Merge pull request #1526 from wazuh/enhancement/1520-revert-create_user.py-script-deletion

Revert create_user.py script deletion

.env

@@ -1,6 +1,6 @@
-WAZUH_VERSION=4.12.0
-WAZUH_IMAGE_VERSION=4.12.0
+WAZUH_VERSION=4.9.0
+WAZUH_IMAGE_VERSION=4.9.0
 WAZUH_TAG_REVISION=1
-FILEBEAT_TEMPLATE_BRANCH=4.12.0
+FILEBEAT_TEMPLATE_BRANCH=4.9.0
 WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz
 WAZUH_UI_REVISION=1

.github/.goss.yaml

@@ -56,7 +56,7 @@ package:
   wazuh-manager:
     installed: true
     versions:
-    - 4.12.0
+    - 4.9.0
 port:
   tcp:1514:
     listening: true

.github/free-disk-space/action.yml

@@ -1,245 +0,0 @@
-name: "Free Disk Space (Ubuntu)"
-description: "A configurable GitHub Action to free up disk space on an Ubuntu GitHub Actions runner."
-
-# Thanks @jlumbroso for the action code https://github.com/jlumbroso/free-disk-space/
-# See: https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#branding
-
-inputs:
-  android:
-    description: "Remove Android runtime"
-    required: false
-    default: "true"
-  dotnet:
-    description: "Remove .NET runtime"
-    required: false
-    default: "true"
-  haskell:
-    description: "Remove Haskell runtime"
-    required: false
-    default: "true"
-
-  # option inspired by:
-  # https://github.com/apache/flink/blob/master/tools/azure-pipelines/free_disk_space.sh
-  large-packages:
-    description: "Remove large packages"
-    required: false
-    default: "true"
-
-  docker-images:
-    description: "Remove Docker images"
-    required: false
-    default: "true"
-
-  # option inspired by:
-  # https://github.com/actions/virtual-environments/issues/2875#issuecomment-1163392159
-  tool-cache:
-    description: "Remove image tool cache"
-    required: false
-    default: "false"
-
-  swap-storage:
-    description: "Remove swap storage"
-    required: false
-    default: "true"
-
-runs:
-  using: "composite"
-  steps:
-    - shell: bash
-      run: |
-
-        # ======
-        # MACROS
-        # ======
-
-        # macro to print a line of equals
-        # (silly but works)
-        printSeparationLine() {
-          str=${1:=}
-          num=${2:-80}
-          counter=1
-          output=""
-          while [ $counter -le $num ]
-          do
-             output="${output}${str}"
-             counter=$((counter+1))
-          done
-          echo "${output}"
-        }
-
-        # macro to compute available space
-        # REF: https://unix.stackexchange.com/a/42049/60849
-        # REF: https://stackoverflow.com/a/450821/408734
-        getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); }
-
-        # macro to make Kb human readable (assume the input is Kb)
-        # REF: https://unix.stackexchange.com/a/44087/60849
-        formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); }
-
-        # macro to output saved space
-        printSavedSpace() {
-          saved=${1}
-          title=${2:-}
-
-          echo ""
-          printSeparationLine '*' 80
-          if [ ! -z "${title}" ]; then
-            echo "=> ${title}: Saved $(formatByteCount $saved)"
-          else
-            echo "=> Saved $(formatByteCount $saved)"
-          fi
-          printSeparationLine '*' 80
-          echo ""
-        }
-
-        # macro to print output of dh with caption
-        printDH() {
-          caption=${1:-}
-
-          printSeparationLine '=' 80
-          echo "${caption}"
-          echo ""
-          echo "$ dh -h /"
-          echo ""
-          df -h /
-          echo "$ dh -a /"
-          echo ""
-          df -a /
-          echo "$ dh -a"
-          echo ""
-          df -a
-          printSeparationLine '=' 80
-        }
-
-
-
-        # ======
-        # SCRIPT
-        # ======
-
-        # Display initial disk space stats
-
-        AVAILABLE_INITIAL=$(getAvailableSpace)
-        AVAILABLE_ROOT_INITIAL=$(getAvailableSpace '/')
-
-        printDH "BEFORE CLEAN-UP:"
-        echo ""
-
-
-        # Option: Remove Android library
-
-        if [[ ${{ inputs.android }} == 'true' ]]; then
-          BEFORE=$(getAvailableSpace)
-          
-          sudo rm -rf /usr/local/lib/android || true
-
-          AFTER=$(getAvailableSpace)
-          SAVED=$((AFTER-BEFORE))
-          printSavedSpace $SAVED "Android library"
-        fi
-
-        # Option: Remove .NET runtime
-
-        if [[ ${{ inputs.dotnet }} == 'true' ]]; then
-          BEFORE=$(getAvailableSpace)
-
-          # https://github.community/t/bigger-github-hosted-runners-disk-space/17267/11
-          sudo rm -rf /usr/share/dotnet || true
-          
-          AFTER=$(getAvailableSpace)
-          SAVED=$((AFTER-BEFORE))
-          printSavedSpace $SAVED ".NET runtime"
-        fi
-
-        # Option: Remove Haskell runtime
-
-        if [[ ${{ inputs.haskell }} == 'true' ]]; then
-          BEFORE=$(getAvailableSpace)
-
-          sudo rm -rf /opt/ghc || true
-          sudo rm -rf /usr/local/.ghcup || true
-          
-          AFTER=$(getAvailableSpace)
-          SAVED=$((AFTER-BEFORE))
-          printSavedSpace $SAVED "Haskell runtime"
-        fi
-
-        # Option: Remove large packages
-        # REF: https://github.com/apache/flink/blob/master/tools/azure-pipelines/free_disk_space.sh
-
-        if [[ ${{ inputs.large-packages }} == 'true' ]]; then
-          BEFORE=$(getAvailableSpace)
-          
-          sudo apt-get remove -y '^aspnetcore-.*' || echo "::warning::The command [sudo apt-get remove -y '^aspnetcore-.*'] failed to complete successfully. Proceeding..."
-          sudo apt-get remove -y '^dotnet-.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y '^dotnet-.*' --fix-missing] failed to complete successfully. Proceeding..."
-          sudo apt-get remove -y '^llvm-.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y '^llvm-.*' --fix-missing] failed to complete successfully. Proceeding..."
-          sudo apt-get remove -y 'php.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y 'php.*' --fix-missing] failed to complete successfully. Proceeding..."
-          sudo apt-get remove -y '^mongodb-.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y '^mongodb-.*' --fix-missing] failed to complete successfully. Proceeding..."
-          sudo apt-get remove -y '^mysql-.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y '^mysql-.*' --fix-missing] failed to complete successfully. Proceeding..."
-          sudo apt-get remove -y azure-cli google-chrome-stable firefox powershell mono-devel libgl1-mesa-dri --fix-missing || echo "::warning::The command [sudo apt-get remove -y azure-cli google-chrome-stable firefox powershell mono-devel libgl1-mesa-dri --fix-missing] failed to complete successfully. Proceeding..."
-          sudo apt-get remove -y google-cloud-sdk --fix-missing || echo "::debug::The command [sudo apt-get remove -y google-cloud-sdk --fix-missing] failed to complete successfully. Proceeding..."
-          sudo apt-get remove -y google-cloud-cli --fix-missing || echo "::debug::The command [sudo apt-get remove -y google-cloud-cli --fix-missing] failed to complete successfully. Proceeding..."
-          sudo apt-get autoremove -y || echo "::warning::The command [sudo apt-get autoremove -y] failed to complete successfully. Proceeding..."
-          sudo apt-get clean || echo "::warning::The command [sudo apt-get clean] failed to complete successfully. Proceeding..."
-
-          AFTER=$(getAvailableSpace)
-          SAVED=$((AFTER-BEFORE))
-          printSavedSpace $SAVED "Large misc. packages"
-        fi
-
-        # Option: Remove Docker images
-
-        if [[ ${{ inputs.docker-images }} == 'true' ]]; then
-          BEFORE=$(getAvailableSpace)
-
-          sudo docker image prune --all --force || true
-
-          AFTER=$(getAvailableSpace)
-          SAVED=$((AFTER-BEFORE))
-          printSavedSpace $SAVED "Docker images"
-        fi
-
-        # Option: Remove tool cache
-        # REF: https://github.com/actions/virtual-environments/issues/2875#issuecomment-1163392159
-
-        if [[ ${{ inputs.tool-cache }} == 'true' ]]; then
-          BEFORE=$(getAvailableSpace)
-
-          sudo rm -rf "$AGENT_TOOLSDIRECTORY" || true
-          
-          AFTER=$(getAvailableSpace)
-          SAVED=$((AFTER-BEFORE))
-          printSavedSpace $SAVED "Tool cache"
-        fi
-
-        # Option: Remove Swap storage
-
-        if [[ ${{ inputs.swap-storage }} == 'true' ]]; then
-          BEFORE=$(getAvailableSpace)
-
-          sudo swapoff -a || true
-          sudo rm -f /mnt/swapfile || true
-          free -h
-          
-          AFTER=$(getAvailableSpace)
-          SAVED=$((AFTER-BEFORE))
-          printSavedSpace $SAVED "Swap storage"
-        fi
-
-
-
-        # Output saved space statistic
-
-        AVAILABLE_END=$(getAvailableSpace)
-        AVAILABLE_ROOT_END=$(getAvailableSpace '/')
-
-        echo ""
-        printDH "AFTER CLEAN-UP:"
-
-        echo ""
-        echo ""
-
-        echo "/dev/root:"
-        printSavedSpace $((AVAILABLE_ROOT_END - AVAILABLE_ROOT_INITIAL))
-        echo "overall:"
-        printSavedSpace $((AVAILABLE_END - AVAILABLE_INITIAL))

.github/workflows/Procedure_push_docker_images.yml

@@ -1,167 +0,0 @@
-run-name: Launch Push Docker Images - ${{ inputs.id }}
-name: Push Docker Images
-
-on:
-  workflow_dispatch:
-    inputs:
-      image_tag:
-        description: 'Docker image tag'
-        default: '4.12.0'
-        required: true
-      docker_reference:
-        description: 'wazuh-docker reference'
-        default: 'v4.12.0'
-        required: true
-      products:
-        description: 'Comma-separated list of the image names to build and push'
-        default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer'
-        required: true
-      filebeat_module_version:
-        description: 'Filebeat module version'
-        default: '0.4'
-        required: true
-      revision:
-        description: 'Package revision'
-        default: '1'
-        required: true
-      push_images:
-        description: 'Push images'
-        type: boolean
-        default: true
-        required: true
-      id:
-        description: "ID used to identify the workflow uniquely."
-        type: string
-        required: false
-      dev:
-        description: "Add tag suffix '-dev' to the image tag ?"
-        type: boolean
-        default: true
-        required: false
-  workflow_call:
-    inputs:
-      image_tag:
-        description: 'Docker image tag'
-        default: '4.12.0'
-        required: true
-        type: string
-      docker_reference:
-        description: 'wazuh-docker reference'
-        default: 'v4.12.0'
-        required: false
-        type: string
-      products:
-        description: 'Comma-separated list of the image names to build and push'
-        default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer'
-        required: true
-        type: string
-      filebeat_module_version:
-        description: 'Filebeat module version'
-        default: '0.4'
-        required: true
-        type: string
-      revision:
-        description: 'Package revision'
-        default: '1'
-        required: true
-        type: string
-      push_images:
-        description: 'Push images'
-        type: boolean
-        default: true
-        required: true
-      id:
-        description: "ID used to identify the workflow uniquely."
-        type: string
-        required: false
-      dev:
-        description: "Add tag suffix '-dev' to the image tag ?"
-        type: boolean
-        default: false
-        required: false
-
-jobs:
-  build-and-push:
-    runs-on: ubuntu-22.04
-
-    steps:
-    - name: Print inputs
-      run: |
-        echo "---------------------------------------------"
-        echo "Running Procedure_push_docker_images workflow"
-        echo "---------------------------------------------"
-        echo "* BRANCH: ${{ github.ref }}"
-        echo "* COMMIT: ${{ github.sha }}"
-        echo "---------------------------------------------"
-        echo "Inputs provided:"
-        echo "---------------------------------------------"
-        echo "* id: ${{ inputs.id }}"
-        echo "* image_tag: ${{ inputs.image_tag }}"
-        echo "* docker_reference: ${{ inputs.docker_reference }}"
-        echo "* products: ${{ inputs.products }}"
-        echo "* filebeat_module_version: ${{ inputs.filebeat_module_version }}"
-        echo "* revision: ${{ inputs.revision }}"
-        echo "* push_images: ${{ inputs.push_images }}"
-        echo "* dev: ${{ inputs.dev }}"
-        echo "---------------------------------------------"
-
-    - name: Checkout repository
-      uses: actions/checkout@v4
-      with:
-        ref: ${{ inputs.docker_reference }}
-
-    - name: Log in to Docker Hub
-      uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
-    - name: Install Docker Compose
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y docker-compose
-        echo "Installed Docker Compose version: $(docker-compose --version)"
-
-    - name: Build Wazuh images
-      run: |
-        IMAGE_TAG=${{ inputs.image_tag }}
-        FILEBEAT_MODULE_VERSION=${{ inputs.filebeat_module_version }}
-        REVISION=${{ inputs.revision }}
-
-        if [[ "$IMAGE_TAG" == *"-"* ]]; then
-          IFS='-' read -r -a tokens <<< "$IMAGE_TAG"
-          if [ -z "${tokens[1]}" ]; then
-            echo "Invalid image tag: $IMAGE_TAG"
-            exit 1
-          fi
-          DEV_STAGE=${tokens[1]}
-          WAZUH_VER=${tokens[0]}
-          ./build-docker-images/build-images.sh -v $WAZUH_VER -r $REVISION -d $DEV_STAGE -f $FILEBEAT_MODULE_VERSION
-        else
-          ./build-docker-images/build-images.sh -v $IMAGE_TAG -r $REVISION -f $FILEBEAT_MODULE_VERSION
-        fi
-
-        # Save .env file (generated by build-images.sh) contents to $GITHUB_ENV
-        ENV_FILE_PATH=".env"
-
-        if [ -f $ENV_FILE_PATH ]; then
-          while IFS= read -r line || [ -n "$line" ]; do
-            echo "$line" >> $GITHUB_ENV
-          done < $ENV_FILE_PATH
-        else
-          echo "The environment file $ENV_FILE_PATH does not exist!"
-          exit 1
-        fi
-
-    - name: Tag and Push Wazuh images
-      if: ${{ inputs.push_images }}
-      run: |
-        IMAGE_TAG="${{ inputs.image_tag }}$( [ "${{ inputs.dev }}" == "true" ] && echo '-dev' || true )"
-        IMAGE_NAMES=${{ inputs.products }}
-        IFS=',' read -r -a images <<< "$IMAGE_NAMES"
-        for image in "${images[@]}"; do
-          echo "Tagging and pushing wazuh/$image:${WAZUH_VERSION} to wazuh/$image:$IMAGE_TAG"
-          docker tag wazuh/$image:${WAZUH_VERSION} wazuh/$image:$IMAGE_TAG
-          echo "Pushing wazuh/$image:$IMAGE_TAG ..."
-          docker push wazuh/$image:$IMAGE_TAG
-        done

.github/workflows/push.yml

@@ -4,7 +4,7 @@ on: [pull_request]
 
 jobs:
   build-docker-images:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
 
     - name: Check out code
@@ -29,21 +29,21 @@ jobs:
         docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
 
     - name: Temporarily save Wazuh manager Docker image
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v3
       with:
         name: docker-artifact-manager
         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar
         retention-days: 1
 
     - name: Temporarily save Wazuh indexer Docker image
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v3
       with:
         name: docker-artifact-indexer
         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar
         retention-days: 1
 
     - name: Temporarily save Wazuh dashboard Docker image
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v3
       with:
         name: docker-artifact-dashboard
         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
@@ -61,7 +61,7 @@ jobs:
         GOSS_FILE: .github/.goss.yaml
 
   check-single-node:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     needs: build-docker-images
     steps:
 
@@ -77,17 +77,17 @@ jobs:
       run: cat .env > $GITHUB_ENV
 
     - name: Retrieve saved Wazuh indexer Docker image
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v3
       with:
         name: docker-artifact-indexer
 
     - name: Retrieve saved Wazuh manager Docker image
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v3
       with:
         name: docker-artifact-manager
 
     - name: Retrieve saved Wazuh dashboard Docker image
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v3
       with:
         name: docker-artifact-dashboard
 
@@ -189,7 +189,7 @@ jobs:
       run: ./.github/single-node-log-check.sh
 
   check-multi-node:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     needs: build-docker-images
     steps:
 
@@ -205,20 +205,25 @@ jobs:
       run: cat .env > $GITHUB_ENV
 
     - name: free disk space
-      uses: ./.github/free-disk-space
+      run: |
+        sudo swapoff -a
+        sudo rm -f /swapfile
+        sudo apt clean
+        docker rmi $(docker image ls -aq)
+        df -h
 
     - name: Retrieve saved Wazuh dashboard Docker image
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v3
       with:
         name: docker-artifact-dashboard
 
     - name: Retrieve saved Wazuh manager Docker image
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v3
       with:
         name: docker-artifact-manager
 
     - name: Retrieve saved Wazuh indexer Docker image
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v3
       with:
         name: docker-artifact-indexer
 

.github/workflows/trivy-dashboard.yml

@@ -27,7 +27,7 @@ jobs:
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
 
     name: Build images and upload Trivy results
-    runs-on: "ubuntu-22.04"
+    runs-on: "ubuntu-latest"
     steps:
       - name: Checkout code
         uses: actions/checkout@v3

.github/workflows/trivy-indexer.yml

@@ -27,7 +27,7 @@ jobs:
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
 
     name: Build images and upload Trivy results
-    runs-on: "ubuntu-22.04"
+    runs-on: "ubuntu-latest"
     steps:
       - name: Checkout code
         uses: actions/checkout@v3

.github/workflows/trivy-manager.yml

@@ -27,7 +27,7 @@ jobs:
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
 
     name: Build images and upload Trivy results
-    runs-on: "ubuntu-22.04"
+    runs-on: "ubuntu-latest"
     steps:
       - name: Checkout code
         uses: actions/checkout@v3

CHANGELOG.md

@@ -1,144 +1,6 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
-## [4.12.0]
-
-### Added
-
-- None
-
-### Changed
-
-- Change VERSION file format ([#1728](https://github.com/wazuh/wazuh-docker/pull/1728)) \- (VERSION file)
-- Change Ubuntu version used in workflows ([#1662](https://github.com/wazuh/wazuh-docker/pull/1662)) \- (Docker workflows)
-
-### Fixed
-
-- Fix permanent data scripts ([#1603](https://github.com/wazuh/wazuh-docker/pull/1603))
-
-### Deleted
-
-- None
-
-## [4.11.2]
-
-### Added
-
-- None
-
-### Changed
-
-- None
-
-### Fixed
-
-- None
-
-### Deleted
-
-- None
-
-## [4.11.1]
-
-### Added
-
-- None
-
-### Changed
-
-- None
-
-### Fixed
-
-- None
-
-### Deleted
-
-- None
-
-## [4.11.0]
-
-### Added
-
-- None
-
-### Changed
-
-- None
-
-### Fixed
-
-- Change the cleaning disk step ([#1663](https://github.com/wazuh/wazuh-docker/pull/1663))
-
-### Deleted
-
-- None
-
-## [4.10.1]
-
-### Added
-
-- None
-
-### Changed
-
-- None
-
-### Fixed
-
-- None
-
-### Deleted
-
-- None
-
-## [4.10.0]
-
-### Added
-
-- Improve the push docker images workflow ([#1551](https://github.com/wazuh/wazuh-docker/pull/1551))
-- Update the Procedure push docker images workflow file ([#1524](https://github.com/wazuh/wazuh-docker/pull/1524))
-- Add the push_docker_images procedure workflow file ([#1518](https://github.com/wazuh/wazuh-docker/pull/1518))
-
-### Changed
-
-- None
-
-### Fixed
-
-- Add unset capabilities. ([#1619](https://github.com/wazuh/wazuh-docker/pull/1619))
-- Removed references to module enabling because they are now enabled by default. ([#1416](https://github.com/wazuh/wazuh-docker/pull/1416))
-
-### Deleted
-
-- None
-
-## [4.9.2]
-
-### Added
-
-- Update Wazuh to version [4.9.2](https://github.com/wazuh/wazuh/blob/v4.9.2/CHANGELOG.md#v492)
-
-## [4.9.1]
-
-### Added
-
-- None
-
-### Changed
-
-- None
-
-
-### Fixed
-
-- Fix typos into Wazuh manager entrypoint ([#1569](https://github.com/wazuh/wazuh-docker/pull/1569))
-
-### Deleted
-
-- None
-
-
 ## Wazuh Docker v4.9.0
 ### Added
 

README.md

@@ -58,6 +58,20 @@ CHECKS_TEMPLATE=true            # step once the Wazuh app starts. Values must be
 CHECKS_API=true
 CHECKS_SETUP=true
 
+EXTENSIONS_PCI=true             # Enable PCI Extension
+EXTENSIONS_GDPR=true            # Enable GDPR Extension
+EXTENSIONS_HIPAA=true           # Enable HIPAA Extension
+EXTENSIONS_NIST=true            # Enable NIST Extension
+EXTENSIONS_TSC=true             # Enable TSC Extension
+EXTENSIONS_AUDIT=true           # Enable Audit Extension
+EXTENSIONS_OSCAP=false          # Enable OpenSCAP Extension
+EXTENSIONS_CISCAT=false         # Enable CISCAT Extension
+EXTENSIONS_AWS=false            # Enable AWS Extension
+EXTENSIONS_GCP=false            # Enable GCP Extension
+EXTENSIONS_VIRUSTOTAL=false     # Enable Virustotal Extension
+EXTENSIONS_OSQUERY=false        # Enable OSQuery Extension
+EXTENSIONS_DOCKER=false         # Enable Docker Extension
+
 APP_TIMEOUT=20000               # Defines maximum timeout to be used on the Wazuh app requests
 
 API_SELECTOR=true               Defines if the user is allowed to change the selected API directly from the Wazuh app top menu
@@ -165,7 +179,7 @@ WAZUH_MONITORING_REPLICAS=0         ##
     │   ├── docker-compose.yml
     │   ├── generate-indexer-certs.yml
     │   └── README.md
-    └── VERSION.json
+    └── VERSION
 
 
 
@@ -178,14 +192,6 @@ WAZUH_MONITORING_REPLICAS=0         ##
 
 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
-| v4.12.0       |         |        |
-| v4.11.2       |         |        |
-| v4.11.1       |         |        |
-| v4.11.0       |         |        |
-| v4.10.1       |         |        |
-| v4.10.0       |         |        |
-| v4.9.2        |         |        |
-| v4.9.1        |         |        |
 | v4.9.0        |         |        |
 | v4.8.2        |         |        |
 | v4.8.1        |         |        |

SECURITY.md

@@ -16,11 +16,11 @@ Please submit your findings as security advisories under the "Security" tab in t
 ## Vulnerability Disclosure Policy
 Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps:
 
-1. Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
-2. Validation: We will validate the issue and work on reproducing it in our environment.
-3. Remediation: We will work on a fix and thoroughly test it
-4. Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
-5. Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
+- Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
+- Validation: We will validate the issue and work on reproducing it in our environment.
+- Remediation: We will work on a fix and thoroughly test it
+- Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
+- Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
 
 This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability.
 
@@ -42,4 +42,4 @@ We ask that all users and contributors respect this policy and the security of o
 ## Changes to this Security Policy
 This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date.
 
-If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com)
+If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com).

VERSION

@@ -0,0 +1,2 @@
+WAZUH-DOCKER_VERSION="4.9.0"
+REVISION="40907"

VERSION.json

@@ -1,4 +0,0 @@
-{
-    "version": "4.12.0",
-    "stage": "rc1"
-}

build-docker-images/README.md

@@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im
 The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
 
 ```
-$ build-docker-images/build-images.sh -v 4.12.0
+$ build-docker-images/build-images.sh -v 4.9.0
 ```
 
 To get all the available script options use the -h or --help option:
@@ -26,7 +26,7 @@ Usage: build-docker-images/build-images.sh [OPTIONS]
     -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
     -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default 0.4.
     -r, --revision <rev>         [Optional] Package revision. By default 1
-    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 4.12.0.
+    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 4.9.0.
     -h, --help                   Show this help.
 
 ```

build-docker-images/build-images.sh

@@ -1,4 +1,4 @@
-WAZUH_IMAGE_VERSION=4.12.0
+WAZUH_IMAGE_VERSION=4.9.0
 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
 WAZUH_TAG_REVISION=1
 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
@@ -12,7 +12,7 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
 # License (version 2) as published by the FSF - Free Software
 # Foundation.
 
-WAZUH_IMAGE_VERSION="4.12.0"
+WAZUH_IMAGE_VERSION="4.9.0"
 WAZUH_TAG_REVISION="1"
 WAZUH_DEV_STAGE=""
 FILEBEAT_MODULE_VERSION="0.4"
@@ -52,11 +52,16 @@ build() {
             FILEBEAT_TEMPLATE_BRANCH="v${FILEBEAT_TEMPLATE_BRANCH}"
         elif curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/${FILEBEAT_TEMPLATE_BRANCH}"; then
             FILEBEAT_TEMPLATE_BRANCH="${FILEBEAT_TEMPLATE_BRANCH}"
+        else
+            WAZUH_MASTER_VERSION="$(curl -s https://raw.githubusercontent.com/wazuh/wazuh/master/src/VERSION | sed -e 's/v//g')"
+            if [ "${FILEBEAT_TEMPLATE_BRANCH}" == "${WAZUH_MASTER_VERSION}" ]; then
+                FILEBEAT_TEMPLATE_BRANCH="master"
             else
                 echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}"
                 clean 1
             fi
         fi
+    fi
 
     echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > .env
     echo WAZUH_IMAGE_VERSION=$WAZUH_IMAGE_VERSION >> .env
@@ -65,7 +70,7 @@ build() {
     echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> .env
     echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env
 
-    docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache || clean 1
+    docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache
 
     return 0
 }

build-docker-images/build-images.yml

@@ -62,7 +62,7 @@ services:
       context: wazuh-dashboard/
       args:
         WAZUH_VERSION: ${WAZUH_VERSION}
-        WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
+        WAZUH_TAG_REVISION: 2
         WAZUH_UI_REVISION: ${WAZUH_UI_REVISION}
     image: wazuh/wazuh-dashboard:${WAZUH_IMAGE_VERSION}
     hostname: wazuh.dashboard

build-docker-images/wazuh-dashboard/Dockerfile

@@ -21,8 +21,6 @@ RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
 RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
 RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
 COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
-RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/bin/node
-RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/fallback/bin/node
 
 # Generate certificates
 COPY config/config.sh .
@@ -50,6 +48,21 @@ ENV PATTERN="" \
     CHECKS_TEMPLATE="" \
     CHECKS_API="" \
     CHECKS_SETUP="" \
+    EXTENSIONS_PCI="" \
+    EXTENSIONS_GDPR="" \
+    EXTENSIONS_HIPAA="" \
+    EXTENSIONS_NIST="" \
+    EXTENSIONS_TSC="" \
+    EXTENSIONS_AUDIT="" \
+    EXTENSIONS_OSCAP="" \
+    EXTENSIONS_CISCAT="" \
+    EXTENSIONS_AWS="" \
+    EXTENSIONS_GCP="" \
+    EXTENSIONS_GITHUB=""\
+    EXTENSIONS_OFFICE=""\
+    EXTENSIONS_VIRUSTOTAL="" \
+    EXTENSIONS_OSQUERY="" \
+    EXTENSIONS_DOCKER="" \
     APP_TIMEOUT="" \
     API_SELECTOR="" \
     IP_SELECTOR="" \

build-docker-images/wazuh-dashboard/config/check_repository.sh

@@ -1,14 +1,29 @@
 ## variables
-APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
 GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
+REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
+MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
+MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
+MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
+MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
+MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
 
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
+## check version to use the correct repository
+if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
+  APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
+  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
+    APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+    REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
+    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
+      APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+      REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+    fi
+  fi
 fi
 
 rpm --import "${APT_KEY}"

build-docker-images/wazuh-dashboard/config/config.sh

@@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config
 
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.12/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.12/
+PACKAGES_URL=https://packages.wazuh.com/4.9/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.9/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh

@@ -15,6 +15,21 @@ declare -A CONFIG_MAP=(
   [checks.template]=$CHECKS_TEMPLATE
   [checks.api]=$CHECKS_API
   [checks.setup]=$CHECKS_SETUP
+  [extensions.pci]=$EXTENSIONS_PCI
+  [extensions.gdpr]=$EXTENSIONS_GDPR
+  [extensions.hipaa]=$EXTENSIONS_HIPAA
+  [extensions.nist]=$EXTENSIONS_NIST
+  [extensions.tsc]=$EXTENSIONS_TSC
+  [extensions.audit]=$EXTENSIONS_AUDIT
+  [extensions.oscap]=$EXTENSIONS_OSCAP
+  [extensions.ciscat]=$EXTENSIONS_CISCAT
+  [extensions.aws]=$EXTENSIONS_AWS
+  [extensions.gcp]=$EXTENSIONS_GCP
+  [extensions.github]=$EXTENSIONS_GITHUB
+  [extensions.office]=$EXTENSIONS_OFFICE
+  [extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL
+  [extensions.osquery]=$EXTENSIONS_OSQUERY
+  [extensions.docker]=$EXTENSIONS_DOCKER
   [timeout]=$APP_TIMEOUT
   [api.selector]=$API_SELECTOR
   [ip.selector]=$IP_SELECTOR

build-docker-images/wazuh-indexer/config/check_repository.sh

@@ -1,14 +1,29 @@
 ## variables
-APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
 GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
+REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
+MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
+MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
+MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
+MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
+MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
 
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
+## check version to use the correct repository
+if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
+  APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
+  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
+    APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+    REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
+    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
+      APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+      REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+    fi
+  fi
 fi
 
 rpm --import "${APT_KEY}"

build-docker-images/wazuh-indexer/config/config.sh

@@ -22,8 +22,8 @@ export REPO_DIR=/unattended_installer
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.12/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.12/
+PACKAGES_URL=https://packages.wazuh.com/4.9/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.9/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

build-docker-images/wazuh-manager/Dockerfile

@@ -60,8 +60,6 @@ RUN mkdir -p /var/ossec/var/multigroups && \
     sync && /permanent_data.sh && \
     sync && rm /permanent_data.sh
 
-RUN rm /etc/yum.repos.d/wazuh.repo
-
 # Services ports
 EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp
 

build-docker-images/wazuh-manager/config/check_repository.sh

@@ -1,14 +1,29 @@
 ## variables
-APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
 GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
+REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
+MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
+MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
+MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
+MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
+MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
 
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
+## check version to use the correct repository
+if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
+  APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
+  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
+    APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+    REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
+    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
+      APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+      REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+    fi
+  fi
 fi
 
 rpm --import "${APT_KEY}"

build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init

@@ -47,8 +47,12 @@ mount_permanent_data() {
     if find ${permanent_dir} -mindepth 1 | read; then
       print "The path ${permanent_dir} is already mounted"
     else
+      if find ${data_tmp} -mindepth 1 | read; then
         print "Installing ${permanent_dir}"
-        exec_cmd "cp -ar ${data_tmp}. ${permanent_dir}"
+        exec_cmd "cp -a ${data_tmp}. ${permanent_dir}"
+      else
+        print "The path ${permanent_dir} is empty, skiped"
+      fi
     fi
   done
 }

build-docker-images/wazuh-manager/config/etc/cont-init.d/1-config-filebeat

@@ -4,7 +4,7 @@
 set -e
 
 if [ "$INDEXER_URL" != "" ]; then
-  >&2 echo "Customize Elasticsearch output IP"
+  >&2 echo "Customize Elasticsearch ouput IP"
   sed -i "s|hosts:.*|hosts: ['$INDEXER_URL']|g" /etc/filebeat/filebeat.yml
 fi
 

build-docker-images/wazuh-manager/config/filebeat_module.sh

@@ -1,10 +1,23 @@
-## variables
-REPOSITORY="packages-dev.wazuh.com/pre-release"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
+REPOSITORY="packages.wazuh.com/4.x"
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
+MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
+MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
+MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
+MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
+MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
 
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  REPOSITORY="packages.wazuh.com/4.x"
+## check version to use the correct repository
+if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
+  REPOSITORY="packages-dev.wazuh.com/pre-release"
+elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
+  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
+    REPOSITORY="packages-dev.wazuh.com/pre-release"
+  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
+    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
+      REPOSITORY="packages-dev.wazuh.com/pre-release"
+    fi
+  fi
 fi
 
 curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm &&\

build-docker-images/wazuh-manager/config/permanent_data.env

@@ -82,11 +82,6 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/orm.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/utils.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/__init__.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_utils.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/__init__.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/analytics.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/graph.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/storage.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
@@ -94,9 +89,6 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/bucket.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/access_logs.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py"
 export PERMANENT_DATA_EXCP
 
 # Files mounted in a volume that should be deleted

build-docker-images/wazuh-manager/config/permanent_data.sh

@@ -30,7 +30,11 @@ mkdir ${PERMANENT_PATH}
 for permanent_dir in "${PERMANENT_DATA[@]}"; do
   # Create the directory for the permanent file if it does not exist
   DIR=$(dirname "${permanent_dir}")
+  if [ ! -e ${PERMANENT_PATH}${DIR}  ]
+  then
     mkdir -p ${PERMANENT_PATH}${DIR}
-  cp -ar ${permanent_dir} ${PERMANENT_PATH}${DIR}
+  fi
+  
+  mv ${permanent_dir} ${PERMANENT_PATH}${permanent_dir}
 
 done

indexer-certs-creator/config/entrypoint.sh

@@ -8,8 +8,8 @@
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.12/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.12/
+PACKAGES_URL=https://packages.wazuh.com/4.9/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.9/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

multi-node/docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh.master:
-    image: wazuh/wazuh-manager:4.12.0
+    image: wazuh/wazuh-manager:4.9.0
     hostname: wazuh.master
     restart: always
     ulimits:
@@ -45,7 +45,7 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.worker:
-    image: wazuh/wazuh-manager:4.12.0
+    image: wazuh/wazuh-manager:4.9.0
     hostname: wazuh.worker
     restart: always
     ulimits:
@@ -81,7 +81,7 @@ services:
       - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh1.indexer:
-    image: wazuh/wazuh-indexer:4.12.0
+    image: wazuh/wazuh-indexer:4.9.0
     hostname: wazuh1.indexer
     restart: always
     ports:
@@ -107,7 +107,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh2.indexer:
-    image: wazuh/wazuh-indexer:4.12.0
+    image: wazuh/wazuh-indexer:4.9.0
     hostname: wazuh2.indexer
     restart: always
     environment:
@@ -129,7 +129,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh3.indexer:
-    image: wazuh/wazuh-indexer:4.12.0
+    image: wazuh/wazuh-indexer:4.9.0
     hostname: wazuh3.indexer
     restart: always
     environment:
@@ -151,7 +151,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.12.0
+    image: wazuh/wazuh-dashboard:4.9.0
     hostname: wazuh.dashboard
     restart: always
     ports:

single-node/docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh.manager:
-    image: wazuh/wazuh-manager:4.12.0
+    image: wazuh/wazuh-manager:4.9.0
     hostname: wazuh.manager
     restart: always
     ulimits:
@@ -46,7 +46,7 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.indexer:
-    image: wazuh/wazuh-indexer:4.12.0
+    image: wazuh/wazuh-indexer:4.9.0
     hostname: wazuh.indexer
     restart: always
     ports:
@@ -71,7 +71,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.12.0
+    image: wazuh/wazuh-dashboard:4.9.0
     hostname: wazuh.dashboard
     restart: always
     ports: