Merge pull request #842 from wazuh/bump-4-4-2

Bump `4.4` to `4.4.2`

.env

@@ -1,6 +1,3 @@
-WAZUH_VERSION=4.10.3
-WAZUH_IMAGE_VERSION=4.10.3
+WAZUH_VERSION=4.4.2
+WAZUH_IMAGE_VERSION=4.4.2
 WAZUH_TAG_REVISION=1
-FILEBEAT_TEMPLATE_BRANCH=4.10.3
-WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz
-WAZUH_UI_REVISION=1

.github/.goss.yaml

@@ -56,7 +56,7 @@ package:
   wazuh-manager:
     installed: true
     versions:
-    - 4.10.3
+    - 4.4.2-1
 port:
   tcp:1514:
     listening: true

.github/workflows/Procedure_push_docker_images.yml

@@ -1,167 +0,0 @@
-run-name: Launch Push Docker Images - ${{ inputs.id }}
-name: Push Docker Images
-
-on:
-  workflow_dispatch:
-    inputs:
-      image_tag:
-        description: 'Docker image tag'
-        default: '4.10.3'
-        required: true
-      docker_reference:
-        description: 'wazuh-docker reference'
-        default: 'v4.10.3'
-        required: false
-      products:
-        description: 'Comma-separated list of the image names to build and push'
-        default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer'
-        required: true
-      filebeat_module_version:
-        description: 'Filebeat module version'
-        default: '0.4'
-        required: true
-      revision:
-        description: 'Package revision'
-        default: '1'
-        required: true
-      push_images:
-        description: 'Push images'
-        type: boolean
-        default: true
-        required: true
-      id:
-        description: "ID used to identify the workflow uniquely."
-        type: string
-        required: false
-      dev:
-        description: "Add tag suffix '-dev' to the image tag ?"
-        type: boolean
-        default: true
-        required: false
-  workflow_call:
-    inputs:
-      image_tag:
-        description: 'Docker image tag'
-        default: '4.10.3'
-        required: true
-        type: string
-      docker_reference:
-        description: 'wazuh-docker reference'
-        default: 'v4.10.3'
-        required: false
-        type: string
-      products:
-        description: 'Comma-separated list of the image names to build and push'
-        default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer'
-        required: true
-        type: string
-      filebeat_module_version:
-        description: 'Filebeat module version'
-        default: '0.4'
-        required: true
-        type: string
-      revision:
-        description: 'Package revision'
-        default: '1'
-        required: true
-        type: string
-      push_images:
-        description: 'Push images'
-        type: boolean
-        default: true
-        required: true
-      id:
-        description: "ID used to identify the workflow uniquely."
-        type: string
-        required: false
-      dev:
-        description: "Add tag suffix '-dev' to the image tag ?"
-        type: boolean
-        default: false
-        required: false
-
-jobs:
-  build-and-push:
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Print inputs
-      run: |
-        echo "---------------------------------------------"
-        echo "Running Procedure_push_docker_images workflow"
-        echo "---------------------------------------------"
-        echo "* BRANCH: ${{ github.ref }}"
-        echo "* COMMIT: ${{ github.sha }}"
-        echo "---------------------------------------------"
-        echo "Inputs provided:"
-        echo "---------------------------------------------"
-        echo "* id: ${{ inputs.id }}"
-        echo "* image_tag: ${{ inputs.image_tag }}"
-        echo "* docker_reference: ${{ inputs.docker_reference }}"
-        echo "* products: ${{ inputs.products }}"
-        echo "* filebeat_module_version: ${{ inputs.filebeat_module_version }}"
-        echo "* revision: ${{ inputs.revision }}"
-        echo "* push_images: ${{ inputs.push_images }}"
-        echo "* dev: ${{ inputs.dev }}"
-        echo "---------------------------------------------"
-
-    - name: Checkout repository
-      uses: actions/checkout@v4
-      with:
-        ref: ${{ inputs.docker_reference }}
-
-    - name: Log in to Docker Hub
-      uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
-    - name: Install Docker Compose
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y docker-compose
-        echo "Installed Docker Compose version: $(docker-compose --version)"
-
-    - name: Build Wazuh images
-      run: |
-        IMAGE_TAG=${{ inputs.image_tag }}
-        FILEBEAT_MODULE_VERSION=${{ inputs.filebeat_module_version }}
-        REVISION=${{ inputs.revision }}
-
-        if [[ "$IMAGE_TAG" == *"-"* ]]; then
-          IFS='-' read -r -a tokens <<< "$IMAGE_TAG"
-          if [ -z "${tokens[1]}" ]; then
-            echo "Invalid image tag: $IMAGE_TAG"
-            exit 1
-          fi
-          DEV_STAGE=${tokens[1]}
-          WAZUH_VER=${tokens[0]}
-          ./build-docker-images/build-images.sh -v $WAZUH_VER -r $REVISION -d $DEV_STAGE -f $FILEBEAT_MODULE_VERSION
-        else
-          ./build-docker-images/build-images.sh -v $IMAGE_TAG -r $REVISION -f $FILEBEAT_MODULE_VERSION
-        fi
-
-        # Save .env file (generated by build-images.sh) contents to $GITHUB_ENV
-        ENV_FILE_PATH=".env"
-
-        if [ -f $ENV_FILE_PATH ]; then
-          while IFS= read -r line || [ -n "$line" ]; do
-            echo "$line" >> $GITHUB_ENV
-          done < $ENV_FILE_PATH
-        else
-          echo "The environment file $ENV_FILE_PATH does not exist!"
-          exit 1
-        fi
-
-    - name: Tag and Push Wazuh images
-      if: ${{ inputs.push_images }}
-      run: |
-        IMAGE_TAG="${{ inputs.image_tag }}$( [ "${{ inputs.dev }}" == "true" ] && echo '-dev' || true )"
-        IMAGE_NAMES=${{ inputs.products }}
-        IFS=',' read -r -a images <<< "$IMAGE_NAMES"
-        for image in "${images[@]}"; do
-          echo "Tagging and pushing wazuh/$image:${WAZUH_VERSION} to wazuh/$image:$IMAGE_TAG"
-          docker tag wazuh/$image:${WAZUH_VERSION} wazuh/$image:$IMAGE_TAG
-          echo "Pushing wazuh/$image:$IMAGE_TAG ..."
-          docker push wazuh/$image:$IMAGE_TAG
-        done

.github/workflows/push.yml

@@ -8,12 +8,7 @@ jobs:
     steps:
 
     - name: Check out code
-      uses: actions/checkout@v4
-
-    - name: Install docker-compose
-      run: |
-        curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-        chmod +x /usr/local/bin/docker-compose
+      uses: actions/checkout@v3
 
     - name: Build Wazuh images
       run: build-docker-images/build-images.sh
@@ -29,21 +24,21 @@ jobs:
         docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
 
     - name: Temporarily save Wazuh manager Docker image
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v3
       with:
         name: docker-artifact-manager
         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar
         retention-days: 1
 
     - name: Temporarily save Wazuh indexer Docker image
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v3
       with:
         name: docker-artifact-indexer
         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar
         retention-days: 1
 
     - name: Temporarily save Wazuh dashboard Docker image
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v3
       with:
         name: docker-artifact-dashboard
         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
@@ -66,28 +61,23 @@ jobs:
     steps:
 
     - name: Check out code
-      uses: actions/checkout@v4
-
-    - name: Install docker-compose
-      run: |
-        curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-        chmod +x /usr/local/bin/docker-compose
+      uses: actions/checkout@v3
 
     - name: Create enviroment variables
       run: cat .env > $GITHUB_ENV
 
     - name: Retrieve saved Wazuh indexer Docker image
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v3
       with:
         name: docker-artifact-indexer
 
     - name: Retrieve saved Wazuh manager Docker image
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v3
       with:
         name: docker-artifact-manager
 
     - name: Retrieve saved Wazuh dashboard Docker image
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v3
       with:
         name: docker-artifact-dashboard
 
@@ -136,9 +126,8 @@ jobs:
 
     - name: Check documents into wazuh-alerts index
       run: |
-       sleep 120
        docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`"
-       if [[ $docs -gt 0 ]]; then
+       if [[ $docs -gt 100 ]]; then
         echo "wazuh-alerts index documents: ${docs}"
        else
         echo "wazuh-alerts index documents: ${docs}"
@@ -149,7 +138,7 @@ jobs:
       run: |
        qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`"
        templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`"
-       if [[ $qty_templates -gt 3 ]]; then
+       if [[ $qty_templates -eq 3 ]]; then
         echo "wazuh templates:"
         echo "${templates}"
        else
@@ -172,6 +161,10 @@ jobs:
       env:
         TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
 
+    - name: Check errors in ossec.log
+      run: ./.github/single-node-log-check.sh
+
+
     - name: Check filebeat output
       run: ./.github/single-node-filebeat-check.sh
 
@@ -185,8 +178,8 @@ jobs:
         exit 1
        fi
 
-    - name: Check errors in ossec.log
-      run: ./.github/single-node-log-check.sh
+    - name: Stop single node stack
+      run: docker-compose -f single-node/docker-compose.yml down
 
   check-multi-node:
     runs-on: ubuntu-latest
@@ -194,36 +187,23 @@ jobs:
     steps:
 
     - name: Check out code
-      uses: actions/checkout@v4
-
-    - name: Install docker-compose
-      run: |
-        curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-        chmod +x /usr/local/bin/docker-compose
+      uses: actions/checkout@v3
 
     - name: Create enviroment variables
       run: cat .env > $GITHUB_ENV
 
-    - name: free disk space
-      run: |
-        sudo swapoff -a
-        sudo rm -f /swapfile
-        sudo apt clean
-        docker rmi $(docker image ls -aq)
-        df -h
-
     - name: Retrieve saved Wazuh dashboard Docker image
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v3
       with:
         name: docker-artifact-dashboard
 
     - name: Retrieve saved Wazuh manager Docker image
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v3
       with:
         name: docker-artifact-manager
 
     - name: Retrieve saved Wazuh indexer Docker image
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v3
       with:
         name: docker-artifact-indexer
 
@@ -232,7 +212,6 @@ jobs:
         docker load --input ./wazuh-manager.tar
         docker load --input ./wazuh-indexer.tar
         docker load --input ./wazuh-dashboard.tar
-        rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar
 
     - name: Create multi node certficates
       run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator
@@ -242,13 +221,7 @@ jobs:
 
     - name: Check Wazuh indexer start
       run: |
-       until [[ `curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`  -eq 1 ]]
-       do
-         echo 'Waiting for Wazuh indexer start'
-         free -m
-         df -h
-         sleep 120
-       done
+       sleep 120
        status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`"
        if [[ $status_green -eq 1 ]]; then
         curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
@@ -277,15 +250,8 @@ jobs:
 
     - name: Check documents into wazuh-alerts index
       run: |
-       until [[ $(``curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"``)  -gt 0 ]]
-       do
-         echo 'Waiting for Wazuh indexer events'
-         free -m
-         df -h
-         sleep 10
-       done
        docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`"
-       if [[ $docs -gt 0 ]]; then
+       if [[ $docs -gt 100 ]]; then
         echo "wazuh-alerts index documents: ${docs}"
        else
         echo "wazuh-alerts index documents: ${docs}"
@@ -296,7 +262,7 @@ jobs:
       run: |
        qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh" | wc -l`"
        templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh"`"
-       if [[ $qty_templates -gt 3 ]]; then
+       if [[ $qty_templates -eq 3 ]]; then
         echo "wazuh templates:"
         echo "${templates}"
        else
@@ -326,6 +292,10 @@ jobs:
       env:
         TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
 
+    - name: Check errors in ossec.log
+      run: ./.github/multi-node-log-check.sh
+
+
     - name: Check filebeat output
       run: ./.github/multi-node-filebeat-check.sh
 
@@ -337,7 +307,4 @@ jobs:
        else
         echo "Wazuh dashboard status: ${status}"
         exit 1
-       fi
-
-    - name: Check errors in ossec.log
-      run: ./.github/multi-node-log-check.sh
+       fi

.github/workflows/trivy-dashboard.yml

@@ -1,77 +0,0 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-name: Trivy scan Wazuh dashboard
-
-on:
-  release:
-    types:
-    - published
-  pull_request:
-    branches:
-      - master
-      - stable
-  schedule:
-    - cron: '34 2 * * 1'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-
-    name: Build images and upload Trivy results
-    runs-on: "ubuntu-latest"
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Installing dependencies
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y jq
-
-      - name: Checkout latest tag
-        run: |
-          latest=$(curl -s "https://api.github.com/repos/wazuh/wazuh-docker/releases/latest" | jq -r '.tag_name')
-          git fetch origin
-          git checkout $latest
-
-      - name: Build Wazuh images
-        run: build-docker-images/build-images.sh
-
-      - name: Create enviroment variables
-        run: |
-          cat .env > $GITHUB_ENV
-          echo "GITHUB_REF_NAME="${GITHUB_REF_NAME%/*} >> $GITHUB_ENV
-
-      - name: Run Trivy vulnerability scanner for Wazuh dashboard
-        uses: aquasecurity/trivy-action@2a2157eb22c08c9a1fac99263430307b8d1bc7a2
-        with:
-          image-ref: 'wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}}'
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
-          output: 'trivy-results-dashboard.sarif'
-          severity: 'LOW,MEDIUM,CRITICAL,HIGH'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: 'trivy-results-dashboard.sarif'
-
-      - name: Slack notification
-        uses: rtCamp/action-slack-notify@v2
-        env:
-          SLACK_CHANNEL: cicd-monitoring
-          SLACK_COLOR: ${{ job.status }} # or a specific color like 'good' or '#ff00ff'
-          #SLACK_ICON: https://github.com/rtCamp.png?size=48
-          SLACK_MESSAGE: "Check the results: https://github.com/wazuh/wazuh-docker/security/code-scanning?query=is%3Aopen+branch%3A${{ env.GITHUB_REF_NAME }}"
-          SLACK_TITLE: Wazuh docker Trivy vulnerability scan finished.
-          SLACK_USERNAME: github_actions
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

.github/workflows/trivy-indexer.yml

@@ -1,77 +0,0 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-name: Trivy scan Wazuh indexer
-
-on:
-  release:
-    types:
-    - published
-  pull_request:
-    branches:
-      - master
-      - stable
-  schedule:
-    - cron: '34 2 * * 1'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-
-    name: Build images and upload Trivy results
-    runs-on: "ubuntu-latest"
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Installing dependencies
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y jq
-
-      - name: Checkout latest tag
-        run: |
-          latest=$(curl -s "https://api.github.com/repos/wazuh/wazuh-docker/releases/latest" | jq -r '.tag_name')
-          git fetch origin
-          git checkout $latest
-
-      - name: Build Wazuh images
-        run: build-docker-images/build-images.sh
-
-      - name: Create enviroment variables
-        run: |
-          cat .env > $GITHUB_ENV
-          echo "GITHUB_REF_NAME="${GITHUB_REF_NAME%/*} >> $GITHUB_ENV
-
-      - name: Run Trivy vulnerability scanner for Wazuh indexer
-        uses: aquasecurity/trivy-action@2a2157eb22c08c9a1fac99263430307b8d1bc7a2
-        with:
-          image-ref: 'wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}}'
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
-          output: 'trivy-results-indexer.sarif'
-          severity: 'LOW,MEDIUM,CRITICAL,HIGH'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: 'trivy-results-indexer.sarif'
-
-      - name: Slack notification
-        uses: rtCamp/action-slack-notify@v2
-        env:
-          SLACK_CHANNEL: cicd-monitoring
-          SLACK_COLOR: ${{ job.status }} # or a specific color like 'good' or '#ff00ff'
-          #SLACK_ICON: https://github.com/rtCamp.png?size=48
-          SLACK_MESSAGE: "Check the results: https://github.com/wazuh/wazuh-docker/security/code-scanning?query=is%3Aopen+branch%3A${{ env.GITHUB_REF_NAME }}"
-          SLACK_TITLE: Wazuh docker Trivy vulnerability scan finished.
-          SLACK_USERNAME: github_actions
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

.github/workflows/trivy-manager.yml

@@ -1,77 +0,0 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-name: Trivy scan Wazuh manager
-
-on:
-  release:
-    types:
-    - published
-  pull_request:
-    branches:
-      - master
-      - stable
-  schedule:
-    - cron: '34 2 * * 1'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-
-    name: Build images and upload Trivy results
-    runs-on: "ubuntu-latest"
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Installing dependencies
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y jq
-
-      - name: Checkout latest tag
-        run: |
-          latest=$(curl -s "https://api.github.com/repos/wazuh/wazuh-docker/releases/latest" | jq -r '.tag_name')
-          git fetch origin
-          git checkout $latest
-
-      - name: Build Wazuh images
-        run: build-docker-images/build-images.sh
-
-      - name: Create enviroment variables
-        run: |
-          cat .env > $GITHUB_ENV
-          echo "GITHUB_REF_NAME="${GITHUB_REF_NAME%/*} >> $GITHUB_ENV
-
-      - name: Run Trivy vulnerability scanner for Wazuh manager
-        uses: aquasecurity/trivy-action@2a2157eb22c08c9a1fac99263430307b8d1bc7a2
-        with:
-          image-ref: 'wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}}'
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
-          output: 'trivy-results-manager.sarif'
-          severity: 'LOW,MEDIUM,CRITICAL,HIGH'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: 'trivy-results-manager.sarif'
-
-      - name: Slack notification
-        uses: rtCamp/action-slack-notify@v2
-        env:
-          SLACK_CHANNEL: cicd-monitoring
-          SLACK_COLOR: ${{ job.status }} # or a specific color like 'good' or '#ff00ff'
-          #SLACK_ICON: https://github.com/rtCamp.png?size=48
-          SLACK_MESSAGE: "Check the results: https://github.com/wazuh/wazuh-docker/security/code-scanning?query=is%3Aopen+branch%3A${{ env.GITHUB_REF_NAME }}"
-          SLACK_TITLE: Wazuh docker Trivy vulnerability scan finished.
-          SLACK_USERNAME: github_actions
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

CHANGELOG.md

@@ -1,202 +1,6 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
-## [4.10.3]
-
-### Added
-
-- None
-
-### Changed
-
-- None
-
-### Fixed
-
-- None
-
-### Deleted
-
-- None
-
-## [4.10.2]
-
-### Added
-
-- None
-
-### Changed
-
-- None
-
-### Fixed
-
-- Updated docker/login-action module ([#1837](https://github.com/wazuh/wazuh-docker/pull/1837))
-
-### Deleted
-
-- None
-
-## [4.10.1]
-
-### Added
-
-- None
-
-### Changed
-
-- None
-
-### Fixed
-
-- None
-
-### Deleted
-
-- None
-
-## [4.10.0]
-
-### Added
-
-- Improve the push docker images workflow ([#1551](https://github.com/wazuh/wazuh-docker/pull/1551))
-- Update the Procedure push docker images workflow file ([#1524](https://github.com/wazuh/wazuh-docker/pull/1524))
-- Add the push_docker_images procedure workflow file ([#1518](https://github.com/wazuh/wazuh-docker/pull/1518))
-
-### Changed
-
-- None
-
-### Fixed
-
-- Add unset capabilities. ([#1619](https://github.com/wazuh/wazuh-docker/pull/1619))
-- Removed references to module enabling because they are now enabled by default. ([#1416](https://github.com/wazuh/wazuh-docker/pull/1416))
-
-### Deleted
-
-- None
-
-## [4.9.2]
-
-### Added
-
-- Update Wazuh to version [4.9.2](https://github.com/wazuh/wazuh/blob/v4.9.2/CHANGELOG.md#v492)
-
-## [4.9.1]
-
-### Added
-
-- None
-
-### Changed
-
-- None
-
-
-### Fixed
-
-- Fix typos into Wazuh manager entrypoint ([#1569](https://github.com/wazuh/wazuh-docker/pull/1569))
-
-### Deleted
-
-- None
-
-
-## Wazuh Docker v4.9.0
-### Added
-
-- Update Wazuh to version [4.9.0](https://github.com/wazuh/wazuh/blob/v4.9.0/CHANGELOG.md#v490)
-
-## Wazuh Docker v4.8.2
-### Added
-
-- Update Wazuh to version [4.8.2](https://github.com/wazuh/wazuh/blob/v4.8.2/CHANGELOG.md#v482)
-
-## Wazuh Docker v4.8.1
-### Added
-
-- Update Wazuh to version [4.8.1](https://github.com/wazuh/wazuh/blob/v4.8.1/CHANGELOG.md#v481)
-
-## Wazuh Docker v4.8.0
-### Added
-
-- Update Wazuh to version [4.8.0](https://github.com/wazuh/wazuh/blob/v4.8.0/CHANGELOG.md#v480)
-
-## Wazuh Docker v4.7.5
-### Added
-
-- Update Wazuh to version [4.7.5](https://github.com/wazuh/wazuh/blob/v4.7.5/CHANGELOG.md#v475)
-
-## Wazuh Docker v4.7.4
-### Added
-
-- Update Wazuh to version [4.7.4](https://github.com/wazuh/wazuh/blob/v4.7.4/CHANGELOG.md#v474)
-
-## Wazuh Docker v4.7.3
-### Added
-
-- Update Wazuh to version [4.7.3](https://github.com/wazuh/wazuh/blob/v4.7.3/CHANGELOG.md#v473)
-
-## Wazuh Docker v4.7.2
-### Added
-
-- Update Wazuh to version [4.7.2](https://github.com/wazuh/wazuh/blob/v4.7.2/CHANGELOG.md#v472)
-
-## Wazuh Docker v4.7.1
-### Added
-
-- Update Wazuh to version [4.7.1](https://github.com/wazuh/wazuh/blob/v4.7.1/CHANGELOG.md#v471)
-
-## Wazuh Docker v4.7.0
-### Added
-
-- Update Wazuh to version [4.7.0](https://github.com/wazuh/wazuh/blob/v4.7.0/CHANGELOG.md#v470)
-
-## Wazuh Docker v4.6.0
-### Added
-
-- Update Wazuh to version [4.6.0](https://github.com/wazuh/wazuh/blob/v4.6.0/CHANGELOG.md#v460)
-
-## Wazuh Docker v4.5.4
-### Added
-
-- Update Wazuh to version [4.5.4](https://github.com/wazuh/wazuh/blob/v4.5.4/CHANGELOG.md#v454)
-
-## Wazuh Docker v4.5.3
-### Added
-
-- Update Wazuh to version [4.5.3](https://github.com/wazuh/wazuh/blob/v4.5.3/CHANGELOG.md#v453)
-
-## Wazuh Docker v4.5.2
-### Added
-
-- Update Wazuh to version [4.5.2](https://github.com/wazuh/wazuh/blob/v4.5.2/CHANGELOG.md#v452)
-
-## Wazuh Docker v4.5.1
-### Added
-
-- Update Wazuh to version [4.5.1](https://github.com/wazuh/wazuh/blob/v4.5.1/CHANGELOG.md#v451)
-
-## Wazuh Docker v4.5.0
-### Added
-
-- Update Wazuh to version [4.5.0](https://github.com/wazuh/wazuh/blob/v4.5.0/CHANGELOG.md#v450)
-
-## Wazuh Docker v4.4.5
-### Added
-
-- Update Wazuh to version [4.4.5](https://github.com/wazuh/wazuh/blob/v4.4.5/CHANGELOG.md#v445)
-
-## Wazuh Docker v4.4.4
-### Added
-
-- Update Wazuh to version [4.4.4](https://github.com/wazuh/wazuh/blob/v4.4.4/CHANGELOG.md#v444)
-
-## Wazuh Docker v4.4.3
-### Added
-
-- Update Wazuh to version [4.4.3](https://github.com/wazuh/wazuh/blob/v4.4.3/CHANGELOG.md#v443)
-
 ## Wazuh Docker v4.4.2
 ### Added
 

README.md

@@ -8,19 +8,19 @@
 In this repository you will find the containers to run:
 
 * Wazuh manager: it runs the Wazuh manager, Wazuh API and Filebeat OSS
-* Wazuh dashboard: provides a web user interface to browse through alert data and allows you to visualize the agents configuration and status.
+* Wazuh dashboard: provides a web user interface to browse through alerts data and allows you to visualize agents configuration and status.
 * Wazuh indexer: Wazuh indexer container (working as a single-node cluster or as a multi-node cluster). **Be aware to increase the `vm.max_map_count` setting, as it's detailed in the [Wazuh documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#increase-max-map-count-on-your-host-linux).**
 
 The folder `build-docker-images` contains a README explaining how to build the Wazuh images and the necessary assets.
 The folder `indexer-certs-creator` contains a README explaining how to create the certificates creator tool and the necessary assets.
 The folder `single-node` contains a README explaining how to run a Wazuh environment with one Wazuh manager, one Wazuh indexer, and one Wazuh dashboard.
-The folder `multi-node` contains a README explaining how to run a Wazuh environment with two Wazuh managers, three Wazuh indexers, and one Wazuh dashboard.
+The folder `multi-node` contains a README explaining how to run a Wazuh environment with two Wazuh managers, three Wazuh indexer, and one Wazuh dashboard.
 
 ## Documentation
 
 * [Wazuh full documentation](http://documentation.wazuh.com)
 * [Wazuh documentation for Docker](https://documentation.wazuh.com/current/docker/index.html)
-* [Docker Hub](https://hub.docker.com/u/wazuh)
+* [Docker hub](https://hub.docker.com/u/wazuh)
 
 
 ### Setup SSL certificate
@@ -38,7 +38,7 @@ Default values are included when available.
 ```
 API_USERNAME="wazuh-wui"                            # Wazuh API username
 API_PASSWORD="MyS3cr37P450r.*-"                     # Wazuh API password - Must comply with requirements
-                                                    # (8+ length, uppercase, lowercase, special chars)
+                                                    # (8+ length, uppercase, lowercase, specials chars)
 
 INDEXER_URL=https://wazuh.indexer:9200              # Wazuh indexer URL
 INDEXER_USERNAME=admin                              # Wazuh indexer Username
@@ -53,11 +53,25 @@ SSL_KEY=""                                          # Path of Filebeat SSL Key
 ```
 PATTERN="wazuh-alerts-*"        # Default index pattern to use
 
-CHECKS_PATTERN=true             # Defines which checks must be considered by the healthcheck
-CHECKS_TEMPLATE=true            # step once the Wazuh app starts. Values must be true or false
+CHECKS_PATTERN=true             # Defines which checks must to be consider by the healthcheck
+CHECKS_TEMPLATE=true            # step once the Wazuh app starts. Values must to be true or false
 CHECKS_API=true
 CHECKS_SETUP=true
 
+EXTENSIONS_PCI=true             # Enable PCI Extension
+EXTENSIONS_GDPR=true            # Enable GDPR Extension
+EXTENSIONS_HIPAA=true           # Enable HIPAA Extension
+EXTENSIONS_NIST=true            # Enable NIST Extension
+EXTENSIONS_TSC=true             # Enable TSC Extension
+EXTENSIONS_AUDIT=true           # Enable Audit Extension
+EXTENSIONS_OSCAP=false          # Enable OpenSCAP Extension
+EXTENSIONS_CISCAT=false         # Enable CISCAT Extension
+EXTENSIONS_AWS=false            # Enable AWS Extension
+EXTENSIONS_GCP=false            # Enable GCP Extension
+EXTENSIONS_VIRUSTOTAL=false     # Enable Virustotal Extension
+EXTENSIONS_OSQUERY=false        # Enable OSQuery Extension
+EXTENSIONS_DOCKER=false         # Enable Docker Extension
+
 APP_TIMEOUT=20000               # Defines maximum timeout to be used on the Wazuh app requests
 
 API_SELECTOR=true               Defines if the user is allowed to change the selected API directly from the Wazuh app top menu
@@ -75,23 +89,18 @@ WAZUH_MONITORING_REPLICAS=0         ##
 ## Directory structure
 
     ├── build-docker-images
-    │   ├── build-images.sh
-    │   ├── build-images.yml
-    │   ├── README.md
+    │   ├── docker-compose.yml
     │   ├── wazuh-dashboard
     │   │   ├── config
     │   │   │   ├── config.sh
     │   │   │   ├── config.yml
-    │   │   │   ├── dl_base.sh
     │   │   │   ├── entrypoint.sh
-    │   │   │   ├── install_wazuh_app.sh
     │   │   │   ├── opensearch_dashboards.yml
     │   │   │   ├── wazuh_app_config.sh
     │   │   │   └── wazuh.yml
     │   │   └── Dockerfile
     │   ├── wazuh-indexer
     │   │   ├── config
-    │   │   │   ├── action_groups.yml
     │   │   │   ├── config.sh
     │   │   │   ├── config.yml
     │   │   │   ├── entrypoint.sh
@@ -103,7 +112,6 @@ WAZUH_MONITORING_REPLICAS=0         ##
     │   │   └── Dockerfile
     │   └── wazuh-manager
     │       ├── config
-    │       │   ├── check_repository.sh
     │       │   ├── create_user.py
     │       │   ├── etc
     │       │   │   ├── cont-init.d
@@ -116,21 +124,19 @@ WAZUH_MONITORING_REPLICAS=0         ##
     │       │   │       │   └── run
     │       │   │       └── ossec-logs
     │       │   │           └── run
-    │       │   ├── filebeat_module.sh
     │       │   ├── filebeat.yml
     │       │   ├── permanent_data.env
-    │       │   └── permanent_data.sh
+    │       │   ├── permanent_data.sh
+    │       │   └── wazuh.repo
     │       └── Dockerfile
     ├── CHANGELOG.md
     ├── indexer-certs-creator
     │   ├── config
     │   │   └── entrypoint.sh
-    │   ├── Dockerfile
-    │   └── README.md
+    │   └── Dockerfile
     ├── LICENSE
     ├── multi-node
     │   ├── config
-    │   │   ├── certs.yml
     │   │   ├── nginx
     │   │   │   └── nginx.conf
     │   │   ├── wazuh_cluster
@@ -139,29 +145,40 @@ WAZUH_MONITORING_REPLICAS=0         ##
     │   │   ├── wazuh_dashboard
     │   │   │   ├── opensearch_dashboards.yml
     │   │   │   └── wazuh.yml
-    │   │   └── wazuh_indexer
-    │   │       ├── internal_users.yml
-    │   │       ├── wazuh1.indexer.yml
-    │   │       ├── wazuh2.indexer.yml
-    │   │       └── wazuh3.indexer.yml
+    │   │   ├── wazuh_indexer
+    │   │   │   ├── internal_users.yml
+    │   │   │   ├── wazuh1.indexer.yml
+    │   │   │   ├── wazuh2.indexer.yml
+    │   │   │   └── wazuh3.indexer.yml
+    │   │   └── wazuh_indexer_ssl_certs
+    │   │       └── certs.yml
     │   ├── docker-compose.yml
     │   ├── generate-indexer-certs.yml
-    │   ├── Migration-to-Wazuh-4.4.md
-    │   ├── README.md
+    │   ├── Migration-to-Wazuh-4.3.md
     │   └── volume-migrator.sh
     ├── README.md
-    ├── SECURITY.md
     ├── single-node
     │   ├── config
-    │   │   ├── certs.yml
     │   │   ├── wazuh_cluster
     │   │   │   └── wazuh_manager.conf
     │   │   ├── wazuh_dashboard
     │   │   │   ├── opensearch_dashboards.yml
     │   │   │   └── wazuh.yml
-    │   │   └── wazuh_indexer
-    │   │       ├── internal_users.yml
-    │   │       └── wazuh.indexer.yml
+    │   │   ├── wazuh_indexer
+    │   │   │   ├── internal_users.yml
+    │   │   │   └── wazuh.indexer.yml
+    │   │   └── wazuh_indexer_ssl_certs
+    │   │       ├── admin-key.pem
+    │   │       ├── admin.pem
+    │   │       ├── certs.yml
+    │   │       ├── root-ca.key
+    │   │       ├── root-ca.pem
+    │   │       ├── wazuh.dashboard-key.pem
+    │   │       ├── wazuh.dashboard.pem
+    │   │       ├── wazuh.indexer-key.pem
+    │   │       ├── wazuh.indexer.pem
+    │   │       ├── wazuh.manager-key.pem
+    │   │       └── wazuh.manager.pem
     │   ├── docker-compose.yml
     │   ├── generate-indexer-certs.yml
     │   └── README.md
@@ -172,13 +189,27 @@ WAZUH_MONITORING_REPLICAS=0         ##
 ## Branches
 
 * `master` branch contains the latest code, be aware of possible bugs on this branch.
-* `stable` branch corresponds to the last Wazuh stable version.
+* `stable` branch on correspond to the last Wazuh stable version.
 
 ## Compatibility Matrix
 
 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
-| v4.3.0+       |   N/A   |   N/A  |
+| v4.4.2        |         |        |
+| v4.4.1        |         |        |
+| v4.4.0        |         |        |
+| v4.3.11       |         |        |
+| v4.3.10       |         |        |
+| v4.3.9        |         |        |
+| v4.3.8        |         |        |
+| v4.3.7        |         |        |
+| v4.3.6        |         |        |
+| v4.3.5        |         |        |
+| v4.3.4        |         |        |
+| v4.3.3        |         |        |
+| v4.3.2        |         |        |
+| v4.3.1        |         |        |
+| v4.3.0        |         |        |
 | v4.2.7        | 1.13.2  | 7.11.2 |
 | v4.2.6        | 1.13.2  | 7.11.2 |
 | v4.2.5        | 1.13.2  | 7.11.2 |
@@ -206,7 +237,7 @@ These Docker containers are based on:
 *  "deviantony" dockerfiles which can be found at [https://github.com/deviantony/docker-elk](https://github.com/deviantony/docker-elk)
 *  "xetus-oss" dockerfiles, which can be found at [https://github.com/xetus-oss/docker-ossec-server](https://github.com/xetus-oss/docker-ossec-server)
 
-We thank them and everyone else who has contributed to this project.
+We thank you them and everyone else who has contributed to this project.
 
 ## License and copyright
 

SECURITY.md

@@ -1,45 +0,0 @@
-# Wazuh Open Source Project Security Policy
-
-Version: 2023-06-12
-
-## Introduction
-This document outlines the Security Policy for Wazuh's open source projects. It emphasizes our commitment to maintain a secure environment for our users and contributors, and reflects our belief in the power of collaboration to identify and resolve security vulnerabilities.
-
-## Scope
-This policy applies to all open source projects developed, maintained, or hosted by Wazuh.
-
-## Reporting Security Vulnerabilities
-If you believe you've discovered a potential security vulnerability in one of our open source projects, we strongly encourage you to report it to us responsibly.
-
-Please submit your findings as security advisories under the "Security" tab in the relevant GitHub repository. Alternatively, you may send the details of your findings to [security@wazuh.com](mailto:security@wazuh.com).
-
-## Vulnerability Disclosure Policy
-Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps:
-
-1. Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
-2. Validation: We will validate the issue and work on reproducing it in our environment.
-3. Remediation: We will work on a fix and thoroughly test it
-4. Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
-5. Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
-
-This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability.
-
-## Automatic Scanning
-We leverage GitHub Actions to perform automated scans of our supply chain. These scans assist us in identifying vulnerabilities and outdated dependencies in a proactive and timely manner.
-
-## Credit
-We believe in giving credit where credit is due. If you report a security vulnerability to us, and we determine that it is a valid vulnerability, we will publicly credit you for the discovery when we disclose the vulnerability. If you wish to remain anonymous, please indicate so in your initial report.
-
-We do appreciate and encourage feedback from our community, but currently we do not have a bounty program. We might start bounty programs in the future.
-
-## Compliance with this Policy
-We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications.
-
-Furthermore, we will not take legal action against or suspend or terminate access to the site or services of those who discover and report security vulnerabilities in accordance with this policy because of the fact.
-
-We ask that all users and contributors respect this policy and the security of our community's users by disclosing vulnerabilities to us in accordance with this policy.
-
-## Changes to this Security Policy
-This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date.
-
-If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com)

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.10.3"
-REVISION="41031"
+WAZUH-DOCKER_VERSION="4.4.2"
+REVISION="40408"

build-docker-images/README.md

@@ -9,24 +9,3 @@ $ build-docker-images/build-images.sh
 ```
 
 This script initializes the environment variables needed to build each of the images.
-
-The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
-
-```
-$ build-docker-images/build-images.sh -v 4.10.3
-```
-
-To get all the available script options use the -h or --help option:
-
-```
-$ build-docker-images/build-images.sh -h
-
-Usage: build-docker-images/build-images.sh [OPTIONS]
-
-    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
-    -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default 0.4.
-    -r, --revision <rev>         [Optional] Package revision. By default 1
-    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 4.10.3.
-    -h, --help                   Show this help.
-
-```

build-docker-images/build-images.sh

@@ -1,144 +1,17 @@
-WAZUH_IMAGE_VERSION=4.10.3
+WAZUH_IMAGE_VERSION=4.4.2
 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
 WAZUH_TAG_REVISION=1
-WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
-IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
 
-# Wazuh package generator
-# Copyright (C) 2023, Wazuh Inc.
-#
-# This program is a free software; you can redistribute it
-# and/or modify it under the terms of the GNU General Public
-# License (version 2) as published by the FSF - Free Software
-# Foundation.
+## If wazuh manager exists in apt dev repository, change variables, if not, exit 1
+if [ "$WAZUH_VERSION" -le "$WAZUH_CURRENT_VERSION" ]; then
+  IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
+else
+  IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
+fi
 
-WAZUH_IMAGE_VERSION="4.10.3"
-WAZUH_TAG_REVISION="1"
-WAZUH_DEV_STAGE=""
-FILEBEAT_MODULE_VERSION="0.4"
+echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > .env
+echo WAZUH_IMAGE_VERSION=$IMAGE_VERSION >> .env
+echo WAZUH_TAG_REVISION=$WAZUH_TAG_REVISION >> .env
 
-# -----------------------------------------------------------------------------
-
-trap ctrl_c INT
-
-clean() {
-    exit_code=$1
-
-    exit ${exit_code}
-}
-
-ctrl_c() {
-    clean 1
-}
-
-# -----------------------------------------------------------------------------
-
-
-build() {
-
-    WAZUH_VERSION="$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')"
-    FILEBEAT_TEMPLATE_BRANCH="${WAZUH_IMAGE_VERSION}"
-    WAZUH_FILEBEAT_MODULE="wazuh-filebeat-${FILEBEAT_MODULE_VERSION}.tar.gz"
-    WAZUH_UI_REVISION="${WAZUH_TAG_REVISION}"
-
-    if  [ "${WAZUH_DEV_STAGE}" ];then
-        FILEBEAT_TEMPLATE_BRANCH="v${FILEBEAT_TEMPLATE_BRANCH}-${WAZUH_DEV_STAGE,,}"
-        if ! curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/${FILEBEAT_TEMPLATE_BRANCH}"; then
-            echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}"
-            clean 1
-        fi
-    else
-        if curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/v${FILEBEAT_TEMPLATE_BRANCH}"; then
-            FILEBEAT_TEMPLATE_BRANCH="v${FILEBEAT_TEMPLATE_BRANCH}"
-        elif curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/${FILEBEAT_TEMPLATE_BRANCH}"; then
-            FILEBEAT_TEMPLATE_BRANCH="${FILEBEAT_TEMPLATE_BRANCH}"
-        else
-            WAZUH_MASTER_VERSION="$(curl -s https://raw.githubusercontent.com/wazuh/wazuh/master/src/VERSION | sed -e 's/v//g')"
-            if [ "${FILEBEAT_TEMPLATE_BRANCH}" == "${WAZUH_MASTER_VERSION}" ]; then
-                FILEBEAT_TEMPLATE_BRANCH="master"
-            else
-                echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}"
-                clean 1
-            fi
-        fi
-    fi
-
-    echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > .env
-    echo WAZUH_IMAGE_VERSION=$WAZUH_IMAGE_VERSION >> .env
-    echo WAZUH_TAG_REVISION=$WAZUH_TAG_REVISION >> .env
-    echo FILEBEAT_TEMPLATE_BRANCH=$FILEBEAT_TEMPLATE_BRANCH >> .env
-    echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> .env
-    echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env
-
-    docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache || clean 1
-
-    return 0
-}
-
-# -----------------------------------------------------------------------------
-
-help() {
-    echo
-    echo "Usage: $0 [OPTIONS]"
-    echo
-    echo "    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default."
-    echo "    -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default ${FILEBEAT_MODULE_VERSION}."
-    echo "    -r, --revision <rev>         [Optional] Package revision. By default ${WAZUH_TAG_REVISION}"
-    echo "    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, ${WAZUH_IMAGE_VERSION}."
-    echo "    -h, --help                   Show this help."
-    echo
-    exit $1
-}
-
-# -----------------------------------------------------------------------------
-
-main() {
-    while [ -n "${1}" ]
-    do
-        case "${1}" in
-        "-h"|"--help")
-            help 0
-            ;;
-        "-d"|"--dev")
-            if [ -n "${2}" ]; then
-                WAZUH_DEV_STAGE="${2}"
-                shift 2
-            else
-                help 1
-            fi
-            ;;
-        "-f"|"--filebeat-module")
-            if [ -n "${2}" ]; then
-                FILEBEAT_MODULE_VERSION="${2}"
-                shift 2
-            else
-                help 1
-            fi
-            ;;
-        "-r"|"--revision")
-            if [ -n "${2}" ]; then
-                WAZUH_TAG_REVISION="${2}"
-                shift 2
-            else
-                help 1
-            fi
-            ;;
-        "-v"|"--version")
-            if [ -n "$2" ]; then
-                WAZUH_IMAGE_VERSION="$2"
-                shift 2
-            else
-                help 1
-            fi
-            ;;
-        *)
-            help 1
-        esac
-    done
-
-    build || clean 1
-
-    clean 0
-}
-
-main "$@"
+docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache

build-docker-images/build-images.yml

@@ -8,8 +8,6 @@ services:
       args:
         WAZUH_VERSION: ${WAZUH_VERSION}
         WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
-        FILEBEAT_TEMPLATE_BRANCH: ${FILEBEAT_TEMPLATE_BRANCH}
-        WAZUH_FILEBEAT_MODULE: ${WAZUH_FILEBEAT_MODULE}
     image: wazuh/wazuh-manager:${WAZUH_IMAGE_VERSION}
     hostname: wazuh.manager
     restart: always
@@ -63,7 +61,6 @@ services:
       args:
         WAZUH_VERSION: ${WAZUH_VERSION}
         WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
-        WAZUH_UI_REVISION: ${WAZUH_UI_REVISION}
     image: wazuh/wazuh-dashboard:${WAZUH_IMAGE_VERSION}
     hostname: wazuh.dashboard
     restart: always

build-docker-images/wazuh-dashboard/Dockerfile

@@ -1,34 +1,40 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-FROM amazonlinux:2023 AS builder
+FROM ubuntu:focal AS builder
 
 ARG WAZUH_VERSION
 ARG WAZUH_TAG_REVISION
-ARG WAZUH_UI_REVISION
 ARG INSTALL_DIR=/usr/share/wazuh-dashboard
+ARG WAZUH_UI_REVISION=1
 
 # Update and install dependencies
-RUN yum install curl-minimal libcap openssl -y
+RUN apt-get update && apt install curl libcap2-bin xz-utils -y
 
-COPY config/check_repository.sh /
-RUN chmod 775 /check_repository.sh && \
-    source /check_repository.sh
+# Create Install dir
+RUN mkdir -p $INSTALL_DIR
 
-RUN yum install wazuh-dashboard-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
-    yum clean all
-
-# Create and set permissions to data directories
-RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
-RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
-RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
-COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
-RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/bin/node
-RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/fallback/bin/node
+# Download and extract Wazuh dashboard base
+COPY config/dl_base.sh .
+RUN bash dl_base.sh
 
 # Generate certificates
 COPY config/config.sh .
 COPY config/config.yml /
 RUN bash config.sh
 
+COPY config/install_wazuh_app.sh /
+RUN chmod 775 /install_wazuh_app.sh
+RUN bash /install_wazuh_app.sh
+
+# Copy and set permissions to config files
+COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/
+COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
+RUN chown 101:101 $INSTALL_DIR/config/opensearch_dashboards.yml && chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
+
+# Create and set permissions to data directories
+RUN mkdir -p $INSTALL_DIR/data/wazuh && chown -R 101:101 $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
+RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chown -R 101:101 $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
+RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chown -R 101:101 $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
+
 ################################################################################
 # Build stage 1 (the current Wazuh dashboard image):
 #
@@ -36,7 +42,7 @@ RUN bash config.sh
 # Add entrypoint
 # Add wazuh_app_config
 ################################################################################
-FROM amazonlinux:2023
+FROM ubuntu:focal
 
 # Set environment variables
 ENV USER="wazuh-dashboard" \
@@ -50,6 +56,19 @@ ENV PATTERN="" \
     CHECKS_TEMPLATE="" \
     CHECKS_API="" \
     CHECKS_SETUP="" \
+    EXTENSIONS_PCI="" \
+    EXTENSIONS_GDPR="" \
+    EXTENSIONS_HIPAA="" \
+    EXTENSIONS_NIST="" \
+    EXTENSIONS_TSC="" \
+    EXTENSIONS_AUDIT="" \
+    EXTENSIONS_OSCAP="" \
+    EXTENSIONS_CISCAT="" \
+    EXTENSIONS_AWS="" \
+    EXTENSIONS_GCP="" \
+    EXTENSIONS_VIRUSTOTAL="" \
+    EXTENSIONS_OSQUERY="" \
+    EXTENSIONS_DOCKER="" \
     APP_TIMEOUT="" \
     API_SELECTOR="" \
     IP_SELECTOR="" \
@@ -59,8 +78,8 @@ ENV PATTERN="" \
     WAZUH_MONITORING_SHARDS="" \
     WAZUH_MONITORING_REPLICAS=""
 
-# Update and install dependencies
-RUN yum install shadow-utils -y
+# Install dependencies
+RUN apt update && apt install -y libnss3-dev fonts-liberation libfontconfig1
 
 # Create wazuh-dashboard user and group
 RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
@@ -83,10 +102,6 @@ RUN chown 1000:1000 /*.sh
 # Copy Install dir from builder to current image
 COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
 
-# Create custom directory
-RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
-RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
-
 # Set workdir and user
 WORKDIR $INSTALL_DIR
 USER wazuh-dashboard

build-docker-images/wazuh-dashboard/config/check_repository.sh

@@ -1,15 +0,0 @@
-## variables
-APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
-
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
-fi
-
-rpm --import "${APT_KEY}"
-echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo

build-docker-images/wazuh-dashboard/config/config.sh

@@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config
 
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.10/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.10/
+PACKAGES_URL=https://packages.wazuh.com/4.4/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.4/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

build-docker-images/wazuh-dashboard/config/dl_base.sh

@@ -0,0 +1,25 @@
+REPOSITORY="packages.wazuh.com/4.x"
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
+MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
+MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
+MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
+MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
+MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
+
+## check version to use the correct repository
+if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
+  REPOSITORY="packages-dev.wazuh.com/pre-release"
+elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
+  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
+    REPOSITORY="packages-dev.wazuh.com/pre-release"
+  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
+    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
+      REPOSITORY="packages-dev.wazuh.com/pre-release"
+    fi
+  fi
+fi
+
+
+curl -o wazuh-dashboard-base.tar.xz https://${REPOSITORY}/stack/dashboard/wazuh-dashboard-base-${WAZUH_VERSION}-${WAZUH_TAG_REVISION}-linux-x64.tar.xz
+tar -xf wazuh-dashboard-base.tar.xz --directory  $INSTALL_DIR --strip-components=1

build-docker-images/wazuh-dashboard/config/install_wazuh_app.sh

@@ -0,0 +1,25 @@
+## variables
+WAZUH_APP=https://packages.wazuh.com/4.x/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
+MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
+MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
+MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
+MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
+MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
+
+## check version to use the correct repository
+if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
+  WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
+  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
+    WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
+    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
+      WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+    fi
+  fi
+fi
+
+# Install Wazuh App
+$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_APP --allow-root

build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml

@@ -0,0 +1,13 @@
+server.host: 0.0.0.0
+server.port: 5601
+opensearch.hosts: https://wazuh.indexer:9200
+opensearch.ssl.verificationMode: none
+opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: true
+server.ssl.key: "/usr/share/wazuh-dashboard/config/certs/dashboard-key.pem"
+server.ssl.certificate: "/usr/share/wazuh-dashboard/config/certs/dashboard.pem"
+opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/config/certs/root-ca.pem"]
+uiSettings.overrides.defaultRoute: /app/wazuh
+

build-docker-images/wazuh-dashboard/config/wazuh.yml

@@ -16,7 +16,7 @@
 # https://documentation.wazuh.com/current/installation-guide/index.html
 #
 # Also, you can check our repository:
-# https://github.com/wazuh/wazuh-dashboard-plugins
+# https://github.com/wazuh/wazuh-kibana-app
 #
 # ------------------------------- Index patterns -------------------------------
 #

build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh

@@ -15,6 +15,19 @@ declare -A CONFIG_MAP=(
   [checks.template]=$CHECKS_TEMPLATE
   [checks.api]=$CHECKS_API
   [checks.setup]=$CHECKS_SETUP
+  [extensions.pci]=$EXTENSIONS_PCI
+  [extensions.gdpr]=$EXTENSIONS_GDPR
+  [extensions.hipaa]=$EXTENSIONS_HIPAA
+  [extensions.nist]=$EXTENSIONS_NIST
+  [extensions.tsc]=$EXTENSIONS_TSC
+  [extensions.audit]=$EXTENSIONS_AUDIT
+  [extensions.oscap]=$EXTENSIONS_OSCAP
+  [extensions.ciscat]=$EXTENSIONS_CISCAT
+  [extensions.aws]=$EXTENSIONS_AWS
+  [extensions.gcp]=$EXTENSIONS_GCP
+  [extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL
+  [extensions.osquery]=$EXTENSIONS_OSQUERY
+  [extensions.docker]=$EXTENSIONS_DOCKER
   [timeout]=$APP_TIMEOUT
   [api.selector]=$API_SELECTOR
   [ip.selector]=$IP_SELECTOR

build-docker-images/wazuh-indexer/Dockerfile

@@ -1,17 +1,10 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-FROM amazonlinux:2023 AS builder
+FROM ubuntu:focal AS builder
 
 ARG WAZUH_VERSION
 ARG WAZUH_TAG_REVISION
 
-RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y
-
-COPY config/check_repository.sh /
-RUN chmod 775 /check_repository.sh && \
-    source /check_repository.sh
-
-RUN yum install wazuh-indexer-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
-    yum clean all
+RUN apt-get update -y && apt-get install curl openssl xz-utils -y
 
 COPY config/opensearch.yml /
 
@@ -19,8 +12,6 @@ COPY config/config.sh .
 
 COPY config/config.yml /
 
-COPY config/action_groups.yml /
-
 COPY config/internal_users.yml /
 
 COPY config/roles_mapping.yml /
@@ -34,17 +25,14 @@ RUN bash config.sh
 #
 # Copy wazuh-indexer from stage 0
 # Add entrypoint
-
 ################################################################################
-FROM amazonlinux:2023
+FROM ubuntu:focal
 
 ENV USER="wazuh-indexer" \
     GROUP="wazuh-indexer" \
     NAME="wazuh-indexer" \
     INSTALL_DIR="/usr/share/wazuh-indexer"
 
-RUN yum install curl-minimal shadow-utils findutils hostname -y
-
 RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
 
 RUN useradd --system \
@@ -66,8 +54,7 @@ RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh
 
 RUN chown 1000:1000 /*.sh
 
-COPY --from=builder --chown=1000:1000 /usr/share/wazuh-indexer /usr/share/wazuh-indexer
-COPY --from=builder --chown=1000:1000 /etc/wazuh-indexer /usr/share/wazuh-indexer
+COPY --from=builder --chown=1000:1000 /debian/wazuh-indexer/usr/share/wazuh-indexer /usr/share/wazuh-indexer
 COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/systemd /usr/lib/systemd
 COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sysctl.d /usr/lib/sysctl.d
 COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tmpfiles.d /usr/lib/tmpfiles.d

build-docker-images/wazuh-indexer/config/action_groups.yml

@@ -1,12 +0,0 @@
----
-_meta:
-  type: "actiongroups"
-  config_version: 2
-
-# ISM API permissions group
-manage_ism:
-  reserved: true
-  hidden: false
-  allowed_actions:
-  - "cluster:admin/opendistro/ism/*"
-  static: false

build-docker-images/wazuh-indexer/config/check_repository.sh

@@ -1,15 +0,0 @@
-## variables
-APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
-
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
-fi
-
-rpm --import "${APT_KEY}"
-echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo

build-docker-images/wazuh-indexer/config/config.sh

@@ -19,11 +19,42 @@ export INDEXER_FILE=wazuh-indexer-base.tar.xz
 export BASE_FILE=wazuh-indexer-base-${VERSION}-linux-x64.tar.xz
 export REPO_DIR=/unattended_installer
 
+rm -rf ${INSTALLATION_DIR}/
+
+## variables
+REPOSITORY="packages.wazuh.com/4.x"
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
+MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
+MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
+MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
+MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
+MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
+
+## check version to use the correct repository
+if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
+  REPOSITORY="packages-dev.wazuh.com/pre-release"
+elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
+  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
+    REPOSITORY="packages-dev.wazuh.com/pre-release"
+  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
+    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
+      REPOSITORY="packages-dev.wazuh.com/pre-release"
+    fi
+  fi
+fi
+
+
+curl -o ${INDEXER_FILE} https://${REPOSITORY}/stack/indexer/${BASE_FILE}
+tar -xf ${INDEXER_FILE}
+
+## TOOLS
+
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.10/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.10/
+PACKAGES_URL=https://packages.wazuh.com/4.4/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.4/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
@@ -72,10 +103,23 @@ mkdir -p ${TARGET_DIR}/usr/lib/tmpfiles.d
 mkdir -p ${TARGET_DIR}/usr/lib/sysctl.d
 mkdir -p ${TARGET_DIR}/usr/lib/systemd/system
 mkdir -p ${TARGET_DIR}${CONFIG_DIR}/certs
+# Move configuration files for wazuh-indexer
+mv -f ${BASE_DIR}/etc/init.d/${NAME} ${TARGET_DIR}/etc/init.d/${NAME}
+mv -f ${BASE_DIR}/etc/wazuh-indexer/* ${TARGET_DIR}${CONFIG_DIR}
+mv -f ${BASE_DIR}/etc/sysconfig/${NAME} ${TARGET_DIR}/etc/default/
+mv -f ${BASE_DIR}/usr/lib/tmpfiles.d/* ${TARGET_DIR}/usr/lib/tmpfiles.d/
+mv -f ${BASE_DIR}/usr/lib/sysctl.d/* ${TARGET_DIR}/usr/lib/sysctl.d/
+mv -f ${BASE_DIR}/usr/lib/systemd/system/* ${TARGET_DIR}/usr/lib/systemd/system/
+rm -rf ${BASE_DIR}/etc
+rm -rf ${BASE_DIR}/usr
+# Copy installation files to final location
+cp -pr ${BASE_DIR}/* ${TARGET_DIR}${INSTALLATION_DIR}
+# Copy the security tools
+cp /$CERT_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/
+cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/
 # Copy Wazuh's config files for the security plugin
 cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
 # Copy Wazuh indexer's certificates
@@ -87,16 +131,8 @@ cp -pr /wazuh-certificates/admin.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin.pem
 cp -pr /wazuh-certificates/admin-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin-key.pem
 
 # Delete xms and xmx parameters in jvm.options
-sed '/-Xms/d' -i /etc/wazuh-indexer/jvm.options
-sed '/-Xmx/d' -i /etc/wazuh-indexer/jvm.options
-sed -i 's/-Djava.security.policy=file:\/\/\/etc\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/-Djava.security.policy=file:\/\/\/usr\/share\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/g' /etc/wazuh-indexer/jvm.options
-
+sed '/-Xms/d' -i ${TARGET_DIR}${CONFIG_DIR}/jvm.options
+sed '/-Xmx/d' -i ${TARGET_DIR}${CONFIG_DIR}/jvm.options
 
 chmod -R 500 ${TARGET_DIR}${CONFIG_DIR}/certs
-chmod -R 400 ${TARGET_DIR}${CONFIG_DIR}/certs/*
-
-find ${TARGET_DIR} -type d -exec chmod 750 {} \;
-find ${TARGET_DIR} -type f -perm 644 -exec chmod 640 {} \;
-find ${TARGET_DIR} -type f -perm 664 -exec chmod 660 {} \;
-find ${TARGET_DIR} -type f -perm 755 -exec chmod 750 {} \;
-find ${TARGET_DIR} -type f -perm 744 -exec chmod 740 {} \;
+chmod -R 400 ${TARGET_DIR}${CONFIG_DIR}/certs/*

build-docker-images/wazuh-indexer/config/roles.yml

@@ -142,7 +142,7 @@ wazuh_ui_user:
     allowed_actions:
     - "read"
   tenant_permissions: []
-  static: false
+  static: false        
 
 wazuh_ui_admin:
   reserved: true
@@ -160,12 +160,4 @@ wazuh_ui_admin:
     - "manage"
     - "index"
   tenant_permissions: []
-  static: false
-
-# ISM API permissions role
-manage_ism:
-  reserved: true
-  hidden: false
-  cluster_permissions:
-  - "manage_ism"
-  static: false
+  static: false  

build-docker-images/wazuh-indexer/config/roles_mapping.yml

@@ -33,7 +33,7 @@ kibana_user:
   - "kibanauser"
   users:
   - "wazuh_user"
-  - "wazuh_admin"
+  - "wazuh_admin"    
   description: "Maps kibanauser to kibana_user"
 
 readall:
@@ -68,11 +68,4 @@ wazuh_ui_user:
   hosts: []
   users:
   - "wazuh_user"
-  and_backend_roles: []
-
-# ISM API permissions role mapping
-manage_ism:
-  reserved: true
-  hidden: false
-  users:
-  - "kibanaserver"
+  and_backend_roles: []

build-docker-images/wazuh-manager/Dockerfile

@@ -1,32 +1,33 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-FROM amazonlinux:2023
+FROM ubuntu:focal
 
 RUN rm /bin/sh && ln -s /bin/bash /bin/sh
 
 ARG WAZUH_VERSION
 ARG WAZUH_TAG_REVISION
-ARG FILEBEAT_TEMPLATE_BRANCH
+ARG TEMPLATE_VERSION=4.4
 ARG FILEBEAT_CHANNEL=filebeat-oss
 ARG FILEBEAT_VERSION=7.10.2
-ARG WAZUH_FILEBEAT_MODULE
-ARG S6_VERSION="v2.2.0.3"
+ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.2.tar.gz"
 
-RUN yum install curl-minimal xz gnupg tar gzip openssl findutils procps -y &&\
-    yum clean all
+RUN apt-get update && apt install curl apt-transport-https lsb-release gnupg -y
 
 COPY config/check_repository.sh /
-COPY config/filebeat_module.sh /
-COPY config/permanent_data.env config/permanent_data.sh /
 
 RUN chmod 775 /check_repository.sh
 RUN source /check_repository.sh
 
-RUN yum install wazuh-manager-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
-    yum clean all && \
-    chmod 775 /filebeat_module.sh && \
-    source /filebeat_module.sh && \
-    rm /filebeat_module.sh && \
-    curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
+RUN apt-get update && \
+    apt-get install wazuh-manager=${WAZUH_VERSION}-${WAZUH_TAG_REVISION}
+
+RUN curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb &&\
+    dpkg -i ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && \
+    curl -s https://packages.wazuh.com/4.x/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module
+
+RUN curl -L https://github.com/aelsabbahy/goss/releases/latest/download/goss-linux-amd64 -o /usr/local/bin/goss && chmod +rx /usr/local/bin/goss
+
+ARG S6_VERSION="v2.2.0.3"
+RUN curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
     -o /tmp/s6-overlay-amd64.tar.gz && \
     tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \
     tar xzf /tmp/s6-overlay-amd64.tar.gz -C /usr ./bin && \
@@ -39,30 +40,18 @@ COPY config/filebeat.yml /etc/filebeat/
 
 RUN chmod go-w /etc/filebeat/filebeat.yml
 
-ADD https://raw.githubusercontent.com/wazuh/wazuh/$FILEBEAT_TEMPLATE_BRANCH/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
+ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
 RUN chmod go-w /etc/filebeat/wazuh-template.json
 
 # Prepare permanent data
 # Sync calls are due to https://github.com/docker/docker/issues/9547
 
-#Make mount directories for keep permissions
-
-RUN mkdir -p /var/ossec/var/multigroups && \
-    chown root:wazuh /var/ossec/var/multigroups && \
-    chmod 770 /var/ossec/var/multigroups && \
-    mkdir -p /var/ossec/agentless && \
-    chown root:wazuh /var/ossec/agentless && \
-    chmod 770 /var/ossec/agentless && \
-    mkdir -p /var/ossec/active-response/bin && \
-    chown root:wazuh /var/ossec/active-response/bin && \
-    chmod 770 /var/ossec/active-response/bin && \
-    chmod 755 /permanent_data.sh && \
+COPY config/permanent_data.env config/permanent_data.sh /
+RUN chmod 755 /permanent_data.sh && \
     sync && /permanent_data.sh && \
     sync && rm /permanent_data.sh
 
-RUN rm /etc/yum.repos.d/wazuh.repo
-
 # Services ports
 EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp
 
-ENTRYPOINT [ "/init" ]
+ENTRYPOINT [ "/init" ]

build-docker-images/wazuh-manager/config/check_repository.sh

@@ -1,15 +1,29 @@
 ## variables
-APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
+APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+REPOSITORY="deb https://packages.wazuh.com/4.x/apt/ stable main"
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
+MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
+MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
+MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
+MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
+MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
 
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
+## check version to use the correct repository
+if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
+  APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+  REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
+elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
+  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
+    APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+    REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
+  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
+    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
+      APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+      REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
+    fi
+  fi
 fi
 
-rpm --import "${APT_KEY}"
-echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo
+apt-key adv --fetch-keys ${APT_KEY}
+echo ${REPOSITORY} | tee -a /etc/apt/sources.list.d/wazuh.list

build-docker-images/wazuh-manager/config/create_user.py

@@ -13,7 +13,7 @@ SPECIAL_CHARS = "@$!%*?&-_"
 
 
 try:
-    from wazuh.rbac.orm import check_database_integrity
+    from wazuh.rbac.orm import create_rbac_db
     from wazuh.security import (
         create_user,
         get_users,
@@ -69,7 +69,7 @@ if __name__ == "__main__":
     username, password = read_user_file()
 
     # create RBAC database
-    check_database_integrity()
+    create_rbac_db()
 
     initial_users = db_users()
     if username not in initial_users:

build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init

@@ -51,7 +51,7 @@ mount_permanent_data() {
         print "Installing ${permanent_dir}"
         exec_cmd "cp -a ${data_tmp}. ${permanent_dir}"
       else
-        print "The path ${permanent_dir} is empty, skipped"
+        print "The path ${permanent_dir} is empty, skiped"
       fi
     fi
   done
@@ -184,9 +184,8 @@ set_rids_owner() {
 ##############################################################################
 
 set_correct_permOwner() {
-  find / -group 997 -exec chown :999 {} +;
-  find / -group 101 -exec chown :999 {} +;
-  find / -user 101 -exec chown 999 {} +;
+  find / -group 997 -exec chown :101 {} +;
+  find / -user 999 -exec chown 101 {} +;
 }
 
 ##############################################################################
@@ -199,7 +198,7 @@ main() {
 
   # Restore files stored in permanent data that are not permanent  (i.e. internal_options.conf)
   apply_exclusion_data
-
+  
   # Apply correct permission and ownership
   set_correct_permOwner
 

build-docker-images/wazuh-manager/config/etc/cont-init.d/1-config-filebeat

@@ -4,7 +4,7 @@
 set -e
 
 if [ "$INDEXER_URL" != "" ]; then
-  >&2 echo "Customize Elasticsearch output IP"
+  >&2 echo "Customize Elasticsearch ouput IP"
   sed -i "s|hosts:.*|hosts: ['$INDEXER_URL']|g" /etc/filebeat/filebeat.yml
 fi
 

build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager

@@ -112,13 +112,6 @@ function_entrypoint_scripts() {
   fi
 }
 
-function_configure_vulnerability_detection() {
-if [ "$INDEXER_PASSWORD" != "" ]; then
-  >&2 echo "Configuring password."
-  /var/ossec/bin/wazuh-keystore -f indexer -k username -v $INDEXER_USERNAME
-  /var/ossec/bin/wazuh-keystore -f indexer -k password -v $INDEXER_PASSWORD
-fi
-}
 
 # Migrate data from /wazuh-migration volume
 function_wazuh_migration
@@ -126,9 +119,6 @@ function_wazuh_migration
 # create API custom user
 function_create_custom_user
 
-# configure Vulnerabilty detection
-function_configure_vulnerability_detection
-
 # run entrypoint scripts
 function_entrypoint_scripts
 

build-docker-images/wazuh-manager/config/filebeat.yml

@@ -8,9 +8,9 @@ filebeat.modules:
       enabled: false
 
 setup.template.json.enabled: true
-setup.template.overwrite: true
 setup.template.json.path: '/etc/filebeat/wazuh-template.json'
 setup.template.json.name: 'wazuh'
+setup.template.overwrite: true
 setup.ilm.enabled: false
 output.elasticsearch:
   hosts: ['https://wazuh.indexer:9200']

build-docker-images/wazuh-manager/config/filebeat_module.sh

@@ -1,12 +0,0 @@
-## variables
-REPOSITORY="packages-dev.wazuh.com/pre-release"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
-
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  REPOSITORY="packages.wazuh.com/4.x"
-fi
-
-curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm &&\
-yum install -y ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && \
-curl -s https://${REPOSITORY}/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module

build-docker-images/wazuh-manager/config/permanent_data.env

@@ -16,16 +16,11 @@ export PERMANENT_DATA
 # Files mounted in a volume that should not be permanent
 i=0
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/internal_options.conf"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/maltiverse"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/maltiverse.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
@@ -56,48 +51,14 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh.exp"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/__init__.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws_tools.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/wazuh_integration.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/__init__.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/aws_bucket.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/cloudtrail.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/config.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/guardduty.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/load_balancers.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/server_access.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/umbrella.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/vpcflow.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/waf.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/services/__init__.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/services/aws_service.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/services/cloudwatchlogs.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/services/inspector.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/__init__.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/s3_log_handler.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/sqs_message_processor.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/sqs_queue.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/orm.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/utils.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/__init__.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_utils.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/__init__.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/analytics.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/graph.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/storage.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/bucket.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/access_logs.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py"
-PERMANENT_DATA_EXCP[((i++))]="/etc/filebeat/filebeat.yml"
 export PERMANENT_DATA_EXCP
 
 # Files mounted in a volume that should be deleted

indexer-certs-creator/config/entrypoint.sh

@@ -8,8 +8,8 @@
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.10/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.10/
+PACKAGES_URL=https://packages.wazuh.com/4.4/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.4/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
@@ -17,13 +17,13 @@ CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E
 
 ## If cert tool exists in some bucket, download it, if not exit 1
 if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
-  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL -s
-  echo "The tool to create the certificates exists in the in Packages bucket"
+  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL
+  echo "Cert tool exists in Packages bucket"
 elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then
-  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL -s
-  echo "The tool to create the certificates exists in Packages-dev bucket"
+  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL
+  echo "Cert tool exists in Packages-dev bucket"
 else
-  echo "The tool to create the certificates does not exist in any bucket"
+  echo "Cert tool does not exist in any bucket"
   echo "ERROR: certificates were not created"
   exit 1
 fi
@@ -38,12 +38,12 @@ chmod 700 /$CERT_TOOL
 
 ## Execute cert tool and parsin cert.yml to set UID permissions
 source /$CERT_TOOL -A
-nodes_server=$( cert_parseYaml /config.yml | grep -E "nodes[_]+server[_]+[0-9]+=" | sed -e 's/nodes__server__[0-9]=//' | sed 's/"//g' )
+nodes_server=$( cert_parseYaml /config.yml | grep nodes_server__name | sed 's/nodes_server__name=//' )
 node_names=($nodes_server)
 
-echo "Moving created certificates to the destination directory"
+echo "Moving created certificates to destination directory"
 cp /wazuh-certificates/* /certificates/
-echo "Changing certificate permissions"
+echo "changing certificate permissions"
 chmod -R 500 /certificates
 chmod -R 400 /certificates/*
 echo "Setting UID indexer and dashboard"
@@ -51,12 +51,11 @@ chown 1000:1000 /certificates/*
 echo "Setting UID for wazuh manager and worker"
 cp /certificates/root-ca.pem /certificates/root-ca-manager.pem
 cp /certificates/root-ca.key /certificates/root-ca-manager.key
-chown 999:999 /certificates/root-ca-manager.pem
-chown 999:999 /certificates/root-ca-manager.key
+chown 101:101 /certificates/root-ca-manager.pem
+chown 101:101 /certificates/root-ca-manager.key
 
 for i in ${node_names[@]};
 do
-  chown 999:999 "/certificates/${i}.pem"
-  chown 999:999 "/certificates/${i}-key.pem"
+  chown 101:101 "/certificates/${i}.pem"
+  chown 101:101 "/certificates/${i}-key.pem"
 done
-

multi-node/config/wazuh_cluster/wazuh_manager.conf

@@ -95,27 +95,69 @@
     <skip_nfs>yes</skip_nfs>
   </sca>
 
-  <vulnerability-detection>
-    <enabled>yes</enabled>
-    <index-status>yes</index-status>
-    <feed-update-interval>60m</feed-update-interval>
-  </vulnerability-detection>
+  <vulnerability-detector>
+    <enabled>no</enabled>
+    <interval>5m</interval>
+    <min_full_scan_interval>6h</min_full_scan_interval>
+    <run_on_start>yes</run_on_start>
 
-  <indexer>
-    <enabled>yes</enabled>
-    <hosts>
-      <host>https://wazuh1.indexer:9200</host>
-      <host>https://wazuh2.indexer:9200</host>
-      <host>https://wazuh3.indexer:9200</host>
-    </hosts>
-    <ssl>
-      <certificate_authorities>
-        <ca>/etc/ssl/root-ca.pem</ca>
-      </certificate_authorities>
-      <certificate>/etc/ssl/filebeat.pem</certificate>
-      <key>/etc/ssl/filebeat.key</key>
-    </ssl>
-  </indexer>
+    <!-- Ubuntu OS vulnerabilities -->
+    <provider name="canonical">
+      <enabled>no</enabled>
+      <os>trusty</os>
+      <os>xenial</os>
+      <os>bionic</os>
+      <os>focal</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Debian OS vulnerabilities -->
+    <provider name="debian">
+      <enabled>no</enabled>
+      <os>stretch</os>
+      <os>buster</os>
+      <os>bullseye</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- RedHat OS vulnerabilities -->
+    <provider name="redhat">
+      <enabled>no</enabled>
+      <os>5</os>
+      <os>6</os>
+      <os>7</os>
+      <os>8</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Amazon Linux OS vulnerabilities -->
+    <provider name="alas">
+      <enabled>no</enabled>
+      <os>amazon-linux</os>
+      <os>amazon-linux-2</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Arch OS vulnerabilities -->
+    <provider name="arch">
+      <enabled>no</enabled>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Windows OS vulnerabilities -->
+    <provider name="msu">
+      <enabled>yes</enabled>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Aggregate vulnerabilities -->
+    <provider name="nvd">
+      <enabled>yes</enabled>
+      <update_from_year>2010</update_from_year>
+      <update_interval>1h</update_interval>
+    </provider>
+
+  </vulnerability-detector>
 
   <!-- File integrity monitoring -->
   <syscheck>
@@ -307,4 +349,9 @@
     <location>/var/ossec/logs/active-responses.log</location>
   </localfile>
 
-</ossec_config>
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/dpkg.log</location>
+  </localfile>
+
+</ossec_config>

multi-node/config/wazuh_cluster/wazuh_worker.conf

@@ -95,27 +95,69 @@
     <skip_nfs>yes</skip_nfs>
   </sca>
 
-  <vulnerability-detection>
-    <enabled>yes</enabled>
-    <index-status>yes</index-status>
-    <feed-update-interval>60m</feed-update-interval>
-  </vulnerability-detection>
+  <vulnerability-detector>
+    <enabled>no</enabled>
+    <interval>5m</interval>
+    <min_full_scan_interval>6h</min_full_scan_interval>
+    <run_on_start>yes</run_on_start>
 
-  <indexer>
-    <enabled>yes</enabled>
-    <hosts>
-      <host>https://wazuh1.indexer:9200</host>
-      <host>https://wazuh2.indexer:9200</host>
-      <host>https://wazuh3.indexer:9200</host>
-    </hosts>
-    <ssl>
-      <certificate_authorities>
-        <ca>/etc/ssl/root-ca.pem</ca>
-      </certificate_authorities>
-      <certificate>/etc/ssl/filebeat.pem</certificate>
-      <key>/etc/ssl/filebeat.key</key>
-    </ssl>
-  </indexer>
+    <!-- Ubuntu OS vulnerabilities -->
+    <provider name="canonical">
+      <enabled>no</enabled>
+      <os>trusty</os>
+      <os>xenial</os>
+      <os>bionic</os>
+      <os>focal</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Debian OS vulnerabilities -->
+    <provider name="debian">
+      <enabled>no</enabled>
+      <os>stretch</os>
+      <os>buster</os>
+      <os>bullseye</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- RedHat OS vulnerabilities -->
+    <provider name="redhat">
+      <enabled>no</enabled>
+      <os>5</os>
+      <os>6</os>
+      <os>7</os>
+      <os>8</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Amazon Linux OS vulnerabilities -->
+    <provider name="alas">
+      <enabled>no</enabled>
+      <os>amazon-linux</os>
+      <os>amazon-linux-2</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Arch OS vulnerabilities -->
+    <provider name="arch">
+      <enabled>no</enabled>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Windows OS vulnerabilities -->
+    <provider name="msu">
+      <enabled>yes</enabled>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Aggregate vulnerabilities -->
+    <provider name="nvd">
+      <enabled>yes</enabled>
+      <update_from_year>2010</update_from_year>
+      <update_interval>1h</update_interval>
+    </provider>
+
+  </vulnerability-detector>
 
   <!-- File integrity monitoring -->
   <syscheck>
@@ -307,4 +349,9 @@
     <location>/var/ossec/logs/active-responses.log</location>
   </localfile>
 
-</ossec_config>
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/dpkg.log</location>
+  </localfile>
+
+</ossec_config>

multi-node/config/wazuh_dashboard/opensearch_dashboards.yml

@@ -9,4 +9,4 @@ server.ssl.enabled: true
 server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
 server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
 opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
-uiSettings.overrides.defaultRoute: /app/wz-home
+uiSettings.overrides.defaultRoute: /app/wazuh

multi-node/docker-compose.yml

@@ -3,16 +3,9 @@ version: '3.7'
 
 services:
   wazuh.master:
-    image: wazuh/wazuh-manager:4.10.3
+    image: wazuh/wazuh-manager:4.4.2
     hostname: wazuh.master
     restart: always
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 655360
-        hard: 655360
     ports:
       - "1515:1515"
       - "514:514/udp"
@@ -45,16 +38,9 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.worker:
-    image: wazuh/wazuh-manager:4.10.3
+    image: wazuh/wazuh-manager:4.4.2
     hostname: wazuh.worker
     restart: always
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 655360
-        hard: 655360
     environment:
       - INDEXER_URL=https://wazuh1.indexer:9200
       - INDEXER_USERNAME=admin
@@ -81,7 +67,7 @@ services:
       - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh1.indexer:
-    image: wazuh/wazuh-indexer:4.10.3
+    image: wazuh/wazuh-indexer:4.4.2
     hostname: wazuh1.indexer
     restart: always
     ports:
@@ -107,7 +93,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh2.indexer:
-    image: wazuh/wazuh-indexer:4.10.3
+    image: wazuh/wazuh-indexer:4.4.2
     hostname: wazuh2.indexer
     restart: always
     environment:
@@ -129,7 +115,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh3.indexer:
-    image: wazuh/wazuh-indexer:4.10.3
+    image: wazuh/wazuh-indexer:4.4.2
     hostname: wazuh3.indexer
     restart: always
     environment:
@@ -151,7 +137,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.10.3
+    image: wazuh/wazuh-dashboard:4.4.2
     hostname: wazuh.dashboard
     restart: always
     ports:
@@ -169,8 +155,6 @@ services:
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
       - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
       - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
-      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
-      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
     depends_on:
       - wazuh1.indexer
     links:
@@ -220,5 +204,3 @@ volumes:
   wazuh-indexer-data-1:
   wazuh-indexer-data-2:
   wazuh-indexer-data-3:
-  wazuh-dashboard-config:
-  wazuh-dashboard-custom:

multi-node/generate-indexer-certs.yml

@@ -3,7 +3,7 @@ version: '3'
 
 services:
   generator:
-    image: wazuh/wazuh-certs-generator:0.0.2
+    image: wazuh/wazuh-certs-generator:0.0.1
     hostname: wazuh-certs-generator
     volumes:
       - ./config/wazuh_indexer_ssl_certs/:/certificates/

single-node/config/wazuh_cluster/wazuh_manager.conf

@@ -95,25 +95,69 @@
     <skip_nfs>yes</skip_nfs>
   </sca>
 
-  <vulnerability-detection>
-    <enabled>yes</enabled>
-    <index-status>yes</index-status>
-    <feed-update-interval>60m</feed-update-interval>
-  </vulnerability-detection>
+  <vulnerability-detector>
+    <enabled>no</enabled>
+    <interval>5m</interval>
+    <min_full_scan_interval>6h</min_full_scan_interval>
+    <run_on_start>yes</run_on_start>
 
-  <indexer>
-    <enabled>yes</enabled>
-    <hosts>
-      <host>https://wazuh.indexer:9200</host>
-    </hosts>
-    <ssl>
-      <certificate_authorities>
-        <ca>/etc/ssl/root-ca.pem</ca>
-      </certificate_authorities>
-      <certificate>/etc/ssl/filebeat.pem</certificate>
-      <key>/etc/ssl/filebeat.key</key>
-    </ssl>
-  </indexer>
+    <!-- Ubuntu OS vulnerabilities -->
+    <provider name="canonical">
+      <enabled>no</enabled>
+      <os>trusty</os>
+      <os>xenial</os>
+      <os>bionic</os>
+      <os>focal</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Debian OS vulnerabilities -->
+    <provider name="debian">
+      <enabled>no</enabled>
+      <os>stretch</os>
+      <os>buster</os>
+      <os>bullseye</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- RedHat OS vulnerabilities -->
+    <provider name="redhat">
+      <enabled>no</enabled>
+      <os>5</os>
+      <os>6</os>
+      <os>7</os>
+      <os>8</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Amazon Linux OS vulnerabilities -->
+    <provider name="alas">
+      <enabled>no</enabled>
+      <os>amazon-linux</os>
+      <os>amazon-linux-2</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Arch OS vulnerabilities -->
+    <provider name="arch">
+      <enabled>no</enabled>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Windows OS vulnerabilities -->
+    <provider name="msu">
+      <enabled>yes</enabled>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Aggregate vulnerabilities -->
+    <provider name="nvd">
+      <enabled>yes</enabled>
+      <update_from_year>2010</update_from_year>
+      <update_interval>1h</update_interval>
+    </provider>
+
+  </vulnerability-detector>
 
   <!-- File integrity monitoring -->
   <syscheck>

single-node/config/wazuh_dashboard/opensearch_dashboards.yml

@@ -9,4 +9,4 @@ server.ssl.enabled: true
 server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
 server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
 opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
-uiSettings.overrides.defaultRoute: /app/wz-home
+uiSettings.overrides.defaultRoute: /app/wazuh

single-node/docker-compose.yml

@@ -3,16 +3,9 @@ version: '3.7'
 
 services:
   wazuh.manager:
-    image: wazuh/wazuh-manager:4.10.3
+    image: wazuh/wazuh-manager:4.4.2
     hostname: wazuh.manager
     restart: always
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 655360
-        hard: 655360
     ports:
       - "1514:1514"
       - "1515:1515"
@@ -46,13 +39,13 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.indexer:
-    image: wazuh/wazuh-indexer:4.10.3
+    image: wazuh/wazuh-indexer:4.4.2
     hostname: wazuh.indexer
     restart: always
     ports:
       - "9200:9200"
     environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
     ulimits:
       memlock:
         soft: -1
@@ -71,7 +64,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.10.3
+    image: wazuh/wazuh-dashboard:4.4.2
     hostname: wazuh.dashboard
     restart: always
     ports:
@@ -90,8 +83,6 @@ services:
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
       - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
       - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
-      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
-      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
     depends_on:
       - wazuh.indexer
     links:
@@ -111,5 +102,3 @@ volumes:
   filebeat_etc:
   filebeat_var:
   wazuh-indexer-data:
-  wazuh-dashboard-config:
-  wazuh-dashboard-custom:

single-node/generate-indexer-certs.yml

@@ -3,7 +3,7 @@ version: '3'
 
 services:
   generator:
-    image: wazuh/wazuh-certs-generator:0.0.2
+    image: wazuh/wazuh-certs-generator:0.0.1
     hostname: wazuh-certs-generator
     volumes:
       - ./config/wazuh_indexer_ssl_certs/:/certificates/