuh-indexer:6.0.0
    hostname: wazuh.indexer
    restart: always
    ports:
      - "9200:9200"
    environment:
      - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g
      - bootstrap.memory_lock=true
      - network.host=wazuh.indexer
      - node.name=wazuh.indexer
      - cluster.initial_cluster_manager_nodes=wazuh.indexer
      - node.max_local_storage_nodes=1
      - plugins.security.allow_default_init_securityindex=true
      - NODES_DN=CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US
    ulimits:
      memlock:
        soft: -1
@@ -58,37 +54,87 @@ services:
      nofile:
        soft: 65536
        hard: 65536
    ports:
      - "9200:9200"
    environment:
      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
      bootstrap.memory_lock: "true"
      NODE_NAME: "wazuh.indexer"
      CLUSTER_INITIAL_MASTER_NODES: "wazuh.indexer"
      CLUSTER_NAME: "wazuh-cluster"
      PATH_DATA: /var/lib/wazuh-indexer
      PATH_LOGS: /var/log/wazuh-indexer
      HTTP_PORT: 9200-9299
      TRANSPORT_TCP_PORT: 9300-9399
      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
      PLUGINS_SECURITY_NODES_DN: "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
    volumes:
      - wazuh-indexer-data:/var/lib/wazuh-indexer
-      - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
+      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
-      - ./wazuh-certificates/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/indexer-key.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
-      - ./wazuh-certificates/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/certs/indexer.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
-      - ./wazuh-certificates/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem
+      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
-      - ./wazuh-certificates/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem
+      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
      # - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
  wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:main
+    image: wazuh/wazuh-dashboard:6.0.0
    hostname: wazuh.dashboard
    restart: always
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    ports:
      - 443:5601
    environment:
-      - SERVER_PORT=5601
+      WAZUH_API_URL: https://wazuh.manager
-      - SERVER_HOST=0.0.0.0
+      DASHBOARD_USERNAME: kibanaserver
-      - OPENSEARCH_HOSTS=https://wazuh.indexer:9200
+      DASHBOARD_PASSWORD: kibanaserver
-      - INDEXER_USERNAME=admin
+      API_USERNAME: wazuh-wui
-      - INDEXER_PASSWORD=admin
+      API_PASSWORD: MyS3cr37P450r.*-
-      - WAZUH_API_URL=https://wazuh.manager
+      SERVER_HOST: 0.0.0.0
-      - DASHBOARD_USERNAME=kibanaserver
+      SERVER_PORT: 5601
-      - DASHBOARD_PASSWORD=kibanaserver
+      OPENSEARCH_HOSTS: https://wazuh.indexer:9200
-      - API_USERNAME=wazuh-wui
+      OPENSEARCH_SSL_VERIFICATIONMODE: certificate
-      - API_PASSWORD=MyS3cr37P450r.*-
+      OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]'
      OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false"
      SERVER_SSL_ENABLED: "true"
      OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]'
      SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
      SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
      OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]'
      UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home
    volumes:
      - ./wazuh-certificates/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/config/certs/dashboard.pem
      - ./wazuh-certificates/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/config/certs/dashboard-key.pem
      - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-dashboard/config/certs/root-ca.pem
      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
      - ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml
      #  if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables
      # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml
    depends_on:
      - wazuh.indexer
    links:
@@ -101,8 +147,12 @@ volumes:
  wazuh_logs:
  wazuh_queue:
  wazuh_var_multigroups:
  wazuh_integrations:
  wazuh_active_response:
  wazuh_agentless:
  wazuh_wodles:
  filebeat_etc:
  filebeat_var:
  wazuh-indexer-data:
  wazuh-dashboard-config:
  wazuh-dashboard-custom:
--- a/single-node/generate-certs.yml
+++ b/single-node/generate-certs.yml
@@ -0,0 +1,10 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 services:
  generator:
    image: wazuh/wazuh-cert-tool:6.0.0
    hostname: wazuh-cert-tool
    container_name: wazuh-cert-tool
    volumes:
      - ./config/wazuh_indexer_ssl_certs/:/certificates/
      - ./config/certs.yml:/config/certs.yml
--- a/tools/repository_bumper.sh
+++ b/tools/repository_bumper.sh
@@ -78,7 +78,7 @@ update_stage_in_files() {
 update_docker_images_tag() {
    local NEW_TAG="$1"
-    local DOCKERFILES=( $(grep_command "wazuh/wazuh-[a-zA-Z0-9._-]*" "${DIR}" "--exclude="README.md"  --exclude="generate-indexer-certs.yml"") )
+    local DOCKERFILES=( $(grep_command "wazuh/wazuh-[a-zA-Z0-9._-]*" "${DIR}" "--exclude="README.md"  --exclude="generate-certs.yml"") )
    for file in "${DOCKERFILES[@]}"; do
        sed -i -E "s/(wazuh\/wazuh-[a-zA-Z0-9._-]*):[a-zA-Z0-9._-]+/\1:${NEW_TAG}/g" "${file}"
        if [[ $(git diff --name-only "${file}") ]]; then
--- a/wazuh-agent/config/wazuh-agent-conf
+++ b/wazuh-agent/config/wazuh-agent-conf
@@ -83,7 +83,7 @@
    <os>yes</os>
    <network>yes</network>
    <packages>yes</packages>
-    <ports all="yes">yes</ports>
+    <ports all="no">yes</ports>
    <processes>yes</processes>
    <!-- Database synchronization settings -->
--- a/wazuh-agent/docker-compose.yml
+++ b/wazuh-agent/docker-compose.yml
@@ -1,7 +1,9 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 version: '3.7'
 services:
  wazuh.agent:
-    image: wazuh/wazuh-agent:5.0.0
+    image: wazuh/wazuh-agent:6.0.0
    restart: always
    environment:
      - WAZUH_MANAGER_SERVER=<WAZUH_MANAGER_IP>
Author	SHA1	Message	Date
Gonzalo Acuña	d0dacc8471	Merge pull request #1896 from wazuh/enhancement/1892-bumper-6.0.0 Enhancement/1892 bumper 6.0.0	2025-06-19 13:54:52 -03:00
Gonzalo Acuña	f43faae24b	Conflicts resolution	2025-06-19 12:28:14 -03:00
Gonzalo Acuña	31101be6d2	Bump to 6.0.0	2025-06-19 11:51:03 -03:00
Carlos Bordon	4fcca62c3d	Merge pull request #1820 from wazuh/bump-6.0.0 Bump to 6.0.0	2025-05-13 14:42:44 -03:00
Gonzalo Acuña	7371f40bb1	Bump to 6.0	2025-05-13 14:38:22 -03:00
Gonzalo Acuña	825ddd9db7	Bump to 6.0.0	2025-05-13 14:33:15 -03:00
Carlos Bordon	39f3a7356e	Merge pull request #1729 from wazuh/change/1722-cherry-pick-version-file-standardization Standardize version file format (cherry-pick to main)	2025-02-19 12:06:26 -03:00
vcerenu	c54db5e09a	Standardize version file format to VERSION.json	2025-02-19 09:06:02 -05:00
Carlos Bordon	33ba030f77	Merge pull request #1719 from wazuh/enhancement/1713-rename-master-branch-to-main Update references of 'master' branch to 'main'	2025-02-11 15:28:22 -03:00
Jesus Garcia	95c2e34794	Update references of 'master' branch to 'main'	2025-02-11 08:56:58 -05:00
Carlos Bordon	971858cddd	Merge pull request #1610 from wazuh/merge-4.10.2-into-master Merge 4.10.2 into master	2024-11-04 16:05:40 -03:00
Gonzalo Acuña	084530ef80	Merge pull request #1584 from wazuh/merge-4.10.2-into-master Merge 4.10.2 into master	2024-10-17 13:06:55 -03:00
vcerenu	69df531ca9	Resolve conflicts	2024-10-17 13:04:31 -03:00
Gonzalo Acuña	205983317f	Merge pull request #1521 from wazuh/maintenance/5651-merge-4.10.0-into-master Maintenance/5651 merge 4.10.0 into master	2024-09-10 11:36:17 -03:00
JESUS D. GARCIA	570bf081bc	Update default values in Procedure_push_docker_images.yml	2024-09-10 09:35:12 -05:00
Gonzalo Acuña	8522ec23b9	Merge pull request #1514 from wazuh/enhancement/1511-merge-4.10.0-into-master Merge 4.10.0 into master	2024-09-05 14:13:57 -03:00
David Correa Rodríguez	4f4edab1a9	Merge pull request #1496 from wazuh/merge-4.10.0-into-master Merge 4.10.0 into master	2024-08-21 12:48:11 +02:00
David Correa Rodríguez	d5a60b7264	Merge branch '4.10.0' into merge-4.10.0-into-master	2024-08-21 12:30:00 +02:00
Carlos Bordon	39554677bf	Merge pull request #1459 from wazuh/merge-4.10.0-into-master Merge 4.10.0 into master	2024-07-19 10:39:37 -03:00
David Correa Rodríguez	1a1bc2d72b	Merge branch 'master' into merge-4.10.0-into-master	2024-07-19 15:38:49 +02:00
Carlos Bordon	34bd04e5fc	Merge pull request #1462 from wazuh/revert-1451-maintenance/1445-revert-merge-4.9.0-into-master Revert "Revert merges of 4.9.0 branch into master branch"	2024-07-19 10:35:23 -03:00
Carlos Bordon	54b2d4ce33	Revert "Revert merges of 4.9.0 branch into master branch"	2024-07-19 10:34:13 -03:00
David Correa Rodríguez	096f0abb32	Merge branch '4.10.0' into merge-4.10.0-into-master	2024-07-19 13:19:41 +02:00
David Correa Rodríguez	8a1e5043c6	Merge pull request #1451 from wazuh/maintenance/1445-revert-merge-4.9.0-into-master Revert merges of 4.9.0 branch into master branch	2024-07-19 11:18:39 +02:00
David Correa Rodríguez	eded59bc25	Revert "Merge branch '4.9.0' into merge-4.9.0-into-master" This reverts commit `4923750ea4`, reversing changes made to `e1d70c35fe`.	2024-07-19 09:27:46 +02:00
David Correa Rodríguez	0110e696d0	Revert "Merge branch '4.9.0' into merge-4.9.0-into-master" This reverts commit `622c67d2cc`, reversing changes made to `55f209e57f`.	2024-07-19 09:27:32 +02:00
Carlos Bordon	6e30c077d6	Merge pull request #1450 from wazuh/merge-4.9.0-into-master Merge 4.9.0 into master	2024-07-18 10:35:54 -03:00
David Correa Rodríguez	622c67d2cc	Merge branch '4.9.0' into merge-4.9.0-into-master	2024-07-18 15:33:47 +02:00
David Correa Rodríguez	55f209e57f	Merge pull request #1447 from wazuh/merge-4.9.0-into-master Merge 4.9.0 into master	2024-07-18 15:03:02 +02:00
David Correa Rodríguez	4923750ea4	Merge branch '4.9.0' into merge-4.9.0-into-master	2024-07-18 14:48:50 +02:00
Gonzalo Acuña	e1d70c35fe	Merge pull request #1392 from wazuh/merge-4.9.0-into-master Merge 4.9.0 into master	2024-06-12 12:55:42 -03:00
Gonzalo Acuña	7eb5d0843c	Merge pull request #1385 from wazuh/enhancement/1256-wazuh-cert-tool Add Wazuh cert tool image build into Wazuh images build process	2024-06-12 07:09:12 -03:00
vcerenu	36e7160332	Add save and load process for Wazuh Cert Tool image	2024-06-11 10:19:50 -03:00
vcerenu	cf3eb61081	Add save and load process for Wazuh Cert Tool image	2024-06-11 10:16:22 -03:00
vcerenu	fda4a171f4	Add save and load process for Wazuh Cert Tool image	2024-06-11 10:14:19 -03:00
vcerenu	1e6f93b20a	Correct the name of the certificate generator script	2024-06-11 09:46:53 -03:00
vcerenu	aed1004471	Change the generator script in multi node deployment	2024-06-10 07:13:09 -03:00
vcerenu	450a59a7c8	Change the name dir to Wazuh cert tool Dockerfile	2024-06-10 07:11:20 -03:00
vcerenu	6d63befeb7	Modify yaml script name generator	2024-06-07 07:57:03 -03:00
vcerenu	1f32d2a358	Modify yaml script name generator	2024-06-07 07:42:13 -03:00
vcerenu	fc1ece705e	Add the build of Wazuh cert tool image to build image process	2024-06-07 05:44:14 -03:00
Gonzalo Acuña	4ba7cba72d	Merge pull request #1375 from wazuh/1371-merge-4.9.0-into-master Merge 4.9.0 into master	2024-05-31 12:41:01 -03:00
vcerenu	37918b47cd	Merge branch 'master' of github.com:wazuh/wazuh-docker into 4.9.0	2024-05-31 11:58:30 -03:00
Gonzalo Acuña	937b5fad87	Merge pull request #1312 from wazuh/461-conf-files-environment Add environment for configure wazuh indexer and dashboard files	2024-05-17 09:36:41 -03:00
Gonzalo Acuña	3d7c673671	Merge pull request #1327 from wazuh/merge-4.9.0-into-master Merge 4.9.0 into master	2024-04-30 08:21:30 -03:00
vcerenu	7ec98fedf9	correct environment settings in services	2024-04-24 05:57:27 -03:00
vcerenu	10f278cadb	add environment variables for configure wazuh indexer and dashboard files	2024-04-23 11:43:29 -03:00
Gonzalo Acuña	fa025c602e	Merge pull request #1292 from wazuh/enhancement/#1291-remove-commented-lines securityadmin commented lines in Wazuh indexer entrypoint removed	2024-04-09 10:22:32 -03:00
Carlos Anguita López	f4ccd4b0a6	Removed commented lines 87 to 91	2024-04-09 09:26:47 +02:00
David Correa Rodríguez	c95eb42902	Merge pull request #1285 from wazuh/merge-4.9.0-into-master Merge 4.9.0 into master	2024-04-01 11:31:30 +02:00
David Correa Rodríguez	f685bfaa9d	Merge branch 'master' into merge-4.9.0-into-master	2024-04-01 11:26:05 +02:00
David Correa Rodríguez	dc13ef3f72	Merge branch '4.9.0' into merge-4.9.0-into-master	2024-04-01 11:11:14 +02:00
Gonzalo Acuña	9918f95f3f	Merge pull request #1269 from wazuh/bug/1193-review-version-references-in-the-master-branch-5.0 Fixed references to 4.8 in `master`	2024-03-20 12:58:23 -03:00
David Correa Rodríguez	935aee6d2a	Fixed references to 4.8 in `master`	2024-03-19 11:39:01 +01:00
Gonzalo Acuña	e8d2463d99	Merge pull request #1251 from wazuh/merge-4.9.0-into-master Merge 4.9.0 into master	2024-03-04 13:47:24 -03:00
David Correa Rodríguez	4f0da7a58e	Merge branch '4.9.0' into merge-4.9.0-into-master	2024-03-04 17:44:19 +01:00
Gonzalo Acuña	799dadc1cf	Merge pull request #1243 from wazuh/merge-4.9.0-into-master Merge 4.9.0 into master	2024-03-01 15:55:14 -03:00
David Correa Rodríguez	b47361e4c9	Merge pull request #1207 from wazuh/bump-5.0.0 Bump version to 5.0.0	2024-02-13 10:37:26 +01:00
David Correa Rodríguez	d3d2ae7b86	Bump version to 5.0.0	2024-02-13 10:32:58 +01:00