Merge pull request #658 from wazuh/bump_4_2_7

Bump 4.2.7 to 4.2 Branch

.goss.yaml

@@ -6,7 +6,7 @@ file:
     group: root
     filetype: file
     contains: []
-  /var/ossec/bin/ossec-control:
+  /var/ossec/bin/wazuh-control:
     exists: true
     mode: "0750"
     owner: root
@@ -52,11 +52,11 @@ package:
   filebeat:
     installed: true
     versions:
-    - 7.10.0
+    - 7.10.2
   wazuh-manager:
     installed: true
     versions:
-    - 4.1.4
+    - 4.2.7
 port:
   tcp:1514:
     listening: true
@@ -95,17 +95,17 @@ group:
 process:
   filebeat:
     running: true
-  ossec-analysisd:
+  wazuh-analysisd:
     running: true
-  ossec-authd:
+  wazuh-authd:
     running: true
-  ossec-execd:
+  wazuh-execd:
     running: true
-  ossec-monitord:
+  wazuh-monitord:
     running: true
-  ossec-remoted:
+  wazuh-remoted:
     running: true
-  ossec-syscheckd:
+  wazuh-syscheckd:
     running: true
   s6-supervise:
     running: true

CHANGELOG.md

@@ -1,6 +1,53 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## Wazuh Docker v4.2.7
+### Added
+
+- Update Wazuh to version [4.2.7](https://github.com/wazuh/wazuh/blob/v4.2.7/CHANGELOG.md#v427)
+
+## Wazuh Docker v4.2.6
+### Added
+
+- Update Wazuh to version [4.2.6](https://github.com/wazuh/wazuh/blob/v4.2.6/CHANGELOG.md#v426)
+
+## Wazuh Docker v4.2.5
+### Added
+
+- Update Wazuh to version [4.2.5](https://github.com/wazuh/wazuh/blob/v4.2.5/CHANGELOG.md#v425)
+
+## Wazuh Docker v4.2.4
+### Added
+
+- Update Wazuh to version [4.2.4](https://github.com/wazuh/wazuh/blob/v4.2.4/CHANGELOG.md#v424)
+
+
+## Wazuh Docker v4.2.3
+### Added
+
+- Update Wazuh to version [4.2.3](https://github.com/wazuh/wazuh/blob/v4.2.3/CHANGELOG.md#v423)
+
+## Wazuh Docker v4.2.2
+### Added
+
+- Update Wazuh to version [4.2.2](https://github.com/wazuh/wazuh/blob/v4.2.2/CHANGELOG.md#v422)
+
+## Wazuh Docker v4.2.1
+### Added
+
+- Update Wazuh to version [4.2.1](https://github.com/wazuh/wazuh/blob/v4.2.1/CHANGELOG.md#v421)
+
+## Wazuh Docker v4.2.0
+### Added
+
+- Update Wazuh to version [4.2.0](https://github.com/wazuh/wazuh/blob/v4.2.0/CHANGELOG.md#v420)
+
+## Wazuh Docker v4.1.5
+### Added
+
+- Update Wazuh to version [4.1.5](https://github.com/wazuh/wazuh/blob/v4.1.5/CHANGELOG.md#v415)
+- Update ODFE compatibility to version 1.13.2
+
 ## Wazuh Docker v4.1.4
 ### Added
 

README.md

@@ -22,11 +22,11 @@ In addition, a docker-compose file is provided to launch the containers mentione
 * [Docker hub](https://hub.docker.com/u/wazuh)
 
 
-### Setup SSL certificate and Basic Authentication
+### Setup SSL certificate
 
-Before starting the environment it is required to provide an SSL certificate (or just generate one self-signed) and setup the basic auth.
+Before starting the environment it is required to provide an SSL certificate (or just generate one self-signed).
 
-Documentation on how to provide these two can be found at [nginx_conf/README.md](nginx_conf/README.md).
+Documentation on how to provide these two can be found at [Wazuh Docer Documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#production-deployment).
 
 
 ## Environment Variables
@@ -146,33 +146,32 @@ ADMIN_PRIVILEGES=true               # App privileges
 
 ## Branches
 
-* `4.0` branch on correspond to the latest Wazuh-Docker stable version.
 * `master` branch contains the latest code, be aware of possible bugs on this branch.
-* `Wazuh.Version` (for example 3.13.1_7.8.0 or 4.1.0) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.
+* `stable` branch on correspond to the last Wazuh stable version.
 
 
 ## Compatibility Matrix
 
 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
+| v4.2.7        | 1.13.2  | 7.11.2 |
+| v4.2.6        | 1.13.2  | 7.11.2 |
+| v4.2.5        | 1.13.2  | 7.11.2 |
+| v4.2.4        | 1.13.2  | 7.11.2 |
+| v4.2.3        | 1.13.2  | 7.11.2 |
+| v4.2.2        | 1.13.2  | 7.11.2 |
+| v4.2.1        | 1.13.2  | 7.11.2 |
+| v4.2.0        | 1.13.2  | 7.10.2 |
+| v4.1.5        | 1.13.2  | 7.10.2 |
 | v4.1.4        | 1.12.0  | 7.10.2 |
-|---------------|---------|--------|
 | v4.1.3        | 1.12.0  | 7.10.2 |
-|---------------|---------|--------|
 | v4.1.2        | 1.12.0  | 7.10.2 |
-|---------------|---------|--------|
 | v4.1.1        | 1.12.0  | 7.10.2 |
-|---------------|---------|--------|
 | v4.1.0        | 1.12.0  | 7.10.2 |
-|---------------|---------|--------|
 | v4.0.4        | 1.11.0  |        |
-|---------------|---------|--------|
 | v4.0.3        | 1.11.0  |        |
-|---------------|---------|--------|
 | v4.0.2        | 1.11.0  |        |
-|---------------|---------|--------|
 | v4.0.1        | 1.11.0  |        |
-|---------------|---------|--------|
 | v4.0.0        | 1.10.1  |        |
 
 ## Credits and Thank you

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.1.4"
+WAZUH-DOCKER_VERSION="4.2.7"
-REVISION="41100"
+REVISION="40222"

build-from-sources.yml

@@ -31,7 +31,7 @@ services:
       - filebeat_var:/var/lib/filebeat
 
   elasticsearch:
-    image: amazon/opendistro-for-elasticsearch:1.12.0
+    image: amazon/opendistro-for-elasticsearch:1.13.2
     hostname: elasticsearch
     restart: always
     ports:

docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh:
-    image: wazuh/wazuh-odfe:4.1.4
+    image: wazuh/wazuh-odfe:4.2.7
     hostname: wazuh-manager
     restart: always
     ports:
@@ -30,7 +30,7 @@ services:
       - filebeat_var:/var/lib/filebeat
 
   elasticsearch:
-    image: amazon/opendistro-for-elasticsearch:1.12.0
+    image: amazon/opendistro-for-elasticsearch:1.13.2
     hostname: elasticsearch
     restart: always
     ports:
@@ -50,7 +50,7 @@ services:
         hard: 65536
 
   kibana:
-    image: wazuh/wazuh-kibana-odfe:4.1.4
+    image: wazuh/wazuh-kibana-odfe:4.2.7
     hostname: kibana
     restart: always
     ports:

generate-elasticsearch-certs.yml

@@ -10,7 +10,7 @@ services:
           bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out config/certificates/bundle.zip;
           unzip config/certificates/bundle.zip -d config/certificates/;
         fi;
-        chown -R 1000:0 /certs
+        chown -R 1000:0 config/certificates
       '
     user: "0"
     working_dir: /usr/share/elasticsearch

kibana-odfe/Dockerfile

@@ -1,8 +1,8 @@
 # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-FROM amazon/opendistro-for-elasticsearch-kibana:1.12.0
+FROM amazon/opendistro-for-elasticsearch-kibana:1.13.2
 USER kibana
-ARG ELASTIC_VERSION=7.10.0
+ARG ELASTIC_VERSION=7.10.2
-ARG WAZUH_VERSION=4.1.4
+ARG WAZUH_VERSION=4.2.7
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
 
 WORKDIR /usr/share/kibana

kibana-odfe/config/kibana_settings.sh

@@ -18,8 +18,6 @@ WAZUH_MAJOR=4
 # Customize elasticsearch ip
 ##############################################################################
 sed -i "s|elasticsearch.hosts:.*|elasticsearch.hosts: $el_url|g" /usr/share/kibana/config/kibana.yml
-# disable multitenancy
-sed -i "s|opendistro_security.multitenancy.enabled:.*|opendistro_security.multitenancy.enabled: false|g" /usr/share/kibana/config/kibana.yml
 
 # If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate.
 if [ "$KIBANA_INDEX" != "" ]; then
@@ -55,6 +53,6 @@ rm -f ${default_index}
 sleep 5
 # Configuring Kibana TimePicker.
 curl ${auth} -POST -k "https://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
-'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\",\n  \"mode\": \"quick\"}"}}'
+'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\"}"}}'
 
 echo "End settings"

kibana-odfe/config/welcome_wazuh.sh

@@ -4,7 +4,7 @@
 if [[ $CHANGE_WELCOME == "true" ]]
 then
     echo "Set Wazuh app as the default landing page"
-    echo "server.defaultRoute: /app/wazuh" >> /usr/share/kibana/config/kibana.yml
+    echo "server.defaultRoute: /app/wazuh?security_tenant=global" >> /usr/share/kibana/config/kibana.yml
 
     echo "Set custom welcome styles"
     cp -f /tmp/custom_welcome/template.js.hbs /usr/share/kibana/src/legacy/ui/ui_render/bootstrap/template.js.hbs

kibana/Dockerfile

@@ -2,7 +2,7 @@
 FROM docker.elastic.co/kibana/kibana:7.10.2
 USER kibana
 ARG ELASTIC_VERSION=7.10.2
-ARG WAZUH_VERSION=4.1.4
+ARG WAZUH_VERSION=4.2.7
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
 
 WORKDIR /usr/share/kibana

kibana/config/kibana_settings.sh

@@ -70,7 +70,7 @@ rm -f ${default_index}
 sleep 5
 # Configuring Kibana TimePicker.
 curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
-'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\",\n  \"mode\": \"quick\"}"}}'
+'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\"}"}}'
 
 sleep 5
 # Do not ask user to help providing usage statistics to Elastic

production-cluster.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh-master:
-    image: wazuh/wazuh-odfe:4.1.4
+    image: wazuh/wazuh-odfe:4.2.7
     hostname: wazuh-master
     restart: always
     ports:
@@ -38,7 +38,7 @@ services:
       - ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh-worker:
-    image: wazuh/wazuh-odfe:4.1.4
+    image: wazuh/wazuh-odfe:4.2.7
     hostname: wazuh-worker
     restart: always
     environment:
@@ -67,7 +67,7 @@ services:
       - ./production_cluster/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
 
   elasticsearch:
-    image: amazon/opendistro-for-elasticsearch:1.12.0
+    image: amazon/opendistro-for-elasticsearch:1.13.2
     hostname: elasticsearch
     restart: always
     ports:
@@ -86,11 +86,13 @@ services:
       - ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
       - ./production_cluster/ssl_certs/node1.key:/usr/share/elasticsearch/config/node1.key
       - ./production_cluster/ssl_certs/node1.pem:/usr/share/elasticsearch/config/node1.pem
+      - ./production_cluster/ssl_certs/admin.pem:/usr/share/elasticsearch/config/admin.pem
+      - ./production_cluster/ssl_certs/admin.key:/usr/share/elasticsearch/config/admin.key
       - ./production_cluster/elastic_opendistro/elasticsearch-node1.yml:/usr/share/elasticsearch/config/elasticsearch.yml
       - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
 
   elasticsearch-2:
-    image: amazon/opendistro-for-elasticsearch:1.12.0
+    image: amazon/opendistro-for-elasticsearch:1.13.2
     hostname: elasticsearch-2
     restart: always
     environment:
@@ -111,7 +113,7 @@ services:
       - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
 
   elasticsearch-3:
-    image: amazon/opendistro-for-elasticsearch:1.12.0
+    image: amazon/opendistro-for-elasticsearch:1.13.2
     hostname: elasticsearch-3
     restart: always
     environment:
@@ -132,7 +134,7 @@ services:
       - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
 
   kibana:
-    image: wazuh/wazuh-kibana-odfe:4.1.4
+    image: wazuh/wazuh-kibana-odfe:4.2.7
     hostname: kibana
     restart: always
     ports:

production_cluster/elastic_opendistro/elasticsearch-node1.yml

@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
     - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
     - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
     - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-opendistro_security.authcz.admin_dn: []
+opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
 opendistro_security.audit.type: internal_elasticsearch
 opendistro_security.enable_snapshot_restore_privilege: true
 opendistro_security.check_snapshot_restore_write_privileges: true

production_cluster/elastic_opendistro/elasticsearch-node2.yml

@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
     - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
     - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
     - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-opendistro_security.authcz.admin_dn: []
+opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
 opendistro_security.audit.type: internal_elasticsearch
 opendistro_security.enable_snapshot_restore_privilege: true
 opendistro_security.check_snapshot_restore_write_privileges: true

production_cluster/elastic_opendistro/elasticsearch-node3.yml

@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
     - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
     - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
     - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-opendistro_security.authcz.admin_dn: []
+opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
 opendistro_security.audit.type: internal_elasticsearch
 opendistro_security.enable_snapshot_restore_privilege: true
 opendistro_security.check_snapshot_restore_write_privileges: true

production_cluster/kibana_ssl/generate-self-signed-cert.sh

@@ -9,4 +9,5 @@ then
     exit
 else
     openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
+    chown -R 1000:1000 *.pem
 fi

production_cluster/ssl_certs/certs.yml

@@ -28,3 +28,8 @@ nodes:
     dn: CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com
     dns: 
       - wazuh
+
+clients:
+  - name: admin
+    dn: CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com
+    admin: true

production_cluster/wazuh_cluster/wazuh_manager.conf

@@ -200,9 +200,6 @@
   <global>
     <white_list>127.0.0.1</white_list>
     <white_list>^localhost.localdomain$</white_list>
-    <white_list>4.2.2.1</white_list>
-    <white_list>4.2.2.2</white_list>
-    <white_list>208.67.220.220</white_list>
   </global>
 
   <command>
@@ -307,7 +304,7 @@
     <rule_dir>etc/rules</rule_dir>
   </ruleset>
 
-  <!-- Configuration for ossec-authd -->
+  <!-- Configuration for wazuh-authd -->
   <auth>
     <disabled>no</disabled>
     <port>1515</port>

production_cluster/wazuh_cluster/wazuh_worker.conf

@@ -200,9 +200,6 @@
   <global>
     <white_list>127.0.0.1</white_list>
     <white_list>^localhost.localdomain$</white_list>
-    <white_list>4.2.2.1</white_list>
-    <white_list>4.2.2.2</white_list>
-    <white_list>208.67.220.220</white_list>
   </global>
 
   <command>
@@ -307,7 +304,7 @@
     <rule_dir>etc/rules</rule_dir>
   </ruleset>
 
-  <!-- Configuration for ossec-authd -->
+  <!-- Configuration for wazuh-authd -->
   <auth>
     <disabled>no</disabled>
     <port>1515</port>

wazuh-odfe/Dockerfile

@@ -2,8 +2,8 @@
 FROM centos:7
 
 ARG FILEBEAT_CHANNEL=filebeat-oss
-ARG FILEBEAT_VERSION=7.10.0
+ARG FILEBEAT_VERSION=7.10.2
-ARG WAZUH_VERSION=4.1.4-1
+ARG WAZUH_VERSION=4.2.7
 ARG TEMPLATE_VERSION="master"
 ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"
 
@@ -13,6 +13,7 @@ RUN rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
 COPY config/wazuh.repo /etc/yum.repos.d/wazuh.repo
 
 RUN yum --enablerepo=updates clean metadata && \
+  yum upgrade -y && \
   yum -y install openssl which expect openssh-clients && yum -y install wazuh-manager-${WAZUH_VERSION} -y && \
   sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo && \
   yum clean all && rm -rf /var/cache/yum

wazuh-odfe/config/etc/cont-init.d/0-wazuh-init

@@ -74,6 +74,23 @@ apply_exclusion_data() {
   done
 }
 
+##############################################################################
+# This function will rename in the permanent data volume every file
+# contained in PERMANENT_DATA_MOVE
+##############################################################################
+
+move_data_files() {
+  for mov_file in "${PERMANENT_DATA_MOVE[@]}"; do
+    file_split=( $mov_file )
+    if [ -e ${file_split[0]} ]
+    then
+      print "moving ${mov_file}"
+      exec_cmd "mv -f ${mov_file}"
+    fi
+  done
+}
+
+
 ##############################################################################
 # This function will delete from the permanent data volume every file
 # contained in PERMANENT_DATA_DEL
@@ -84,7 +101,7 @@ remove_data_files() {
     if [ -e ${del_file} ]
     then
       print "Removing ${del_file}"
-      exec_cmd "rm ${del_file}"
+      exec_cmd "rm -f ${del_file}"
     fi
   done
 }
@@ -94,7 +111,7 @@ remove_data_files() {
 ##############################################################################
 
 create_ossec_key_cert() {
-  print "Creating ossec-authd key and cert"
+  print "Creating wazuh-authd key and cert"
   exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096"
   exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/"
 }
@@ -158,10 +175,13 @@ main() {
   # Restore files stored in permanent data that are not permanent  (i.e. internal_options.conf)
   apply_exclusion_data
 
+  # Rename files stored in permanent data (i.e. queue/ossec)
+  move_data_files
+
   # Remove some files in permanent_data (i.e. .template.db)
   remove_data_files
 
-  # Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
+  # Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
   if [ $AUTO_ENROLLMENT_ENABLED == true ]
   then
     if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]

wazuh-odfe/config/etc/cont-init.d/2-manager

@@ -123,4 +123,4 @@ function_create_custom_user
 function_entrypoint_scripts
 
 # Start Wazuh
-/var/ossec/bin/ossec-control start
+/var/ossec/bin/wazuh-control start

wazuh-odfe/config/permanent_data.env

@@ -10,6 +10,7 @@ PERMANENT_DATA[((i++))]="/var/ossec/integrations"
 PERMANENT_DATA[((i++))]="/var/ossec/active-response/bin"
 PERMANENT_DATA[((i++))]="/var/ossec/wodles"
 PERMANENT_DATA[((i++))]="/etc/filebeat"
+
 export PERMANENT_DATA
 
 # Files mounted in a volume that should not be permanent
@@ -20,23 +21,21 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw_mac.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-slack.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/wazuh-slack"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-tweeter.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-wazuh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-ossec.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/sshlogin.exp"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_pixconfig_diff"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_asa-fwsmconfig_diff"
@@ -59,9 +58,15 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
 export PERMANENT_DATA_EXCP
 
 # Files mounted in a volume that should be deleted
 i=0
 PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/db/.template.db"
 export PERMANENT_DATA_DEL
+
+i=0
+PERMANENT_DATA_MOVE[((i++))]="/var/ossec/logs/ossec /var/ossec/logs/wazuh"
+PERMANENT_DATA_MOVE[((i++))]="/var/ossec/queue/ossec /var/ossec/queue/sockets"
+export PERMANENT_DATA_MOVE

xpack-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh:
-    image: wazuh/wazuh:4.1.4
+    image: wazuh/wazuh:4.2.7
     hostname: wazuh-manager
     restart: always
     ports:
@@ -146,7 +146,7 @@ services:
 
 
   kibana:
-    image: wazuh/wazuh-kibana:4.1.4
+    image: wazuh/wazuh-kibana:4.2.7
     hostname: kibana
     restart: always
     ports:

xpack-from-sources.yml

@@ -7,8 +7,8 @@ services:
       context: wazuh-odfe/
       args:
         - FILEBEAT_CHANNEL=filebeat
-        - FILEBEAT_VERSION=7.10.2
+        - FILEBEAT_VERSION=7.11.2
-    image: wazuh/wazuh:4.1.4
+    image: wazuh/wazuh:4.2.7
     hostname: wazuh-manager
     restart: always
     ports:
@@ -42,7 +42,7 @@ services:
 
 
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
     hostname: elasticsearch
     restart: always
     ports:
@@ -79,7 +79,7 @@ services:
       - ./xpack/elasticsearch/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt
 
   elasticsearch2:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
     hostname: elasticsearch2
     restart: always
     environment:
@@ -114,7 +114,7 @@ services:
       - ./xpack/elasticsearch2/elasticsearch2.crt:/usr/share/elasticsearch/config/elasticsearch.crt
 
   elasticsearch3:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
     hostname: elasticsearch3
     restart: always
     environment:
@@ -152,7 +152,7 @@ services:
 
   kibana:
     build: kibana/
-    image: wazuh/wazuh-kibana:4.1.4
+    image: wazuh/wazuh-kibana:4.2.7
     hostname: kibana
     restart: always
     ports: