Update to 3.12.3 (#348)

Former-commit-id: d584062230

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="3.10.2_7.3.2"
+WAZUH-DOCKER_VERSION="3.11.5_7.3.2"
-REVISION="31020"
+REVISION="31150"

elasticsearch/Dockerfile

@@ -1,7 +1,7 @@
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-ARG ELASTIC_VERSION=7.3.2
+ARG ELASTIC_VERSION=7.4.2
 FROM docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}
-ARG TEMPLATE_VERSION=v3.10.2
+ARG TEMPLATE_VERSION=v3.11.4
 
 ENV ELASTICSEARCH_URL="http://elasticsearch:9200"
 

elasticsearch/config/35-entrypoint_load_settings.sh

@@ -28,13 +28,9 @@ echo "LOAD SETTINGS - Elasticsearch url: $el_url"
 ##############################################################################
 
 ELASTIC_PASS=""
-WAZH_API_USER=""
-WAZH_API_PASS=""
 
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
   ELASTIC_PASS=${SECURITY_ELASTIC_PASSWORD}
-  WAZH_API_USER=${API_USER}
-  WAZH_API_PASS=${API_PASS}
 else
   input=${SECURITY_CREDENTIALS_FILE}
   while IFS= read -r line
@@ -42,12 +38,6 @@ else
     if [[ $line == *"ELASTIC_PASSWORD"* ]]; then
       arrIN=(${line//:/ })
       ELASTIC_PASS=${arrIN[1]}
-    elif [[ $line == *"WAZUH_API_USER"* ]]; then
-      arrIN=(${line//:/ })
-      WAZH_API_USER=${arrIN[1]}
-    elif [[ $line == *"WAZUH_API_PASSWORD"* ]]; then
-      arrIN=(${line//:/ })
-      WAZH_API_PASS=${arrIN[1]}
     fi
   done < "$input"
  
@@ -154,93 +144,9 @@ fi
 
 
 ##############################################################################
-# Prepare Wazuh API credentials
+# Enable xpack.monitoring.collection
 ##############################################################################
 
-API_PASS_Q=`echo "$WAZH_API_PASS" | tr -d '"'`
-API_USER_Q=`echo "$WAZH_API_USER" | tr -d '"'`
-API_PASSWORD=`echo -n $API_PASS_Q | base64`
-
-echo "LOAD SETTINGS - Setting API credentials into Wazuh APP"
-CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013 ${auth})
-
-if [ "x$CONFIG_CODE" != "x200" ]; then
-  curl -s -XPOST $el_url/.wazuh/_doc/1513629884013 ${auth} -H 'Content-Type: application/json' -d'
-  {
-    "api_user": "'"$API_USER_Q"'",
-    "api_password": "'"$API_PASSWORD"'",
-    "url": "'"$wazuh_url"'",
-    "api_port": "55000",
-    "insecure": "true",
-    "component": "API",
-    "cluster_info": {
-      "manager": "wazuh-manager",
-      "cluster": "Disabled",
-      "status": "disabled"
-    },
-    "extensions": {
-      "oscap": true,
-      "audit": true,
-      "pci": true,
-      "aws": true,
-      "virustotal": true,
-      "gdpr": true,
-      "ciscat": true
-    }
-  }
-  ' > /dev/null
-else
-  echo "LOAD SETTINGS - Wazuh APP already configured"
-  echo "LOAD SETTINGS - Check if it is an upgrade from Elasticsearch 6.x to 7.x"
-  wazuh_search_request=`curl -s ${auth} "$el_url/.wazuh/_search?pretty"`
-  full_type=`echo $wazuh_search_request | jq .hits.hits | jq .[] | jq ._type`
-  elasticsearch_request=`curl -s $auth "$el_url"`
-  full_elasticsearch_version=`echo $elasticsearch_request | jq .version.number`
-  type=`echo "$full_type" | tr -d '"'`
-  elasticsearch_version=`echo "$full_elasticsearch_version" | tr -d '"'`
-  elasticsearch_major="${elasticsearch_version:0:1}"
-
-  if [[ $type == "wazuh-configuration" ]] && [[ $elasticsearch_major == "7" ]]; then
-    echo "LOAD SETTINGS - Elasticsearch major = $elasticsearch_major."
-    echo "LOAD SETTINGS - Reindex .wazuh in .wazuh-backup."
-    
-    curl -s ${auth} -XPOST "$el_url/_reindex" -H 'Content-Type: application/json' -d'
-    {
-      "source": {
-        "index": ".wazuh"
-      },
-      "dest": {
-        "index": ".wazuh-backup"
-      }
-    }
-    '
-    echo "LOAD SETTINGS - Remove .wazuh index."
-    curl -s  ${auth} -XDELETE "$el_url/.wazuh"
-
-    echo "LOAD SETTINGS - Reindex .wazuh-backup in .wazuh."
-    curl -s ${auth} -XPOST "$el_url/_reindex" -H 'Content-Type: application/json' -d'
-    {
-      "source": {
-        "index": ".wazuh-backup"
-      },
-      "dest": {
-        "index": ".wazuh"
-      }
-    }
-    '
-    curl -s ${auth} -XPUT "https://elasticsearch:9200/.wazuh-backup/_settings?pretty" -H 'Content-Type: application/json' -d'
-    {
-        "index" : {
-            "number_of_replicas" : 0
-        }
-    }
-    '
-
-  fi
-
-fi
-sleep 5
-
 curl -XPUT "$el_url/_cluster/settings" ${auth} -H 'Content-Type: application/json' -d'
 {
   "persistent": {
@@ -249,6 +155,7 @@ curl -XPUT "$el_url/_cluster/settings" ${auth} -H 'Content-Type: application/jso
 }
 '
 
+
 ##############################################################################
 # Set cluster delayed timeout when node falls
 ##############################################################################
@@ -262,4 +169,4 @@ curl -X PUT "$el_url/_all/_settings" ${auth} -H 'Content-Type: application/json'
 '
 echo "LOAD SETTINGS - cluster delayed timeout changed."
 
-echo "LOAD SETTINGS - Elasticsearch is ready."
+echo "LOAD SETTINGS - Elasticsearch is ready."

kibana/Dockerfile

@@ -1,15 +1,14 @@
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-FROM docker.elastic.co/kibana/kibana:7.3.2
+FROM docker.elastic.co/kibana/kibana:7.4.2
-ARG ELASTIC_VERSION=7.3.2
+ARG ELASTIC_VERSION=7.4.2
-ARG WAZUH_VERSION=3.10.2
+ARG WAZUH_VERSION=3.11.5
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
 
 USER root
 
-# App: 3.10.2 - 7.3.2 with this fix: https://github.com/wazuh/wazuh-kibana-app/issues/1815
-#ADD  https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip /tmp
 COPY config/wazuhapp-${WAZUH_APP_VERSION}.zip /tmp
 USER kibana
+#RUN /usr/share/kibana/bin/kibana-plugin install  --allow-root https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip
 RUN /usr/share/kibana/bin/kibana-plugin install  --allow-root file:///tmp/wazuhapp-${WAZUH_APP_VERSION}.zip 
 USER root
 RUN rm -rf /tmp/wazuhapp-${WAZUH_APP_VERSION}.zip
@@ -47,7 +46,8 @@ ENV PATTERN="" \
     WAZUH_MONITORING_FREQUENCY="" \
     WAZUH_MONITORING_SHARDS="" \
     WAZUH_MONITORING_REPLICAS="" \
-    ADMIN_PRIVILEGES=""
+    ADMIN_PRIVILEGES="" \
+    API_SELECTOR=""
 
 ARG XPACK_CANVAS="false"
 ARG XPACK_LOGS="false"
@@ -62,13 +62,15 @@ ARG XPACK_SIEM="false"
 
 ARG CHANGE_WELCOME="true"
 
+COPY --chown=kibana:kibana ./config/05-decrypt_credentials.sh /entrypoint-scripts/05-decrypt_credentials.sh
 COPY --chown=kibana:kibana ./config/10-wazuh_app_config.sh /entrypoint-scripts/10-wazuh_app_config.sh
-COPY --chown=kibana:kibana ./config/15-decrypt_credentials.sh /entrypoint-scripts/15-decrypt_credentials.sh
+COPY --chown=kibana:kibana ./config/12-custom_logos.sh /entrypoint-scripts/12-custom_logos.sh
 COPY --chown=kibana:kibana ./config/20-entrypoint.sh /entrypoint-scripts/20-entrypoint.sh
 COPY --chown=kibana:kibana ./config/20-entrypoint_kibana_settings.sh ./
 COPY --chown=kibana:kibana ./config/20-entrypoint_certs_management.sh ./
-RUN chmod +x /entrypoint-scripts/10-wazuh_app_config.sh && \
+RUN chmod +x /entrypoint-scripts/05-decrypt_credentials.sh  && \
-    chmod +x /entrypoint-scripts/15-decrypt_credentials.sh && \
+    chmod +x /entrypoint-scripts/10-wazuh_app_config.sh && \
+    chmod +x /entrypoint-scripts/12-custom_logos.sh && \
     chmod +x /entrypoint-scripts/20-entrypoint.sh && \
     chmod +x ./20-entrypoint_kibana_settings.sh && \
     chmod +x ./20-entrypoint_certs_management.sh
@@ -89,9 +91,9 @@ RUN /usr/local/bin/kibana-docker --optimize
 
 USER root
 
-RUN chmod 660 /usr/share/kibana/plugins/wazuh/config.yml && \
+RUN chmod 660 /usr/share/kibana/plugins/wazuh/wazuh.yml && \
     chmod 775 /usr/share/kibana/plugins/wazuh && \
-    chown root:kibana /usr/share/kibana/plugins/wazuh/config.yml && \
+    chown root:kibana /usr/share/kibana/plugins/wazuh/wazuh.yml && \
     chown root:kibana /usr/share/kibana/plugins/wazuh
 
 USER kibana

kibana/config/10-wazuh_app_config.sh

@@ -1,7 +1,60 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
-kibana_config_file="/usr/share/kibana/plugins/wazuh/config.yml"
+##############################################################################
+# If Elasticsearch security is enabled get the kibana user, the Kibana 
+# password and WAZUH API credentials.
+##############################################################################
+
+KIBANA_USER=""
+KIBANA_PASS=""
+WAZH_API_USER=""
+WAZH_API_PASS=""
+
+if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
+  KIBANA_USER=${SECURITY_KIBANA_USER}
+  KIBANA_PASS=${SECURITY_KIBANA_PASS}
+  WAZH_API_USER=${API_USER}
+  WAZH_API_PASS=${API_PASS}
+  echo "USERS - Credentials obtained from environment variables."
+else
+  input=${SECURITY_CREDENTIALS_FILE}
+  while IFS= read -r line
+  do
+    if [[ $line == *"KIBANA_USER"* ]]; then
+      arrIN=(${line//:/ })
+      KIBANA_USER=${arrIN[1]}
+    elif [[ $line == *"KIBANA_PASSWORD"* ]]; then
+      arrIN=(${line//:/ })
+      KIBANA_PASS=${arrIN[1]}
+    elif [[ $line == *"WAZUH_API_USER"* ]]; then
+      arrIN=(${line//:/ })
+      WAZH_API_USER=${arrIN[1]}
+    elif [[ $line == *"WAZUH_API_PASSWORD"* ]]; then
+      arrIN=(${line//:/ })
+      WAZH_API_PASS=${arrIN[1]}
+    fi
+  done < "$input"
+  echo "USERS - Credentials obtained from file."
+fi
+
+##############################################################################
+# Establish the way to run the curl command, with or without authentication. 
+##############################################################################
+
+if [ ${SECURITY_ENABLED} != "no" ]; then
+  auth="-u ${KIBANA_USER}:${KIBANA_PASS} -k"
+elif [ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]; then
+  auth=""
+else
+  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
+fi
+
+##############################################################################
+# Set custom wazuh.yml config
+##############################################################################
+
+kibana_config_file="/usr/share/kibana/plugins/wazuh/wazuh.yml"
 
 declare -A CONFIG_MAP=(
   [pattern]=$PATTERN
@@ -30,6 +83,7 @@ declare -A CONFIG_MAP=(
   [wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS
   [wazuh.monitoring.replicas]=$WAZUH_MONITORING_REPLICAS
   [admin]=$ADMIN_PRIVILEGES
+  [api.selector]=$API_SELECTOR
 )
 
 for i in "${!CONFIG_MAP[@]}"
@@ -38,3 +92,24 @@ do
         sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file
     fi
 done
+
+# remove default API entry (new in 3.11.0_7.5.1)
+sed -ie '/- default:/,+4d' $kibana_config_file
+
+# If this is an update to 3.11
+CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $ELASTICSEARCH_URL/.wazuh/_doc/1513629884013 ${auth})
+
+grep -q 1513629884013 $kibana_config_file
+_config_exists=$?
+
+if [[ "x$CONFIG_CODE" != "x200" && $_config_exists -ne 0 ]]; then
+cat << EOF >> $kibana_config_file 
+  - 1:
+      url: https://wazuh
+      port: 55000
+      user: $WAZH_API_USER
+      password: $WAZH_API_PASS
+EOF
+else
+  echo "Wazuh APP already configured"
+fi

kibana/config/12-custom_logos.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+
+##############################################################################
+# Kibana logos
+##############################################################################
+
+if [[ $CUSTOM_LOGO == "true" ]]; then
+
+
+    echo "CUSTOM LOGO - Change Kibana logos."
+    # TO DO
+
+fi

kibana/config/wazuhapp-3.10.2_7.3.2.zip.REMOVED.git-id

@@ -1 +0,0 @@
-3cbdd26d9eeaff99f91312f703adccd828723b3c

kibana/config/wazuhapp-3.11.5_7.4.2.zip.REMOVED.git-id

@@ -0,0 +1 @@
+d3370881d16407941e250126bd331db13e7c8b63

kibana/config/welcome_wazuh.sh

@@ -25,5 +25,6 @@ then
     sed -i 's#visible: true#visible: false#g' $kibana_path/x-pack/legacy/plugins/upgrade_assistant/public/index.js
     sed -i 's#visible: true#visible: false#g' $kibana_path/x-pack/legacy/plugins/snapshot_restore/public/plugin.js
     sed -i 's#visible: true#visible: false#g' $kibana_path/x-pack/legacy/plugins/remote_clusters/public/plugin.js
+    sed -i 's#visible: true#visible: false#g' $kibana_path/x-pack/legacy/plugins/index_management/public/register_management_section.js
 fi
 

logstash/Dockerfile

@@ -1,6 +1,6 @@
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 
-ARG LOGSTASH_VERSION=7.3.2
+ARG LOGSTASH_VERSION=7.4.2
 FROM docker.elastic.co/logstash/logstash:${LOGSTASH_VERSION}
 
 COPY --chown=logstash:logstash config/entrypoint.sh /entrypoint.sh

logstash/config/01-wazuh.conf

@@ -40,6 +40,22 @@ filter {
         remove_field => [ "beat", "input_type", "tags", "count", "@version", "log", "offset", "type", "@src_ip", "host"]
     }
 }
+filter {
+    # Workarounds for vulnerability-detector
+    if "vulnerability-detector" in [rule][groups] {
+        # Drop vulnerability-detector events from Manager
+        if [agent][id] == "000"{
+            drop { }
+        }
+
+        # if exists, remove data.vulnerability.published field due to conflicts
+        if [data][vulnerability][published] {
+            mutate {
+                remove_field => [ "[data][vulnerability][published]" ]
+            }
+        }
+    }
+}
 output {
     elasticsearch {
         hosts => ["elasticsearch:9200"]

wazuh/Dockerfile

@@ -2,14 +2,14 @@
 FROM phusion/baseimage:latest
 
 # Arguments
-ARG FILEBEAT_VERSION=7.3.2
+ARG FILEBEAT_VERSION=7.6.1
-ARG WAZUH_VERSION=3.10.2-1
+ARG WAZUH_VERSION=3.12.3-1
 
 # Environment variables
 ENV API_USER="foo" \
    API_PASS="bar"
 
-ARG TEMPLATE_VERSION="v3.10.2"
+ARG TEMPLATE_VERSION="v3.12.3"
 ENV FILEBEAT_DESTINATION="elasticsearch"
 
 # Install packages
@@ -97,17 +97,19 @@ COPY config/00-decrypt_credentials.sh /entrypoint-scripts/00-decrypt_credentials
 COPY config/01-wazuh.sh /entrypoint-scripts/01-wazuh.sh
 COPY config/02-set_filebeat_destination.sh /entrypoint-scripts/02-set_filebeat_destination.sh
 COPY config/03-config_filebeat.sh /entrypoint-scripts/03-config_filebeat.sh
-COPY config/05-remove_credentials_file.sh /entrypoint-scripts/05-remove_credentials_file.sh
-COPY config/10-backups.sh /entrypoint-scripts/10-backups.sh
 COPY config/20-ossec-configuration.sh /entrypoint-scripts/20-ossec-configuration.sh
+COPY config/25-backups.sh /entrypoint-scripts/25-backups.sh
+COPY config/35-remove_credentials_file.sh /entrypoint-scripts/35-remove_credentials_file.sh
+COPY config/85-save_wazuh_version.sh /entrypoint-scripts/85-save_wazuh_version.sh
 RUN chmod 755 /entrypoint.sh && \
     chmod 755 /entrypoint-scripts/00-decrypt_credentials.sh && \
     chmod 755 /entrypoint-scripts/01-wazuh.sh && \
     chmod 755 /entrypoint-scripts/02-set_filebeat_destination.sh && \
     chmod 755 /entrypoint-scripts/03-config_filebeat.sh && \
-    chmod 755 /entrypoint-scripts/05-remove_credentials_file.sh && \
+    chmod 755 /entrypoint-scripts/20-ossec-configuration.sh && \
-    chmod 755 /entrypoint-scripts/10-backups.sh && \
+    chmod 755 /entrypoint-scripts/25-backups.sh && \
-    chmod 755 /entrypoint-scripts/20-ossec-configuration.sh
+    chmod 755 /entrypoint-scripts/35-remove_credentials_file.sh && \
+    chmod 755 /entrypoint-scripts/85-save_wazuh_version.sh
 
 # Workaround. 
 # Issues: Wazuh-api
@@ -121,4 +123,4 @@ ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/e
 RUN chmod go-w /etc/filebeat/wazuh-template.json 
 
 # Run all services
-ENTRYPOINT ["/entrypoint.sh"]
+ENTRYPOINT ["/entrypoint.sh"]

wazuh/config/01-wazuh.sh

@@ -32,6 +32,42 @@ exec_cmd_stdout() {
 }
 
 
+##############################################################################
+# Check_update
+# This function considers the following cases:
+# - If /var/ossec/etc/ossec-init.conf does not exist -> Action Nothing. There is no data in the EBS. First time deploying Wazuh
+# - If /var/ossec/etc/VERSION does not exist -> Action: Update. The previous version was prior to 3.11.5.
+# - If both files exist: different Wazuh version -> Action: Update. The previous version is older than the current one.
+# - If both files exist: the same Wazuh version -> Acton: Nothing. Same Wazuh version.
+##############################################################################
+
+check_update() {
+  if [ -e /var/ossec/etc/ossec-init.conf ]
+  then
+    if [ -e /var/ossec/etc/VERSION ]
+    then
+      previous_version=$(cat /var/ossec/etc/VERSION | grep -i version | cut -d'"' -f2)
+      echo "Previous version: $previous_version"
+      current_version=$(cat ${WAZUH_INSTALL_PATH}/data_tmp/permanent/var/ossec/etc/ossec-init.conf | grep -i version | cut -d'"' -f2)
+      echo "Current version: $current_version"
+      if [ $previous_version == $current_version ]
+      then
+        echo "Same Wazuh version in the EBS and image"
+        return 0
+      else
+        echo "Different Wazuh version: Update"
+        return 1
+      fi
+    else
+      echo "Previous version prior to 3.11.5: Update"
+      return 1
+    fi
+  else
+    echo "First time mounting EBS"
+    return 0
+  fi
+}
+
 ##############################################################################
 # Edit configuration
 ##############################################################################
@@ -90,7 +126,7 @@ apply_exclusion_data() {
 
 remove_data_files() {
   for del_file in "${PERMANENT_DATA_DEL[@]}"; do
-    if [ -e ${del_file} ]
+    if [ $(ls ${del_file} 2> /dev/null | wc -l) -ne 0 ]
     then 
       print "Removing ${del_file}"
       exec_cmd "rm ${del_file}"
@@ -202,14 +238,25 @@ change_api_user_credentials() {
 ##############################################################################
 
 main() {
+
+  # Check Wazuh version in the image and EBS (It returns 1 when updating the environment)
+  check_update
+  update=$?
+
   # Mount permanent data  (i.e. ossec.conf)
   mount_permanent_data
 
   # Restore files stored in permanent data that are not permanent  (i.e. internal_options.conf)
   apply_exclusion_data
 
-  # Remove some files in permanent_data (i.e. .template.db)
+  # When updating the environment, remove some files in permanent_data (i.e. .template.db)
-  remove_data_files
+  if [ $update == 1 ]
+  then
+    echo "Removing databases"
+    remove_data_files
+  else
+    echo "Keeping databases"
+  fi
 
   # Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
   if [ $AUTO_ENROLLMENT_ENABLED == true ]

wazuh/config/85-save_wazuh_version.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
+
+# Copy /var/ossec/etc/ossec-init.conf contents in /var/ossec/etc/VERSION to be able to check the previous Wazuh version in pod.
+echo "Adding Wazuh version to /var/ossec/etc/VERSION"
+cat /var/ossec/etc/ossec-init.conf > /var/ossec/etc/VERSION

wazuh/config/entrypoint.sh

@@ -1,6 +1,8 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 
+# Trap to kill container if it is necessary.
+trap "exit" SIGINT SIGTERM
 # It will run every .sh script located in entrypoint-scripts folder in lexicographical order
 for script in `ls /entrypoint-scripts/*.sh | sort -n`; do
   bash "$script"

wazuh/config/permanent_data.env

@@ -53,9 +53,18 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/cve-ubuntu-xenial-
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-debian-8-ds.xml"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-ubuntu-1404-ds.xml"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-ubuntu-1604-ds.xml"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/cpe_helper.json"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/msu.json.gz"
 export PERMANENT_DATA_EXCP
 
-# Files mounted in a volume that should be deleted 
+# Files mounted in a volume that should be deleted when updating
 i=0
 PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/db/.template.db"
-export PERMANENT_DATA_DEL
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/global.db*"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/.profile.db*"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/.template.db*"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/agents/*"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/wodles/cve.db"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/vulnerabilities/cve.db"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/fim/db/fim.db"
+export PERMANENT_DATA_DEL

wazuh/config/wazuh-manager_3.11.5-1_amd64.deb.REMOVED.git-id

@@ -0,0 +1 @@
+b4bbb79aca532ca4f5321a89f9dffae1f934bc6f