Merge pull request #1747 from wazuh/enhancement/1745-revert-image-tag

Revert docker image for 4.11.1-rc2

.env

@@ -1,6 +1,6 @@
-WAZUH_VERSION=5.0.0
-WAZUH_IMAGE_VERSION=5.0.0
+WAZUH_VERSION=4.11.1
+WAZUH_IMAGE_VERSION=4.11.1
 WAZUH_TAG_REVISION=1
-FILEBEAT_TEMPLATE_BRANCH=5.0.0
+FILEBEAT_TEMPLATE_BRANCH=4.11.1
 WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz
 WAZUH_UI_REVISION=1

.github/.goss.yaml

@@ -56,7 +56,7 @@ package:
   wazuh-manager:
     installed: true
     versions:
-    - 5.0.0-1
+    - 4.11.1
 port:
   tcp:1514:
     listening: true

.github/free-disk-space/action.yml

@@ -0,0 +1,245 @@
+name: "Free Disk Space (Ubuntu)"
+description: "A configurable GitHub Action to free up disk space on an Ubuntu GitHub Actions runner."
+
+# Thanks @jlumbroso for the action code https://github.com/jlumbroso/free-disk-space/
+# See: https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#branding
+
+inputs:
+  android:
+    description: "Remove Android runtime"
+    required: false
+    default: "true"
+  dotnet:
+    description: "Remove .NET runtime"
+    required: false
+    default: "true"
+  haskell:
+    description: "Remove Haskell runtime"
+    required: false
+    default: "true"
+
+  # option inspired by:
+  # https://github.com/apache/flink/blob/master/tools/azure-pipelines/free_disk_space.sh
+  large-packages:
+    description: "Remove large packages"
+    required: false
+    default: "true"
+
+  docker-images:
+    description: "Remove Docker images"
+    required: false
+    default: "true"
+
+  # option inspired by:
+  # https://github.com/actions/virtual-environments/issues/2875#issuecomment-1163392159
+  tool-cache:
+    description: "Remove image tool cache"
+    required: false
+    default: "false"
+
+  swap-storage:
+    description: "Remove swap storage"
+    required: false
+    default: "true"
+
+runs:
+  using: "composite"
+  steps:
+    - shell: bash
+      run: |
+
+        # ======
+        # MACROS
+        # ======
+
+        # macro to print a line of equals
+        # (silly but works)
+        printSeparationLine() {
+          str=${1:=}
+          num=${2:-80}
+          counter=1
+          output=""
+          while [ $counter -le $num ]
+          do
+             output="${output}${str}"
+             counter=$((counter+1))
+          done
+          echo "${output}"
+        }
+
+        # macro to compute available space
+        # REF: https://unix.stackexchange.com/a/42049/60849
+        # REF: https://stackoverflow.com/a/450821/408734
+        getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); }
+
+        # macro to make Kb human readable (assume the input is Kb)
+        # REF: https://unix.stackexchange.com/a/44087/60849
+        formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); }
+
+        # macro to output saved space
+        printSavedSpace() {
+          saved=${1}
+          title=${2:-}
+
+          echo ""
+          printSeparationLine '*' 80
+          if [ ! -z "${title}" ]; then
+            echo "=> ${title}: Saved $(formatByteCount $saved)"
+          else
+            echo "=> Saved $(formatByteCount $saved)"
+          fi
+          printSeparationLine '*' 80
+          echo ""
+        }
+
+        # macro to print output of dh with caption
+        printDH() {
+          caption=${1:-}
+
+          printSeparationLine '=' 80
+          echo "${caption}"
+          echo ""
+          echo "$ dh -h /"
+          echo ""
+          df -h /
+          echo "$ dh -a /"
+          echo ""
+          df -a /
+          echo "$ dh -a"
+          echo ""
+          df -a
+          printSeparationLine '=' 80
+        }
+
+
+
+        # ======
+        # SCRIPT
+        # ======
+
+        # Display initial disk space stats
+
+        AVAILABLE_INITIAL=$(getAvailableSpace)
+        AVAILABLE_ROOT_INITIAL=$(getAvailableSpace '/')
+
+        printDH "BEFORE CLEAN-UP:"
+        echo ""
+
+
+        # Option: Remove Android library
+
+        if [[ ${{ inputs.android }} == 'true' ]]; then
+          BEFORE=$(getAvailableSpace)
+          
+          sudo rm -rf /usr/local/lib/android || true
+
+          AFTER=$(getAvailableSpace)
+          SAVED=$((AFTER-BEFORE))
+          printSavedSpace $SAVED "Android library"
+        fi
+
+        # Option: Remove .NET runtime
+
+        if [[ ${{ inputs.dotnet }} == 'true' ]]; then
+          BEFORE=$(getAvailableSpace)
+
+          # https://github.community/t/bigger-github-hosted-runners-disk-space/17267/11
+          sudo rm -rf /usr/share/dotnet || true
+          
+          AFTER=$(getAvailableSpace)
+          SAVED=$((AFTER-BEFORE))
+          printSavedSpace $SAVED ".NET runtime"
+        fi
+
+        # Option: Remove Haskell runtime
+
+        if [[ ${{ inputs.haskell }} == 'true' ]]; then
+          BEFORE=$(getAvailableSpace)
+
+          sudo rm -rf /opt/ghc || true
+          sudo rm -rf /usr/local/.ghcup || true
+          
+          AFTER=$(getAvailableSpace)
+          SAVED=$((AFTER-BEFORE))
+          printSavedSpace $SAVED "Haskell runtime"
+        fi
+
+        # Option: Remove large packages
+        # REF: https://github.com/apache/flink/blob/master/tools/azure-pipelines/free_disk_space.sh
+
+        if [[ ${{ inputs.large-packages }} == 'true' ]]; then
+          BEFORE=$(getAvailableSpace)
+          
+          sudo apt-get remove -y '^aspnetcore-.*' || echo "::warning::The command [sudo apt-get remove -y '^aspnetcore-.*'] failed to complete successfully. Proceeding..."
+          sudo apt-get remove -y '^dotnet-.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y '^dotnet-.*' --fix-missing] failed to complete successfully. Proceeding..."
+          sudo apt-get remove -y '^llvm-.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y '^llvm-.*' --fix-missing] failed to complete successfully. Proceeding..."
+          sudo apt-get remove -y 'php.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y 'php.*' --fix-missing] failed to complete successfully. Proceeding..."
+          sudo apt-get remove -y '^mongodb-.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y '^mongodb-.*' --fix-missing] failed to complete successfully. Proceeding..."
+          sudo apt-get remove -y '^mysql-.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y '^mysql-.*' --fix-missing] failed to complete successfully. Proceeding..."
+          sudo apt-get remove -y azure-cli google-chrome-stable firefox powershell mono-devel libgl1-mesa-dri --fix-missing || echo "::warning::The command [sudo apt-get remove -y azure-cli google-chrome-stable firefox powershell mono-devel libgl1-mesa-dri --fix-missing] failed to complete successfully. Proceeding..."
+          sudo apt-get remove -y google-cloud-sdk --fix-missing || echo "::debug::The command [sudo apt-get remove -y google-cloud-sdk --fix-missing] failed to complete successfully. Proceeding..."
+          sudo apt-get remove -y google-cloud-cli --fix-missing || echo "::debug::The command [sudo apt-get remove -y google-cloud-cli --fix-missing] failed to complete successfully. Proceeding..."
+          sudo apt-get autoremove -y || echo "::warning::The command [sudo apt-get autoremove -y] failed to complete successfully. Proceeding..."
+          sudo apt-get clean || echo "::warning::The command [sudo apt-get clean] failed to complete successfully. Proceeding..."
+
+          AFTER=$(getAvailableSpace)
+          SAVED=$((AFTER-BEFORE))
+          printSavedSpace $SAVED "Large misc. packages"
+        fi
+
+        # Option: Remove Docker images
+
+        if [[ ${{ inputs.docker-images }} == 'true' ]]; then
+          BEFORE=$(getAvailableSpace)
+
+          sudo docker image prune --all --force || true
+
+          AFTER=$(getAvailableSpace)
+          SAVED=$((AFTER-BEFORE))
+          printSavedSpace $SAVED "Docker images"
+        fi
+
+        # Option: Remove tool cache
+        # REF: https://github.com/actions/virtual-environments/issues/2875#issuecomment-1163392159
+
+        if [[ ${{ inputs.tool-cache }} == 'true' ]]; then
+          BEFORE=$(getAvailableSpace)
+
+          sudo rm -rf "$AGENT_TOOLSDIRECTORY" || true
+          
+          AFTER=$(getAvailableSpace)
+          SAVED=$((AFTER-BEFORE))
+          printSavedSpace $SAVED "Tool cache"
+        fi
+
+        # Option: Remove Swap storage
+
+        if [[ ${{ inputs.swap-storage }} == 'true' ]]; then
+          BEFORE=$(getAvailableSpace)
+
+          sudo swapoff -a || true
+          sudo rm -f /mnt/swapfile || true
+          free -h
+          
+          AFTER=$(getAvailableSpace)
+          SAVED=$((AFTER-BEFORE))
+          printSavedSpace $SAVED "Swap storage"
+        fi
+
+
+
+        # Output saved space statistic
+
+        AVAILABLE_END=$(getAvailableSpace)
+        AVAILABLE_ROOT_END=$(getAvailableSpace '/')
+
+        echo ""
+        printDH "AFTER CLEAN-UP:"
+
+        echo ""
+        echo ""
+
+        echo "/dev/root:"
+        printSavedSpace $((AVAILABLE_ROOT_END - AVAILABLE_ROOT_INITIAL))
+        echo "overall:"
+        printSavedSpace $((AVAILABLE_END - AVAILABLE_INITIAL))

.github/workflows/Procedure_push_docker_images.yml

@@ -6,13 +6,13 @@ on:
     inputs:
       image_tag:
         description: 'Docker image tag'
-        default: '5.0.0'
+        default: '4.11.1'
         required: true
       docker_reference:
         description: 'wazuh-docker reference'
-        default: 'v5.0.0'
+        default: 'v4.11.1'
         required: true
-      PRODUCTS:
+      products:
         description: 'Comma-separated list of the image names to build and push'
         default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer'
         required: true
@@ -42,12 +42,12 @@ on:
     inputs:
       image_tag:
         description: 'Docker image tag'
-        default: '5.0.0'
+        default: '4.11.1'
         required: true
         type: string
       docker_reference:
         description: 'wazuh-docker reference'
-        default: 'v5.0.0'
+        default: 'v4.11.1'
         required: false
         type: string
       products:
@@ -116,6 +116,12 @@ jobs:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
+    - name: Install Docker Compose
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y docker-compose
+        echo "Installed Docker Compose version: $(docker-compose --version)"
+
     - name: Build Wazuh images
       run: |
         IMAGE_TAG=${{ inputs.image_tag }}

.github/workflows/push.yml

@@ -10,6 +10,11 @@ jobs:
     - name: Check out code
       uses: actions/checkout@v3
 
+    - name: Install docker-compose
+      run: |
+        curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
+        chmod +x /usr/local/bin/docker-compose
+
     - name: Build Wazuh images
       run: build-docker-images/build-images.sh
 
@@ -22,36 +27,28 @@ jobs:
         docker save wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar
         docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar
         docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
-        docker save wazuh/wazuh-cert-tool:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar
 
     - name: Temporarily save Wazuh manager Docker image
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: docker-artifact-manager
         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar
         retention-days: 1
 
     - name: Temporarily save Wazuh indexer Docker image
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: docker-artifact-indexer
         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar
         retention-days: 1
 
     - name: Temporarily save Wazuh dashboard Docker image
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: docker-artifact-dashboard
         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
         retention-days: 1
 
-    - name: Temporarily save Wazuh Cert Tool Docker image
-      uses: actions/upload-artifact@v3
-      with:
-        name: docker-artifact-cert-tool
-        path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar
-        retention-days: 1
-
     - name: Install Goss
       uses: e1himself/goss-installation-action@v1.0.3
       with:
@@ -71,43 +68,41 @@ jobs:
     - name: Check out code
       uses: actions/checkout@v3
 
+    - name: Install docker-compose
+      run: |
+        curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
+        chmod +x /usr/local/bin/docker-compose
+
     - name: Create enviroment variables
       run: cat .env > $GITHUB_ENV
 
     - name: Retrieve saved Wazuh indexer Docker image
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: docker-artifact-indexer
 
     - name: Retrieve saved Wazuh manager Docker image
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: docker-artifact-manager
 
     - name: Retrieve saved Wazuh dashboard Docker image
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: docker-artifact-dashboard
 
-    - name: Retrieve saved Wazuh Cert Tool Docker image
-      uses: actions/download-artifact@v3
-      with:
-        name: docker-artifact-cert-tool
-
     - name: Docker load
       run: |
         docker load --input ./wazuh-indexer.tar
         docker load --input ./wazuh-dashboard.tar
         docker load --input ./wazuh-manager.tar
-        docker load --input ./wazuh-cert-tool.tar
-        rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar
 
 
     - name: Create single node certficates
-      run: docker compose -f single-node/generate-certs.yml run --rm generator
+      run: docker-compose -f single-node/generate-indexer-certs.yml run --rm generator
 
     - name: Start single node stack
-      run: docker compose -f single-node/docker-compose.yml up -d
+      run: docker-compose -f single-node/docker-compose.yml up -d
 
     - name: Check Wazuh indexer start
       run: |
@@ -201,50 +196,44 @@ jobs:
     - name: Check out code
       uses: actions/checkout@v3
 
+    - name: Install docker-compose
+      run: |
+        curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
+        chmod +x /usr/local/bin/docker-compose
+
     - name: Create enviroment variables
       run: cat .env > $GITHUB_ENV
 
     - name: free disk space
-      run: |
-        sudo swapoff -a
-        sudo rm -f /swapfile
-        sudo apt clean
-        docker rmi $(docker image ls -aq)
-        df -h
+      uses: ./.github/free-disk-space
 
     - name: Retrieve saved Wazuh dashboard Docker image
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: docker-artifact-dashboard
 
     - name: Retrieve saved Wazuh manager Docker image
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: docker-artifact-manager
 
     - name: Retrieve saved Wazuh indexer Docker image
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: docker-artifact-indexer
 
-    - name: Retrieve saved Wazuh Cert Tool Docker image
-      uses: actions/download-artifact@v3
-      with:
-        name: docker-artifact-cert-tool
-
     - name: Docker load
       run: |
+        docker load --input ./wazuh-manager.tar
         docker load --input ./wazuh-indexer.tar
         docker load --input ./wazuh-dashboard.tar
-        docker load --input ./wazuh-manager.tar
-        docker load --input ./wazuh-cert-tool.tar
-        rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar
+        rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar
 
     - name: Create multi node certficates
-      run: docker compose -f multi-node/generate-certs.yml run --rm generator
+      run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator
 
     - name: Start multi node stack
-      run: docker compose -f multi-node/docker-compose.yml up -d
+      run: docker-compose -f multi-node/docker-compose.yml up -d
 
     - name: Check Wazuh indexer start
       run: |

CHANGELOG.md

@@ -1,16 +1,15 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
-## [5.0.0]
+## [4.11.1]
 
 ### Added
 
-- none
+- None
 
 ### Changed
 
-- Delete service tag and modifiy docker-compose execution for a new version ([#1632](https://github.com/wazuh/wazuh-docker/pull/1632))
-- Remove deprecated attribute version in docker-compose.yml ([#1595](https://github.com/wazuh/wazuh-docker/pull/1595)) by https://github.com/h3ssan
+- None
 
 ### Fixed
 
@@ -20,11 +19,11 @@ All notable changes to this project will be documented in this file.
 
 - None
 
-## [4.10.2]
+## [4.11.0]
 
 ### Added
 
-- none
+- None
 
 ### Changed
 
@@ -32,7 +31,7 @@ All notable changes to this project will be documented in this file.
 
 ### Fixed
 
-- None
+- Change the cleaning disk step ([#1663](https://github.com/wazuh/wazuh-docker/pull/1663))
 
 ### Deleted
 
@@ -42,7 +41,7 @@ All notable changes to this project will be documented in this file.
 
 ### Added
 
-- none
+- None
 
 ### Changed
 
@@ -60,7 +59,9 @@ All notable changes to this project will be documented in this file.
 
 ### Added
 
-- Migrate the push docker images procedure to GitHub Actions ([#5651](https://github.com/wazuh/wazuh-qa/issues/5651))
+- Improve the push docker images workflow ([#1551](https://github.com/wazuh/wazuh-docker/pull/1551))
+- Update the Procedure push docker images workflow file ([#1524](https://github.com/wazuh/wazuh-docker/pull/1524))
+- Add the push_docker_images procedure workflow file ([#1518](https://github.com/wazuh/wazuh-docker/pull/1518))
 
 ### Changed
 
@@ -68,7 +69,8 @@ All notable changes to this project will be documented in this file.
 
 ### Fixed
 
-- None
+- Add unset capabilities. ([#1619](https://github.com/wazuh/wazuh-docker/pull/1619))
+- Removed references to module enabling because they are now enabled by default. ([#1416](https://github.com/wazuh/wazuh-docker/pull/1416))
 
 ### Deleted
 

README.md

@@ -168,6 +168,7 @@ WAZUH_MONITORING_REPLICAS=0         ##
     └── VERSION
 
 
+
 ## Branches
 
 * `master` branch contains the latest code, be aware of possible bugs on this branch.
@@ -177,8 +178,8 @@ WAZUH_MONITORING_REPLICAS=0         ##
 
 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
-| v5.0.0        |         |        |
-| v4.10.2       |         |        |
+| v4.11.1       |         |        |
+| v4.11.0       |         |        |
 | v4.10.1       |         |        |
 | v4.10.0       |         |        |
 | v4.9.2        |         |        |

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="5.0.0"
-REVISION="50000"
+WAZUH-DOCKER_VERSION="4.11.1"
+REVISION="41112"

build-docker-images/README.md

@@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im
 The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
 
 ```
-$ build-docker-images/build-images.sh -v 5.0.0
+$ build-docker-images/build-images.sh -v 4.11.1
 ```
 
 To get all the available script options use the -h or --help option:
@@ -26,7 +26,7 @@ Usage: build-docker-images/build-images.sh [OPTIONS]
     -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
     -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default 0.4.
     -r, --revision <rev>         [Optional] Package revision. By default 1
-    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 5.0.0.
+    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 4.11.1.
     -h, --help                   Show this help.
 
 ```

build-docker-images/build-images.sh

@@ -1,4 +1,4 @@
-WAZUH_IMAGE_VERSION=5.0.0
+WAZUH_IMAGE_VERSION=4.11.1
 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
 WAZUH_TAG_REVISION=1
 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
@@ -12,7 +12,7 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
 # License (version 2) as published by the FSF - Free Software
 # Foundation.
 
-WAZUH_IMAGE_VERSION="5.0.0"
+WAZUH_IMAGE_VERSION="4.11.1"
 WAZUH_TAG_REVISION="1"
 WAZUH_DEV_STAGE=""
 FILEBEAT_MODULE_VERSION="0.4"
@@ -70,8 +70,7 @@ build() {
     echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> .env
     echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env
 
-    docker compose -f build-docker-images/build-images.yml --env-file .env build --no-cache
-    docker build -t wazuh/wazuh-cert-tool:$WAZUH_IMAGE_VERSION build-docker-images/cert-tool-image/
+    docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache || clean 1
 
     return 0
 }

build-docker-images/build-images.yml

@@ -1,4 +1,6 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+version: '3.7'
+
 services:
   wazuh.manager:
     build:

build-docker-images/wazuh-dashboard/Dockerfile

@@ -21,6 +21,8 @@ RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
 RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
 RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
 COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
+RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/bin/node
+RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/fallback/bin/node
 
 # Generate certificates
 COPY config/config.sh .
@@ -85,15 +87,6 @@ COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
 RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 
-# Set $JAVA_HOME
-RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
-    echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
-ENV JAVA_HOME=$INSTALL_DIR/jdk
-ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
-
-# Add k-NN lib directory to library loading path variable
-ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
-
 # Set workdir and user
 WORKDIR $INSTALL_DIR
 USER wazuh-dashboard
@@ -102,5 +95,3 @@ USER wazuh-dashboard
 EXPOSE 443
 
 ENTRYPOINT [ "/entrypoint.sh" ]
-
-CMD ["opensearch-dashboards"]

build-docker-images/wazuh-dashboard/config/config.sh

@@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config
 
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/5.0/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/
+PACKAGES_URL=https://packages.wazuh.com/4.11/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.11/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
@@ -34,8 +34,8 @@ chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
 mkdir -p ${CONFIG_DIR}/certs
 
 # Copy Wazuh dashboard certs to install config dir
-cp /wazuh-certificates/dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
-cp /wazuh-certificates/dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
+cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
+cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
 cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
 
 chmod -R 500 ${CONFIG_DIR}/certs

build-docker-images/wazuh-dashboard/config/config.yml

@@ -1,5 +1,5 @@
 nodes:
   # Wazuh dashboard server nodes
   dashboard:
-    - name: dashboard
-      ip: wazuh.dashboard
+    - name: demo.dashboard
+      ip: demo.dashboard

build-docker-images/wazuh-dashboard/config/entrypoint.sh

@@ -2,215 +2,6 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 
 INSTALL_DIR=/usr/share/wazuh-dashboard
-export OPENSEARCH_DASHBOARDS_HOME=$INSTALL_DIR
-WAZUH_CONFIG_MOUNT=/wazuh-config-mount
-
-opensearch_dashboards_vars=(
-    console.enabled
-    console.proxyConfig
-    console.proxyFilter
-    ops.cGroupOverrides.cpuPath
-    ops.cGroupOverrides.cpuAcctPath
-    cpu.cgroup.path.override
-    cpuacct.cgroup.path.override
-    server.basePath
-    server.customResponseHeaders
-    server.compression.enabled
-    server.compression.referrerWhitelist
-    server.cors
-    server.cors.origin
-    server.defaultRoute
-    server.host
-    server.keepAliveTimeout
-    server.maxPayloadBytes
-    server.name
-    server.port
-    csp.rules
-    csp.strict
-    csp.warnLegacyBrowsers
-    data.search.usageTelemetry.enabled
-    opensearch.customHeaders
-    opensearch.hosts
-    opensearch.logQueries
-    opensearch.memoryCircuitBreaker.enabled
-    opensearch.memoryCircuitBreaker.maxPercentage
-    opensearch.password
-    opensearch.pingTimeout
-    opensearch.requestHeadersWhitelist
-    opensearch.requestHeadersAllowlist
-    opensearch_security.multitenancy.enabled
-    opensearch_security.readonly_mode.roles
-    opensearch.requestTimeout
-    opensearch.shardTimeout
-    opensearch.sniffInterval
-    opensearch.sniffOnConnectionFault
-    opensearch.sniffOnStart
-    opensearch.ssl.alwaysPresentCertificate
-    opensearch.ssl.certificate
-    opensearch.ssl.key
-    opensearch.ssl.keyPassphrase
-    opensearch.ssl.keystore.path
-    opensearch.ssl.keystore.password
-    opensearch.ssl.truststore.path
-    opensearch.ssl.truststore.password
-    opensearch.ssl.verificationMode
-    opensearch.username
-    i18n.locale
-    interpreter.enableInVisualize
-    opensearchDashboards.autocompleteTerminateAfter
-    opensearchDashboards.autocompleteTimeout
-    opensearchDashboards.defaultAppId
-    opensearchDashboards.index
-    logging.dest
-    logging.json
-    logging.quiet
-    logging.rotate.enabled
-    logging.rotate.everyBytes
-    logging.rotate.keepFiles
-    logging.rotate.pollingInterval
-    logging.rotate.usePolling
-    logging.silent
-    logging.useUTC
-    logging.verbose
-    map.includeOpenSearchMapsService
-    map.proxyOpenSearchMapsServiceInMaps
-    map.regionmap
-    map.tilemap.options.attribution
-    map.tilemap.options.maxZoom
-    map.tilemap.options.minZoom
-    map.tilemap.options.subdomains
-    map.tilemap.url
-    monitoring.cluster_alerts.email_notifications.email_address
-    monitoring.enabled
-    monitoring.opensearchDashboards.collection.enabled
-    monitoring.opensearchDashboards.collection.interval
-    monitoring.ui.container.opensearch.enabled
-    monitoring.ui.container.logstash.enabled
-    monitoring.ui.opensearch.password
-    monitoring.ui.opensearch.pingTimeout
-    monitoring.ui.opensearch.hosts
-    monitoring.ui.opensearch.username
-    monitoring.ui.opensearch.logFetchCount
-    monitoring.ui.opensearch.ssl.certificateAuthorities
-    monitoring.ui.opensearch.ssl.verificationMode
-    monitoring.ui.enabled
-    monitoring.ui.max_bucket_size
-    monitoring.ui.min_interval_seconds
-    newsfeed.enabled
-    ops.interval
-    path.data
-    pid.file
-    regionmap
-    security.showInsecureClusterWarning
-    server.rewriteBasePath
-    server.socketTimeout
-    server.customResponseHeaders
-    server.ssl.enabled
-    server.ssl.key
-    server.ssl.keyPassphrase
-    server.ssl.keystore.path
-    server.ssl.keystore.password
-    server.ssl.truststore.path
-    server.ssl.truststore.password
-    server.ssl.cert
-    server.ssl.certificate
-    server.ssl.certificateAuthorities
-    server.ssl.cipherSuites
-    server.ssl.clientAuthentication
-    opensearch.ssl.certificateAuthorities
-    server.ssl.redirectHttpFromPort
-    server.ssl.supportedProtocols
-    server.xsrf.disableProtection
-    server.xsrf.whitelist
-    status.allowAnonymous
-    status.v6ApiFormat
-    tilemap.options.attribution
-    tilemap.options.maxZoom
-    tilemap.options.minZoom
-    tilemap.options.subdomains
-    tilemap.url
-    timeline.enabled
-    vega.enableExternalUrls
-    apm_oss.apmAgentConfigurationIndex
-    apm_oss.indexPattern
-    apm_oss.errorIndices
-    apm_oss.onboardingIndices
-    apm_oss.spanIndices
-    apm_oss.sourcemapIndices
-    apm_oss.transactionIndices
-    apm_oss.metricsIndices
-    telemetry.allowChangingOptInStatus
-    telemetry.enabled
-    telemetry.optIn
-    telemetry.optInStatusUrl
-    telemetry.sendUsageFrom
-    vis_builder.enabled
-    data_source.enabled
-    data_source.encryption.wrappingKeyName
-    data_source.encryption.wrappingKeyNamespace
-    data_source.encryption.wrappingKey
-    data_source.audit.enabled
-    data_source.audit.appender.kind
-    data_source.audit.appender.path
-    data_source.audit.appender.layout.kind
-    data_source.audit.appender.layout.highlight
-    data_source.audit.appender.layout.pattern
-    ml_commons_dashboards.enabled
-    assistant.chat.enabled
-    observability.query_assist.enabled
-    uiSettings.overrides.defaultRoute
-)
-
-print() {
-  echo -e $1
-}
-
-error_and_exit() {
-  echo "Error executing command: '$1'."
-  echo 'Exiting.'
-  exit 1
-}
-
-exec_cmd() {
-  eval $1 > /dev/null 2>&1 || error_and_exit "$1"
-}
-
-exec_cmd_stdout() {
-  eval $1 2>&1 || error_and_exit "$1"
-}
-
-function runOpensearchDashboards {
-    touch $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
-      for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
-        env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)
-        value=${!env_var}
-        if [[ -n $value ]]; then
-          longoptfile="${opensearch_dashboards_var}: ${value}"
-          if grep -q $opensearch_dashboards_var $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml; then
-            sed -i "/${opensearch_dashboards_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
-          else
-            echo $longoptfile >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
-          fi
-        fi
-      done
-
-    umask 0002
-
-    /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml \
-        --cpu.cgroup.path.override=/ \
-        --cpuacct.cgroup.path.override=/
-}
-
-mount_files() {
-  if [ -e $WAZUH_CONFIG_MOUNT/* ]
-  then
-    print "Identified Wazuh cdashboard onfiguration files to mount..."
-    exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $INSTALL_DIR"
-  else
-    print "No Wazuh dashboard configuration files to mount..."
-  fi
-}
-
 DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
 DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
 
@@ -226,14 +17,4 @@ echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add o
 
 /wazuh_app_config.sh $WAZUH_UI_REVISION
 
-mount_files
-
-if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
-    set -- opensearch-dashboards "$@"
-fi
-
-if [ "$1" = "opensearch-dashboards" ]; then
-    runOpensearchDashboards "$@"
-else
-    exec "$@"
-fi
+/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml

build-docker-images/wazuh-indexer/Dockerfile

@@ -19,6 +19,14 @@ COPY config/config.sh .
 
 COPY config/config.yml /
 
+COPY config/action_groups.yml /
+
+COPY config/internal_users.yml /
+
+COPY config/roles_mapping.yml /
+
+COPY config/roles.yml /
+
 RUN bash config.sh
 
 ################################################################################
@@ -35,15 +43,6 @@ ENV USER="wazuh-indexer" \
     NAME="wazuh-indexer" \
     INSTALL_DIR="/usr/share/wazuh-indexer"
 
-# Set $JAVA_HOME
-RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
-    echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
-ENV JAVA_HOME="$INSTALL_DIR/jdk"
-ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
-
-# Add k-NN lib directory to library loading path variable
-ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
-
 RUN yum install curl-minimal shadow-utils findutils hostname -y
 
 RUN getent group $GROUP || groupadd -r -g 1000 $GROUP

build-docker-images/wazuh-indexer/config/action_groups.yml

@@ -0,0 +1,12 @@
+---
+_meta:
+  type: "actiongroups"
+  config_version: 2
+
+# ISM API permissions group
+manage_ism:
+  reserved: true
+  hidden: false
+  allowed_actions:
+  - "cluster:admin/opendistro/ism/*"
+  static: false

build-docker-images/wazuh-indexer/config/config.sh

@@ -22,8 +22,8 @@ export REPO_DIR=/unattended_installer
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/5.0/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/
+PACKAGES_URL=https://packages.wazuh.com/4.11/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.11/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

build-docker-images/wazuh-indexer/config/entrypoint.sh

@@ -7,272 +7,12 @@ umask 0002
 export USER=wazuh-indexer
 export INSTALLATION_DIR=/usr/share/wazuh-indexer
 export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}
+export JAVA_HOME=${INSTALLATION_DIR}/jdk
+export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
 export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
 export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem"
 export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem"
 
-opensearch_vars=(
-    cluster.name
-    node.name
-    node.roles
-    path.data
-    path.logs
-    bootstrap.memory_lock
-    network.host
-    http.port
-    transport.port
-    network.bind_host
-    network.publish_host
-    transport.tcp.port
-    compatibility.override_main_response_version
-    http.host
-    http.bind_host
-    http.publish_host
-    http.compression
-    transport.host
-    transport.bind_host
-    transport.publish_host
-    discovery.seed_hosts
-    discovery.seed_providers
-    discovery.type
-    cluster.initial_cluster_manager_nodes
-    cluster.initial_master_nodes
-    node.max_local_storage_nodes
-    gateway.recover_after_nodes
-    gateway.recover_after_data_nodes
-    gateway.expected_data_nodes
-    gateway.recover_after_time
-    plugins.security.nodes_dn
-    plugins.security.nodes_dn_dynamic_config_enabled
-    plugins.security.authcz.admin_dn
-    plugins.security.roles_mapping_resolution
-    plugins.security.dls.mode
-    plugins.security.compliance.salt
-    config.dynamic.http.anonymous_auth_enabled
-    plugins.security.restapi.roles_enabled
-    plugins.security.restapi.password_validation_regex
-    plugins.security.restapi.password_validation_error_message
-    plugins.security.restapi.password_min_length
-    plugins.security.restapi.password_score_based_validation_strength
-    plugins.security.unsupported.restapi.allow_securityconfig_modification
-    plugins.security.authcz.impersonation_dn
-    plugins.security.authcz.rest_impersonation_user
-    plugins.security.allow_default_init_securityindex
-    plugins.security.allow_unsafe_democertificates
-    plugins.security.system_indices.permission.enabled
-    plugins.security.config_index_name
-    plugins.security.cert.oid
-    plugins.security.cert.intercluster_request_evaluator_class
-    plugins.security.enable_snapshot_restore_privilege
-    plugins.security.check_snapshot_restore_write_privileges
-    plugins.security.cache.ttl_minutes
-    plugins.security.protected_indices.enabled
-    plugins.security.protected_indices.roles
-    plugins.security.protected_indices.indices
-    plugins.security.system_indices.enabled
-    plugins.security.system_indices.indices
-    plugins.security.audit.enable_rest
-    plugins.security.audit.enable_transport
-    plugins.security.audit.resolve_bulk_requests
-    plugins.security.audit.config.disabled_categories
-    plugins.security.audit.ignore_requests
-    plugins.security.audit.threadpool.size
-    plugins.security.audit.threadpool.max_queue_len
-    plugins.security.audit.ignore_users
-    plugins.security.audit.type
-    plugins.security.audit.config.http_endpoints
-    plugins.security.audit.config.index
-    plugins.security.audit.config.type
-    plugins.security.audit.config.username
-    plugins.security.audit.config.password
-    plugins.security.audit.config.enable_ssl
-    plugins.security.audit.config.verify_hostnames
-    plugins.security.audit.config.enable_ssl_client_auth
-    plugins.security.audit.config.cert_alias
-    plugins.security.audit.config.pemkey_filepath
-    plugins.security.audit.config.pemkey_content
-    plugins.security.audit.config.pemkey_password
-    plugins.security.audit.config.pemcert_filepath
-    plugins.security.audit.config.pemcert_content
-    plugins.security.audit.config.pemtrustedcas_filepath
-    plugins.security.audit.config.pemtrustedcas_content
-    plugins.security.audit.config.webhook.url
-    plugins.security.audit.config.webhook.format
-    plugins.security.audit.config.webhook.ssl.verify
-    plugins.security.audit.config.webhook.ssl.pemtrustedcas_filepath
-    plugins.security.audit.config.webhook.ssl.pemtrustedcas_content
-    plugins.security.audit.config.log4j.logger_name
-    plugins.security.audit.config.log4j.level
-    opendistro_security.audit.config.disabled_rest_categories
-    opendistro_security.audit.config.disabled_transport_categories
-    plugins.security.ssl.transport.enforce_hostname_verification
-    plugins.security.ssl.transport.resolve_hostname
-    plugins.security.ssl.http.clientauth_mode
-    plugins.security.ssl.http.enabled_ciphers
-    plugins.security.ssl.http.enabled_protocols
-    plugins.security.ssl.transport.enabled_ciphers
-    plugins.security.ssl.transport.enabled_protocols
-    plugins.security.ssl.transport.keystore_type
-    plugins.security.ssl.transport.keystore_filepath
-    plugins.security.ssl.transport.keystore_alias
-    plugins.security.ssl.transport.keystore_password
-    plugins.security.ssl.transport.truststore_type
-    plugins.security.ssl.transport.truststore_filepath
-    plugins.security.ssl.transport.truststore_alias
-    plugins.security.ssl.transport.truststore_password
-    plugins.security.ssl.http.enabled
-    plugins.security.ssl.http.keystore_type
-    plugins.security.ssl.http.keystore_filepath
-    plugins.security.ssl.http.keystore_alias
-    plugins.security.ssl.http.keystore_password
-    plugins.security.ssl.http.truststore_type
-    plugins.security.ssl.http.truststore_filepath
-    plugins.security.ssl.http.truststore_alias
-    plugins.security.ssl.http.truststore_password
-    plugins.security.ssl.transport.enable_openssl_if_available
-    plugins.security.ssl.http.enable_openssl_if_available
-    plugins.security.ssl.transport.pemkey_filepath
-    plugins.security.ssl.transport.pemkey_password
-    plugins.security.ssl.transport.pemcert_filepath
-    plugins.security.ssl.transport.pemtrustedcas_filepath
-    plugins.security.ssl.http.pemkey_filepath
-    plugins.security.ssl.http.pemkey_password
-    plugins.security.ssl.http.pemcert_filepath
-    plugins.security.ssl.http.pemtrustedcas_filepath
-    plugins.security.ssl.transport.enabled
-    plugins.security.ssl.transport.client.pemkey_password
-    plugins.security.ssl.transport.keystore_keypassword
-    plugins.security.ssl.transport.server.keystore_keypassword
-    plugins.sercurity.ssl.transport.server.keystore_alias
-    plugins.sercurity.ssl.transport.client.keystore_alias
-    plugins.sercurity.ssl.transport.server.truststore_alias
-    plugins.sercurity.ssl.transport.client.truststore_alias
-    plugins.security.ssl.client.external_context_id
-    plugins.secuirty.ssl.transport.principal_extractor_class
-    plugins.security.ssl.http.crl.file_path
-    plugins.security.ssl.http.crl.validate
-    plugins.security.ssl.http.crl.prefer_crlfile_over_ocsp
-    plugins.security.ssl.http.crl.check_only_end_entitites
-    plugins.security.ssl.http.crl.disable_ocsp
-    plugins.security.ssl.http.crl.disable_crldp
-    plugins.security.ssl.allow_client_initiated_renegotiation
-    indices.breaker.total.use_real_memory
-    indices.breaker.total.limit
-    indices.breaker.fielddata.limit
-    indices.breaker.fielddata.overhead
-    indices.breaker.request.limit
-    indices.breaker.request.overhead
-    network.breaker.inflight_requests.limit
-    network.breaker.inflight_requests.overhead
-    cluster.routing.allocation.enable
-    cluster.routing.allocation.node_concurrent_incoming_recoveries
-    cluster.routing.allocation.node_concurrent_outgoing_recoveries
-    cluster.routing.allocation.node_concurrent_recoveries
-    cluster.routing.allocation.node_initial_primaries_recoveries
-    cluster.routing.allocation.same_shard.host
-    cluster.routing.rebalance.enable
-    cluster.routing.allocation.allow_rebalance
-    cluster.routing.allocation.cluster_concurrent_rebalance
-    cluster.routing.allocation.balance.shard
-    cluster.routing.allocation.balance.index
-    cluster.routing.allocation.balance.threshold
-    cluster.routing.allocation.balance.prefer_primary
-    cluster.routing.allocation.disk.threshold_enabled
-    cluster.routing.allocation.disk.watermark.low
-    cluster.routing.allocation.disk.watermark.high
-    cluster.routing.allocation.disk.watermark.flood_stage
-    cluster.info.update.interval
-    cluster.routing.allocation.shard_movement_strategy
-    cluster.blocks.read_only
-    cluster.blocks.read_only_allow_delete
-    cluster.max_shards_per_node
-    cluster.persistent_tasks.allocation.enable
-    cluster.persistent_tasks.allocation.recheck_interval
-    cluster.search.request.slowlog.threshold.warn
-    cluster.search.request.slowlog.threshold.info
-    cluster.search.request.slowlog.threshold.debug
-    cluster.search.request.slowlog.threshold.trace
-    cluster.search.request.slowlog.level
-    cluster.fault_detection.leader_check.timeout
-    cluster.fault_detection.follower_check.timeout
-    action.auto_create_index
-    action.destructive_requires_name
-    cluster.default.index.refresh_interval
-    cluster.minimum.index.refresh_interval
-    cluster.indices.close.enable
-    indices.recovery.max_bytes_per_sec
-    indices.recovery.max_concurrent_file_chunks
-    indices.recovery.max_concurrent_operations
-    indices.recovery.max_concurrent_remote_store_streams
-    indices.time_series_index.default_index_merge_policy
-    indices.fielddata.cache.size
-    index.number_of_shards
-    index.number_of_routing_shards
-    index.shard.check_on_startup
-    index.codec
-    index.codec.compression_level
-    index.routing_partition_size
-    index.soft_deletes.retention_lease.period
-    index.load_fixed_bitset_filters_eagerly
-    index.hidden
-    index.merge.policy
-    index.merge_on_flush.enabled
-    index.merge_on_flush.max_full_flush_merge_wait_time
-    index.merge_on_flush.policy
-    index.check_pending_flush.enabled
-    index.number_of_replicas
-    index.auto_expand_replicas
-    index.search.idle.after
-    index.refresh_interval
-    index.max_result_window
-    index.max_inner_result_window
-    index.max_rescore_window
-    index.max_docvalue_fields_search
-    index.max_script_fields
-    index.max_ngram_diff
-    index.max_shingle_diff
-    index.max_refresh_listeners
-    index.analyze.max_token_count
-    index.highlight.max_analyzed_offset
-    index.max_terms_count
-    index.max_regex_length
-    index.query.default_field
-    index.query.max_nested_depth
-    index.routing.allocation.enable
-    index.routing.rebalance.enable
-    index.gc_deletes
-    index.default_pipeline
-    index.final_pipeline
-    index.optimize_doc_id_lookup.fuzzy_set.enabled
-    index.optimize_doc_id_lookup.fuzzy_set.false_positive_probability
-    search.max_buckets
-    search.phase_took_enabled
-    search.allow_expensive_queries
-    search.default_allow_partial_results
-    search.cancel_after_time_interval
-    search.default_search_timeout
-    search.default_keep_alive
-    search.keep_alive_interval
-    search.max_keep_alive
-    search.low_level_cancellation
-    search.max_open_scroll_context
-    search.request_stats_enabled
-    search.highlight.term_vector_multi_value
-    snapshot.max_concurrent_operations
-    cluster.remote_store.translog.buffer_interval
-    remote_store.moving_average_window_size
-    opensearch.notifications.core.allowed_config_types
-    opensearch.notifications.core.email.minimum_header_length
-    opensearch.notifications.core.email.size_limit
-    opensearch.notifications.core.http.connection_timeout
-    opensearch.notifications.core.http.host_deny_list
-    opensearch.notifications.core.http.max_connection_per_route
-    opensearch.notifications.core.http.max_connections
-    opensearch.notifications.core.http.socket_timeout
-    opensearch.notifications.core.tooltip_support
-    opensearch.notifications.general.filter_by_backend_roles
-)
-
 run_as_other_user_if_needed() {
   if [[ "$(id -u)" == "0" ]]; then
     # If running as root, drop to specified UID and run command
@@ -284,37 +24,6 @@ run_as_other_user_if_needed() {
   fi
 }
 
-function buildOpensearchConfig {
-    echo "" >> $OPENSEARCH_PATH_CONF/opensearch.yml
-      for opensearch_var in ${opensearch_vars[*]}; do
-        env_var=$(echo ${opensearch_var^^} | tr . _)
-        value=${!env_var}
-        if [[ -n $value ]]; then
-          if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then
-            lineNum="$(grep -n "$opensearch_var" $OPENSEARCH_PATH_CONF/opensearch.yml | head -n 1 | cut -d: -f1)"
-            sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml
-            charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1)
-          fi
-          while :
-          do
-            case "$charline" in
-              "-"| "#" |" ") sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml;;
-              *) break;;
-            esac
-            charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1)
-          done
-          longoptfile="${opensearch_var}: ${value}"
-          if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then
-            sed -i "/${opensearch_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_PATH_CONF/opensearch.yml
-          else
-            echo $longoptfile >> $OPENSEARCH_PATH_CONF/opensearch.yml
-          fi
-        fi
-      done
-}
-
-buildOpensearchConfig
-
 # Allow user specify custom CMD, maybe bin/opensearch itself
 # for example to directly specify `-E` style parameters for opensearch on k8s
 # or simply to run /bin/bash to check the image
@@ -375,4 +84,10 @@ if [[ "$(id -u)" == "0" ]]; then
 fi
 
 
+#if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then
+  # run securityadmin.sh for single node with CACERT, CERT and KEY parameter
+#  nohup /securityadmin.sh &
+#  touch "/var/lib/wazuh-indexer/.flag"
+#fi
+
 run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD"

build-docker-images/wazuh-indexer/config/internal_users.yml

@@ -0,0 +1,74 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+  type: "internalusers"
+  config_version: 2
+
+# Define your internal users here
+
+## Demo users
+
+admin:
+  hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG"
+  reserved: true
+  backend_roles:
+  - "admin"
+  description: "Demo admin user"
+
+kibanaserver:
+  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
+  reserved: true
+  description: "Demo kibanaserver user"
+
+kibanaro:
+  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
+  reserved: false
+  backend_roles:
+  - "kibanauser"
+  - "readall"
+  attributes:
+    attribute1: "value1"
+    attribute2: "value2"
+    attribute3: "value3"
+  description: "Demo kibanaro user"
+
+logstash:
+  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
+  reserved: false
+  backend_roles:
+  - "logstash"
+  description: "Demo logstash user"
+
+readall:
+  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
+  reserved: false
+  backend_roles:
+  - "readall"
+  description: "Demo readall user"
+
+snapshotrestore:
+  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
+  reserved: false
+  backend_roles:
+  - "snapshotrestore"
+  description: "Demo snapshotrestore user"
+
+wazuh_admin:
+  hash: "$2y$12$d2awHiOYvZjI88VfsDON.u6buoBol0gYPJEgdG1ArKVE0OMxViFfu"
+  reserved: true
+  hidden: false
+  backend_roles: []
+  attributes: {}
+  opendistro_security_roles: []
+  static: false
+  
+wazuh_user:
+  hash: "$2y$12$BQixeoQdRubZdVf/7sq1suHwiVRnSst1.lPI2M0.GPZms4bq2D9vO"
+  reserved: true
+  hidden: false
+  backend_roles: []
+  attributes: {}
+  opendistro_security_roles: []
+  static: false  

build-docker-images/wazuh-indexer/config/opensearch.yml

@@ -0,0 +1,26 @@
+network.host: "0.0.0.0"
+node.name: "wazuh.indexer"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+discovery.type: single-node
+compatibility.override_main_response_version: true
+plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem
+plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem
+plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem
+plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+- "CN=demo.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+plugins.security.system_indices.enabled: true
+plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]

build-docker-images/wazuh-indexer/config/roles.yml

@@ -0,0 +1,171 @@
+_meta:
+  type: "roles"
+  config_version: 2
+
+# Restrict users so they can only view visualization and dashboards on kibana
+kibana_read_only:
+  reserved: true
+
+# The security REST API access role is used to assign specific users access to change the security settings through the REST API.
+security_rest_api_access:
+  reserved: true
+
+# Allows users to view monitors, destinations and alerts
+alerting_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/alerting/alerts/get'
+    - 'cluster:admin/opendistro/alerting/destination/get'
+    - 'cluster:admin/opendistro/alerting/monitor/get'
+    - 'cluster:admin/opendistro/alerting/monitor/search'
+
+# Allows users to view and acknowledge alerts
+alerting_ack_alerts:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/alerting/alerts/*'
+
+# Allows users to use all alerting functionality
+alerting_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster_monitor'
+    - 'cluster:admin/opendistro/alerting/*'
+  index_permissions:
+    - index_patterns:
+        - '*'
+      allowed_actions:
+        - 'indices_monitor'
+        - 'indices:admin/aliases/get'
+        - 'indices:admin/mappings/get'
+
+# Allow users to read Anomaly Detection detectors and results
+anomaly_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/ad/detector/info'
+    - 'cluster:admin/opendistro/ad/detector/search'
+    - 'cluster:admin/opendistro/ad/detectors/get'
+    - 'cluster:admin/opendistro/ad/result/search'
+    - 'cluster:admin/opendistro/ad/tasks/search'
+
+# Allows users to use all Anomaly Detection functionality
+anomaly_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster_monitor'
+    - 'cluster:admin/opendistro/ad/*'
+  index_permissions:
+    - index_patterns:
+        - '*'
+      allowed_actions:
+        - 'indices_monitor'
+        - 'indices:admin/aliases/get'
+        - 'indices:admin/mappings/get'
+
+# Allows users to read Notebooks
+notebooks_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/notebooks/list'
+    - 'cluster:admin/opendistro/notebooks/get'
+
+# Allows users to all Notebooks functionality
+notebooks_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/notebooks/create'
+    - 'cluster:admin/opendistro/notebooks/update'
+    - 'cluster:admin/opendistro/notebooks/delete'
+    - 'cluster:admin/opendistro/notebooks/get'
+    - 'cluster:admin/opendistro/notebooks/list'
+
+# Allows users to read and download Reports
+reports_instances_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/reports/instance/list'
+    - 'cluster:admin/opendistro/reports/instance/get'
+    - 'cluster:admin/opendistro/reports/menu/download'
+
+# Allows users to read and download Reports and Report-definitions
+reports_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/reports/definition/get'
+    - 'cluster:admin/opendistro/reports/definition/list'
+    - 'cluster:admin/opendistro/reports/instance/list'
+    - 'cluster:admin/opendistro/reports/instance/get'
+    - 'cluster:admin/opendistro/reports/menu/download'
+
+# Allows users to all Reports functionality
+reports_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/reports/definition/create'
+    - 'cluster:admin/opendistro/reports/definition/update'
+    - 'cluster:admin/opendistro/reports/definition/on_demand'
+    - 'cluster:admin/opendistro/reports/definition/delete'
+    - 'cluster:admin/opendistro/reports/definition/get'
+    - 'cluster:admin/opendistro/reports/definition/list'
+    - 'cluster:admin/opendistro/reports/instance/list'
+    - 'cluster:admin/opendistro/reports/instance/get'
+    - 'cluster:admin/opendistro/reports/menu/download'
+
+# Allows users to use all asynchronous-search functionality
+asynchronous_search_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/asynchronous_search/*'
+  index_permissions:
+    - index_patterns:
+        - '*'
+      allowed_actions:
+        - 'indices:data/read/search*'
+
+# Allows users to read stored asynchronous-search results
+asynchronous_search_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/asynchronous_search/get'
+
+wazuh_ui_user:
+  reserved: true
+  hidden: false
+  cluster_permissions: []
+  index_permissions:
+  - index_patterns:
+    - "wazuh-*"
+    dls: ""
+    fls: []
+    masked_fields: []
+    allowed_actions:
+    - "read"
+  tenant_permissions: []
+  static: false
+
+wazuh_ui_admin:
+  reserved: true
+  hidden: false
+  cluster_permissions: []
+  index_permissions:
+  - index_patterns:
+    - "wazuh-*"
+    dls: ""
+    fls: []
+    masked_fields: []
+    allowed_actions:
+    - "read"
+    - "delete"
+    - "manage"
+    - "index"
+  tenant_permissions: []
+  static: false
+
+# ISM API permissions role
+manage_ism:
+  reserved: true
+  hidden: false
+  cluster_permissions:
+  - "manage_ism"
+  static: false

build-docker-images/wazuh-indexer/config/roles_mapping.yml

@@ -0,0 +1,78 @@
+---
+# In this file users, backendroles and hosts can be mapped to Wazuh indexer Security roles.
+# Permissions for Wazuh indexer roles are configured in roles.yml
+
+_meta:
+  type: "rolesmapping"
+  config_version: 2
+
+# Define your roles mapping here
+
+## Demo roles mapping
+
+all_access:
+  reserved: false
+  backend_roles:
+  - "admin"
+  description: "Maps admin to all_access"
+
+own_index:
+  reserved: false
+  users:
+  - "*"
+  description: "Allow full access to an index named like the username"
+
+logstash:
+  reserved: false
+  backend_roles:
+  - "logstash"
+
+kibana_user:
+  reserved: false
+  backend_roles:
+  - "kibanauser"
+  users:
+  - "wazuh_user"
+  - "wazuh_admin"
+  description: "Maps kibanauser to kibana_user"
+
+readall:
+  reserved: false
+  backend_roles:
+  - "readall"
+
+manage_snapshots:
+  reserved: false
+  backend_roles:
+  - "snapshotrestore"
+
+kibana_server:
+  reserved: true
+  users:
+  - "kibanaserver"
+
+wazuh_ui_admin:
+  reserved: true
+  hidden: false
+  backend_roles: []
+  hosts: []
+  users:
+  - "wazuh_admin"
+  - "kibanaserver"
+  and_backend_roles: []
+
+wazuh_ui_user:
+  reserved: true
+  hidden: false
+  backend_roles: []
+  hosts: []
+  users:
+  - "wazuh_user"
+  and_backend_roles: []
+
+# ISM API permissions role mapping
+manage_ism:
+  reserved: true
+  hidden: false
+  users:
+  - "kibanaserver"

build-docker-images/wazuh-manager/config/permanent_data.env

@@ -82,6 +82,11 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/orm.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/utils.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/__init__.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_utils.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/__init__.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/analytics.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/graph.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/storage.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
@@ -89,6 +94,9 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/bucket.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/access_logs.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py"
 export PERMANENT_DATA_EXCP
 
 # Files mounted in a volume that should be deleted

indexer-certs-creator/Dockerfile

@@ -1,8 +1,7 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-FROM amazonlinux:2023
+FROM ubuntu:focal
 
-RUN yum install curl-minimal openssl -y &&\
-yum clean all
+RUN apt-get update && apt-get install openssl curl -y
 
 WORKDIR /
 

indexer-certs-creator/README.md

@@ -0,0 +1,9 @@
+# Certificate creation image build
+
+The dockerfile hosted in this directory is used to build the image used to boot Wazuh's single node and multi node stacks.
+
+To create the image, the following command must be executed:
+
+```
+$ docker build -t wazuh/wazuh-certs-generator:0.0.1 .
+```

indexer-certs-creator/config/entrypoint.sh

@@ -8,8 +8,8 @@
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/5.0/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/
+PACKAGES_URL=https://packages.wazuh.com/4.11/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.11/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

multi-node/Migration-to-Wazuh-4.4.md

@@ -354,7 +354,7 @@ docker container run --rm -it \
 ```
 git checkout 4.4
 cd multi-node
-docker-compose -f generate-certs.yml run --rm generator
+docker-compose -f generate-indexer-certs.yml run --rm generator
 docker-compose up -d
 ```
 

multi-node/README.md

@@ -1,6 +1,6 @@
 # Deploy Wazuh Docker in multi node configuration
 
-This deployment is defined in the `docker-compose.yml` file with two Wazuh manager containers, three Wazuh indexer containers, and one Wazuh dashboard container. It can be deployed by following these steps:
+This deployment is defined in the `docker-compose.yml` file with two Wazuh manager containers, three Wazuh indexer containers, and one Wazuh dashboard container. It can be deployed by following these steps: 
 
 1) Increase max_map_count on your host (Linux). This command must be run with root permissions:
 ```
@@ -8,18 +8,18 @@ $ sysctl -w vm.max_map_count=262144
 ```
 2) Run the certificate creation script:
 ```
-$ docker compose -f generate-certs.yml run --rm generator
+$ docker-compose -f generate-indexer-certs.yml run --rm generator
 ```
-3) Start the environment with docker compose:
+3) Start the environment with docker-compose:
 
 - In the foregroud:
 ```
-$ docker compose up
+$ docker-compose up
 ```
 
 - In the background:
 ```
-$ docker compose up -d
+$ docker-compose up -d
 ```
 
 

multi-node/config/wazuh_dashboard/opensearch_dashboards.yml

@@ -0,0 +1,12 @@
+server.host: 0.0.0.0
+server.port: 5601
+opensearch.hosts: https://wazuh1.indexer:9200
+opensearch.ssl.verificationMode: certificate
+opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: true
+server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
+server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
+opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
+uiSettings.overrides.defaultRoute: /app/wz-home

multi-node/config/wazuh_indexer/wazuh1.indexer.yml

@@ -0,0 +1,38 @@
+network.host: wazuh1.indexer
+node.name: wazuh1.indexer
+cluster.initial_master_nodes:
+        - wazuh1.indexer
+        - wazuh2.indexer
+        - wazuh3.indexer
+cluster.name: "wazuh-cluster"
+discovery.seed_hosts:
+        - wazuh1.indexer
+        - wazuh2.indexer
+        - wazuh3.indexer
+node.max_local_storage_nodes: "3"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
+compatibility.override_main_response_version: true

multi-node/config/wazuh_indexer/wazuh2.indexer.yml

@@ -0,0 +1,38 @@
+network.host: wazuh2.indexer
+node.name: wazuh2.indexer
+cluster.initial_master_nodes:
+        - wazuh1.indexer
+        - wazuh2.indexer
+        - wazuh3.indexer
+cluster.name: "wazuh-cluster"
+discovery.seed_hosts:
+        - wazuh1.indexer
+        - wazuh2.indexer
+        - wazuh3.indexer
+node.max_local_storage_nodes: "3"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
+compatibility.override_main_response_version: true

multi-node/config/wazuh_indexer/wazuh3.indexer.yml

@@ -0,0 +1,38 @@
+network.host: wazuh3.indexer
+node.name: wazuh3.indexer
+cluster.initial_master_nodes:
+        - wazuh1.indexer
+        - wazuh2.indexer
+        - wazuh3.indexer
+cluster.name: "wazuh-cluster"
+discovery.seed_hosts:
+        - wazuh1.indexer
+        - wazuh2.indexer
+        - wazuh3.indexer
+node.max_local_storage_nodes: "3"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
+compatibility.override_main_response_version: true

multi-node/docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh.master:
-    image: wazuh/wazuh-manager:5.0.0
+    image: wazuh/wazuh-manager:4.11.1
     hostname: wazuh.master
     restart: always
     ulimits:
@@ -18,15 +18,15 @@ services:
       - "514:514/udp"
       - "55000:55000"
     environment:
-      INDEXER_URL: https://wazuh1.indexer:9200
-      INDEXER_USERNAME: admin
-      INDEXER_PASSWORD: admin
-      FILEBEAT_SSL_VERIFICATION_MODE: full
-      SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
-      SSL_CERTIFICATE: /etc/ssl/filebeat.pem
-      SSL_KEY: /etc/ssl/filebeat.key
-      API_USERNAME: wazuh-wui
-      API_PASSWORD: MyS3cr37P450r.*-
+      - INDEXER_URL=https://wazuh1.indexer:9200
+      - INDEXER_USERNAME=admin
+      - INDEXER_PASSWORD=SecretPassword
+      - FILEBEAT_SSL_VERIFICATION_MODE=full
+      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
+      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
+      - SSL_KEY=/etc/ssl/filebeat.key
+      - API_USERNAME=wazuh-wui
+      - API_PASSWORD=MyS3cr37P450r.*-
     volumes:
       - master-wazuh-api-configuration:/var/ossec/api/configuration
       - master-wazuh-etc:/var/ossec/etc
@@ -45,7 +45,7 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.worker:
-    image: wazuh/wazuh-manager:5.0.0
+    image: wazuh/wazuh-manager:4.11.1
     hostname: wazuh.worker
     restart: always
     ulimits:
@@ -56,13 +56,13 @@ services:
         soft: 655360
         hard: 655360
     environment:
-      INDEXER_URL: https://wazuh1.indexer:9200
-      INDEXER_USERNAME: admin
-      INDEXER_PASSWORD: admin
-      FILEBEAT_SSL_VERIFICATION_MODE: full
-      SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
-      SSL_CERTIFICATE: /etc/ssl/filebeat.pem
-      SSL_KEY: /etc/ssl/filebeat.key
+      - INDEXER_URL=https://wazuh1.indexer:9200
+      - INDEXER_USERNAME=admin
+      - INDEXER_PASSWORD=SecretPassword
+      - FILEBEAT_SSL_VERIFICATION_MODE=full
+      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
+      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
+      - SSL_KEY=/etc/ssl/filebeat.key
     volumes:
       - worker-wazuh-api-configuration:/var/ossec/api/configuration
       - worker-wazuh-etc:/var/ossec/etc
@@ -81,9 +81,14 @@ services:
       - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh1.indexer:
-    image: wazuh/wazuh-indexer:5.0.0
+    image: wazuh/wazuh-indexer:4.11.1
     hostname: wazuh1.indexer
     restart: always
+    ports:
+      - "9200:9200"
+    environment:
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "bootstrap.memory_lock=true"
     ulimits:
       memlock:
         soft: -1
@@ -91,38 +96,6 @@ services:
       nofile:
         soft: 65536
         hard: 65536
-    ports:
-      - "9200:9200"
-    environment:
-      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
-      bootstrap.memory_lock: "true"
-      NETWORK_HOST: wazuh1.indexer
-      NODE_NAME: wazuh1.indexer
-      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
-      CLUSTER_NAME: "wazuh-cluster"
-      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
-      NODE_MAX_LOCAL_STORAGE_NODES: "3"
-      PATH_DATA: /var/lib/wazuh-indexer
-      PATH_LOGS: /var/log/wazuh-indexer
-      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
-      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key
-      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
-      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
-      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
-      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
-      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
-      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
-      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
-      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
-      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
-      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
-      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
-      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
-      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
     volumes:
       - wazuh-indexer-data-1:/var/lib/wazuh-indexer
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
@@ -130,13 +103,16 @@ services:
       - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
       - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
       - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
-      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
-      # - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh2.indexer:
-    image: wazuh/wazuh-indexer:5.0.0
+    image: wazuh/wazuh-indexer:4.11.1
     hostname: wazuh2.indexer
     restart: always
+    environment:
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "bootstrap.memory_lock=true"
     ulimits:
       memlock:
         soft: -1
@@ -144,48 +120,21 @@ services:
       nofile:
         soft: 65536
         hard: 65536
-    environment:
-      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
-      bootstrap.memory_lock: "true"
-      NETWORK_HOST: wazuh2.indexer
-      NODE_NAME: wazuh2.indexer
-      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
-      CLUSTER_NAME: "wazuh-cluster"
-      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
-      NODE_MAX_LOCAL_STORAGE_NODES: "3"
-      PATH_DATA: /var/lib/wazuh-indexer
-      PATH_LOGS: /var/log/wazuh-indexer
-      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
-      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key
-      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
-      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
-      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
-      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
-      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
-      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
-      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
-      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
-      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
-      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
-      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
-      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
-      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
     volumes:
       - wazuh-indexer-data-2:/var/lib/wazuh-indexer
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.key
       - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
-      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
-      # - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh3.indexer:
-    image: wazuh/wazuh-indexer:5.0.0
+    image: wazuh/wazuh-indexer:4.11.1
     hostname: wazuh3.indexer
     restart: always
+    environment:
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "bootstrap.memory_lock=true"
     ulimits:
       memlock:
         soft: -1
@@ -193,84 +142,35 @@ services:
       nofile:
         soft: 65536
         hard: 65536
-    environment:
-      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
-      bootstrap.memory_lock: "true"
-      NETWORK_HOST: wazuh3.indexer
-      NODE_NAME: wazuh3.indexer
-      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
-      CLUSTER_NAME: "wazuh-cluster"
-      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
-      NODE_MAX_LOCAL_STORAGE_NODES: "3"
-      PATH_DATA: /var/lib/wazuh-indexer
-      PATH_LOGS: /var/log/wazuh-indexer
-      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
-      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key
-      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
-      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
-      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
-      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
-      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
-      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
-      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
-      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
-      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
-      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
-      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
-      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
-      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
     volumes:
       - wazuh-indexer-data-3:/var/lib/wazuh-indexer
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.key
       - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
-      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
-      # - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:5.0.0
+    image: wazuh/wazuh-dashboard:4.11.1
     hostname: wazuh.dashboard
     restart: always
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 65536
-        hard: 65536
     ports:
       - 443:5601
     environment:
-      OPENSEARCH_HOSTS: "https://wazuh1.indexer:9200"
-      WAZUH_API_URL: "https://wazuh.master"
-      API_USERNAME: wazuh-wui
-      API_PASSWORD: MyS3cr37P450r.*-
-      DASHBOARD_USERNAME: kibanaserver
-      DASHBOARD_PASSWORD: kibanaserver
-      SERVER_HOST: "0.0.0.0"
-      SERVER_PORT: "5601"
-      OPENSEARCH_SSL_VERIFICATIONMODE: certificate
-      OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]'
-      OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false"
-      SERVER_SSL_ENABLED: "true"
-      OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]'
-      SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
-      SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
-      OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]'
-      UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home
+      - OPENSEARCH_HOSTS="https://wazuh1.indexer:9200"
+      - WAZUH_API_URL="https://wazuh.master"
+      - API_USERNAME=wazuh-wui
+      - API_PASSWORD=MyS3cr37P450r.*-
+      - DASHBOARD_USERNAME=kibanaserver
+      - DASHBOARD_PASSWORD=kibanaserver
     volumes:
-      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
-      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
+      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
       - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
-      #  if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables
-      # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
+      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
     depends_on:
       - wazuh1.indexer
     links:

multi-node/generate-indexer-certs.yml

@@ -1,9 +1,10 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+version: '3'
+
 services:
   generator:
-    image: wazuh/wazuh-cert-tool:5.0.0
-    hostname: wazuh-cert-tool
-    container_name: wazuh-cert-tool
+    image: wazuh/wazuh-certs-generator:0.0.2
+    hostname: wazuh-certs-generator
     volumes:
       - ./config/wazuh_indexer_ssl_certs/:/certificates/
-      - ./config/certs.yml:/config/certs.yml
+      - ./config/certs.yml:/config/certs.yml

single-node/README.md

@@ -8,17 +8,17 @@ $ sysctl -w vm.max_map_count=262144
 ```
 2) Run the certificate creation script:
 ```
-$ docker compose -f generate-certs.yml run --rm generator
+$ docker-compose -f generate-indexer-certs.yml run --rm generator
 ```
-3) Start the environment with docker compose:
+3) Start the environment with docker-compose:
 
 - In the foregroud:
 ```
-$ docker compose up
+$ docker-compose up
 ```
 - In the background:
 ```
-$ docker compose up -d
+$ docker-compose up -d
 ```
 
 The environment takes about 1 minute to get up (depending on your Docker host) for the first time since Wazuh Indexer must be started for the first time and the indexes and index patterns must be generated.

single-node/docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh.manager:
-    image: wazuh/wazuh-manager:5.0.0
+    image: wazuh/wazuh-manager:4.11.1
     hostname: wazuh.manager
     restart: always
     ulimits:
@@ -19,15 +19,15 @@ services:
       - "514:514/udp"
       - "55000:55000"
     environment:
-      INDEXER_URL: https://wazuh.indexer:9200
-      INDEXER_USERNAME: admin
-      INDEXER_PASSWORD: admin
-      FILEBEAT_SSL_VERIFICATION_MODE: full
-      SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
-      SSL_CERTIFICATE: /etc/ssl/filebeat.pem
-      SSL_KEY: /etc/ssl/filebeat.key
-      API_USERNAME: wazuh-wui
-      API_PASSWORD: MyS3cr37P450r.*-
+      - INDEXER_URL=https://wazuh.indexer:9200
+      - INDEXER_USERNAME=admin
+      - INDEXER_PASSWORD=SecretPassword
+      - FILEBEAT_SSL_VERIFICATION_MODE=full
+      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
+      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
+      - SSL_KEY=/etc/ssl/filebeat.key
+      - API_USERNAME=wazuh-wui
+      - API_PASSWORD=MyS3cr37P450r.*-
     volumes:
       - wazuh_api_configuration:/var/ossec/api/configuration
       - wazuh_etc:/var/ossec/etc
@@ -46,9 +46,13 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.indexer:
-    image: wazuh/wazuh-indexer:5.0.0
+    image: wazuh/wazuh-indexer:4.11.1
     hostname: wazuh.indexer
     restart: always
+    ports:
+      - "9200:9200"
+    environment:
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
     ulimits:
       memlock:
         soft: -1
@@ -56,37 +60,6 @@ services:
       nofile:
         soft: 65536
         hard: 65536
-    ports:
-      - "9200:9200"
-    environment:
-      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
-      bootstrap.memory_lock: "true"
-      NODE_NAME: "wazuh.indexer"
-      CLUSTER_INITIAL_MASTER_NODES: "wazuh.indexer"
-      CLUSTER_NAME: "wazuh-cluster"
-      PATH_DATA: /var/lib/wazuh-indexer
-      PATH_LOGS: /var/log/wazuh-indexer
-      HTTP_PORT: 9200-9299
-      TRANSPORT_TCP_PORT: 9300-9399
-      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
-      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
-      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
-      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
-      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
-      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
-      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
-      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
-      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
-      PLUGINS_SECURITY_NODES_DN: "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
-      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
-      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
-      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
-      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
     volumes:
       - wazuh-indexer-data:/var/lib/wazuh-indexer
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
@@ -94,49 +67,31 @@ services:
       - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
       - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
       - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
-      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
-      # - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:5.0.0
+    image: wazuh/wazuh-dashboard:4.11.1
     hostname: wazuh.dashboard
     restart: always
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 65536
-        hard: 65536
     ports:
       - 443:5601
     environment:
-      WAZUH_API_URL: https://wazuh.manager
-      DASHBOARD_USERNAME: kibanaserver
-      DASHBOARD_PASSWORD: kibanaserver
-      API_USERNAME: wazuh-wui
-      API_PASSWORD: MyS3cr37P450r.*-
-      SERVER_HOST: 0.0.0.0
-      SERVER_PORT: 5601
-      OPENSEARCH_HOSTS: https://wazuh.indexer:9200
-      OPENSEARCH_SSL_VERIFICATIONMODE: certificate
-      OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]'
-      OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false"
-      SERVER_SSL_ENABLED: "true"
-      OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]'
-      SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
-      SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
-      OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]'
-      UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home
+      - INDEXER_USERNAME=admin
+      - INDEXER_PASSWORD=SecretPassword
+      - WAZUH_API_URL=https://wazuh.manager
+      - DASHBOARD_USERNAME=kibanaserver
+      - DASHBOARD_PASSWORD=kibanaserver
+      - API_USERNAME=wazuh-wui
+      - API_PASSWORD=MyS3cr37P450r.*-
     volumes:
-      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
-      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
-      - ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml
-      #  if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables
-      # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml
+      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
+      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
     depends_on:
       - wazuh.indexer
     links:

single-node/generate-indexer-certs.yml

@@ -1,10 +1,10 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+version: '3'
+
 services:
   generator:
-    image: wazuh/wazuh-cert-tool:5.0.0
-    hostname: wazuh-cert-tool
-    container_name: wazuh-cert-tool
+    image: wazuh/wazuh-certs-generator:0.0.2
+    hostname: wazuh-certs-generator
     volumes:
       - ./config/wazuh_indexer_ssl_certs/:/certificates/
       - ./config/certs.yml:/config/certs.yml
-