Add wodles to permanent_data (#239 )

Former-commit-id: 7a8b332c93
Fix copy except files (#238 )
2025-10-30 03:23:40 +00:00 · 2019-09-06 15:29:25 +02:00 · 2019-09-06 10:42:39 +02:00 · 2019-09-05 17:18:55 +02:00 · 2019-09-05 10:56:51 +02:00 · 2019-09-05 10:52:07 +02:00
34 changed files with 2722 additions and 475 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,11 +1,31 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 ## Wazuh Docker v3.9.4_6.8.1
 ## Wazuh Docker v3.9.3_6.8.1
 ### Added
 - Update to Wazuh version 3.9.3_6.8.1
 ### Added
 - Option to disable additionals X-Pack applications and hide unnecesary management links ([@SitoRBJ](https://github.com/SitoRBJ)) ([#163](https://github.com/wazuh/wazuh-docker/pull/163))
 ## Wazuh Docker v3.9.2_6.8.0
 ### Added
 - Update to Wazuh version 3.9.2_6.8.0
 ## Wazuh Docker v3.9.1_6.8.0
 ### Added
 - Update to Wazuh version 3.9.1_6.8.0 ([#181](https://github.com/wazuh/wazuh-docker/pull/181))
 - Security for Elastic Stack in Docker implemented ([#186](https://github.com/wazuh/wazuh-docker/issues/186))
 ### Fixed
@@ -19,6 +39,7 @@ All notable changes to this project will be documented in this file.
 ## Wazuh Docker v3.9.0_6.7.1
 ### Added
 - Support for xPACK authorized requests ([@manuasir](https://github.com/manuasir)) ([#119](https://github.com/wazuh/wazuh-docker/pull/119))
--- a/README.md
+++ b/README.md
@@ -63,7 +63,7 @@ In addition, a docker-compose file is provided to launch the containers mentione
 * `stable` branch on correspond to the latest Wazuh-Docker stable version.
 * `master` branch contains the latest code, be aware of possible bugs on this branch.
-* `Wazuh.Version_ElasticStack.Version` (for example 3.9.1_6.8.2) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.
+* `Wazuh.Version_ElasticStack.Version` (for example 3.9.3_6.8.1) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.
 ## Credits and Thank you
--- a/4
+++ b/4
@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="3.9.1_6.8.0"
+WAZUH-DOCKER_VERSION="3.9.4_6.8.1"
-REVISION="3901"
+REVISION="3942"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,7 +3,7 @@ version: '2'
 services:
  wazuh:
-    image: wazuh/wazuh:3.9.1_6.8.0
+    image: wazuh/wazuh:3.9.3_6.8.1
    hostname: wazuh-manager
    restart: always
    ports:
@@ -14,7 +14,7 @@ services:
    depends_on:
      - logstash
  logstash:
-    image: wazuh/wazuh-logstash:3.9.1_6.8.0
+    image: wazuh/wazuh-logstash:3.9.3_6.8.1
    hostname: logstash
    restart: always
    links:
@@ -25,8 +25,14 @@ services:
      - elasticsearch
    environment:
      - LS_HEAP_SIZE=2048m
      - SECURITY_ENABLED=yes
      - SECURITY_LOGSTASH_USER=service_logstash
      - SECURITY_LOGSTASH_PASS=logstash_pass
      - LOGSTASH_OUTPUT=https://elasticsearch:9200
      - ELASTICSEARCH_URL=https://elasticsearch:9200
      - SECURITY_CA_PEM=server.TEST-CA-signed.pem
  elasticsearch:
-    image: wazuh/wazuh-elasticsearch:3.9.1_6.8.0
+    image: wazuh/wazuh-elasticsearch:3.9.3_6.8.1
    hostname: elasticsearch
    restart: always
    ports:
@@ -37,13 +43,33 @@ services:
      - network.host=0.0.0.0
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
      - ELASTICSEARCH_PROTOCOL=https
      - ELASTICSEARCH_IP=elasticsearch
      - ELASTICSEARCH_PORT=9200
      - SECURITY_ENABLED=yes
      - SECURITY_ADMIN_USER=wazuh_admin
      - SECURITY_ADMIN_PASS=admin_pass
      - SECURITY_ELASTIC_PASSWORD=elastic_pass
      - SECURITY_KIBANA_USER=service_kibana
      - SECURITY_KIBANA_PASS=kibana_pass
      - SECURITY_LOGSTASH_USER=service_logstash 
      - SECURITY_LOGSTASH_PASS=logstash_pass
      - SECURITY_CA_PASSPHRASE=ca_pass
      - SECURITY_CERTIFICATE_DNS=elasticsearch
      - SECURITY_CA_PEM=server.TEST-CA-signed.pem
      - SECURITY_CA_KEY=server.TEST-CA.key
      - SECURITY_CA_TRUST=server.TEST-CA-signed.pem
      - SECURITY_MAIN_NODE=elasticsearch
      - SECURITY_OPENSSL_CONF=TEST_openssl.cnf
      - SECURITY_MONITORING_USER=service_monitoring
      - SECURITY_MONITORING_PASS=monitoring_pass
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 2g
  kibana:
-    image: wazuh/wazuh-kibana:3.9.1_6.8.0
+    image: wazuh/wazuh-kibana:3.9.3_6.8.1
    hostname: kibana
    restart: always
    depends_on:
@@ -51,17 +77,14 @@ services:
    links:
      - elasticsearch:elasticsearch
      - wazuh:wazuh
  nginx:
    image: wazuh/wazuh-nginx:3.9.1_6.8.0
    hostname: nginx
    restart: always
    environment:
-      - NGINX_PORT=443
+      - ELASTICSEARCH_URL=https://elasticsearch:9200
-      - NGINX_CREDENTIALS
+      - SECURITY_ENABLED=yes
      - SECURITY_KIBANA_USER=service_kibana
      - SECURITY_KIBANA_PASS=kibana_pass
      - SECURITY_KIBANA_SSL_KEY_PATH=/usr/share/kibana/config/ssl/private
      - SECURITY_KIBANA_SSL_CERT_PATH=/usr/share/kibana/config/ssl/certs
      - ELASTICSEARCH_KIBANA_IP=https://elasticsearch:9200
      - SECURITY_CA_PEM=server.TEST-CA-signed.pem
    ports:
-      - "80:80"
+      - "5601:5601"
      - "443:443"
    depends_on:
      - kibana
    links:
      - kibana:kibana
--- a/elasticsearch/Dockerfile
+++ b/elasticsearch/Dockerfile
@@ -1,7 +1,5 @@
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-FROM docker.elastic.co/elasticsearch/elasticsearch:6.8.0
+FROM docker.elastic.co/elasticsearch/elasticsearch:6.8.2
 ENV ELASTICSEARCH_URL="http://elasticsearch:9200"
 ENV ALERTS_SHARDS="1" \
    ALERTS_REPLICAS="0"
@@ -13,7 +11,21 @@ ENV XPACK_ML="true"
 ENV ENABLE_CONFIGURE_S3="false"
-ENV TEMPLATE_VERSION=v3.9.1
+ENV TEMPLATE_VERSION=v3.9.4
 # This CA is created for testing. Please set your own CA zip containing the key and the signed certificate. 
 # command: $ docker build <elasticsearch_directory> --build-arg SECURITY_CA_PEM_LOCATION=<CA_PEM_LOCATION> --build-arg SECURITY_CA_KEY_LOCATION=<CA_KEY_LOCATION>
 # ENV variables are necessary: SECURITY_CA_PEM, SECURITY_CA_KEY, SECURITY_CA_TRUST, SECURITY_OPENSSL_CONF 
 # Example:
 # ARG SECURITY_CA_PEM_LOCATION="config/server.TEST-CA-signed.pem"
 # ARG SECURITY_CA_KEY_LOCATION="config/server.TEST-CA.key"
 # ARG SECURITY_OPENSSL_CONF_LOCATION="config/TEST_openssl.cnf"
 # ARG SECURITY_CA_TRUST_LOCATION="config/server.TEST-CA-signed.pem"
 ARG SECURITY_CA_PEM_LOCATION=""
 ARG SECURITY_CA_KEY_LOCATION=""
 ARG SECURITY_OPENSSL_CONF_LOCATION=""
 ARG SECURITY_CA_TRUST_LOCATION=""
 # Elasticearch cluster configuration environment variables
 # If ELASTIC_CLUSTER is set to "true" the following variables will be added to the Elasticsearch configuration
@@ -31,6 +43,16 @@ ENV ELASTIC_CLUSTER="false" \
 ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/6.x/wazuh-template.json /usr/share/elasticsearch/config
 # CA cert for Transport SSL
 ADD $SECURITY_CA_PEM_LOCATION /usr/share/elasticsearch/config
 ADD $SECURITY_CA_KEY_LOCATION /usr/share/elasticsearch/config 
 ADD $SECURITY_OPENSSL_CONF_LOCATION /usr/share/elasticsearch/config 
 ADD $SECURITY_CA_TRUST_LOCATION /usr/share/elasticsearch/config 
 RUN yum install openssl -y
 RUN mkdir /entrypoint-scripts
 COPY config/entrypoint.sh /entrypoint.sh
 RUN chmod 755 /entrypoint.sh
@@ -39,13 +61,19 @@ COPY --chown=elasticsearch:elasticsearch ./config/load_settings.sh ./
 RUN chmod +x ./load_settings.sh
-RUN bin/elasticsearch-plugin install --batch https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-s3/repository-s3-6.8.0.zip
+RUN bin/elasticsearch-plugin install --batch https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-s3/repository-s3-6.8.2.zip
 COPY config/configure_s3.sh ./config/configure_s3.sh
 RUN chmod 755 ./config/configure_s3.sh
-COPY --chown=elasticsearch:elasticsearch ./config/config_cluster.sh ./
+COPY --chown=elasticsearch:elasticsearch ./config/10-config_cluster.sh /entrypoint-scripts/10-config_cluster.sh
-RUN chmod +x ./config_cluster.sh
+RUN chmod +x /entrypoint-scripts/10-config_cluster.sh
 COPY --chown=elasticsearch:elasticsearch ./config/20-config_secure.sh /entrypoint-scripts/20-config_secure.sh
 RUN chmod +x /entrypoint-scripts/10-config_cluster.sh
 COPY --chown=elasticsearch:elasticsearch ./config/30-entrypoint.sh /entrypoint-scripts/30-entrypoint.sh
 RUN chmod +x /entrypoint-scripts/30-entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["elasticsearch"]
--- a/elasticsearch/config/10-config_cluster.sh
+++ b/elasticsearch/config/10-config_cluster.sh
@@ -3,6 +3,9 @@
 elastic_config_file="/usr/share/elasticsearch/config/elasticsearch.yml"
 original_file="/usr/share/elasticsearch/config/original-elasticsearch.yml"
 cp $elastic_config_file $original_file 
 # If Elasticsearch cluster is enable
 if [[ $ELASTIC_CLUSTER == "true" ]]
@@ -10,7 +13,6 @@ then
  # Set the cluster.name and discovery.zen.minimun_master_nodes variables
  sed -i 's:cluster.name\: "docker-cluster":cluster.name\: "'$CLUSTER_NAME'":g' $elastic_config_file
  sed -i 's:discovery.zen.minimum_master_nodes\: 1:discovery.zen.minimum_master_nodes\: '$CLUSTER_NUMBER_OF_MASTERS':g' $elastic_config_file
  # Add the cluster configuration
  echo "
@@ -28,6 +30,7 @@ bootstrap:
 discovery:
  zen:
    ping.unicast.hosts: ${CLUSTER_DISCOVERY_SERVICE}
    minimum_master_nodes: ${CLUSTER_NUMBER_OF_MASTERS}
 " >> $elastic_config_file
 fi
--- a/elasticsearch/config/20-config_secure.sh
+++ b/elasticsearch/config/20-config_secure.sh
@@ -0,0 +1,111 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 elastic_config_file="/usr/share/elasticsearch/config/elasticsearch.yml"
 ##############################################################################
 # Setup bootstrap password to chagne all Elastic Stack passwords.
 # Set xpack.security.enabled to true. In Elastic 7 must add ssl options
 ##############################################################################
 if [[ $SECURITY_ENABLED == "yes" ]]; then
  echo "Creating certificate."
  pushd /usr/share/elasticsearch/config/
  echo "Setting configuration options."
  # Create instances.yml for elasticsearch .p12 certificate and key
  echo "
 instances:
 - name: \"elasticsearch\"
  dns: 
    - $SECURITY_CERTIFICATE_DNS
 " > instances.yml
  # Change permissions and owner of ca
  chown elasticsearch: /usr/share/elasticsearch/config/$SECURITY_CA_PEM
  chmod 440 /usr/share/elasticsearch/config/$SECURITY_CA_PEM
  # Genereate .p12 certificate and key
  SECURITY_KEY_PASSPHRASE=`date +%s | sha256sum | base64 | head -c 32 ; echo`
  /usr/share/elasticsearch/bin/elasticsearch-certutil csr --in instances.yml --out certs.zip --pass $SECURITY_KEY_PASSPHRASE
  unzip certs.zip
  rm certs.zip 
  # Change permissions and owner of certificates
  chown -R elasticsearch: /usr/share/elasticsearch/config/elasticsearch
  chmod -R 770 /usr/share/elasticsearch/config/elasticsearch
  chmod 400 /usr/share/elasticsearch/config/elasticsearch/elasticsearch.csr
  # Prepare directories for openssl
  mkdir /root/ca
  mkdir /root/ca/certs /root/ca/crl /root/ca/newcerts /root/ca/private
  chmod 700 /root/ca/private
  touch /root/ca/index.txt
  echo 1000 > /root/ca/serial
  mkdir /root/ca/intermediate
  mkdir /root/ca/intermediate/certs /root/ca/intermediate/crl /root/ca/intermediate/csr /root/ca/intermediate/newcerts /root/ca/intermediate/private
  chmod 700 /root/ca/intermediate/private
  touch /root/ca/intermediate/index.txt
  echo 1000 > /root/ca/intermediate/serial
  echo 1000 > /root/ca/intermediate/crlnumber
  if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
    openssl ca -batch -config $SECURITY_OPENSSL_CONF  -in elasticsearch/elasticsearch.csr -cert $SECURITY_CA_PEM  -keyfile $SECURITY_CA_KEY  -key $SECURITY_CA_PASSPHRASE -out elasticsearch.cert.pem
  else
    input=${SECURITY_CREDENTIALS_FILE}
    CA_PASSPHRASE_FROM_FILE=""
    while IFS= read -r line
    do
      if [[ $line == *"CA_PASSPHRASE"* ]]; then
        arrIN=(${line//:/ })
        CA_PASSPHRASE_FROM_FILE=${arrIN[1]}
      fi
    done < "$input"
    openssl ca -batch -config $SECURITY_OPENSSL_CONF  -in elasticsearch/elasticsearch.csr -cert $SECURITY_CA_PEM  -keyfile $SECURITY_CA_KEY  -key $CA_PASSPHRASE_FROM_FILE -out elasticsearch.cert.pem 
  fi
  chmod 440 /usr/share/elasticsearch/config/elasticsearch.cert.pem
  # remove CA key
  rm $SECURITY_CA_KEY
  popd
  echo "Setting configuration options."
  # Settings for elasticsearch.yml
  echo "
 # Required to set the passwords and TLS options
 xpack.security.enabled: true
 xpack.security.transport.ssl.enabled: true
 xpack.security.transport.ssl.verification_mode: certificate
 xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch/elasticsearch.key
 xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.cert.pem
 xpack.security.transport.ssl.certificate_authorities: [\"/usr/share/elasticsearch/config/$SECURITY_CA_TRUST\"]
 # HTTP layer
 xpack.security.http.ssl.enabled: true
 xpack.security.http.ssl.verification_mode: certificate
 xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch/elasticsearch.key
 xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.cert.pem
 xpack.security.http.ssl.certificate_authorities: [\"/usr/share/elasticsearch/config/$SECURITY_CA_TRUST\"]
 " >> $elastic_config_file
  # Create keystore
  /usr/share/elasticsearch/bin/elasticsearch-keystore create
  # Add keys to keystore
  echo -e "$SECURITY_KEY_PASSPHRASE" | /usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.transport.ssl.secure_key_passphrase --stdin
  echo -e "$SECURITY_KEY_PASSPHRASE" | /usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.http.ssl.secure_key_passphrase --stdin
 fi
--- a/elasticsearch/config/30-entrypoint.sh
+++ b/elasticsearch/config/30-entrypoint.sh
@@ -0,0 +1,70 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 # For more information https://github.com/elastic/elasticsearch-docker/blob/6.8.1/build/elasticsearch/bin/docker-entrypoint.sh
 set -e
 # Files created by Elasticsearch should always be group writable too
 umask 0002
 run_as_other_user_if_needed() {
  if [[ "$(id -u)" == "0" ]]; then
    # If running as root, drop to specified UID and run command
    exec chroot --userspec=1000 / "${@}"
  else
    # Either we are running in Openshift with random uid and are a member of the root group
    # or with a custom --user
    exec "${@}"
  fi
 }
 #Disabling xpack features
 elasticsearch_config_file="/usr/share/elasticsearch/config/elasticsearch.yml"
 if grep -Fq  "#xpack features" "$elasticsearch_config_file" ;
 then 
  declare -A CONFIG_MAP=(
  [xpack.ml.enabled]=$XPACK_ML
  )
  for i in "${!CONFIG_MAP[@]}"
  do
    if [ "${CONFIG_MAP[$i]}" != "" ]; then
      sed -i 's/.'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $elasticsearch_config_file
    fi
  done
 else
  echo "
 #xpack features
 xpack.ml.enabled: $XPACK_ML
 " >> $elasticsearch_config_file
 fi
 # Run load settings script.
 bash /usr/share/elasticsearch/load_settings.sh &
 # Execute elasticsearch
 if [[ $SECURITY_ENABLED == "yes" ]]; then
  echo "Change Elastic password"
  if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
    run_as_other_user_if_needed echo "$SECURITY_ELASTIC_PASSWORD" | elasticsearch-keystore add -xf 'bootstrap.password'
  else
    input=${SECURITY_CREDENTIALS_FILE}
    ELASTIC_PASSWORD_FROM_FILE=""
    while IFS= read -r line
    do
      if [[ $line == *"ELASTIC_PASSWORD"* ]]; then
        arrIN=(${line//:/ })
        ELASTIC_PASSWORD_FROM_FILE=${arrIN[1]}
      fi
    done < "$input"
    run_as_other_user_if_needed echo "$ELASTIC_PASSWORD_FROM_FILE" | elasticsearch-keystore add -xf 'bootstrap.password'
  fi
  echo "Elastic password changed"
 fi
 run_as_other_user_if_needed /usr/share/elasticsearch/bin/elasticsearch 
--- a/elasticsearch/config/TEST_openssl.cnf
+++ b/elasticsearch/config/TEST_openssl.cnf
@@ -0,0 +1,132 @@
 # OpenSSL intermediate CA configuration file.
 # Copy to `/root/ca/intermediate/openssl.cnf`.
 [ ca ]
 # `man ca`
 default_ca = CA_default
 [ CA_default ]
 # Directory and file locations.
 dir               = /root/ca/intermediate
 certs             = $dir/certs
 crl_dir           = $dir/crl
 new_certs_dir     = $dir/newcerts
 database          = $dir/index.txt
 serial            = $dir/serial
 RANDFILE          = $dir/private/.rand
 # The root key and root certificate.
 private_key       = $dir/private/intermediate.key.pem
 certificate       = $dir/certs/intermediate.cert.pem
 # For certificate revocation lists.
 crlnumber         = $dir/crlnumber
 crl               = $dir/crl/intermediate.crl.pem
 crl_extensions    = crl_ext
 default_crl_days  = 30
 # SHA-1 is deprecated, so use SHA-2 instead.
 default_md        = sha256
 name_opt          = ca_default
 cert_opt          = ca_default
 default_days      = 375
 preserve          = no
 policy            = policy_loose
 [ policy_strict ]
 # The root CA should only sign intermediate certificates that match.
 # See the POLICY FORMAT section of `man ca`.
 countryName             = match
 stateOrProvinceName     = match
 organizationName        = match
 organizationalUnitName  = optional
 commonName              = supplied
 emailAddress            = optional
 [ policy_loose ]
 # Allow the intermediate CA to sign a more diverse range of certificates.
 # See the POLICY FORMAT section of the `ca` man page.
 countryName             = optional
 stateOrProvinceName     = optional
 localityName            = optional
 organizationName        = optional
 organizationalUnitName  = optional
 commonName              = supplied
 emailAddress            = optional
 [ req ]
 # Options for the `req` tool (`man req`).
 default_bits        = 2048
 distinguished_name  = req_distinguished_name
 string_mask         = utf8only
 # SHA-1 is deprecated, so use SHA-2 instead.
 default_md          = sha256
 # Extension to add when the -x509 option is used.
 x509_extensions     = v3_ca
 [ req_distinguished_name ]
 # See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
 countryName                     = Country Name (2 letter code)
 stateOrProvinceName             = State or Province Name
 localityName                    = Locality Name
 0.organizationName              = Organization Name
 organizationalUnitName          = Organizational Unit Name
 commonName                      = Common Name
 emailAddress                    = Email Address
 # Optionally, specify some defaults.
 countryName_default             = GB
 stateOrProvinceName_default     = England
 localityName_default            =
 0.organizationName_default      = Alice Ltd
 organizationalUnitName_default  =
 emailAddress_default            =
 [ v3_ca ]
 # Extensions for a typical CA (`man x509v3_config`).
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always,issuer
 basicConstraints = critical, CA:true
 keyUsage = critical, digitalSignature, cRLSign, keyCertSign
 [ v3_intermediate_ca ]
 # Extensions for a typical intermediate CA (`man x509v3_config`).
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always,issuer
 basicConstraints = critical, CA:true, pathlen:0
 keyUsage = critical, digitalSignature, cRLSign, keyCertSign
 [ usr_cert ]
 # Extensions for client certificates (`man x509v3_config`).
 basicConstraints = CA:FALSE
 nsCertType = client, email
 nsComment = "OpenSSL Generated Client Certificate"
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid,issuer
 keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
 extendedKeyUsage = clientAuth, emailProtection
 [ server_cert ]
 # Extensions for server certificates (`man x509v3_config`).
 basicConstraints = CA:FALSE
 nsCertType = server
 nsComment = "OpenSSL Generated Server Certificate"
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid,issuer:always
 keyUsage = critical, digitalSignature, keyEncipherment
 extendedKeyUsage = serverAuth
 [ crl_ext ]
 # Extension for CRLs (`man x509v3_config`).
 authorityKeyIdentifier=keyid:always
 [ ocsp ]
 # Extension for OCSP signing certificates (`man ocsp`).
 basicConstraints = CA:FALSE
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid,issuer
 keyUsage = critical, digitalSignature
 extendedKeyUsage = critical, OCSPSigning
--- a/elasticsearch/config/configure_s3.sh
+++ b/elasticsearch/config/configure_s3.sh
@@ -2,6 +2,36 @@
 set -e
 ##############################################################################
 # If Secure access to Kibana is enabled, we must set the credentials for 
 # monitoring
 ##############################################################################
 ELASTIC_PASS=""
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  ELASTIC_PASS=${SECURITY_ELASTIC_PASSWORD}
 else
  input=${SECURITY_CREDENTIALS_FILE}
  while IFS= read -r line
  do
    if [[ $line == *"ELASTIC_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      ELASTIC_PASS=${arrIN[1]}
    fi
  done < "$input"
 fi
 if [ ${SECURITY_ENABLED} != "no" ]; then
  auth="-u elastic:${ELASTIC_PASS} -k"
 else
  auth=""
 fi
 # Check number of arguments passed to configure_s3.sh. If it is different from 4 or 5, the process will finish with error.
 # param 1: number of arguments passed to configure_s3.sh
@@ -35,7 +65,7 @@ function CreateRepo()
    if [ $1 == 5 ];then
        version="$6"
    else
-        version=`curl -s $elastic_ip_port | grep number | cut -d"\"" -f4 | cut -c1`
+        version=`curl ${auth} -s $elastic_ip_port | grep number | cut -d"\"" -f4 | cut -c1`
    fi
    if ! [[ "$version" =~ ^[0-9]+$ ]];then
@@ -46,15 +76,15 @@ function CreateRepo()
    repository="$repository_name-$version"
    s3_path="$path/$version"
-    curl -X PUT "$elastic_ip_port/_snapshot/$repository" -H 'Content-Type: application/json' -d'
+    >&2 echo "Create S3 repository"
-        {
+
-            "type": "s3",
+    until curl ${auth} -X PUT "$elastic_ip_port/_snapshot/$repository" -H 'Content-Type: application/json' -d' {"type": "s3", "settings": { "bucket": "'$bucket_name'", "base_path": "'$s3_path'"} }'; do
-            "settings": {
+      >&2 echo "Elastic is unavailable, S3 repository not created - sleeping"
-            "bucket": "'$bucket_name'",
+      sleep 5
-            "base_path": "'$s3_path'"
+    done
-        }
+
-    }
+    >&2 echo "S3 repository created"
-    '
+
 }
--- a/elasticsearch/config/entrypoint.sh
+++ b/elasticsearch/config/entrypoint.sh
@@ -1,52 +1,8 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-# For more information https://github.com/elastic/elasticsearch-docker/blob/6.8.0/build/elasticsearch/bin/docker-entrypoint.sh
+# It will run every .sh script located in entrypoint-scripts folder in lexicographical order
 for script in `ls /entrypoint-scripts/*.sh | sort -n`; do
  bash "$script"
-set -e
+done
 # Files created by Elasticsearch should always be group writable too
 umask 0002
 run_as_other_user_if_needed() {
  if [[ "$(id -u)" == "0" ]]; then
    # If running as root, drop to specified UID and run command
    exec chroot --userspec=1000 / "${@}"
  else
    # Either we are running in Openshift with random uid and are a member of the root group
    # or with a custom --user
    exec "${@}"
  fi
 }
 #Disabling xpack features
 elasticsearch_config_file="/usr/share/elasticsearch/config/elasticsearch.yml"
 if grep -Fq  "#xpack features" "$elasticsearch_config_file";
 then 
  declare -A CONFIG_MAP=(
  [xpack.ml.enabled]=$XPACK_ML
  )
  for i in "${!CONFIG_MAP[@]}"
  do
    if [ "${CONFIG_MAP[$i]}" != "" ]; then
      sed -i 's/.'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $elasticsearch_config_file
    fi
  done
 else
  echo "
 #xpack features
 xpack.ml.enabled: $XPACK_ML
 " >> $elasticsearch_config_file
 fi
 # Run load settings script.
 ./config_cluster.sh
 ./load_settings.sh &
 # Execute elasticsearch
 run_as_other_user_if_needed /usr/share/elasticsearch/bin/elasticsearch 
--- a/elasticsearch/config/load_settings.sh
+++ b/elasticsearch/config/load_settings.sh
@@ -3,15 +3,88 @@
 set -e
-el_url=${ELASTICSEARCH_URL}
+if [[ "x${ELASTICSEARCH_PROTOCOL}" = "x" || "x${ELASTICSEARCH_IP}" = "x" || "x${ELASTICSEARCH_PORT}" = "x" ]]; then
  el_url="http://elasticsearch:9200"
 else
  el_url="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_IP}:${ELASTICSEARCH_PORT}"
 fi
-if [ "x${WAZUH_API_URL}" = "x" ]; then
+if [[ "x${WAZUH_API_URL}" = "x" ]]; then
  wazuh_url="https://wazuh"
 else
  wazuh_url="${WAZUH_API_URL}"
 fi
-if [ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]; then
+ELASTIC_PASS=""
 KIBANA_USER=""
 KIBANA_PASS=""
 LOGSTASH_USER=""
 LOGSTASH_PASS=""
 ADMIN_USER=""
 ADMIN_PASS=""
 WAZH_API_USER=""
 WAZH_API_PASS=""
 MONITORING_USER=""
 MONITORING_PASS=""
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  ELASTIC_PASS=${SECURITY_ELASTIC_PASSWORD}
  KIBANA_USER=${SECURITY_KIBANA_USER}
  KIBANA_PASS=${SECURITY_KIBANA_PASS}
  LOGSTASH_USER=${SECURITY_LOGSTASH_USER}
  LOGSTASH_PASS=${SECURITY_LOGSTASH_PASS}
  ADMIN_USER=${SECURITY_ADMIN_USER}
  ADMIN_PASS=${SECURITY_ADMIN_PASS}
  WAZH_API_USER=${API_USER}
  WAZH_API_PASS=${API_PASS}
  MONITORING_USER=${SECURITY_MONITORING_USER}
  MONITORING_PASS=${SECURITY_MONITORING_PASS}
 else
  input=${SECURITY_CREDENTIALS_FILE}
  while IFS= read -r line
  do
    if [[ $line == *"ELASTIC_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      ELASTIC_PASS=${arrIN[1]}
    elif [[ $line == *"KIBANA_USER"* ]]; then
      arrIN=(${line//:/ })
      KIBANA_USER=${arrIN[1]}
    elif [[ $line == *"KIBANA_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      KIBANA_PASS=${arrIN[1]}
    elif [[ $line == *"LOGSTASH_USER"* ]]; then
      arrIN=(${line//:/ })
      LOGSTASH_USER=${arrIN[1]}
    elif [[ $line == *"LOGSTASH_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      LOGSTASH_PASS=${arrIN[1]}
    elif [[ $line == *"ADMIN_USER"* ]]; then
      arrIN=(${line//:/ })
      ADMIN_USER=${arrIN[1]}
    elif [[ $line == *"ADMIN_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      ADMIN_PASS=${arrIN[1]}
    elif [[ $line == *"WAZUH_API_USER"* ]]; then
      arrIN=(${line//:/ })
      WAZH_API_USER=${arrIN[1]}
    elif [[ $line == *"WAZUH_API_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      WAZH_API_PASS=${arrIN[1]}
    elif [[ $line == *"MONITORING_USER"* ]]; then
      arrIN=(${line//:/ })
      MONITORING_USER=${arrIN[1]}
    elif [[ $line == *"MONITORING_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      MONITORING_PASS=${arrIN[1]}
    fi
  done < "$input"
 fi
 if [ ${SECURITY_ENABLED} != "no" ]; then
  auth="-uelastic:${ELASTIC_PASS} -k"
 elif [ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]; then
  auth=""
 else
  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
@@ -27,15 +100,17 @@ done
 if [ $ENABLE_CONFIGURE_S3 ]; then
  #Wait for Elasticsearch to be ready to create the repository
  sleep 10
-  IP_PORT="${ELASTICSEARCH_IP}:${ELASTICSEARCH_PORT}"
+  >&2 echo "Configure S3"
-
+  if [ "x$S3_PATH" != "x" ]; then
-  if [ "x$S3_PATH" != "x" ]; then 
+    >&2 echo "S3_PATH"
-
+    >&2 echo $S3_PATH
-    if [ "x$S3_ELASTIC_MAJOR" != "x" ]; then 
+    if [ "x$S3_ELASTIC_MAJOR" != "x" ]; then
-      ./config/configure_s3.sh $IP_PORT $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME $S3_ELASTIC_MAJOR 
+      >&2 echo "Elasticsearch major version:"
-
+      >&2 echo $S3_ELASTIC_MAJOR
      bash /usr/share/elasticsearch/config/configure_s3.sh $el_url $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME $S3_ELASTIC_MAJOR
    else
-      ./config/configure_s3.sh $IP_PORT $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME 
+      >&2 echo "Elasticserach major version not given"
      bash /usr/share/elasticsearch/config/configure_s3.sh $el_url $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME
    fi
@@ -43,6 +118,48 @@ if [ $ENABLE_CONFIGURE_S3 ]; then
 fi
 ##############################################################################
 # Setup passwords for Elastic Stack users
 ##############################################################################
 if [[ $SECURITY_ENABLED == "yes" ]]; then
  MY_HOSTNAME=`hostname`
  echo "Hostname:"
  echo $MY_HOSTNAME
  if [[ $SECURITY_MAIN_NODE == $MY_HOSTNAME ]]; then
    echo "Setting up passwords for all Elastic Stack users"
    echo "Setting remote monitoring password"
    SECURITY_REMOTE_USER_PASS=`date +%s | sha256sum | base64 | head -c 16 ; echo`
    until curl -u elastic:${ELASTIC_PASS} -k -XPUT -H 'Content-Type: application/json' 'https://localhost:9200/_xpack/security/user/remote_monitoring_user/_password ' -d '{ "password":"'$SECURITY_REMOTE_USER_PASS'" }'; do
      >&2 echo "Unavailable password seeting- sleeping"
      sleep 2
    done
    echo "Setting Kibana password"
    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' 'https://localhost:9200/_xpack/security/role/service_wazuh_app ' -d ' { "indices": [ { "names": [ ".kibana*", ".reporting*", ".monitoring*" ],  "privileges": ["read"] }, { "names": [ "wazuh-monitoring*", ".wazuh*" ],  "privileges": ["all"] } , { "names": [ "wazuh-alerts*" ],  "privileges": ["read", "view_index_metadata"] }  ] }'
    sleep 5
    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' "https://localhost:9200/_xpack/security/user/$KIBANA_USER"  -d '{ "password":"'$KIBANA_PASS'", "roles" : [ "kibana_system", "service_wazuh_app"],  "full_name" : "Service Internal Kibana User" }'
    echo "Setting APM password"
    SECURITY_APM_SYSTEM_PASS=`date +%s | sha256sum | base64 | head -c 16 ; echo`
    curl -u elastic:${ELASTIC_PASS} -k -XPUT -H 'Content-Type: application/json' 'https://localhost:9200/_xpack/security/user/apm_system/_password ' -d '{ "password":"'$SECURITY_APM_SYSTEM_PASS'" }'
    echo "Setting Beats password"
    SECURITY_BEATS_SYSTEM_PASS=`date +%s | sha256sum | base64 | head -c 16 ; echo`
    curl -u elastic:${ELASTIC_PASS} -k -XPUT -H 'Content-Type: application/json' 'https://localhost:9200/_xpack/security/user/beats_system/_password ' -d '{ "password":"'$SECURITY_BEATS_SYSTEM_PASS'" }'
    echo "Setting Logstash password"
    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' 'https://localhost:9200/_xpack/security/role/service_logstash_writer ' -d '{ "cluster": ["manage_index_templates", "monitor", "manage_ilm"], "indices": [ { "names": [ "*" ],  "privileges": ["write","delete","create_index","manage","manage_ilm"] } ] }'
    sleep 5
    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' "https://localhost:9200/_xpack/security/user/$LOGSTASH_USER" -d '{ "password":"'$LOGSTASH_PASS'", "roles" : [ "service_logstash_writer", "logstash_system"],  "full_name" : "Service Internal Logstash User" }'
    echo "Passwords established for all Elastic Stack users"
    echo "Creating Admin user"
    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' "https://localhost:9200/_xpack/security/user/$ADMIN_USER" -d '{ "password":"'$ADMIN_PASS'", "roles" : [ "superuser"],  "full_name" : "Wazuh admin" }'
    echo "Admin user created"
    echo "Setting monitoring user"
    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' 'https://localhost:9200/_xpack/security/role/service_monitoring_reader ' -d '{ "cluster": ["manage", "monitor"], "indices": [ { "names": [ "*" ],  "privileges": ["write","create_index","manage","read", "index"] } ] }'
    sleep 5
    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' "https://localhost:9200/_xpack/security/user/$MONITORING_USER" -d '{ "password":"'$MONITORING_PASS'", "roles" : [ "service_monitoring_reader", "snapshot_user"],  "full_name" : "Service Internal Monitoring User" }'
  fi
 fi
 #Insert default templates
 sed -i 's|    "index.refresh_interval": "5s"|    "index.refresh_interval": "5s",    "number_of_shards" :   '"${ALERTS_SHARDS}"',    "number_of_replicas" : '"${ALERTS_REPLICAS}"'|' /usr/share/elasticsearch/config/wazuh-template.json
@@ -51,8 +168,8 @@ cat /usr/share/elasticsearch/config/wazuh-template.json | curl -XPUT "$el_url/_t
 sleep 5
-API_PASS_Q=`echo "$API_PASS" | tr -d '"'`
+API_PASS_Q=`echo "$WAZH_API_PASS" | tr -d '"'`
-API_USER_Q=`echo "$API_USER" | tr -d '"'`
+API_USER_Q=`echo "$WAZH_API_USER" | tr -d '"'`
 API_PASSWORD=`echo -n $API_PASS_Q | base64`
 echo "Setting API credentials into Wazuh APP"
@@ -96,7 +213,7 @@ curl -XPUT "$el_url/_cluster/settings" ${auth} -H 'Content-Type: application/jso
 '
 # Set cluster delayed timeout when node falls
-curl -X PUT "$el_url/_all/_settings" -H 'Content-Type: application/json' -d'
+curl -X PUT "$el_url/_all/_settings" ${auth} -H 'Content-Type: application/json' -d'
 {
  "settings": {
    "index.unassigned.node_left.delayed_timeout": "'"$CLUSTER_DELAYED_TIMEOUT"'"
@@ -104,5 +221,12 @@ curl -X PUT "$el_url/_all/_settings" -H 'Content-Type: application/json' -d'
 }
 '
 # Remove credentials file.
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  echo "Security credentials file not used. Nothing to do."
 else
  shred -zvu ${SECURITY_CREDENTIALS_FILE}
 fi
 echo "Elasticsearch is ready."
--- a/kibana/Dockerfile
+++ b/kibana/Dockerfile
@@ -1,16 +1,29 @@
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-FROM docker.elastic.co/kibana/kibana:6.8.0
+FROM docker.elastic.co/kibana/kibana:6.8.2
-ARG WAZUH_APP_VERSION=3.9.1_6.8.0
+ARG WAZUH_APP_VERSION=3.9.4_6.8.2
 USER root
-ADD https://packages-dev.wazuh.com/pre-release/app/kibana/wazuhapp-3.9.1_6.8.0.zip /tmp
+ADD https://packages-dev.wazuh.com/pre-release/app/kibana/wazuhapp-${WAZUH_APP_VERSION}.zip /tmp
-RUN NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install file:///tmp/wazuhapp-3.9.1_6.8.0.zip &&\
+# This CA is created for testing. Please set your own CA pem signed certificate. 
 # command: $ docker build <kibana_directory> --build-arg SECURITY_CA_PEM_LOCATION=<CA_PEM_LOCATION>
 # ENV variables are necessary: SECURITY_CA_PEM 
 # Sample:
 # ARG SECURITY_CA_PEM_LOCATION="config/server.TEST-CA-signed.pem"
 ARG SECURITY_CA_PEM_LOCATION=""
 # CA for secure communication with Elastic
 ADD $SECURITY_CA_PEM_LOCATION /usr/share/kibana/config
 RUN NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install file:///tmp/wazuhapp-${WAZUH_APP_VERSION}.zip &&\
    chown -R kibana:kibana /usr/share/kibana &&\
    rm -rf /tmp/*
 RUN yum install openssl -y
 COPY config/entrypoint.sh ./entrypoint.sh
 RUN chmod 755 ./entrypoint.sh
 RUN mkdir /entrypoint-scripts
 USER kibana
@@ -41,19 +54,23 @@ ENV PATTERN="" \
    WAZUH_MONITORING_REPLICAS="" \
    ADMIN_PRIVILEGES=""
-ARG XPACK_CANVAS="true"
+ARG XPACK_CANVAS="false"
-ARG XPACK_LOGS="true"
+ARG XPACK_LOGS="false"
-ARG XPACK_INFRA="true"
+ARG XPACK_INFRA="false"
-ARG XPACK_ML="true"
+ARG XPACK_ML="false"
-ARG XPACK_DEVTOOLS="true"
+ARG XPACK_DEVTOOLS="false"
-ARG XPACK_MONITORING="true"
+ARG XPACK_MONITORING="false"
-ARG XPACK_APM="true"
+ARG XPACK_APM="false"
 ARG XPACK_MAPS="false"
 ARG XPACK_UPTIME="false"
-ARG CHANGE_WELCOME="false"
+ARG CHANGE_WELCOME="true"
-COPY --chown=kibana:kibana ./config/wazuh_app_config.sh ./
+COPY --chown=kibana:kibana ./config/10-wazuh_app_config.sh /entrypoint-scripts/10-wazuh_app_config.sh
 RUN chmod +x /entrypoint-scripts/10-wazuh_app_config.sh
-RUN chmod +x ./wazuh_app_config.sh
+COPY --chown=kibana:kibana ./config/20-entrypoint.sh /entrypoint-scripts/20-entrypoint.sh
 RUN chmod +x /entrypoint-scripts/20-entrypoint.sh
 COPY --chown=kibana:kibana ./config/kibana_settings.sh ./
--- a/kibana/config/10-wazuh_app_config.sh
+++ b/kibana/config/10-wazuh_app_config.sh
--- a/kibana/config/20-entrypoint.sh
+++ b/kibana/config/20-entrypoint.sh
@@ -0,0 +1,133 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 set -e
 ##############################################################################
 # Waiting for elasticsearch
 ##############################################################################
 if [ "x${ELASTICSEARCH_URL}" = "x" ]; then
  el_url="http://elasticsearch:9200"
 else
  el_url="${ELASTICSEARCH_URL}"
 fi
 KIBANA_USER=""
 KIBANA_PASS=""
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  KIBANA_USER=${SECURITY_KIBANA_USER}
  KIBANA_PASS=${SECURITY_KIBANA_PASS}
 else
  input=${SECURITY_CREDENTIALS_FILE}
  while IFS= read -r line
  do
    if [[ $line == *"KIBANA_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      KIBANA_PASS=${arrIN[1]}
    elif [[ $line == *"KIBANA_USER"* ]]; then
      arrIN=(${line//:/ })
      KIBANA_USER=${arrIN[1]}
    fi
  done < "$input"
 fi
 if [ ${SECURITY_ENABLED} != "no" ]; then
  auth="-u ${KIBANA_USER}:${KIBANA_PASS} -k"
 elif [ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]; then
  auth=""
 else
  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
 fi
 until curl -XGET $el_url ${auth}; do
  >&2 echo "Elastic is unavailable - sleeping"
  sleep 5
 done
 sleep 2
 >&2 echo "Elasticsearch is up."
 ##############################################################################
 # Waiting for wazuh alerts template
 ##############################################################################
 strlen=0
 while [[ $strlen -eq 0 ]]
 do
  template=$(curl $auth $el_url/_cat/templates/wazuh -s)
  strlen=${#template}
  >&2 echo "Wazuh alerts template not loaded - sleeping."
  sleep 2
 done
 sleep 2
 >&2 echo "Wazuh alerts template is loaded."
 ##############################################################################
 # If Secure access to Kibana is enabled, we must set the credentials.
 # We must create the ssl certificate.
 ##############################################################################
 if [[ $SECURITY_ENABLED == "yes" ]]; then
  # Create keystore
  /usr/share/kibana/bin/kibana-keystore create
  echo "Setting security Kibana configuiration options."
  echo "
 # Elasticsearch from/to Kibana
 elasticsearch.ssl.certificateAuthorities: [\"/usr/share/kibana/config/$SECURITY_CA_PEM\"]
 server.ssl.enabled: true
 server.ssl.certificate: $SECURITY_KIBANA_SSL_CERT_PATH/kibana-access.pem
 server.ssl.key: $SECURITY_KIBANA_SSL_KEY_PATH/kibana-access.key
 server.ssl.supportedProtocols: 
  - TLSv1.1
  - TLSv1.2
 " >> /usr/share/kibana/config/kibana.yml
  echo "Create SSL directories."
  mkdir -p $SECURITY_KIBANA_SSL_KEY_PATH $SECURITY_KIBANA_SSL_CERT_PATH
  CA_PATH="/usr/share/kibana/config"
  echo "Creating SSL certificates."
  pushd $CA_PATH
  chown kibana: $CA_PATH/$SECURITY_CA_PEM
  chmod 400 $CA_PATH/$SECURITY_CA_PEM
  SECURITY_KEY_PASS=`openssl rand -base64 32`
  openssl req -batch -x509 -days 18250 -newkey rsa:2048 -keyout $SECURITY_KIBANA_SSL_KEY_PATH/kibana-access.key -out $SECURITY_KIBANA_SSL_CERT_PATH/kibana-access.pem -passout pass:"$SECURITY_KEY_PASS" >/dev/null
  chown -R kibana: $CA_PATH/ssl
  chmod -R 770 $CA_PATH/ssl
  chmod 440 $SECURITY_KIBANA_SSL_CERT_PATH/kibana-access.pem
  popd
  echo "SSL certificates created."
  # Add keys to keystore
  echo -e "$KIBANA_PASS" | /usr/share/kibana/bin/kibana-keystore add elasticsearch.password --stdin
  echo -e "$SECURITY_KEY_PASS" | /usr/share/kibana/bin/kibana-keystore add server.ssl.keyPassphrase --stdin
  echo -e "$KIBANA_USER" | /usr/share/kibana/bin/kibana-keystore add elasticsearch.username --stdin
 fi
 ##############################################################################
 # Run more configuration scripts.
 ##############################################################################
 bash /usr/share/kibana/kibana_settings.sh &
 /usr/local/bin/kibana-docker
--- a/kibana/config/entrypoint.sh
+++ b/kibana/config/entrypoint.sh
@@ -1,57 +1,8 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-set -e
+# It will run every .sh script located in entrypoint-scripts folder in lexicographical order
 for script in `ls /entrypoint-scripts/*.sh | sort -n`; do
  bash "$script"
-##############################################################################
+done
 # Waiting for elasticsearch
 ##############################################################################
 if [ "x${ELASTICSEARCH_URL}" = "x" ]; then
  el_url="http://elasticsearch:9200"
 else
  el_url="${ELASTICSEARCH_URL}"
 fi
 if [ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]; then
  auth=""
 else
  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
 fi
 until curl -XGET $el_url ${auth}; do
  >&2 echo "Elastic is unavailable - sleeping"
  sleep 5
 done
 sleep 2
 >&2 echo "Elasticsearch is up."
 ##############################################################################
 # Waiting for wazuh alerts template
 ##############################################################################
 strlen=0
 while [[ $strlen -eq 0 ]]
 do
  template=$(curl $el_url/_cat/templates/wazuh -s)
  strlen=${#template}
  >&2 echo "Wazuh alerts template not loaded - sleeping."
  sleep 2
 done
 sleep 2
 >&2 echo "Wazuh alerts template is loaded."
 ./wazuh_app_config.sh
 sleep 5
 ./kibana_settings.sh &
 /usr/local/bin/kibana-docker
--- a/kibana/config/kibana_settings.sh
+++ b/kibana/config/kibana_settings.sh
@@ -6,8 +6,8 @@ WAZUH_MAJOR=3
 ##############################################################################
 # Wait for the Kibana API to start. It is necessary to do it in this container
-# because the others are running Elastic Stack and we can not interrupt them. 
+# because the others are running Elastic Stack and we can not interrupt them.
-# 
+#
 # The following actions are performed:
 #
 # Add the wazuh alerts index as default.
@@ -20,7 +20,6 @@ WAZUH_MAJOR=3
 ##############################################################################
 if [ "$ELASTICSEARCH_KIBANA_IP" != "" ]; then
  sed -i 's|http://elasticsearch:9200|'$ELASTICSEARCH_KIBANA_IP'|g' /usr/share/kibana/config/kibana.yml
 fi
 if [ "$KIBANA_IP" != "" ]; then
@@ -29,12 +28,43 @@ else
  kibana_ip="kibana"
 fi
-while [[ "$(curl -XGET -I  -s -o /dev/null -w ''%{http_code}'' $kibana_ip:5601/status)" != "200" ]]; do
+KIBANA_USER=""
 KIBANA_PASS=""
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  KIBANA_USER=${SECURITY_KIBANA_USER}
  KIBANA_PASS=${SECURITY_KIBANA_PASS}
 else
  input=${SECURITY_CREDENTIALS_FILE}
  while IFS= read -r line
  do
    if [[ $line == *"KIBANA_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      KIBANA_PASS=${arrIN[1]}
    elif [[ $line == *"KIBANA_USER"* ]]; then
      arrIN=(${line//:/ })
      KIBANA_USER=${arrIN[1]}
    fi
  done < "$input"
 fi
 if [ ${SECURITY_ENABLED} != "no" ]; then
  auth="-u $KIBANA_USER:${KIBANA_PASS}"
  kibana_secure_ip="https://$kibana_ip"
 else
  auth=""
  kibana_secure_ip="http://$kibana_ip"
 fi
 while [[ "$(curl $auth -k -XGET -I  -s -o /dev/null -w ''%{http_code}'' $kibana_secure_ip:5601/status)" != "200" ]]; do
  echo "Waiting for Kibana API. Sleeping 5 seconds"
  sleep 5
 done
-# Prepare index selection. 
+# Prepare index selection.
 echo "Kibana API is running"
 default_index="/tmp/default_index.json"
@@ -49,16 +79,23 @@ EOF
 sleep 5
 # Add the wazuh alerts index as default.
-curl -POST "http://$kibana_ip:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d@${default_index}
+curl $auth -k -POST "$kibana_secure_ip:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d@${default_index}
 rm -f ${default_index}
 sleep 5
 # Configuring Kibana TimePicker.
-curl -POST "http://$kibana_ip:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
+curl $auth -k -POST "$kibana_secure_ip:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
 '{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-24h\",\n  \"to\": \"now\",\n  \"mode\": \"quick\"}"}}'
 sleep 5
 # Do not ask user to help providing usage statistics to Elastic
-curl -POST "http://$kibana_ip:5601/api/telemetry/v1/optIn" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d '{"enabled":false}'
+curl $auth -k -POST "$kibana_secure_ip:5601/api/telemetry/v1/optIn" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d '{"enabled":false}'
 # Remove credentials file
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  echo "Security credentials file not used. Nothing to do."
 else
  shred -zvu ${SECURITY_CREDENTIALS_FILE}
 fi
 echo "End settings"
--- a/kibana/config/welcome_wazuh.sh
+++ b/kibana/config/welcome_wazuh.sh
@@ -15,9 +15,13 @@ then
    sed -i "s:'/app/kibana#/home':'/app/wazuh':g" $kibana_path/src/ui/public/chrome/directives/global_nav/global_nav.html
    sed -i "s:'/app/kibana#/home':'/app/wazuh':g" $kibana_path/src/ui/public/chrome/directives/header_global_nav/header_global_nav.js
-    # Redirect Kibana welcome screen to Discover
+    # Hide management undesired links
-    echo "Hide undesired links"
+    echo "Hide management undesired links"
    sed -i 's#visible: true#visible: false#g' $kibana_path/node_modules/x-pack/plugins/rollup/public/crud_app/index.js
    sed -i 's#visible: true#visible: false#g' $kibana_path/node_modules/x-pack/plugins/license_management/public/management_section.js
    sed -i 's#visible: true#visible: false#g' $kibana_path/node_modules/x-pack/plugins/index_lifecycle_management/public/register_management_section.js
    sed -i 's#visible: true#visible: false#g' $kibana_path/node_modules/x-pack/plugins/cross_cluster_replication/public/register_routes.js
    sed -i 's#visible: true#visible: false#g' $kibana_path/node_modules/x-pack/plugins/remote_clusters/public/index.js
    sed -i 's#visible: true#visible: false#g' $kibana_path/node_modules/x-pack/plugins/upgrade_assistant/public/index.js
 fi
--- a/kibana/config/xpack_config.sh
+++ b/kibana/config/xpack_config.sh
@@ -12,6 +12,8 @@ then
    [xpack.logstash.enabled]=$XPACK_LOGS
    [xpack.infra.enabled]=$XPACK_INFRA
    [xpack.monitoring.enabled]=$XPACK_MONITORING
    [xpack.maps.enabled]=$XPACK_MAPS
    [xpack.uptime.enabled]=$XPACK_UPTIME
    [console.enabled]=$XPACK_DEVTOOLS
  )
  for i in "${!CONFIG_MAP[@]}"
@@ -31,6 +33,8 @@ xpack.canvas.enabled: $XPACK_CANVAS
 xpack.logstash.enabled: $XPACK_LOGS
 xpack.infra.enabled: $XPACK_INFRA
 xpack.monitoring.enabled: $XPACK_MONITORING
 xpack.maps.enabled: $XPACK_MAPS
 xpack.uptime.enabled: $XPACK_UPTIME
 console.enabled: $XPACK_DEVTOOLS
 " >> $kibana_config_file
 fi
--- a/logstash/Dockerfile
+++ b/logstash/Dockerfile
@@ -1,5 +1,5 @@
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-FROM docker.elastic.co/logstash/logstash:6.8.0
+FROM docker.elastic.co/logstash/logstash:6.8.2
 COPY --chown=logstash:logstash config/entrypoint.sh /entrypoint.sh
@@ -9,4 +9,29 @@ RUN rm -f /usr/share/logstash/pipeline/logstash.conf
 COPY config/01-wazuh.conf /usr/share/logstash/pipeline/01-wazuh.conf
 # This CA is created for testing. Please set your own CA pem signed certificate. 
 # command: $ docker build <logstash_directory> --build-arg SECURITY_CA_PEM_LOCATION=<CA_PEM_LOCATION> --build-arg SECURITY_CA_PEM_ARG=<CA_PEM_NAME>
 # ENV variables are necessary: SECURITY_CA_PEM 
 # Sample:
 # ARG SECURITY_CA_PEM_LOCATION="config/server.TEST-CA-signed.pem"
 # ARG SECURITY_CA_PEM_ARG="server.TEST-CA-signed.pem"
 ARG SECURITY_CA_PEM_LOCATION=""
 ARG SECURITY_CA_PEM_ARG=""
 # CA for secure communication with Elastic
 ADD $SECURITY_CA_PEM_LOCATION /usr/share/logstash/config
 # Set permissions for CA
 USER root
 RUN if [[ "x$SECURITY_CA_PEM_LOCATION" == x ]] ; then echo Nothing to do ; else chown logstash: /usr/share/logstash/config/$SECURITY_CA_PEM_ARG ; fi
 RUN if [[ "x$SECURITY_CA_PEM_LOCATION" == x ]] ; then echo Nothing to do ; else chmod 400 /usr/share/logstash/config/$SECURITY_CA_PEM_ARG ; fi
 # Add entrypoint scripts
 RUN mkdir /entrypoint-scripts
 RUN chmod -R 774 /entrypoint-scripts
 RUN chown -R logstash:logstash /entrypoint-scripts
 COPY --chown=logstash:logstash ./config/10-entrypoint.sh /entrypoint-scripts/10-entrypoint.sh
 RUN chmod +x /entrypoint-scripts/10-entrypoint.sh
 USER logstash
 ENTRYPOINT /entrypoint.sh
--- a/logstash/config/01-wazuh.conf
+++ b/logstash/config/01-wazuh.conf
@@ -41,5 +41,9 @@ output {
        hosts => ["elasticsearch:9200"]
        index => "wazuh-alerts-3.x-%{+YYYY.MM.dd}"
        document_type => "wazuh"
        #user => service_logstash
        #password => service_logstash_internal_password
        #ssl => true
        #cacert => "/path/to/cert.pem"
    }
 }
--- a/logstash/config/10-entrypoint.sh
+++ b/logstash/config/10-entrypoint.sh
@@ -0,0 +1,158 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 #
 # OSSEC container bootstrap. See the README for information of the environment
 # variables expected by this script.
 #
 set -e
 ##############################################################################
 # Waiting for elasticsearch
 ##############################################################################
 if [ "x${ELASTICSEARCH_URL}" = "x" ]; then
  el_url="http://elasticsearch:9200"
 else
  el_url="${ELASTICSEARCH_URL}"
 fi
 LOGSTASH_USER=""
 LOGSTASH_PASS=""
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  LOGSTASH_USER=${SECURITY_LOGSTASH_USER}
  LOGSTASH_PASS=${SECURITY_LOGSTASH_PASS}
 else
  input=${SECURITY_CREDENTIALS_FILE}
  while IFS= read -r line
  do
    if [[ $line == *"LOGSTASH_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      LOGSTASH_PASS=${arrIN[1]}
    elif [[ $line == *"LOGSTASH_USER"* ]]; then
      arrIN=(${line//:/ })
      LOGSTASH_USER=${arrIN[1]}
    fi
  done < "$input"
 fi
 if [ ${SECURITY_ENABLED} != "no" ]; then
  auth="-u ${LOGSTASH_USER}:${LOGSTASH_PASS} -k"
 elif [ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]; then
  auth=""
 else
  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
 fi
 ##############################################################################
 # Customize logstash output ip
 ##############################################################################
 if [ "$LOGSTASH_OUTPUT" != "" ]; then
  >&2 echo "Customize Logstash ouput ip."
  sed -i 's|elasticsearch:9200|'$LOGSTASH_OUTPUT'|g' /usr/share/logstash/pipeline/01-wazuh.conf
  sed -i 's|http://elasticsearch:9200|'$LOGSTASH_OUTPUT'|g' /usr/share/logstash/config/logstash.yml
 fi
 until curl $auth -XGET $el_url; do
  >&2 echo "Elastic is unavailable - sleeping."
  sleep 5
 done
 sleep 2
 >&2 echo "Elasticsearch is up."
 ##############################################################################
 # Set Logstash password
 ##############################################################################
 ##############################################################################
 # If Secure access to Kibana is enabled, we must set the credentials.
 ##############################################################################
 if [[ $SECURITY_ENABLED == "yes" ]]; then
  ## Create secure keystore
  SECURITY_RANDOM_PASS=`date +%s | sha256sum | base64 | head -c 32 ; echo`
  export LOGSTASH_KEYSTORE_PASS=$SECURITY_RANDOM_PASS
  /usr/share/logstash/bin/logstash-keystore --path.settings /usr/share/logstash/config create
  ## Settings for logstash.yml
  echo "
 # Required set the passwords
 xpack.monitoring.enabled: true
 xpack.monitoring.elasticsearch.username: \${LOGSTASH_KS_USER}
 xpack.monitoring.elasticsearch.password: \${LOGSTASH_KS_PASS}
 xpack.monitoring.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/$SECURITY_CA_PEM
 xpack.management.elasticsearch.hosts: \"$LOGSTASH_OUTPUT/\"
 xpack.management.elasticsearch.username: \${LOGSTASH_KS_USER}
 xpack.management.elasticsearch.password: \${LOGSTASH_KS_PASS}
 xpack.management.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/$SECURITY_CA_PEM
 " >> /usr/share/logstash/config/logstash.yml
  ## Settings for 01-wazuh.conf
  sed -i 's:#user => service_logstash:user => "${LOGSTASH_KS_USER}":g' /usr/share/logstash/pipeline/01-wazuh.conf
  sed -i 's:#password => service_logstash_internal_password:password => "${LOGSTASH_KS_PASS}":g' /usr/share/logstash/pipeline/01-wazuh.conf
  sed -i 's:#ssl => true:ssl => true:g' /usr/share/logstash/pipeline/01-wazuh.conf
  sed -i 's:#cacert => "/path/to/cert.pem":cacert => "/usr/share/logstash/config/'$SECURITY_CA_PEM'":g' /usr/share/logstash/pipeline/01-wazuh.conf 
  ## Add keys to the keystore
  echo -e "$LOGSTASH_USER" | /usr/share/logstash/bin/logstash-keystore --path.settings /usr/share/logstash/config add LOGSTASH_KS_USER
  echo -e "$LOGSTASH_PASS" | /usr/share/logstash/bin/logstash-keystore --path.settings /usr/share/logstash/config add LOGSTASH_KS_PASS
 fi
 ##############################################################################
 # Waiting for wazuh alerts template
 ##############################################################################
 strlen=0
 while [[ $strlen -eq 0 ]]
 do
  template=$(curl $auth $el_url/_cat/templates/wazuh -s)
  strlen=${#template}
  >&2 echo "Wazuh alerts template not loaded - sleeping."
  sleep 2
 done
 sleep 2
 >&2 echo "Wazuh alerts template is loaded."
 ##############################################################################
 # Remove credentials file
 ##############################################################################
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  echo "Security credentials file not used. Nothing to do."
 else
  shred -zvu ${SECURITY_CREDENTIALS_FILE}
 fi
 ##############################################################################
 # Map environment variables to entries in logstash.yml.
 # Note that this will mutate logstash.yml in place if any such settings are found.
 # This may be undesirable, especially if logstash.yml is bind-mounted from the
 # host system.
 ##############################################################################
 env2yaml /usr/share/logstash/config/logstash.yml
 export LS_JAVA_OPTS="-Dls.cgroup.cpuacct.path.override=/ -Dls.cgroup.cpu.path.override=/ $LS_JAVA_OPTS"
 if [[ -z $1 ]] || [[ ${1:0:1} == '-' ]] ; then
  exec logstash "$@"
 else
  exec "$@"
 fi
--- a/logstash/config/entrypoint.sh
+++ b/logstash/config/entrypoint.sh
@@ -1,72 +1,8 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 #
 # OSSEC container bootstrap. See the README for information of the environment
 # variables expected by this script.
 #
-set -e
+# It will run every .sh script located in entrypoint-scripts folder in lexicographical order
 for script in `ls /entrypoint-scripts/*.sh | sort -n`; do
  bash "$script"
-##############################################################################
+done
 # Waiting for elasticsearch
 ##############################################################################
 if [ "x${ELASTICSEARCH_URL}" = "x" ]; then
  el_url="http://elasticsearch:9200"
 else
  el_url="${ELASTICSEARCH_URL}"
 fi
 ##############################################################################
 # Customize logstash output ip
 ##############################################################################
 if [ "$LOGSTASH_OUTPUT" != "" ]; then
  >&2 echo "Customize Logstash ouput ip."
  sed -i 's|elasticsearch:9200|'$LOGSTASH_OUTPUT'|g' /usr/share/logstash/pipeline/01-wazuh.conf
  sed -i 's|http://elasticsearch:9200|'$LOGSTASH_OUTPUT'|g' /usr/share/logstash/config/logstash.yml 
 fi
 until curl -XGET $el_url; do
  >&2 echo "Elastic is unavailable - sleeping."
  sleep 5
 done
 sleep 2
 >&2 echo "Elasticsearch is up."
 ##############################################################################
 # Waiting for wazuh alerts template
 ##############################################################################
 strlen=0
 while [[ $strlen -eq 0 ]]
 do
  template=$(curl $el_url/_cat/templates/wazuh -s)
  strlen=${#template}
  >&2 echo "Wazuh alerts template not loaded - sleeping."
  sleep 2
 done
 sleep 2
 >&2 echo "Wazuh alerts template is loaded."
 ##############################################################################
 # Map environment variables to entries in logstash.yml.
 # Note that this will mutate logstash.yml in place if any such settings are found.
 # This may be undesirable, especially if logstash.yml is bind-mounted from the
 # host system.
 ##############################################################################
 env2yaml /usr/share/logstash/config/logstash.yml
 export LS_JAVA_OPTS="-Dls.cgroup.cpuacct.path.override=/ -Dls.cgroup.cpu.path.override=/ $LS_JAVA_OPTS"
 if [[ -z $1 ]] || [[ ${1:0:1} == '-' ]] ; then
  exec logstash "$@"
 else
  exec "$@"
 fi
--- a/wazuh/Dockerfile
+++ b/wazuh/Dockerfile
@@ -1,56 +1,43 @@
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 FROM phusion/baseimage:latest
 ARG FILEBEAT_VERSION=6.8.0
 ARG WAZUH_VERSION=3.9.1-1
 # Arguments
 ARG FILEBEAT_VERSION=6.8.2
 ARG WAZUH_VERSION=3.9.4-1
 # Environment variables
 ENV API_USER="foo" \
    API_PASS="bar"
-# Set repositories.
+# Install packages
-RUN set -x && echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list && \
+RUN set -x && \
-   curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - && \
+    echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list && \
-   curl --silent --location https://deb.nodesource.com/setup_8.x | bash - && \
+    curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - && \
-   echo "postfix postfix/mailname string wazuh-manager" | debconf-set-selections && \
+    curl --silent --location https://deb.nodesource.com/setup_8.x | bash - && \
-   echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections && \
+    echo "postfix postfix/mailname string wazuh-manager" | debconf-set-selections && \
-   groupadd -g 1000 ossec && useradd -u 1000 -g 1000 -d /var/ossec ossec
+    echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections && \
    groupadd -g 1000 ossec && \
    useradd -u 1000 -g 1000 -d /var/ossec ossec && \
    add-apt-repository universe && \
    apt-get update && \
    apt-get upgrade -y -o Dpkg::Options::="--force-confold" && \
    apt-get --no-install-recommends --no-install-suggests -y install openssl apt-transport-https vim expect python-boto python-pip python-cryptography && \
    apt-get --no-install-recommends --no-install-suggests -y install postfix bsd-mailx mailutils libsasl2-2 ca-certificates libsasl2-modules && \
    apt-get --no-install-recommends --no-install-suggests -y install wazuh-manager=${WAZUH_VERSION} && \
    apt-get --no-install-recommends --no-install-suggests -y install nodejs wazuh-api=${WAZUH_VERSION} && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
    rm -f /var/ossec/logs/alerts/*/*/* && \
    rm -f /var/ossec/logs/archives/*/*/* && \
    rm -f /var/ossec/logs/firewall/*/*/* && \
    rm -f /var/ossec/logs/api/*/*/* && \
    rm -f /var/ossec/logs/cluster/*/*/* && \
    rm -f /var/ossec/logs/ossec/*/*/* && \
    rm /var/ossec/var/run/* && \
    curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-amd64.deb && \
    dpkg -i filebeat-${FILEBEAT_VERSION}-amd64.deb && rm -f filebeat-${FILEBEAT_VERSION}-amd64.deb
-RUN add-apt-repository universe && apt-get update && apt-get upgrade -y -o Dpkg::Options::="--force-confold" && \
+# Services
   apt-get --no-install-recommends --no-install-suggests -y install openssl postfix bsd-mailx python-boto python-pip  \
   apt-transport-https vim expect nodejs python-cryptography mailutils libsasl2-modules wazuh-manager \
   wazuh-api && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && rm -f \
   /var/ossec/logs/alerts/*/*/*.log && rm -f /var/ossec/logs/alerts/*/*/*.json && rm -f \
   /var/ossec/logs/archives/*/*/*.log && rm -f /var/ossec/logs/archives/*/*/*.json && rm -f \
   /var/ossec/logs/firewall/*/*/*.log && rm -f /var/ossec/logs/firewall/*/*/*.json
 # Adding first run script and entrypoint
 COPY config/data_dirs.env /data_dirs.env
 COPY config/init.bash /init.bash
 RUN mkdir /entrypoint-scripts
 COPY config/entrypoint.sh /entrypoint.sh
 COPY config/00-wazuh.sh /entrypoint-scripts/00-wazuh.sh
 # Sync calls are due to https://github.com/docker/docker/issues/9547
 RUN chmod 755 /init.bash && \
    sync && /init.bash && \
    sync && rm /init.bash && \
    curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-amd64.deb &&\
    dpkg -i filebeat-${FILEBEAT_VERSION}-amd64.deb && rm -f filebeat-${FILEBEAT_VERSION}-amd64.deb && \
    chmod 755 /entrypoint.sh && \
    chmod 755 /entrypoint-scripts/00-wazuh.sh 
 COPY config/filebeat.yml /etc/filebeat/
 RUN chmod go-w /etc/filebeat/filebeat.yml 
 # Setting volumes
 VOLUME ["/var/ossec/data"]
 VOLUME ["/etc/filebeat"]
 VOLUME ["/etc/postfix"]
 VOLUME ["/var/lib/filebeat"]
 # Services ports
 EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp
 # Adding services
 RUN mkdir /etc/service/wazuh && \
    mkdir /etc/service/wazuh-api && \
    mkdir /etc/service/postfix && \
@@ -66,6 +53,54 @@ RUN chmod +x /etc/service/wazuh-api/run && \
    chmod +x /etc/service/postfix/run && \
    chmod +x /etc/service/filebeat/run 
-# Run all services
+# Copy configuration files from repository
-ENTRYPOINT ["/entrypoint.sh"]
+COPY config/filebeat.yml /etc/filebeat/
 RUN chmod go-w /etc/filebeat/filebeat.yml 
 # Prepare permanent data
 # Sync calls are due to https://github.com/docker/docker/issues/9547
 COPY config/permanent_data.env /permanent_data.env
 COPY config/permanent_data.sh /permanent_data.sh
 RUN chmod 755 /permanent_data.sh && \
    sync && \
    /permanent_data.sh && \
    sync && \
    rm /permanent_data.sh 
 # Expose ports
 EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp
 # Setting volumes
 # Once we declared a volume in the Dockerfile, changes made to that path will have no effect. In other words, any changes made
 # to the these paths from here to the end of the Dockerfile will not be taken into account when mounting the volume.
 VOLUME ["/var/ossec/api/configuration"]
 VOLUME ["/var/ossec/etc"]
 VOLUME ["/var/ossec/logs"]
 VOLUME ["/var/ossec/queue"]
 VOLUME ["/var/ossec/var/multigroups"]
 VOLUME ["/var/ossec/integrations"]
 VOLUME ["/var/ossec/active-response/bin"]
 VOLUME ["/var/ossec/wodles"]
 VOLUME ["/etc/filebeat"]
 VOLUME ["/etc/postfix"]
 VOLUME ["/var/lib/filebeat"]
 # Prepare entrypoint scripts
 # Entrypoint scripts must be added to the entrypoint-scripts directory
 RUN mkdir /entrypoint-scripts
 COPY config/entrypoint.sh /entrypoint.sh
 COPY config/01-wazuh.sh /entrypoint-scripts/01-wazuh.sh
 RUN chmod 755 /entrypoint.sh && \
    chmod 755 /entrypoint-scripts/01-wazuh.sh
 # Workaround. 
 # Issues: Wazuh-api
 # https://github.com/wazuh/wazuh-api/issues/440  
 # https://github.com/wazuh/wazuh-api/issues/443
 COPY --chown=root:ossec config/agents.js /var/ossec/api/controllers/agents.js
 RUN chmod 770 /var/ossec/api/controllers/agents.js
 # Run all services
 ENTRYPOINT ["/entrypoint.sh"]
--- a/wazuh/config/00-wazuh.sh
+++ b/wazuh/config/00-wazuh.sh
@@ -1,151 +0,0 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 #
 # OSSEC container bootstrap. See the README for information of the environment
 # variables expected by this script.
 #
 #
 #
 # Startup the services
 #
 source /data_dirs.env
 FIRST_TIME_INSTALLATION=false
 WAZUH_INSTALL_PATH=/var/ossec
 DATA_PATH=${WAZUH_INSTALL_PATH}/data
 WAZUH_CONFIG_MOUNT=/wazuh-config-mount
 print() {
    echo -e $1
 }
 error_and_exit() {
    echo "Error executing command: '$1'."
    echo 'Exiting.'
    exit 1
 }
 exec_cmd() {
    eval $1 > /dev/null 2>&1 || error_and_exit "$1"
 }
 exec_cmd_stdout() {
    eval $1 2>&1 || error_and_exit "$1"
 }
 edit_configuration() { # $1 -> setting,  $2 -> value
    sed -i "s/^config.$1\s=.*/config.$1 = \"$2\";/g" "${DATA_PATH}/api/configuration/config.js" || error_and_exit "sed (editing configuration)"
 }
 for ossecdir in "${DATA_DIRS[@]}"; do
  if [ ! -e "${DATA_PATH}/${ossecdir}" ]
  then
    print "Installing ${ossecdir}"
    exec_cmd "mkdir -p $(dirname ${DATA_PATH}/${ossecdir})"
    exec_cmd "cp -pr /var/ossec/${ossecdir}-template ${DATA_PATH}/${ossecdir}"
    FIRST_TIME_INSTALLATION=true
  fi
 done
 if [  -e ${WAZUH_INSTALL_PATH}/etc-template  ]
 then
    cp -p /var/ossec/etc-template/internal_options.conf /var/ossec/etc/internal_options.conf
 fi
 rm /var/ossec/queue/db/.template.db
 touch ${DATA_PATH}/process_list
 chgrp ossec ${DATA_PATH}/process_list
 chmod g+rw ${DATA_PATH}/process_list
 AUTO_ENROLLMENT_ENABLED=${AUTO_ENROLLMENT_ENABLED:-true}
 API_GENERATE_CERTS=${API_GENERATE_CERTS:-true}
 if [ $FIRST_TIME_INSTALLATION == true ]
 then
  if [ $AUTO_ENROLLMENT_ENABLED == true ]
  then
    if [ ! -e ${DATA_PATH}/etc/sslmanager.key ]
    then
      print "Creating ossec-authd key and cert"
      exec_cmd "openssl genrsa -out ${DATA_PATH}/etc/sslmanager.key 4096"
      exec_cmd "openssl req -new -x509 -key ${DATA_PATH}/etc/sslmanager.key -out ${DATA_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/"
    fi
  fi
  if [ $API_GENERATE_CERTS == true ]
  then
    if [ ! -e ${DATA_PATH}/api/configuration/ssl/server.crt ]
    then
      print "Enabling Wazuh API HTTPS"
      edit_configuration "https" "yes"
      print "Create Wazuh API key and cert"
      exec_cmd "openssl genrsa -out ${DATA_PATH}/api/configuration/ssl/server.key 4096"
      exec_cmd "openssl req -new -x509 -key ${DATA_PATH}/api/configuration/ssl/server.key -out ${DATA_PATH}/api/configuration/ssl/server.crt -days 3650 -subj /CN=${HOSTNAME}/"
    fi
  fi
 fi
 ##############################################################################
 # Copy all files from $WAZUH_CONFIG_MOUNT to $DATA_PATH and respect
 # destination files permissions
 #
 # For example, to mount the file /var/ossec/data/etc/ossec.conf, mount it at
 # $WAZUH_CONFIG_MOUNT/etc/ossec.conf in your container and this code will
 # replace the ossec.conf file in /var/ossec/data/etc with yours.
 ##############################################################################
 if [ -e "$WAZUH_CONFIG_MOUNT" ]
 then
  print "Identified Wazuh configuration files to mount..."
  exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $DATA_PATH"
 else
  print "No Wazuh configuration files to mount..."
 fi
 function ossec_shutdown(){
  ${WAZUH_INSTALL_PATH}/bin/ossec-control stop;
 }
 # Trap exit signals and do a proper shutdown
 trap "ossec_shutdown; exit" SIGINT SIGTERM
 chmod -R g+rw ${DATA_PATH}
 ##############################################################################
 # Interpret any passed arguments (via docker command to this entrypoint) as
 # paths or commands, and execute them.
 #
 # This can be useful for actions that need to be run before the services are
 # started, such as "/var/ossec/bin/ossec-control enable agentless".
 ##############################################################################
 for CUSTOM_COMMAND in "$@"
 do
  echo "Executing command \`${CUSTOM_COMMAND}\`"
  exec_cmd_stdout "${CUSTOM_COMMAND}"
 done
 ##############################################################################
 # Change Wazuh API user credentials.
 ##############################################################################
 pushd /var/ossec/api/configuration/auth/
 echo "Change Wazuh API user credentials"
 change_user="node htpasswd -b -c user $API_USER $API_PASS"
 eval $change_user
 popd
 ##############################################################################
 # Customize filebeat output ip
 ##############################################################################
 if [ "$FILEBEAT_OUTPUT" != "" ]; then
  sed -i "s/logstash:5000/$FILEBEAT_OUTPUT:5000/" /etc/filebeat/filebeat.yml
 fi
--- a/wazuh/config/01-wazuh.sh
+++ b/wazuh/config/01-wazuh.sh
@@ -0,0 +1,266 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 # Variables
 source /permanent_data.env
 WAZUH_INSTALL_PATH=/var/ossec
 WAZUH_CONFIG_MOUNT=/wazuh-config-mount
 AUTO_ENROLLMENT_ENABLED=${AUTO_ENROLLMENT_ENABLED:-true}
 API_GENERATE_CERTS=${API_GENERATE_CERTS:-true}
 ##############################################################################
 # Aux functions
 ##############################################################################
 print() {
  echo -e $1
 }
 error_and_exit() {
  echo "Error executing command: '$1'."
  echo 'Exiting.'
  exit 1
 }
 exec_cmd() {
  eval $1 > /dev/null 2>&1 || error_and_exit "$1"
 }
 exec_cmd_stdout() {
  eval $1 2>&1 || error_and_exit "$1"
 }
 ##############################################################################
 # Edit configuration
 ##############################################################################
 edit_configuration() { # $1 -> setting,  $2 -> value
  sed -i "s/^config.$1\s=.*/config.$1 = \"$2\";/g" "${WAZUH_INSTALL_PATH}/api/configuration/config.js" || error_and_exit "sed (editing configuration)"
 }
 ##############################################################################
 # This function will attempt to mount every directory in PERMANENT_DATA 
 # into the respective path. 
 # If the path is empty means permanent data volume is also empty, so a backup  
 # will be copied into it. Otherwise it will not be copied because there is  
 # already data inside the volume for the specified path.
 ##############################################################################
 mount_permanent_data() {
  for permanent_dir in "${PERMANENT_DATA[@]}"; do
    # Check if the path is not empty
    if find ${permanent_dir} -mindepth 1 | read; then
      print "The path ${permanent_dir} is already mounted"
    else
      print "Installing ${permanent_dir}"
      exec_cmd "cp -a ${WAZUH_INSTALL_PATH}/data_tmp/permanent${permanent_dir}/. ${permanent_dir}"
    fi
  done
 }
 ##############################################################################
 # This function will replace from the permanent data volume every file 
 # contained in PERMANENT_DATA_EXCP
 # Some files as 'internal_options.conf' are saved as permanent data, but 
 # they must be updated to work properly if wazuh version is changed.
 ##############################################################################
 apply_exclusion_data() {
  for exclusion_file in "${PERMANENT_DATA_EXCP[@]}"; do
    if [  -e ${WAZUH_INSTALL_PATH}/data_tmp/exclusion/${exclusion_file}  ]
    then
      DIR=$(dirname "${exclusion_file}")
      if [ ! -e ${DIR}  ]
      then
        mkdir -p ${DIR}
      fi
      print "Updating ${exclusion_file}"
      exec_cmd "cp -p ${WAZUH_INSTALL_PATH}/data_tmp/exclusion/${exclusion_file} ${exclusion_file}"
    fi
  done
 }
 ##############################################################################
 # This function will delete from the permanent data volume every file 
 # contained in PERMANENT_DATA_DEL
 ##############################################################################
 remove_data_files() {
  for del_file in "${PERMANENT_DATA_DEL[@]}"; do
    if [ -e ${del_file} ]
    then 
      print "Removing ${del_file}"
      exec_cmd "rm ${del_file}"
    fi
  done
 }
 ##############################################################################
 # Create certificates: Manager
 ##############################################################################
 create_ossec_key_cert() {
  print "Creating ossec-authd key and cert"
  exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096"
  exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/"
 }
 ##############################################################################
 # Create certificates: API
 ##############################################################################
 create_api_key_cert() {
  print "Enabling Wazuh API HTTPS"
  edit_configuration "https" "yes"
  print "Create Wazuh API key and cert"
  exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/api/configuration/ssl/server.key 4096"
  exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/api/configuration/ssl/server.key -out ${WAZUH_INSTALL_PATH}/api/configuration/ssl/server.crt -days 3650 -subj /CN=${HOSTNAME}/"
  # Granting proper permissions 
  chmod 400 ${WAZUH_INSTALL_PATH}/api/configuration/ssl/server.key
  chmod 400 ${WAZUH_INSTALL_PATH}/api/configuration/ssl/server.crt
 }
 ##############################################################################
 # Copy all files from $WAZUH_CONFIG_MOUNT to $WAZUH_INSTALL_PATH and respect
 # destination files permissions
 #
 # For example, to mount the file /var/ossec/data/etc/ossec.conf, mount it at
 # $WAZUH_CONFIG_MOUNT/etc/ossec.conf in your container and this code will
 # replace the ossec.conf file in /var/ossec/data/etc with yours.
 ##############################################################################
 mount_files() {
  if [ -e "$WAZUH_CONFIG_MOUNT" ]
  then
    print "Identified Wazuh configuration files to mount..."
    exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $WAZUH_INSTALL_PATH"
  else
    print "No Wazuh configuration files to mount..."
  fi
 }
 ##############################################################################
 # Stop OSSEC
 ##############################################################################
 function ossec_shutdown(){
  ${WAZUH_INSTALL_PATH}/bin/ossec-control stop;
 }
 ##############################################################################
 # Interpret any passed arguments (via docker command to this entrypoint) as
 # paths or commands, and execute them. 
 #
 # This can be useful for actions that need to be run before the services are
 # started, such as "/var/ossec/bin/ossec-control enable agentless".
 ##############################################################################
 docker_custom_args() {
  for CUSTOM_COMMAND in "$@"
  do
    echo "Executing command \`${CUSTOM_COMMAND}\`"
    exec_cmd_stdout "${CUSTOM_COMMAND}"
  done
 }
 ##############################################################################
 # Change Wazuh API user credentials.
 ##############################################################################
 change_api_user_credentials() {
  pushd /var/ossec/api/configuration/auth/
  if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
    WAZUH_API_USER=${API_USER}
    WAZUH_API_PASS=${API_PASS}
  else
    input=${SECURITY_CREDENTIALS_FILE}
    while IFS= read -r line
    do
      if [[ $line == *"WAZUH_API_USER"* ]]; then
        arrIN=(${line//:/ })
        WAZUH_API_USER=${arrIN[1]}
      elif [[ $line == *"WAZUH_API_PASS"* ]]; then
        arrIN=(${line//:/ })
        WAZUH_API_PASS=${arrIN[1]}
      fi
    done < "$input"
  fi
  echo "Change Wazuh API user credentials"
  change_user="node htpasswd -b -c user $WAZUH_API_USER $WAZUH_API_PASS"
  eval $change_user
  popd
 }
 ##############################################################################
 # Customize filebeat output ip
 ##############################################################################
 custom_filebeat_output_ip() {
  if [ "$FILEBEAT_OUTPUT" != "" ]; then
    sed -i "s/logstash:5000/$FILEBEAT_OUTPUT:5000/" /etc/filebeat/filebeat.yml
  fi
 }
 ##############################################################################
 # Main function
 ##############################################################################
 main() {
  # Mount permanent data  (i.e. ossec.conf)
  mount_permanent_data
  # Restore files stored in permanent data that are not permanent  (i.e. internal_options.conf)
  apply_exclusion_data
  # Remove some files in permanent_data (i.e. .template.db)
  remove_data_files
  # Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
  if [ $AUTO_ENROLLMENT_ENABLED == true ]
  then
    if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]
    then
      create_ossec_key_cert
    fi
  fi
  # Generate API certs if API_GENERATE_CERTS is true and does not exist
  if [ $API_GENERATE_CERTS == true ]
  then
    if [ ! -e ${WAZUH_INSTALL_PATH}/api/configuration/ssl/server.crt ]
    then
      create_api_key_cert
    fi
  fi
  # Mount selected files (WAZUH_CONFIG_MOUNT) to container
  mount_files
  # Trap exit signals and do a proper shutdown
  trap "ossec_shutdown; exit" SIGINT SIGTERM
  # Execute custom args
  docker_custom_args
  # Change API user credentials
  change_api_user_credentials
  # Update filebeat configuration
  custom_filebeat_output_ip
  # Delete temporary data folder
  rm -rf ${WAZUH_INSTALL_PATH}/data_tmp
 }
 main
--- a/wazuh/config/agents.js
+++ b/wazuh/config/agents.js
--- a/wazuh/config/data_dirs.env
+++ b/wazuh/config/data_dirs.env
@@ -1,15 +0,0 @@
 i=0
 DATA_DIRS[((i++))]="api/configuration"
 DATA_DIRS[((i++))]="etc"
 DATA_DIRS[((i++))]="logs"
 DATA_DIRS[((i++))]="queue/db"
 DATA_DIRS[((i++))]="queue/rootcheck"
 DATA_DIRS[((i++))]="queue/agent-groups"
 DATA_DIRS[((i++))]="queue/agent-info"
 DATA_DIRS[((i++))]="queue/agents-timestamp"
 DATA_DIRS[((i++))]="queue/agentless"
 DATA_DIRS[((i++))]="queue/cluster"
 DATA_DIRS[((i++))]="queue/rids"
 DATA_DIRS[((i++))]="queue/fts"
 DATA_DIRS[((i++))]="var/multigroups"
 export DATA_DIRS
--- a/wazuh/config/entrypoint.sh
+++ b/wazuh/config/entrypoint.sh
@@ -4,7 +4,6 @@
 # It will run every .sh script located in entrypoint-scripts folder in lexicographical order
 for script in `ls /entrypoint-scripts/*.sh | sort -n`; do
  bash "$script"
 done
 ##############################################################################
--- a/wazuh/config/init.bash
+++ b/wazuh/config/init.bash
@@ -1,13 +0,0 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 #
 # Initialize the custom data directory layout
 #
 source /data_dirs.env
 cd /var/ossec
 for ossecdir in "${DATA_DIRS[@]}"; do
  mv ${ossecdir} ${ossecdir}-template
  ln -s $(realpath --relative-to=$(dirname ${ossecdir}) data)/${ossecdir} ${ossecdir}
 done
--- a/wazuh/config/permanent_data.env
+++ b/wazuh/config/permanent_data.env
@@ -0,0 +1,61 @@
 # Permanent data mounted in volumes
 i=0
 PERMANENT_DATA[((i++))]="/var/ossec/api/configuration"
 PERMANENT_DATA[((i++))]="/var/ossec/etc"
 PERMANENT_DATA[((i++))]="/var/ossec/logs"
 PERMANENT_DATA[((i++))]="/var/ossec/queue"
 PERMANENT_DATA[((i++))]="/var/ossec/var/multigroups"
 PERMANENT_DATA[((i++))]="/var/ossec/integrations"
 PERMANENT_DATA[((i++))]="/var/ossec/active-response/bin"
 PERMANENT_DATA[((i++))]="/var/ossec/wodles"
 PERMANENT_DATA[((i++))]="/etc/filebeat"
 PERMANENT_DATA[((i++))]="/etc/postfix"
 export PERMANENT_DATA
 # Files mounted in a volume that should not be permanent
 i=0
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/internal_options.conf"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw_mac.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-slack.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-tweeter.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-ossec.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/oscap"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/oscap.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/template_oval.xsl"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/template_xccdf.xsl"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/cve-debian-8-oval.xml"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/cve-debian-9-oval.xml"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/cve-ubuntu-xenial-oval.xml"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-debian-8-ds.xml"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-ubuntu-1404-ds.xml"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-ubuntu-1604-ds.xml"
 export PERMANENT_DATA_EXCP
 # Files mounted in a volume that should be deleted 
 i=0
 PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/db/.template.db"
 export PERMANENT_DATA_DEL
--- a/wazuh/config/permanent_data.sh
+++ b/wazuh/config/permanent_data.sh
@@ -0,0 +1,40 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 # Variables
 source /permanent_data.env
 WAZUH_INSTALL_PATH=/var/ossec
 DATA_TMP_PATH=${WAZUH_INSTALL_PATH}/data_tmp
 mkdir ${DATA_TMP_PATH}
 # Move exclusion files to EXCLUSION_PATH
 EXCLUSION_PATH=${DATA_TMP_PATH}/exclusion
 mkdir ${EXCLUSION_PATH}
 for exclusion_file in "${PERMANENT_DATA_EXCP[@]}"; do
  # Create the directory for the exclusion file if it does not exist
  DIR=$(dirname "${exclusion_file}")
  if [ ! -e ${EXCLUSION_PATH}/${DIR}  ]
  then
    mkdir -p ${EXCLUSION_PATH}/${DIR}
  fi
  mv ${exclusion_file} ${EXCLUSION_PATH}/${exclusion_file}
 done
 # Move permanent files to PERMANENT_PATH
 PERMANENT_PATH=${DATA_TMP_PATH}/permanent
 mkdir ${PERMANENT_PATH}
 for permanent_dir in "${PERMANENT_DATA[@]}"; do
  # Create the directory for the permanent file if it does not exist
  DIR=$(dirname "${permanent_dir}")
  if [ ! -e ${PERMANENT_PATH}${DIR}  ]
  then
    mkdir -p ${PERMANENT_PATH}${DIR}
  fi
  mv ${permanent_dir} ${PERMANENT_PATH}${permanent_dir}
 done
--- a/wazuh/config/wazuh-api.runit.service
+++ b/wazuh/config/wazuh-api.runit.service
@@ -1,4 +1,4 @@
 #!/bin/sh
 service wazuh-api start
-tail -f /var/ossec/data/logs/api.log
+tail -f /var/ossec/logs/api.log
--- a/wazuh/config/wazuh.runit.service
+++ b/wazuh/config/wazuh.runit.service
@@ -1,4 +1,4 @@
 #!/bin/sh
 service wazuh-manager start
-tail -f /var/ossec/data/logs/ossec.log
+tail -f /var/ossec/logs/ossec.log
Author	SHA1	Message	Date
Mayte Ariza	303e0f6557	Add wodles to permanent_data (#239 ) Former-commit-id: `7a8b332c93`	2019-09-06 15:29:25 +02:00
Mayte Ariza	1d35f292db	Fix copy except files (#238 ) Former-commit-id: `bd2fa5c40d`	2019-09-06 10:42:39 +02:00
Mayte Ariza	4c3f149428	Change v6.8.1 version to v6.8.2 (#237 ) Former-commit-id: `c427c971a4`	2019-09-05 17:18:55 +02:00
Jesus Linares	7cb82937dc	Update version: 3.9.4 - 6.8.1 Former-commit-id: `0644dd36e0`	2019-09-05 10:56:51 +02:00
Jesús Linares	f494f6eca2	Merge pull request #236 from wazuh/cloud-0.6-debug Cloud 0.6 - fixes Former-commit-id: `93eb42bb96`	2019-09-05 10:52:07 +02:00
AlfonsoRBJ	84a06e2fbc	Wazuh 3.9.4 Elastic 6.8.1_3.9.3 Former-commit-id: `e88be1d4bb`	2019-09-05 10:29:55 +02:00
AlfonsoRBJ	c346863593	Merge branch 'issue-234-cloud0.6-wodles' into cloud-0.6-debug Former-commit-id: `62499ce622`	2019-09-05 10:22:32 +02:00
Mayte Ariza	dccb8aca54	Set filebeat to 6.8.1 Former-commit-id: `e22eba52b9`	2019-09-05 10:20:16 +02:00
Mayte Ariza	18971e3fde	Remove 6.8.2 version Former-commit-id: `abbe2f20e4`	2019-09-05 10:16:07 +02:00
Josemi Hernandez	7faed76e44	Added TLS version filter (#227 ) Former-commit-id: `af007c69d4`	2019-09-05 09:46:55 +02:00
Mayte Ariza	f3e3abfaf0	Add agents.js Former-commit-id: `2c5a1f7c58`	2019-09-04 13:11:49 +02:00
Mayte Ariza	27c37d808a	Changed versions: wazuh 3.9.4 and kibana 6.8.2 Former-commit-id: `6b13810e6a`	2019-09-04 12:29:02 +02:00
AlfonsoRBJ	3a06c32e62	add minimun_master_nodes Former-commit-id: `816549c3b6`	2019-09-04 11:26:06 +02:00
AlfonsoRBJ	2918502fd1	save original elasticserach.yml Former-commit-id: `eed444bbbb`	2019-09-04 11:11:59 +02:00
Mayte Ariza	d1eb6e7b98	Removed chmod command in entrypoint Former-commit-id: `9460780adb`	2019-09-04 08:38:43 +02:00
Mayte Ariza	6656fddf70	Added new volume: wodles folder Former-commit-id: `36e3fa403d`	2019-09-04 08:32:56 +02:00
AlfonsoRBJ	131d25979b	improve workaround description Former-commit-id: `24da1f4d0f`	2019-09-03 16:31:55 +02:00
AlfonsoRBJ	abfe509753	workaround for wazuh-api issue 440 and 443 Former-commit-id: `d3cfd2234a`	2019-09-03 16:21:16 +02:00
AlfonsoRBJ	9d71a6cbcc	install wazuh without custom package Former-commit-id: `db733fc849`	2019-09-03 11:50:30 +02:00
AlfonsoRBJ	610f6f49ce	add debug to S3 repository creation in elasticsearch image Former-commit-id: `0c571ad3f9`	2019-09-03 11:15:35 +02:00
AlfonsoRBJ	71933d6625	Merge branch 'k8s' into cloud-0.5 Former-commit-id: `901c29c3ab`	2019-09-02 15:12:46 +02:00
Mayte Ariza	7afe64b238	Removed write permissions for group and other in Integrations folder (#226 ) * Removed go-w permissions in integrations folder * Modified permissions command	2019-08-27 13:31:04 +02:00
Daniel Ruiz	37f50dac1c	Fix docker volumes error Former-commit-id: `e8ecb63183`	2019-07-24 09:26:23 +02:00
Mayte Ariza	7c11a8568c	Fixing remove files (#210 )	2019-07-15 09:43:08 +02:00
Mayte Ariza	0bf9766883	Check if file exists before removing it (#209 )	2019-07-15 08:37:31 +02:00
AlfonsoRBJ	59f60f63b6	Upgrade to 3.9.3_6.8.1 version (#207 )	2019-07-12 16:35:26 +02:00
Mayte Ariza	c9ed007771	Permissions rw for group added (#206 )	2019-07-12 16:03:32 +02:00
Mayte Ariza	15dbd60605	New volumes declaration in Wazuh Dockerfile (#203 )	2019-07-09 13:59:36 +02:00
AlfonsoRBJ	eca30fb709	add CA correct management for Logstash (#202 )	2019-07-08 18:32:36 +02:00
AlfonsoRBJ	065b5bb5cf	Security for Elastic Stack (#196 )	2019-07-08 14:02:19 +02:00
Mayte Ariza	d98ab1b4f3	Wazuh image improvements (#188 )	2019-07-08 13:37:57 +02:00
AlfonsoRBJ	c077b496bd	resolve merge conflicts from branch 3.9.2_6.8.0	2019-06-17 16:02:12 +02:00
Manuel J. Bernal	815039333d	Updated CHANGELOG	2019-06-12 18:09:33 +02:00
Manuel J. Bernal	9b2ecdb47d	Bump version 3.8.2_6.8.0	2019-06-12 18:08:23 +02:00
AlfonsoRBJ	651077e2c7	Update CHANGELOG.md	2019-06-04 13:12:46 +02:00
AlfonsoRBJ	d8ac9e617b	Update CHANGELOG.md	2019-06-04 13:12:13 +02:00
AlfonsoRBJ	9db0001e08	conflicts resolved in merge 3.9.1_6.8.0 over k8s branch	2019-05-28 12:43:16 +02:00
Mayte Ariza	096246abcb	Removing log files (#169 )	2019-05-15 08:14:33 +02:00
AlfonsoRBJ	d2766454d0	Disable additionals X-Pack applications and hide unnecesary management links (#163 )	2019-05-08 15:50:42 +02:00
Mayte Ariza	a88e5495d5	Merge branch '3.9.0_6.7.1' into k8s	2019-05-06 11:56:05 +02:00
Mayte Ariza	3f94f734d4	Removing logs from Wazuh image (#153 )	2019-04-26 08:08:49 +02:00
`@@ -1,2 +1,2 @@`
	`WAZUH-DOCKER_VERSION="3.9.1_6.8.0"`	`WAZUH-DOCKER_VERSION="3.9.4_6.8.1"`
	`REVISION="3901"`	`REVISION="3942"`