Merge pull request #538 from wazuh/535-release-4.2.4

Update release 4.2.4
2025-11-04 05:53:16 +00:00 · 2021-10-20 10:09:52 -03:00 · 2021-10-19 16:37:13 -03:00 · 2021-10-18 15:28:34 -03:00 · 2021-10-14 16:39:41 -03:00 · 2021-10-14 16:23:43 -03:00
24 changed files with 134 additions and 82 deletions
--- a/.goss.yaml
+++ b/.goss.yaml
@@ -6,7 +6,7 @@ file:
    group: root
    filetype: file
    contains: []
-  /var/ossec/bin/ossec-control:
+  /var/ossec/bin/wazuh-control:
    exists: true
    mode: "0750"
    owner: root
@@ -56,7 +56,7 @@ package:
  wazuh-manager:
    installed: true
    versions:
-    - 4.1.5
+    - 4.2.4
 port:
  tcp:1514:
    listening: true
@@ -95,17 +95,17 @@ group:
 process:
  filebeat:
    running: true
-  ossec-analysisd:
+  wazuh-analysisd:
    running: true
-  ossec-authd:
+  wazuh-authd:
    running: true
-  ossec-execd:
+  wazuh-execd:
    running: true
-  ossec-monitord:
+  wazuh-monitord:
    running: true
-  ossec-remoted:
+  wazuh-remoted:
    running: true
-  ossec-syscheckd:
+  wazuh-syscheckd:
    running: true
  s6-supervise:
    running: true
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,32 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 ## Wazuh Docker v4.2.4
 ### Added
 - Update Wazuh to version [4.2.4](https://github.com/wazuh/wazuh/blob/v4.2.4/CHANGELOG.md#v424)
 ## Wazuh Docker v4.2.3
 ### Added
 - Update Wazuh to version [4.2.3](https://github.com/wazuh/wazuh/blob/v4.2.3/CHANGELOG.md#v423)
 ## Wazuh Docker v4.2.2
 ### Added
 - Update Wazuh to version [4.2.2](https://github.com/wazuh/wazuh/blob/v4.2.2/CHANGELOG.md#v422)
 ## Wazuh Docker v4.2.1
 ### Added
 - Update Wazuh to version [4.2.1](https://github.com/wazuh/wazuh/blob/v4.2.1/CHANGELOG.md#v421)
 ## Wazuh Docker v4.2.0
 ### Added
 - Update Wazuh to version [4.2.0](https://github.com/wazuh/wazuh/blob/v4.2.0/CHANGELOG.md#v420)
 ## Wazuh Docker v4.1.5
 ### Added
--- a/README.md
+++ b/README.md
@@ -22,11 +22,11 @@ In addition, a docker-compose file is provided to launch the containers mentione
 * [Docker hub](https://hub.docker.com/u/wazuh)
-### Setup SSL certificate and Basic Authentication
+### Setup SSL certificate
-Before starting the environment it is required to provide an SSL certificate (or just generate one self-signed) and setup the basic auth.
+Before starting the environment it is required to provide an SSL certificate (or just generate one self-signed).
-Documentation on how to provide these two can be found at [nginx_conf/README.md](nginx_conf/README.md).
+Documentation on how to provide these two can be found at [Wazuh Docer Documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#production-deployment).
 ## Environment Variables
@@ -146,35 +146,29 @@ ADMIN_PRIVILEGES=true               # App privileges
 ## Branches
 * `stable` branch on correspond to the latest Wazuh-Docker stable version.
 * `master` branch contains the latest code, be aware of possible bugs on this branch.
-* `Wazuh.Version` (for example v3.13.1_7.8.0 or v4.1.0) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.
+* `stable` branch on correspond to the last Wazuh stable version.
 ## Compatibility Matrix
 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
 | v4.2.4        | 1.13.2  | 7.11.2 |
 | v4.2.3        | 1.13.2  | 7.11.2 |
 | v4.2.2        | 1.13.2  | 7.11.2 |
 | v4.2.1        | 1.13.2  | 7.11.2 |
 | v4.2.0        | 1.13.2  | 7.10.2 |
 | v4.1.5        | 1.13.2  | 7.10.2 |
 |---------------|---------|--------|
 | v4.1.4        | 1.12.0  | 7.10.2 |
 |---------------|---------|--------|
 | v4.1.3        | 1.12.0  | 7.10.2 |
 |---------------|---------|--------|
 | v4.1.2        | 1.12.0  | 7.10.2 |
 |---------------|---------|--------|
 | v4.1.1        | 1.12.0  | 7.10.2 |
 |---------------|---------|--------|
 | v4.1.0        | 1.12.0  | 7.10.2 |
 |---------------|---------|--------|
 | v4.0.4        | 1.11.0  |        |
 |---------------|---------|--------|
 | v4.0.3        | 1.11.0  |        |
 |---------------|---------|--------|
 | v4.0.2        | 1.11.0  |        |
 |---------------|---------|--------|
 | v4.0.1        | 1.11.0  |        |
 |---------------|---------|--------|
 | v4.0.0        | 1.10.1  |        |
 ## Credits and Thank you
--- a/4
+++ b/4
@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.1.5"
+WAZUH-DOCKER_VERSION="4.2.4"
-REVISION="40114"
+REVISION="40219"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,7 +3,7 @@ version: '3.7'
 services:
  wazuh:
-    image: wazuh/wazuh-odfe:4.1.5
+    image: wazuh/wazuh-odfe:4.2.4
    hostname: wazuh-manager
    restart: always
    ports:
@@ -50,7 +50,7 @@ services:
        hard: 65536
  kibana:
-    image: wazuh/wazuh-kibana-odfe:4.1.5
+    image: wazuh/wazuh-kibana-odfe:4.2.4
    hostname: kibana
    restart: always
    ports:
--- a/generate-elasticsearch-certs.yml
+++ b/generate-elasticsearch-certs.yml
@@ -10,7 +10,7 @@ services:
          bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out config/certificates/bundle.zip;
          unzip config/certificates/bundle.zip -d config/certificates/;
        fi;
-        chown -R 1000:0 /certs
+        chown -R 1000:0 config/certificates
      '
    user: "0"
    working_dir: /usr/share/elasticsearch
--- a/kibana-odfe/Dockerfile
+++ b/kibana-odfe/Dockerfile
@@ -2,7 +2,7 @@
 FROM amazon/opendistro-for-elasticsearch-kibana:1.13.2
 USER kibana
 ARG ELASTIC_VERSION=7.10.2
-ARG WAZUH_VERSION=4.1.5
+ARG WAZUH_VERSION=4.2.4
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
 WORKDIR /usr/share/kibana
--- a/kibana-odfe/config/kibana_settings.sh
+++ b/kibana-odfe/config/kibana_settings.sh
@@ -53,6 +53,6 @@ rm -f ${default_index}
 sleep 5
 # Configuring Kibana TimePicker.
 curl ${auth} -POST -k "https://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
-'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\",\n  \"mode\": \"quick\"}"}}'
+'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\"}"}}'
 echo "End settings"
--- a/kibana/Dockerfile
+++ b/kibana/Dockerfile
@@ -2,7 +2,7 @@
 FROM docker.elastic.co/kibana/kibana:7.10.2
 USER kibana
 ARG ELASTIC_VERSION=7.10.2
-ARG WAZUH_VERSION=4.1.5
+ARG WAZUH_VERSION=4.2.4
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
 WORKDIR /usr/share/kibana
--- a/kibana/config/kibana_settings.sh
+++ b/kibana/config/kibana_settings.sh
@@ -70,7 +70,7 @@ rm -f ${default_index}
 sleep 5
 # Configuring Kibana TimePicker.
 curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
-'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\",\n  \"mode\": \"quick\"}"}}'
+'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\"}"}}'
 sleep 5
 # Do not ask user to help providing usage statistics to Elastic
--- a/production-cluster.yml
+++ b/production-cluster.yml
@@ -3,7 +3,7 @@ version: '3.7'
 services:
  wazuh-master:
-    image: wazuh/wazuh-odfe:4.1.5
+    image: wazuh/wazuh-odfe:4.2.4
    hostname: wazuh-master
    restart: always
    ports:
@@ -38,7 +38,7 @@ services:
      - ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
  wazuh-worker:
-    image: wazuh/wazuh-odfe:4.1.5
+    image: wazuh/wazuh-odfe:4.2.4
    hostname: wazuh-worker
    restart: always
    environment:
@@ -86,6 +86,8 @@ services:
      - ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
      - ./production_cluster/ssl_certs/node1.key:/usr/share/elasticsearch/config/node1.key
      - ./production_cluster/ssl_certs/node1.pem:/usr/share/elasticsearch/config/node1.pem
      - ./production_cluster/ssl_certs/admin.pem:/usr/share/elasticsearch/config/admin.pem
      - ./production_cluster/ssl_certs/admin.key:/usr/share/elasticsearch/config/admin.key
      - ./production_cluster/elastic_opendistro/elasticsearch-node1.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
@@ -132,7 +134,7 @@ services:
      - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
  kibana:
-    image: wazuh/wazuh-kibana-odfe:4.1.5
+    image: wazuh/wazuh-kibana-odfe:4.2.4
    hostname: kibana
    restart: always
    ports:
--- a/production_cluster/elastic_opendistro/elasticsearch-node1.yml
+++ b/production_cluster/elastic_opendistro/elasticsearch-node1.yml
@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
    - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
    - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
    - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-opendistro_security.authcz.admin_dn: []
+opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
 opendistro_security.audit.type: internal_elasticsearch
 opendistro_security.enable_snapshot_restore_privilege: true
 opendistro_security.check_snapshot_restore_write_privileges: true
--- a/production_cluster/elastic_opendistro/elasticsearch-node2.yml
+++ b/production_cluster/elastic_opendistro/elasticsearch-node2.yml
@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
    - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
    - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
    - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-opendistro_security.authcz.admin_dn: []
+opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
 opendistro_security.audit.type: internal_elasticsearch
 opendistro_security.enable_snapshot_restore_privilege: true
 opendistro_security.check_snapshot_restore_write_privileges: true
--- a/production_cluster/elastic_opendistro/elasticsearch-node3.yml
+++ b/production_cluster/elastic_opendistro/elasticsearch-node3.yml
@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
    - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
    - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
    - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-opendistro_security.authcz.admin_dn: []
+opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
 opendistro_security.audit.type: internal_elasticsearch
 opendistro_security.enable_snapshot_restore_privilege: true
 opendistro_security.check_snapshot_restore_write_privileges: true
--- a/production_cluster/kibana_ssl/generate-self-signed-cert.sh
+++ b/production_cluster/kibana_ssl/generate-self-signed-cert.sh
@@ -9,4 +9,5 @@ then
    exit
 else
    openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
    chown -R 1000:1000 *.pem
 fi
--- a/production_cluster/ssl_certs/certs.yml
+++ b/production_cluster/ssl_certs/certs.yml
@@ -27,4 +27,9 @@ nodes:
  - name: filebeat
    dn: CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com
    dns: 
-      - wazuh 
+      - wazuh
 clients:
  - name: admin
    dn: CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com
    admin: true
--- a/production_cluster/wazuh_cluster/wazuh_manager.conf
+++ b/production_cluster/wazuh_cluster/wazuh_manager.conf
@@ -94,7 +94,7 @@
    <ignore_time>6h</ignore_time>
    <run_on_start>yes</run_on_start>
-    <!-- Ubuntu OS vulnerabilities --> 
+    <!-- Ubuntu OS vulnerabilities -->
    <provider name="canonical">
      <enabled>no</enabled>
      <os>trusty</os>
@@ -104,7 +104,7 @@
      <update_interval>1h</update_interval>
    </provider>
-    <!-- Debian OS vulnerabilities -->  
+    <!-- Debian OS vulnerabilities -->
    <provider name="debian">
      <enabled>no</enabled>
      <os>stretch</os>
@@ -112,7 +112,7 @@
      <update_interval>1h</update_interval>
    </provider>
-    <!-- RedHat OS vulnerabilities -->  
+    <!-- RedHat OS vulnerabilities -->
    <provider name="redhat">
      <enabled>no</enabled>
      <os>5</os>
@@ -200,8 +200,8 @@
  <global>
    <white_list>127.0.0.1</white_list>
    <white_list>^localhost.localdomain$</white_list>
-    <white_list>4.2.2.1</white_list>
+    <white_list>4.2.4.1</white_list>
-    <white_list>4.2.2.2</white_list>
+    <white_list>4.2.4.2</white_list>
    <white_list>208.67.220.220</white_list>
  </global>
@@ -307,7 +307,7 @@
    <rule_dir>etc/rules</rule_dir>
  </ruleset>
-  <!-- Configuration for ossec-authd -->
+  <!-- Configuration for wazuh-authd -->
  <auth>
    <disabled>no</disabled>
    <port>1515</port>
@@ -346,4 +346,4 @@
    <log_format>syslog</log_format>
    <location>/var/ossec/logs/active-responses.log</location>
  </localfile>
-</ossec_config> 
+</ossec_config>
--- a/production_cluster/wazuh_cluster/wazuh_worker.conf
+++ b/production_cluster/wazuh_cluster/wazuh_worker.conf
@@ -94,7 +94,7 @@
    <ignore_time>6h</ignore_time>
    <run_on_start>yes</run_on_start>
-    <!-- Ubuntu OS vulnerabilities --> 
+    <!-- Ubuntu OS vulnerabilities -->
    <provider name="canonical">
      <enabled>no</enabled>
      <os>trusty</os>
@@ -104,7 +104,7 @@
      <update_interval>1h</update_interval>
    </provider>
-    <!-- Debian OS vulnerabilities -->  
+    <!-- Debian OS vulnerabilities -->
    <provider name="debian">
      <enabled>no</enabled>
      <os>stretch</os>
@@ -112,7 +112,7 @@
      <update_interval>1h</update_interval>
    </provider>
-    <!-- RedHat OS vulnerabilities -->  
+    <!-- RedHat OS vulnerabilities -->
    <provider name="redhat">
      <enabled>no</enabled>
      <os>5</os>
@@ -200,8 +200,8 @@
  <global>
    <white_list>127.0.0.1</white_list>
    <white_list>^localhost.localdomain$</white_list>
-    <white_list>4.2.2.1</white_list>
+    <white_list>4.2.4.1</white_list>
-    <white_list>4.2.2.2</white_list>
+    <white_list>4.2.4.2</white_list>
    <white_list>208.67.220.220</white_list>
  </global>
@@ -307,7 +307,7 @@
    <rule_dir>etc/rules</rule_dir>
  </ruleset>
-  <!-- Configuration for ossec-authd -->
+  <!-- Configuration for wazuh-authd -->
  <auth>
    <disabled>no</disabled>
    <port>1515</port>
@@ -346,4 +346,4 @@
    <log_format>syslog</log_format>
    <location>/var/ossec/logs/active-responses.log</location>
  </localfile>
-</ossec_config> 
+</ossec_config>
--- a/wazuh-odfe/Dockerfile
+++ b/wazuh-odfe/Dockerfile
@@ -3,7 +3,7 @@ FROM centos:7
 ARG FILEBEAT_CHANNEL=filebeat-oss
 ARG FILEBEAT_VERSION=7.10.2
-ARG WAZUH_VERSION=4.1.5-1
+ARG WAZUH_VERSION=4.2.4
 ARG TEMPLATE_VERSION="master"
 ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"
--- a/wazuh-odfe/config/etc/cont-init.d/0-wazuh-init
+++ b/wazuh-odfe/config/etc/cont-init.d/0-wazuh-init
@@ -74,6 +74,23 @@ apply_exclusion_data() {
  done
 }
 ##############################################################################
 # This function will rename in the permanent data volume every file
 # contained in PERMANENT_DATA_MOVE
 ##############################################################################
 move_data_files() {
  for mov_file in "${PERMANENT_DATA_MOVE[@]}"; do
    file_split=( $mov_file )
    if [ -e ${file_split[0]} ]
    then
      print "moving ${mov_file}"
      exec_cmd "mv -f ${mov_file}"
    fi
  done
 }
 ##############################################################################
 # This function will delete from the permanent data volume every file
 # contained in PERMANENT_DATA_DEL
@@ -84,7 +101,7 @@ remove_data_files() {
    if [ -e ${del_file} ]
    then
      print "Removing ${del_file}"
-      exec_cmd "rm ${del_file}"
+      exec_cmd "rm -f ${del_file}"
    fi
  done
 }
@@ -94,7 +111,7 @@ remove_data_files() {
 ##############################################################################
 create_ossec_key_cert() {
-  print "Creating ossec-authd key and cert"
+  print "Creating wazuh-authd key and cert"
  exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096"
  exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/"
 }
@@ -158,10 +175,13 @@ main() {
  # Restore files stored in permanent data that are not permanent  (i.e. internal_options.conf)
  apply_exclusion_data
  # Rename files stored in permanent data (i.e. queue/ossec)
  move_data_files
  # Remove some files in permanent_data (i.e. .template.db)
  remove_data_files
-  # Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
+  # Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
  if [ $AUTO_ENROLLMENT_ENABLED == true ]
  then
    if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]
--- a/wazuh-odfe/config/etc/cont-init.d/2-manager
+++ b/wazuh-odfe/config/etc/cont-init.d/2-manager
@@ -123,4 +123,4 @@ function_create_custom_user
 function_entrypoint_scripts
 # Start Wazuh
-/var/ossec/bin/ossec-control start
+/var/ossec/bin/wazuh-control start
--- a/wazuh-odfe/config/permanent_data.env
+++ b/wazuh-odfe/config/permanent_data.env
@@ -4,7 +4,7 @@ PERMANENT_DATA[((i++))]="/var/ossec/api/configuration"
 PERMANENT_DATA[((i++))]="/var/ossec/etc"
 PERMANENT_DATA[((i++))]="/var/ossec/logs"
 PERMANENT_DATA[((i++))]="/var/ossec/queue"
-PERMANENT_DATA[((i++))]="/var/ossec/queue/tasks"
+PERMANENT_DATA[((i++))]="/var/ossec/queue/logcollector"
 PERMANENT_DATA[((i++))]="/var/ossec/agentless"
 PERMANENT_DATA[((i++))]="/var/ossec/var/multigroups"
 PERMANENT_DATA[((i++))]="/var/ossec/integrations"
@@ -21,23 +21,21 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw_mac.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-slack.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/wazuh-slack"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-tweeter.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-wazuh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-ossec.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/sshlogin.exp"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_pixconfig_diff"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_asa-fwsmconfig_diff"
@@ -60,9 +58,15 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
 export PERMANENT_DATA_EXCP
 # Files mounted in a volume that should be deleted
 i=0
 PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/db/.template.db"
 export PERMANENT_DATA_DEL
 i=0
 PERMANENT_DATA_MOVE[((i++))]="/var/ossec/logs/ossec /var/ossec/logs/wazuh"
 PERMANENT_DATA_MOVE[((i++))]="/var/ossec/queue/ossec /var/ossec/queue/sockets"
 export PERMANENT_DATA_MOVE
--- a/xpack-compose.yml
+++ b/xpack-compose.yml
@@ -3,7 +3,7 @@ version: '3.7'
 services:
  wazuh:
-    image: wazuh/wazuh:4.1.5
+    image: wazuh/wazuh:4.2.4
    hostname: wazuh-manager
    restart: always
    ports:
@@ -146,7 +146,7 @@ services:
  kibana:
-    image: wazuh/wazuh-kibana:4.1.5
+    image: wazuh/wazuh-kibana:4.2.4
    hostname: kibana
    restart: always
    ports:
--- a/xpack-from-sources.yml
+++ b/xpack-from-sources.yml
@@ -7,8 +7,8 @@ services:
      context: wazuh-odfe/
      args:
        - FILEBEAT_CHANNEL=filebeat
-        - FILEBEAT_VERSION=7.10.2
+        - FILEBEAT_VERSION=7.11.2
-    image: wazuh/wazuh:4.1.5
+    image: wazuh/wazuh:4.2.4
    hostname: wazuh-manager
    restart: always
    ports:
@@ -42,7 +42,7 @@ services:
  elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
    hostname: elasticsearch
    restart: always
    ports:
@@ -79,7 +79,7 @@ services:
      - ./xpack/elasticsearch/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt
  elasticsearch2:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
    hostname: elasticsearch2
    restart: always
    environment:
@@ -114,7 +114,7 @@ services:
      - ./xpack/elasticsearch2/elasticsearch2.crt:/usr/share/elasticsearch/config/elasticsearch.crt
  elasticsearch3:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
    hostname: elasticsearch3
    restart: always
    environment:
@@ -152,7 +152,7 @@ services:
  kibana:
    build: kibana/
-    image: wazuh/wazuh-kibana:4.1.5
+    image: wazuh/wazuh-kibana:4.2.4
    hostname: kibana
    restart: always
    ports:
Author	SHA1	Message	Date
Gonzalo Acuña	4ebeaba873	Merge pull request #538 from wazuh/535-release-4.2.4 Update release 4.2.4	2021-10-20 10:09:52 -03:00
vcerenu	aa59a302c3	Update release 4.2.4	2021-10-19 16:37:13 -03:00
Gonzalo Acuña	67d92fc992	Merge pull request #537 from wazuh/535-release-4.2.4 Release v4.2.4	2021-10-18 15:28:34 -03:00
vcerenu	fbe7a0a571	update release 4.2.4	2021-10-14 16:39:41 -03:00
vcerenu	ffffe5539a	update release 4.2.4	2021-10-14 16:23:43 -03:00
José Fernández Aguilera	d46ce7aee3	Merge pull request #530 from wazuh/529-release-423 Release v4.2.3	2021-10-07 15:54:45 +02:00
vcerenu	4d0b06b91e	bump release 4.2.3	2021-10-06 08:38:25 -03:00
vcerenu	391b5d237c	bump release 4.2.3	2021-10-05 12:57:25 -03:00
Alberto Rodríguez	e99ba259e0	Added `util.py` to permanent data	2021-09-23 20:00:03 +02:00
Alberto Rodríguez	f00245007d	Merge pull request #516 from wazuh/4.2.2 Release v4.2.2	2021-09-15 16:50:12 +02:00
vcerenu	084407f9c9	Update 4.2.2	2021-09-15 10:55:43 -03:00
vcerenu	f0ebabad89	Update 4.2.2	2021-09-15 10:51:19 -03:00
Alberto Rodríguez	afd70ff5f9	Merge pull request #513 from wazuh/4.2.1 Release v4.2.1	2021-09-14 15:12:06 +02:00
vcerenu	61f3e080a3	Update 4.2.1	2021-09-14 10:08:48 -03:00
vcerenu	2dd9fdfa99	Update 4.2.1	2021-09-14 10:03:16 -03:00
vcerenu	daaac09c9c	Update 4.2.1	2021-09-13 15:21:53 -03:00
vcerenu	8d0dd5baeb	Update 4.2.1	2021-09-09 11:13:04 -03:00
vcerenu	9e9de07322	Update 4.2.1	2021-09-09 09:23:36 -03:00
José Fernández Aguilera	6ed79996af	Merge pull request #509 from wazuh/fix-4.2-upgrade Fix 4.2 upgrade	2021-09-03 11:37:17 +02:00
dfolcha	413dd71d44	Remove -r flag	2021-09-03 09:16:20 +02:00
dfolcha	68bc08f78f	Add function to rename files and directories	2021-09-02 17:05:23 +02:00
dfolcha	6da1b19698	Exclude queue/ossec from volume	2021-09-02 15:12:33 +02:00
José Fernández Aguilera	750fe5ffe8	Merge pull request #504 from wazuh/update-4.2 Update AR files	2021-08-27 12:18:23 +02:00
dfolcha	137f0ba88f	Update goss tests	2021-08-27 12:11:00 +02:00
dfolcha	25cb1fa872	Fix wrong OD version	2021-08-27 12:01:58 +02:00
dfolcha	8a01495968	Update AR files	2021-08-27 10:47:45 +02:00
Alberto Rodríguez	1ed0bc8e01	Merge pull request #503 from wazuh/update-4.2 Update 4.2	2021-08-26 16:17:13 +02:00
dfolcha	0699c8fe21	Add admin key pair to production development	2021-08-26 15:08:18 +02:00
Alberto R	64c61bcdbf	Fixed mode Kibana settings	2021-06-28 23:35:30 +02:00
Alberto Rodríguez	5074eb0b44	Merge pull request #479 from wazuh/476-update-4.2 Bump ODFE 3.13.2 on Wazuh 4.2.0	2021-05-24 14:03:33 +02:00
José Fernández	c8b8e8b134	Bump to ODFE 1.13.2	2021-05-24 13:01:47 +02:00
José Fernández	fc54288a0d	Update README	2021-05-24 11:45:07 +02:00
Alberto Rodríguez	09731ec148	Merge pull request #473 from wazuh/457-nginx-conf-readme-4.2 457: Broken link fix and removed deprecated information at README	2021-04-29 14:35:31 +02:00
jcruzlp	2b9e1a6f89	Removed unussed basic auth	2021-04-27 13:39:14 +02:00
jcruzlp	5550edb4ae	Fixed broken link	2021-04-27 13:39:13 +02:00
VictorMorenoJimenez	45e08437fc	Change ossec-control to wazuh-control	2021-04-15 15:57:48 +02:00
Alberto Rodríguez	1cf4376e3b	Merge pull request #461 from wazuh/feature-name-change Feature name change	2021-04-13 17:27:20 +02:00
VictorMorenoJimenez	3c1175b0a0	Bump to v4.2.0	2021-04-13 16:44:28 +02:00
Victor Moreno Jimenez	1dad6eb83e	Bump to v4.1.4	2021-04-13 16:44:28 +02:00
Victor Moreno Jimenez	10a02f88fa	Bump to 4.1.3	2021-04-13 16:44:27 +02:00
Manuel Gutierrez	67fd91da9b	Bump to 4.1.1	2021-04-13 16:44:27 +02:00
Manuel Gutierrez	c146068138	Add xpack-from-sources	2021-04-13 16:44:27 +02:00
Manuel Gutierrez	5fa1d1eeb6	Update kibana xpack paths	2021-04-13 16:44:26 +02:00
Manuel Gutierrez	8a93c8fe3a	Fix curl ssl check	2021-04-13 16:44:26 +02:00
Manuel Gutierrez	ed5f8c0816	Fix elastic version	2021-04-13 16:44:26 +02:00
Manuel Gutierrez	02965be924	Fix changelog	2021-04-13 16:44:25 +02:00
Manuel Gutierrez	ad9aa18966	Bump images on prod cluster	2021-04-13 16:44:25 +02:00
Manuel Gutierrez	21f37d6765	Update changelog	2021-04-13 16:44:25 +02:00
Manuel Gutierrez	01f8dfc46e	Update xpack compose	2021-04-13 16:44:24 +02:00
Manuel Gutierrez	c0a65c4ba6	Update Goss tests	2021-04-13 16:44:24 +02:00
Manuel Gutierrez	63a32590b0	Bump odfe images	2021-04-13 16:44:24 +02:00
Manuel Gutierrez	b76adb084d	Bump xpack images	2021-04-13 16:44:23 +02:00
Manuel Gutierrez	f23f7fafab	Update paths	2021-04-13 16:44:23 +02:00
Manuel Gutierrez	fceb9f0e07	Bump versions and update path	2021-04-13 16:44:23 +02:00
Manuel Gutierrez	7ddc4daed1	Bump versions	2021-04-13 16:44:22 +02:00
Manuel Gutierrez	574a0147ea	Update compatibility matrix	2021-04-13 16:44:22 +02:00
Manuel Gutierrez	2f683e43c6	Bump odfe version	2021-04-13 16:44:22 +02:00
Manuel Gutierrez	6b2780e221	Update version	2021-04-13 16:44:21 +02:00
Manuel Gutierrez	4cc0eeea2e	Add goss binary for health checks	2021-04-13 16:44:21 +02:00
Manuel Gutierrez	249c1adb8c	Remove dev tag from version	2021-04-13 16:44:21 +02:00
Manuel Gutierrez	a4646f388a	Rename cert generator container name	2021-04-13 16:44:20 +02:00
Manuel Gutierrez	6d231cea90	Add generate-elasticsearch-certs.yml and instances.yml	2021-04-13 16:44:20 +02:00
Manuel Gutierrez	b45f09fff5	Update xpack-compose	2021-04-13 16:44:20 +02:00
Manuel Gutierrez	15d65820ae	Remove kibana_ip	2021-04-13 16:44:19 +02:00
Manuel Gutierrez	5d43a0acf8	Use kibana_proto	2021-04-13 16:44:19 +02:00
Manuel Gutierrez	75034895ce	Fix curl auth params	2021-04-13 16:44:18 +02:00
Manuel Gutierrez	f848aa9600	Bump copyright	2021-04-13 16:44:18 +02:00
Manuel Gutierrez	09153da593	Bump to 4.0.4	2021-04-13 16:44:18 +02:00
Manuel Gutierrez	3428f982f3	Add sample compose for xpack variant	2021-04-13 16:44:17 +02:00
Manuel Gutierrez	c53a0f86f6	Remove duplicated xpack_config exec	2021-04-13 16:44:17 +02:00
Manuel Gutierrez	ffb4395da0	Set Wazuh app as default route	2021-04-13 16:44:17 +02:00
Manuel Gutierrez	31dbb7fc20	Remove useless ARG	2021-04-13 16:44:16 +02:00
Manuel Gutierrez	24b2c4bc4b	Backport kibana-xpack image to v4	2021-04-13 16:44:16 +02:00
Manuel Gutierrez	59ccbbee8e	Use an ARG to select filebeat channel	2021-04-13 16:44:16 +02:00
Manuel Gutierrez	cdf31d7a08	Re-enable entrypoint scripts	2021-04-13 16:44:15 +02:00
Manuel Gutierrez	bb8cbc6d15	Bump s6-overlay version	2021-04-13 16:44:15 +02:00
Manuel Gutierrez	9656c348a2	Add link to changelog	2021-04-13 16:44:15 +02:00
Manuel Gutierrez	2b5c950c48	Bump goss test	2021-04-13 16:44:14 +02:00
Manuel Gutierrez	504d5b8cc4	Bump year	2021-04-13 16:44:14 +02:00
Manuel Gutierrez	1eb94b82ee	Bump versions	2021-04-13 16:44:14 +02:00
Manuel Gutierrez	6228d3077d	Add tests for Kibana customizations	2021-04-13 16:44:13 +02:00
Manuel Gutierrez	01563af39a	Execute tests for kibana image	2021-04-13 16:44:13 +02:00
Manuel Gutierrez	1441e570a8	Add Goss tests for Kibana image	2021-04-13 16:44:13 +02:00
Manuel Gutierrez	20ebf9b467	Port all tests from Ansible repo	2021-04-13 16:44:12 +02:00
Manuel Gutierrez	1460c07b92	Include GOSS_SLEEP	2021-04-13 16:44:12 +02:00
Manuel Gutierrez	ae1611e07c	Fix yaml syntax	2021-04-13 16:44:12 +02:00
Manuel Gutierrez	5109a35e6a	Add Goss Actions	2021-04-13 16:44:11 +02:00
Manuel Gutierrez	94c0307f00	Add goss verifications	2021-04-13 16:44:11 +02:00
VictorMorenoJimenez	102d6ced90	Bump to v4.2.0	2021-04-13 16:39:14 +02:00
Manuel Gutierrez	eed5b2a454	Merge pull request #422 from wazuh/feature-tools-rename Adopt Wazuh standard on tool names	2020-12-15 19:14:44 +01:00
Manuel Gutierrez	0da4a86f07	Update references to authd	2020-12-15 15:21:34 +01:00
Manuel Gutierrez	bb85a9aef2	Update script name	2020-12-15 13:23:34 +01:00
`@@ -1,2 +1,2 @@`
	`WAZUH-DOCKER_VERSION="4.1.5"`	`WAZUH-DOCKER_VERSION="4.2.4"`
	`REVISION="40114"`	`REVISION="40219"`