Merge pull request #450 from wazuh/bump-4.1.2

v4.1.2 bump

.goss.yaml

@@ -6,7 +6,7 @@ file:
     group: root
     filetype: file
     contains: []
-  /var/ossec/bin/wazuh-control:
+  /var/ossec/bin/ossec-control:
     exists: true
     mode: "0750"
     owner: root
@@ -52,11 +52,11 @@ package:
   filebeat:
     installed: true
     versions:
-    - 7.10.2
+    - 7.10.0
   wazuh-manager:
     installed: true
     versions:
-    - 4.2.1
+    - 4.1.2
 port:
   tcp:1514:
     listening: true
@@ -95,17 +95,17 @@ group:
 process:
   filebeat:
     running: true
-  wazuh-analysisd:
+  ossec-analysisd:
     running: true
-  wazuh-authd:
+  ossec-authd:
     running: true
-  wazuh-execd:
+  ossec-execd:
     running: true
-  wazuh-monitord:
+  ossec-monitord:
     running: true
-  wazuh-remoted:
+  ossec-remoted:
     running: true
-  wazuh-syscheckd:
+  ossec-syscheckd:
     running: true
   s6-supervise:
     running: true

CHANGELOG.md

@@ -1,32 +1,6 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
-## Wazuh Docker v4.2.1
-### Added
-
-- Update Wazuh to version [4.2.1](https://github.com/wazuh/wazuh/blob/v4.2.1/CHANGELOG.md#v421)
-
-## Wazuh Docker v4.2.0
-### Added
-
-- Update Wazuh to version [4.2.0](https://github.com/wazuh/wazuh/blob/v4.2.0/CHANGELOG.md#v420)
-
-## Wazuh Docker v4.1.5
-### Added
-
-- Update Wazuh to version [4.1.5](https://github.com/wazuh/wazuh/blob/v4.1.5/CHANGELOG.md#v415)
-- Update ODFE compatibility to version 1.13.2
-
-## Wazuh Docker v4.1.4
-### Added
-
-- Update Wazuh to version [4.1.4](https://github.com/wazuh/wazuh/blob/v4.1.4/CHANGELOG.md#v414)
-
-## Wazuh Docker v4.1.3
-### Added
-
-- Update Wazuh to version [4.1.3](https://github.com/wazuh/wazuh/blob/v4.1.3/CHANGELOG.md#v413)
-
 ## Wazuh Docker v4.1.2
 ### Added
 

README.md

@@ -22,11 +22,11 @@ In addition, a docker-compose file is provided to launch the containers mentione
 * [Docker hub](https://hub.docker.com/u/wazuh)
 
 
-### Setup SSL certificate
+### Setup SSL certificate and Basic Authentication
 
-Before starting the environment it is required to provide an SSL certificate (or just generate one self-signed).
+Before starting the environment it is required to provide an SSL certificate (or just generate one self-signed) and setup the basic auth.
 
-Documentation on how to provide these two can be found at [Wazuh Docer Documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#production-deployment).
+Documentation on how to provide these two can be found at [nginx_conf/README.md](nginx_conf/README.md).
 
 
 ## Environment Variables
@@ -146,26 +146,29 @@ ADMIN_PRIVILEGES=true               # App privileges
 
 ## Branches
 
+* `4.0` branch on correspond to the latest Wazuh-Docker stable version.
 * `master` branch contains the latest code, be aware of possible bugs on this branch.
-* `stable` branch on correspond to the last Wazuh stable version.
+* `Wazuh.Version` (for example 3.13.1_7.8.0 or 4.1.0) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.
 
 
 ## Compatibility Matrix
 
 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
-| v4.2.1        | 1.13.2  | 7.11.2 |
-| v4.2.0        | 1.13.2  | 7.10.2 |
-| v4.1.5        | 1.13.2  | 7.10.2 |
-| v4.1.4        | 1.12.0  | 7.10.2 |
-| v4.1.3        | 1.12.0  | 7.10.2 |
 | v4.1.2        | 1.12.0  | 7.10.2 |
+|---------------|---------|--------|
 | v4.1.1        | 1.12.0  | 7.10.2 |
+|---------------|---------|--------|
 | v4.1.0        | 1.12.0  | 7.10.2 |
+|---------------|---------|--------|
 | v4.0.4        | 1.11.0  |        |
+|---------------|---------|--------|
 | v4.0.3        | 1.11.0  |        |
+|---------------|---------|--------|
 | v4.0.2        | 1.11.0  |        |
+|---------------|---------|--------|
 | v4.0.1        | 1.11.0  |        |
+|---------------|---------|--------|
 | v4.0.0        | 1.10.1  |        |
 
 ## Credits and Thank you

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.2.1"
-REVISION="40214"
+WAZUH-DOCKER_VERSION="4.1.2"
+REVISION="41100"

build-from-sources.yml

@@ -31,7 +31,7 @@ services:
       - filebeat_var:/var/lib/filebeat
 
   elasticsearch:
-    image: amazon/opendistro-for-elasticsearch:1.13.2
+    image: amazon/opendistro-for-elasticsearch:1.12.0
     hostname: elasticsearch
     restart: always
     ports:

docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh:
-    image: wazuh/wazuh-odfe:4.2.1
+    image: wazuh/wazuh-odfe:4.1.2
     hostname: wazuh-manager
     restart: always
     ports:
@@ -30,7 +30,7 @@ services:
       - filebeat_var:/var/lib/filebeat
 
   elasticsearch:
-    image: amazon/opendistro-for-elasticsearch:1.13.2
+    image: amazon/opendistro-for-elasticsearch:1.12.0
     hostname: elasticsearch
     restart: always
     ports:
@@ -50,7 +50,7 @@ services:
         hard: 65536
 
   kibana:
-    image: wazuh/wazuh-kibana-odfe:4.2.1
+    image: wazuh/wazuh-kibana-odfe:4.1.2
     hostname: kibana
     restart: always
     ports:

kibana-odfe/Dockerfile

@@ -1,8 +1,8 @@
 # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-FROM amazon/opendistro-for-elasticsearch-kibana:1.13.2
+FROM amazon/opendistro-for-elasticsearch-kibana:1.12.0
 USER kibana
-ARG ELASTIC_VERSION=7.10.2
-ARG WAZUH_VERSION=4.2.1
+ARG ELASTIC_VERSION=7.10.0
+ARG WAZUH_VERSION=4.1.2
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
 
 WORKDIR /usr/share/kibana

kibana-odfe/config/kibana_settings.sh

@@ -18,6 +18,8 @@ WAZUH_MAJOR=4
 # Customize elasticsearch ip
 ##############################################################################
 sed -i "s|elasticsearch.hosts:.*|elasticsearch.hosts: $el_url|g" /usr/share/kibana/config/kibana.yml
+# disable multitenancy
+sed -i "s|opendistro_security.multitenancy.enabled:.*|opendistro_security.multitenancy.enabled: false|g" /usr/share/kibana/config/kibana.yml
 
 # If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate.
 if [ "$KIBANA_INDEX" != "" ]; then
@@ -53,6 +55,6 @@ rm -f ${default_index}
 sleep 5
 # Configuring Kibana TimePicker.
 curl ${auth} -POST -k "https://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
-'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\"}"}}'
+'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\",\n  \"mode\": \"quick\"}"}}'
 
 echo "End settings"

kibana-odfe/config/welcome_wazuh.sh

@@ -4,7 +4,7 @@
 if [[ $CHANGE_WELCOME == "true" ]]
 then
     echo "Set Wazuh app as the default landing page"
-    echo "server.defaultRoute: /app/wazuh?security_tenant=global" >> /usr/share/kibana/config/kibana.yml
+    echo "server.defaultRoute: /app/wazuh" >> /usr/share/kibana/config/kibana.yml
 
     echo "Set custom welcome styles"
     cp -f /tmp/custom_welcome/template.js.hbs /usr/share/kibana/src/legacy/ui/ui_render/bootstrap/template.js.hbs

kibana/Dockerfile

@@ -2,7 +2,7 @@
 FROM docker.elastic.co/kibana/kibana:7.10.2
 USER kibana
 ARG ELASTIC_VERSION=7.10.2
-ARG WAZUH_VERSION=4.2.1
+ARG WAZUH_VERSION=4.1.2
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
 
 WORKDIR /usr/share/kibana

kibana/config/kibana_settings.sh

@@ -70,7 +70,7 @@ rm -f ${default_index}
 sleep 5
 # Configuring Kibana TimePicker.
 curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
-'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\"}"}}'
+'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\",\n  \"mode\": \"quick\"}"}}'
 
 sleep 5
 # Do not ask user to help providing usage statistics to Elastic

production-cluster.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh-master:
-    image: wazuh/wazuh-odfe:4.2.1
+    image: wazuh/wazuh-odfe:4.1.2
     hostname: wazuh-master
     restart: always
     ports:
@@ -38,7 +38,7 @@ services:
       - ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh-worker:
-    image: wazuh/wazuh-odfe:4.2.1
+    image: wazuh/wazuh-odfe:4.1.2
     hostname: wazuh-worker
     restart: always
     environment:
@@ -67,7 +67,7 @@ services:
       - ./production_cluster/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
 
   elasticsearch:
-    image: amazon/opendistro-for-elasticsearch:1.13.2
+    image: amazon/opendistro-for-elasticsearch:1.12.0
     hostname: elasticsearch
     restart: always
     ports:
@@ -86,13 +86,11 @@ services:
       - ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
       - ./production_cluster/ssl_certs/node1.key:/usr/share/elasticsearch/config/node1.key
       - ./production_cluster/ssl_certs/node1.pem:/usr/share/elasticsearch/config/node1.pem
-      - ./production_cluster/ssl_certs/admin.pem:/usr/share/elasticsearch/config/admin.pem
-      - ./production_cluster/ssl_certs/admin.key:/usr/share/elasticsearch/config/admin.key
       - ./production_cluster/elastic_opendistro/elasticsearch-node1.yml:/usr/share/elasticsearch/config/elasticsearch.yml
       - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
 
   elasticsearch-2:
-    image: amazon/opendistro-for-elasticsearch:1.13.2
+    image: amazon/opendistro-for-elasticsearch:1.12.0
     hostname: elasticsearch-2
     restart: always
     environment:
@@ -113,7 +111,7 @@ services:
       - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
 
   elasticsearch-3:
-    image: amazon/opendistro-for-elasticsearch:1.13.2
+    image: amazon/opendistro-for-elasticsearch:1.12.0
     hostname: elasticsearch-3
     restart: always
     environment:
@@ -134,7 +132,7 @@ services:
       - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
 
   kibana:
-    image: wazuh/wazuh-kibana-odfe:4.2.1
+    image: wazuh/wazuh-kibana-odfe:4.1.2
     hostname: kibana
     restart: always
     ports:

production_cluster/elastic_opendistro/elasticsearch-node1.yml

@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
     - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
     - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
     - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
+opendistro_security.authcz.admin_dn: []
 opendistro_security.audit.type: internal_elasticsearch
 opendistro_security.enable_snapshot_restore_privilege: true
 opendistro_security.check_snapshot_restore_write_privileges: true

production_cluster/elastic_opendistro/elasticsearch-node2.yml

@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
     - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
     - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
     - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
+opendistro_security.authcz.admin_dn: []
 opendistro_security.audit.type: internal_elasticsearch
 opendistro_security.enable_snapshot_restore_privilege: true
 opendistro_security.check_snapshot_restore_write_privileges: true

production_cluster/elastic_opendistro/elasticsearch-node3.yml

@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
     - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
     - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
     - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
+opendistro_security.authcz.admin_dn: []
 opendistro_security.audit.type: internal_elasticsearch
 opendistro_security.enable_snapshot_restore_privilege: true
 opendistro_security.check_snapshot_restore_write_privileges: true

production_cluster/kibana_ssl/generate-self-signed-cert.sh

@@ -9,5 +9,4 @@ then
     exit
 else
     openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
-    chown -R 1000:1000 *.pem
 fi

production_cluster/ssl_certs/certs.yml

@@ -27,9 +27,4 @@ nodes:
   - name: filebeat
     dn: CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com
     dns: 
-      - wazuh
-
-clients:
-  - name: admin
-    dn: CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com
-    admin: true
+      - wazuh 

production_cluster/wazuh_cluster/wazuh_manager.conf

@@ -94,7 +94,7 @@
     <ignore_time>6h</ignore_time>
     <run_on_start>yes</run_on_start>
 
-    <!-- Ubuntu OS vulnerabilities -->
+    <!-- Ubuntu OS vulnerabilities --> 
     <provider name="canonical">
       <enabled>no</enabled>
       <os>trusty</os>
@@ -104,7 +104,7 @@
       <update_interval>1h</update_interval>
     </provider>
 
-    <!-- Debian OS vulnerabilities -->
+    <!-- Debian OS vulnerabilities -->  
     <provider name="debian">
       <enabled>no</enabled>
       <os>stretch</os>
@@ -112,7 +112,7 @@
       <update_interval>1h</update_interval>
     </provider>
 
-    <!-- RedHat OS vulnerabilities -->
+    <!-- RedHat OS vulnerabilities -->  
     <provider name="redhat">
       <enabled>no</enabled>
       <os>5</os>
@@ -307,7 +307,7 @@
     <rule_dir>etc/rules</rule_dir>
   </ruleset>
 
-  <!-- Configuration for wazuh-authd -->
+  <!-- Configuration for ossec-authd -->
   <auth>
     <disabled>no</disabled>
     <port>1515</port>
@@ -346,4 +346,4 @@
     <log_format>syslog</log_format>
     <location>/var/ossec/logs/active-responses.log</location>
   </localfile>
-</ossec_config>
+</ossec_config> 

production_cluster/wazuh_cluster/wazuh_worker.conf

@@ -94,7 +94,7 @@
     <ignore_time>6h</ignore_time>
     <run_on_start>yes</run_on_start>
 
-    <!-- Ubuntu OS vulnerabilities -->
+    <!-- Ubuntu OS vulnerabilities --> 
     <provider name="canonical">
       <enabled>no</enabled>
       <os>trusty</os>
@@ -104,7 +104,7 @@
       <update_interval>1h</update_interval>
     </provider>
 
-    <!-- Debian OS vulnerabilities -->
+    <!-- Debian OS vulnerabilities -->  
     <provider name="debian">
       <enabled>no</enabled>
       <os>stretch</os>
@@ -112,7 +112,7 @@
       <update_interval>1h</update_interval>
     </provider>
 
-    <!-- RedHat OS vulnerabilities -->
+    <!-- RedHat OS vulnerabilities -->  
     <provider name="redhat">
       <enabled>no</enabled>
       <os>5</os>
@@ -307,7 +307,7 @@
     <rule_dir>etc/rules</rule_dir>
   </ruleset>
 
-  <!-- Configuration for wazuh-authd -->
+  <!-- Configuration for ossec-authd -->
   <auth>
     <disabled>no</disabled>
     <port>1515</port>
@@ -346,4 +346,4 @@
     <log_format>syslog</log_format>
     <location>/var/ossec/logs/active-responses.log</location>
   </localfile>
-</ossec_config>
+</ossec_config> 

wazuh-odfe/Dockerfile

@@ -2,8 +2,8 @@
 FROM centos:7
 
 ARG FILEBEAT_CHANNEL=filebeat-oss
-ARG FILEBEAT_VERSION=7.10.2
-ARG WAZUH_VERSION=4.2.1
+ARG FILEBEAT_VERSION=7.10.0
+ARG WAZUH_VERSION=4.1.2-1
 ARG TEMPLATE_VERSION="master"
 ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"
 

wazuh-odfe/config/etc/cont-init.d/0-wazuh-init

@@ -74,23 +74,6 @@ apply_exclusion_data() {
   done
 }
 
-##############################################################################
-# This function will rename in the permanent data volume every file
-# contained in PERMANENT_DATA_MOVE
-##############################################################################
-
-move_data_files() {
-  for mov_file in "${PERMANENT_DATA_MOVE[@]}"; do
-    file_split=( $mov_file )
-    if [ -e ${file_split[0]} ]
-    then
-      print "moving ${mov_file}"
-      exec_cmd "mv -f ${mov_file}"
-    fi
-  done
-}
-
-
 ##############################################################################
 # This function will delete from the permanent data volume every file
 # contained in PERMANENT_DATA_DEL
@@ -101,7 +84,7 @@ remove_data_files() {
     if [ -e ${del_file} ]
     then
       print "Removing ${del_file}"
-      exec_cmd "rm -f ${del_file}"
+      exec_cmd "rm ${del_file}"
     fi
   done
 }
@@ -111,7 +94,7 @@ remove_data_files() {
 ##############################################################################
 
 create_ossec_key_cert() {
-  print "Creating wazuh-authd key and cert"
+  print "Creating ossec-authd key and cert"
   exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096"
   exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/"
 }
@@ -175,13 +158,10 @@ main() {
   # Restore files stored in permanent data that are not permanent  (i.e. internal_options.conf)
   apply_exclusion_data
 
-  # Rename files stored in permanent data (i.e. queue/ossec)
-  move_data_files
-
   # Remove some files in permanent_data (i.e. .template.db)
   remove_data_files
 
-  # Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
+  # Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
   if [ $AUTO_ENROLLMENT_ENABLED == true ]
   then
     if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]

wazuh-odfe/config/etc/cont-init.d/2-manager

@@ -123,4 +123,4 @@ function_create_custom_user
 function_entrypoint_scripts
 
 # Start Wazuh
-/var/ossec/bin/wazuh-control start
+/var/ossec/bin/ossec-control start

wazuh-odfe/config/permanent_data.env

@@ -4,7 +4,6 @@ PERMANENT_DATA[((i++))]="/var/ossec/api/configuration"
 PERMANENT_DATA[((i++))]="/var/ossec/etc"
 PERMANENT_DATA[((i++))]="/var/ossec/logs"
 PERMANENT_DATA[((i++))]="/var/ossec/queue"
-PERMANENT_DATA[((i++))]="/var/ossec/queue/logcollector"
 PERMANENT_DATA[((i++))]="/var/ossec/agentless"
 PERMANENT_DATA[((i++))]="/var/ossec/var/multigroups"
 PERMANENT_DATA[((i++))]="/var/ossec/integrations"
@@ -21,21 +20,23 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw_mac.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/wazuh-slack"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-wazuh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-slack.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-tweeter.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-ossec.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/sshlogin.exp"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_pixconfig_diff"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_asa-fwsmconfig_diff"
@@ -64,8 +65,3 @@ export PERMANENT_DATA_EXCP
 i=0
 PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/db/.template.db"
 export PERMANENT_DATA_DEL
-
-i=0
-PERMANENT_DATA_MOVE[((i++))]="/var/ossec/logs/ossec /var/ossec/logs/wazuh"
-PERMANENT_DATA_MOVE[((i++))]="/var/ossec/queue/ossec /var/ossec/queue/sockets"
-export PERMANENT_DATA_MOVE

xpack-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh:
-    image: wazuh/wazuh:4.2.1
+    image: wazuh/wazuh:4.1.2
     hostname: wazuh-manager
     restart: always
     ports:
@@ -146,7 +146,7 @@ services:
 
 
   kibana:
-    image: wazuh/wazuh-kibana:4.2.1
+    image: wazuh/wazuh-kibana:4.1.2
     hostname: kibana
     restart: always
     ports:

xpack-from-sources.yml

@@ -7,8 +7,8 @@ services:
       context: wazuh-odfe/
       args:
         - FILEBEAT_CHANNEL=filebeat
-        - FILEBEAT_VERSION=7.11.2
-    image: wazuh/wazuh:4.2.1
+        - FILEBEAT_VERSION=7.10.2
+    image: wazuh/wazuh:4.1.2
     hostname: wazuh-manager
     restart: always
     ports:
@@ -42,7 +42,7 @@ services:
 
 
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
     hostname: elasticsearch
     restart: always
     ports:
@@ -79,7 +79,7 @@ services:
       - ./xpack/elasticsearch/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt
 
   elasticsearch2:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
     hostname: elasticsearch2
     restart: always
     environment:
@@ -114,7 +114,7 @@ services:
       - ./xpack/elasticsearch2/elasticsearch2.crt:/usr/share/elasticsearch/config/elasticsearch.crt
 
   elasticsearch3:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
     hostname: elasticsearch3
     restart: always
     environment:
@@ -152,7 +152,7 @@ services:
 
   kibana:
     build: kibana/
-    image: wazuh/wazuh-kibana:4.2.1
+    image: wazuh/wazuh-kibana:4.1.2
     hostname: kibana
     restart: always
     ports: