Merge pull request #966 from wazuh/18542-vdt-bookworm-support

Add Debian Bookworm to VDT default configuration

.env

@@ -1,3 +1,3 @@
-WAZUH_VERSION=4.4.3
-WAZUH_IMAGE_VERSION=4.4.3
+WAZUH_VERSION=4.6.0
+WAZUH_IMAGE_VERSION=4.6.0
 WAZUH_TAG_REVISION=1

.github/.goss.yaml

@@ -56,7 +56,7 @@ package:
   wazuh-manager:
     installed: true
     versions:
-    - 4.4.3-1
+    - 4.6.0-1
 port:
   tcp:1514:
     listening: true

CHANGELOG.md

@@ -1,6 +1,36 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## Wazuh Docker v4.6.0
+### Added
+
+- Update Wazuh to version [4.6.0](https://github.com/wazuh/wazuh/blob/v4.6.0/CHANGELOG.md#v460)
+
+## Wazuh Docker v4.5.2
+### Added
+
+- Update Wazuh to version [4.5.2](https://github.com/wazuh/wazuh/blob/v4.5.2/CHANGELOG.md#v452)
+
+## Wazuh Docker v4.5.1
+### Added
+
+- Update Wazuh to version [4.5.1](https://github.com/wazuh/wazuh/blob/v4.5.1/CHANGELOG.md#v451)
+
+## Wazuh Docker v4.5.0
+### Added
+
+- Update Wazuh to version [4.5.0](https://github.com/wazuh/wazuh/blob/v4.5.0/CHANGELOG.md#v450)
+
+## Wazuh Docker v4.4.5
+### Added
+
+- Update Wazuh to version [4.4.5](https://github.com/wazuh/wazuh/blob/v4.4.5/CHANGELOG.md#v445)
+
+## Wazuh Docker v4.4.4
+### Added
+
+- Update Wazuh to version [4.4.4](https://github.com/wazuh/wazuh/blob/v4.4.4/CHANGELOG.md#v444)
+
 ## Wazuh Docker v4.4.3
 ### Added
 

README.md

@@ -195,6 +195,12 @@ WAZUH_MONITORING_REPLICAS=0         ##
 
 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
+| v4.6.0        |         |        |
+| v4.5.2        |         |        |
+| v4.5.1        |         |        |
+| v4.5.0        |         |        |
+| v4.4.5        |         |        |
+| v4.4.4        |         |        |
 | v4.4.3        |         |        |
 | v4.4.2        |         |        |
 | v4.4.1        |         |        |

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.4.3"
-REVISION="40409"
+WAZUH-DOCKER_VERSION="4.6.0"
+REVISION="40600"

build-docker-images/build-images.sh

@@ -1,14 +1,8 @@
-WAZUH_IMAGE_VERSION=4.4.3
+WAZUH_IMAGE_VERSION=4.6.0
 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
 WAZUH_TAG_REVISION=1
 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
-
-## If wazuh manager exists in apt dev repository, change variables, if not, exit 1
-if [ "$WAZUH_VERSION" -le "$WAZUH_CURRENT_VERSION" ]; then
-  IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
-else
-  IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
-fi
+IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
 
 echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > .env
 echo WAZUH_IMAGE_VERSION=$IMAGE_VERSION >> .env

build-docker-images/wazuh-dashboard/config/config.sh

@@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config
 
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.4/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.4/
+PACKAGES_URL=https://packages.wazuh.com/4.6/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.6/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

build-docker-images/wazuh-indexer/config/config.sh

@@ -53,8 +53,8 @@ tar -xf ${INDEXER_FILE}
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.4/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.4/
+PACKAGES_URL=https://packages.wazuh.com/4.6/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.6/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

build-docker-images/wazuh-manager/Dockerfile

@@ -5,7 +5,7 @@ RUN rm /bin/sh && ln -s /bin/bash /bin/sh
 
 ARG WAZUH_VERSION
 ARG WAZUH_TAG_REVISION
-ARG TEMPLATE_VERSION=4.4
+ARG TEMPLATE_VERSION=4.6
 ARG FILEBEAT_CHANNEL=filebeat-oss
 ARG FILEBEAT_VERSION=7.10.2
 ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.2.tar.gz"

indexer-certs-creator/config/entrypoint.sh

@@ -8,8 +8,8 @@
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.4/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.4/
+PACKAGES_URL=https://packages.wazuh.com/4.6/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.6/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
@@ -17,13 +17,13 @@ CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E
 
 ## If cert tool exists in some bucket, download it, if not exit 1
 if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
-  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL
-  echo "Cert tool exists in Packages bucket"
+  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL -s
+  echo "The tool to create the certificates exists in the in Packages bucket"
 elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then
-  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL
-  echo "Cert tool exists in Packages-dev bucket"
+  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL -s
+  echo "The tool to create the certificates exists in Packages-dev bucket"
 else
-  echo "Cert tool does not exist in any bucket"
+  echo "The tool to create the certificates does not exist in any bucket"
   echo "ERROR: certificates were not created"
   exit 1
 fi
@@ -41,9 +41,9 @@ source /$CERT_TOOL -A
 nodes_server=$( cert_parseYaml /config.yml | grep nodes_server__name | sed 's/nodes_server__name=//' )
 node_names=($nodes_server)
 
-echo "Moving created certificates to destination directory"
+echo "Moving created certificates to the destination directory"
 cp /wazuh-certificates/* /certificates/
-echo "changing certificate permissions"
+echo "Changing certificate permissions"
 chmod -R 500 /certificates
 chmod -R 400 /certificates/*
 echo "Setting UID indexer and dashboard"

multi-node/config/wazuh_cluster/wazuh_manager.conf

@@ -108,15 +108,16 @@
       <os>xenial</os>
       <os>bionic</os>
       <os>focal</os>
+      <os>jammy</os>
       <update_interval>1h</update_interval>
     </provider>
 
     <!-- Debian OS vulnerabilities -->
     <provider name="debian">
       <enabled>no</enabled>
-      <os>stretch</os>
       <os>buster</os>
       <os>bullseye</os>
+      <os>bookworm</os>
       <update_interval>1h</update_interval>
     </provider>
 
@@ -127,6 +128,7 @@
       <os>6</os>
       <os>7</os>
       <os>8</os>
+      <os>9</os>
       <update_interval>1h</update_interval>
     </provider>
 
@@ -138,6 +140,18 @@
       <update_interval>1h</update_interval>
     </provider>
 
+    <!-- SUSE Linux Enterprise OS vulnerabilities -->
+    <provider name="suse">
+      <enabled>no</enabled>
+      <os>11-server</os>
+      <os>11-desktop</os>
+      <os>12-server</os>
+      <os>12-desktop</os>
+      <os>15-server</os>
+      <os>15-desktop</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
     <!-- Arch OS vulnerabilities -->
     <provider name="arch">
       <enabled>no</enabled>
@@ -150,10 +164,17 @@
       <update_interval>1h</update_interval>
     </provider>
 
+    <!-- Alma Linux OS vulnerabilities -->
+    <provider name="almalinux">
+      <enabled>no</enabled>
+      <os>8</os>
+      <os>9</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
     <!-- Aggregate vulnerabilities -->
     <provider name="nvd">
       <enabled>yes</enabled>
-      <update_from_year>2010</update_from_year>
       <update_interval>1h</update_interval>
     </provider>
 
@@ -354,4 +375,4 @@
     <location>/var/log/dpkg.log</location>
   </localfile>
 
-</ossec_config>
+</ossec_config>

multi-node/config/wazuh_cluster/wazuh_worker.conf

@@ -108,15 +108,16 @@
       <os>xenial</os>
       <os>bionic</os>
       <os>focal</os>
+      <os>jammy</os>
       <update_interval>1h</update_interval>
     </provider>
 
     <!-- Debian OS vulnerabilities -->
     <provider name="debian">
       <enabled>no</enabled>
-      <os>stretch</os>
       <os>buster</os>
       <os>bullseye</os>
+      <os>bookworm</os>
       <update_interval>1h</update_interval>
     </provider>
 
@@ -127,6 +128,7 @@
       <os>6</os>
       <os>7</os>
       <os>8</os>
+      <os>9</os>
       <update_interval>1h</update_interval>
     </provider>
 
@@ -138,12 +140,32 @@
       <update_interval>1h</update_interval>
     </provider>
 
+    <!-- SUSE Linux Enterprise OS vulnerabilities -->
+    <provider name="suse">
+      <enabled>no</enabled>
+      <os>11-server</os>
+      <os>11-desktop</os>
+      <os>12-server</os>
+      <os>12-desktop</os>
+      <os>15-server</os>
+      <os>15-desktop</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
     <!-- Arch OS vulnerabilities -->
     <provider name="arch">
       <enabled>no</enabled>
       <update_interval>1h</update_interval>
     </provider>
 
+    <!-- Alma Linux OS vulnerabilities -->
+    <provider name="almalinux">
+      <enabled>no</enabled>
+      <os>8</os>
+      <os>9</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
     <!-- Windows OS vulnerabilities -->
     <provider name="msu">
       <enabled>yes</enabled>
@@ -153,7 +175,6 @@
     <!-- Aggregate vulnerabilities -->
     <provider name="nvd">
       <enabled>yes</enabled>
-      <update_from_year>2010</update_from_year>
       <update_interval>1h</update_interval>
     </provider>
 
@@ -354,4 +375,4 @@
     <location>/var/log/dpkg.log</location>
   </localfile>
 
-</ossec_config>
+</ossec_config>

multi-node/docker-compose.yml

@@ -3,9 +3,16 @@ version: '3.7'
 
 services:
   wazuh.master:
-    image: wazuh/wazuh-manager:4.4.3
+    image: wazuh/wazuh-manager:4.6.0
     hostname: wazuh.master
     restart: always
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 655360
+        hard: 655360
     ports:
       - "1515:1515"
       - "514:514/udp"
@@ -38,9 +45,16 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.worker:
-    image: wazuh/wazuh-manager:4.4.3
+    image: wazuh/wazuh-manager:4.6.0
     hostname: wazuh.worker
     restart: always
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 655360
+        hard: 655360
     environment:
       - INDEXER_URL=https://wazuh1.indexer:9200
       - INDEXER_USERNAME=admin
@@ -67,7 +81,7 @@ services:
       - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh1.indexer:
-    image: wazuh/wazuh-indexer:4.4.3
+    image: wazuh/wazuh-indexer:4.6.0
     hostname: wazuh1.indexer
     restart: always
     ports:
@@ -93,7 +107,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh2.indexer:
-    image: wazuh/wazuh-indexer:4.4.3
+    image: wazuh/wazuh-indexer:4.6.0
     hostname: wazuh2.indexer
     restart: always
     environment:
@@ -115,7 +129,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh3.indexer:
-    image: wazuh/wazuh-indexer:4.4.3
+    image: wazuh/wazuh-indexer:4.6.0
     hostname: wazuh3.indexer
     restart: always
     environment:
@@ -137,7 +151,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.4.3
+    image: wazuh/wazuh-dashboard:4.6.0
     hostname: wazuh.dashboard
     restart: always
     ports:

single-node/config/wazuh_cluster/wazuh_manager.conf

@@ -108,15 +108,16 @@
       <os>xenial</os>
       <os>bionic</os>
       <os>focal</os>
+      <os>jammy</os>
       <update_interval>1h</update_interval>
     </provider>
 
     <!-- Debian OS vulnerabilities -->
     <provider name="debian">
       <enabled>no</enabled>
-      <os>stretch</os>
       <os>buster</os>
       <os>bullseye</os>
+      <os>bookworm</os>
       <update_interval>1h</update_interval>
     </provider>
 
@@ -127,6 +128,7 @@
       <os>6</os>
       <os>7</os>
       <os>8</os>
+      <os>9</os>
       <update_interval>1h</update_interval>
     </provider>
 
@@ -138,12 +140,32 @@
       <update_interval>1h</update_interval>
     </provider>
 
+    <!-- SUSE Linux Enterprise OS vulnerabilities -->
+    <provider name="suse">
+      <enabled>no</enabled>
+      <os>11-server</os>
+      <os>11-desktop</os>
+      <os>12-server</os>
+      <os>12-desktop</os>
+      <os>15-server</os>
+      <os>15-desktop</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
     <!-- Arch OS vulnerabilities -->
     <provider name="arch">
       <enabled>no</enabled>
       <update_interval>1h</update_interval>
     </provider>
 
+    <!-- Alma Linux OS vulnerabilities -->
+    <provider name="almalinux">
+      <enabled>no</enabled>
+      <os>8</os>
+      <os>9</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
     <!-- Windows OS vulnerabilities -->
     <provider name="msu">
       <enabled>yes</enabled>
@@ -153,7 +175,6 @@
     <!-- Aggregate vulnerabilities -->
     <provider name="nvd">
       <enabled>yes</enabled>
-      <update_from_year>2010</update_from_year>
       <update_interval>1h</update_interval>
     </provider>
 

single-node/docker-compose.yml

@@ -3,9 +3,16 @@ version: '3.7'
 
 services:
   wazuh.manager:
-    image: wazuh/wazuh-manager:4.4.3
+    image: wazuh/wazuh-manager:4.6.0
     hostname: wazuh.manager
     restart: always
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 655360
+        hard: 655360
     ports:
       - "1514:1514"
       - "1515:1515"
@@ -39,7 +46,7 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.indexer:
-    image: wazuh/wazuh-indexer:4.4.3
+    image: wazuh/wazuh-indexer:4.6.0
     hostname: wazuh.indexer
     restart: always
     ports:
@@ -64,7 +71,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.4.3
+    image: wazuh/wazuh-dashboard:4.6.0
     hostname: wazuh.dashboard
     restart: always
     ports: