Merge pull request #815 from wazuh/bump-4-4-1

Bump `4.4` to `4.4.1`

.env

@@ -1,3 +1,3 @@
-WAZUH_VERSION=4.7.0
-WAZUH_IMAGE_VERSION=4.7.0
+WAZUH_VERSION=4.4.1
+WAZUH_IMAGE_VERSION=4.4.1
 WAZUH_TAG_REVISION=1

.github/.goss.yaml

@@ -56,7 +56,7 @@ package:
   wazuh-manager:
     installed: true
     versions:
-    - 4.7.0-1
+    - 4.4.1-1
 port:
   tcp:1514:
     listening: true

.github/workflows/trivy-dashboard-4-4.yml

@@ -1,71 +0,0 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-name: Trivy scan Wazuh dashboard
-
-on:
-  release:
-    types:
-    - published
-  pull_request:
-    branches:
-      - master
-      - stable
-  schedule:
-    - cron: '34 2 * * 1'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-
-    name: Build images and upload Trivy results
-    runs-on: "ubuntu-latest"
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-        with: { ref: 4.4 }
-
-      - name: Installing dependencies
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y jq
-      - name: Build Wazuh images
-        run: build-docker-images/build-images.sh
-
-      - name: Create enviroment variables
-        run: |
-          cat .env > $GITHUB_ENV
-          echo "GITHUB_REF_NAME="${GITHUB_REF_NAME%/*} >> $GITHUB_ENV
-
-      - name: Run Trivy vulnerability scanner for Wazuh dashboard
-        uses: aquasecurity/trivy-action@2a2157eb22c08c9a1fac99263430307b8d1bc7a2
-        with:
-          image-ref: 'wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}}'
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
-          output: 'trivy-results-dashboard.sarif'
-          severity: 'LOW,MEDIUM,CRITICAL,HIGH'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: 'trivy-results-dashboard.sarif'
-
-      - name: Slack notification
-        uses: rtCamp/action-slack-notify@v2
-        env:
-          SLACK_CHANNEL: cicd-monitoring
-          SLACK_COLOR: ${{ job.status }} # or a specific color like 'good' or '#ff00ff'
-          #SLACK_ICON: https://github.com/rtCamp.png?size=48
-          SLACK_MESSAGE: "Check the results: https://github.com/wazuh/wazuh-docker/security/code-scanning?query=is%3Aopen+branch%3A${{ env.GITHUB_REF_NAME }}"
-          SLACK_TITLE: Wazuh docker Trivy vulnerability scan finished.
-          SLACK_USERNAME: github_actions
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

.github/workflows/trivy-indexer-4-4.yml

@@ -1,71 +0,0 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-name: Trivy scan Wazuh indexer
-
-on:
-  release:
-    types:
-    - published
-  pull_request:
-    branches:
-      - master
-      - stable
-  schedule:
-    - cron: '34 2 * * 1'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-
-    name: Build images and upload Trivy results
-    runs-on: "ubuntu-latest"
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-        with: { ref: 4.4 }
-
-      - name: Installing dependencies
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y jq
-      - name: Build Wazuh images
-        run: build-docker-images/build-images.sh
-
-      - name: Create enviroment variables
-        run: |
-          cat .env > $GITHUB_ENV
-          echo "GITHUB_REF_NAME="${GITHUB_REF_NAME%/*} >> $GITHUB_ENV
-
-      - name: Run Trivy vulnerability scanner for Wazuh indexer
-        uses: aquasecurity/trivy-action@2a2157eb22c08c9a1fac99263430307b8d1bc7a2
-        with:
-          image-ref: 'wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}}'
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
-          output: 'trivy-results-indexer.sarif'
-          severity: 'LOW,MEDIUM,CRITICAL,HIGH'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: 'trivy-results-indexer.sarif'
-
-      - name: Slack notification
-        uses: rtCamp/action-slack-notify@v2
-        env:
-          SLACK_CHANNEL: cicd-monitoring
-          SLACK_COLOR: ${{ job.status }} # or a specific color like 'good' or '#ff00ff'
-          #SLACK_ICON: https://github.com/rtCamp.png?size=48
-          SLACK_MESSAGE: "Check the results: https://github.com/wazuh/wazuh-docker/security/code-scanning?query=is%3Aopen+branch%3A${{ env.GITHUB_REF_NAME }}"
-          SLACK_TITLE: Wazuh docker Trivy vulnerability scan finished.
-          SLACK_USERNAME: github_actions
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

.github/workflows/trivy-manager-4-4.yml

@@ -1,71 +0,0 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-name: Trivy scan Wazuh manager
-
-on:
-  release:
-    types:
-    - published
-  pull_request:
-    branches:
-      - master
-      - stable
-  schedule:
-    - cron: '34 2 * * 1'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-
-    name: Build images and upload Trivy results
-    runs-on: "ubuntu-latest"
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-        with: { ref: 4.4 }
-
-      - name: Installing dependencies
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y jq
-      - name: Build Wazuh images
-        run: build-docker-images/build-images.sh
-
-      - name: Create enviroment variables
-        run: |
-          cat .env > $GITHUB_ENV
-          echo "GITHUB_REF_NAME="${GITHUB_REF_NAME%/*} >> $GITHUB_ENV
-
-      - name: Run Trivy vulnerability scanner for Wazuh manager
-        uses: aquasecurity/trivy-action@2a2157eb22c08c9a1fac99263430307b8d1bc7a2
-        with:
-          image-ref: 'wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}}'
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
-          output: 'trivy-results-manager.sarif'
-          severity: 'LOW,MEDIUM,CRITICAL,HIGH'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: 'trivy-results-manager.sarif'
-
-      - name: Slack notification
-        uses: rtCamp/action-slack-notify@v2
-        env:
-          SLACK_CHANNEL: cicd-monitoring
-          SLACK_COLOR: ${{ job.status }} # or a specific color like 'good' or '#ff00ff'
-          #SLACK_ICON: https://github.com/rtCamp.png?size=48
-          SLACK_MESSAGE: "Check the results: https://github.com/wazuh/wazuh-docker/security/code-scanning?query=is%3Aopen+branch%3A${{ env.GITHUB_REF_NAME }}"
-          SLACK_TITLE: Wazuh docker Trivy vulnerability scan finished.
-          SLACK_USERNAME: github_actions
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

CHANGELOG.md

@@ -1,61 +1,6 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
-## Wazuh Docker v4.7.0
-### Added
-
-- Update Wazuh to version [4.7.0](https://github.com/wazuh/wazuh/blob/v4.7.0/CHANGELOG.md#v470)
-
-## Wazuh Docker v4.6.0
-### Added
-
-- Update Wazuh to version [4.6.0](https://github.com/wazuh/wazuh/blob/v4.6.0/CHANGELOG.md#v460)
-
-## Wazuh Docker v4.5.4
-### Added
-
-- Update Wazuh to version [4.5.4](https://github.com/wazuh/wazuh/blob/v4.5.4/CHANGELOG.md#v454)
-
-## Wazuh Docker v4.5.3
-### Added
-
-- Update Wazuh to version [4.5.3](https://github.com/wazuh/wazuh/blob/v4.5.3/CHANGELOG.md#v453)
-
-## Wazuh Docker v4.5.2
-### Added
-
-- Update Wazuh to version [4.5.2](https://github.com/wazuh/wazuh/blob/v4.5.2/CHANGELOG.md#v452)
-
-## Wazuh Docker v4.5.1
-### Added
-
-- Update Wazuh to version [4.5.1](https://github.com/wazuh/wazuh/blob/v4.5.1/CHANGELOG.md#v451)
-
-## Wazuh Docker v4.5.0
-### Added
-
-- Update Wazuh to version [4.5.0](https://github.com/wazuh/wazuh/blob/v4.5.0/CHANGELOG.md#v450)
-
-## Wazuh Docker v4.4.5
-### Added
-
-- Update Wazuh to version [4.4.5](https://github.com/wazuh/wazuh/blob/v4.4.5/CHANGELOG.md#v445)
-
-## Wazuh Docker v4.4.4
-### Added
-
-- Update Wazuh to version [4.4.4](https://github.com/wazuh/wazuh/blob/v4.4.4/CHANGELOG.md#v444)
-
-## Wazuh Docker v4.4.3
-### Added
-
-- Update Wazuh to version [4.4.3](https://github.com/wazuh/wazuh/blob/v4.4.3/CHANGELOG.md#v443)
-
-## Wazuh Docker v4.4.2
-### Added
-
-- Update Wazuh to version [4.4.2](https://github.com/wazuh/wazuh/blob/v4.4.2/CHANGELOG.md#v442)
-
 ## Wazuh Docker v4.4.1
 ### Added
 
@@ -66,11 +11,6 @@ All notable changes to this project will be documented in this file.
 
 - Update Wazuh to version [4.4.0](https://github.com/wazuh/wazuh/blob/v4.4.0/CHANGELOG.md#v440)
 
-## Wazuh Docker v4.3.11
-### Added
-
-- Update Wazuh to version [4.3.11](https://github.com/wazuh/wazuh/blob/v4.3.11/CHANGELOG.md#v4311)
-
 ## Wazuh Docker v4.3.10
 ### Added
 

README.md

@@ -195,20 +195,8 @@ WAZUH_MONITORING_REPLICAS=0         ##
 
 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
-| v4.7.0        |         |        |
-| v4.6.0        |         |        |
-| v4.5.4        |         |        |
-| v4.5.3        |         |        |
-| v4.5.2        |         |        |
-| v4.5.1        |         |        |
-| v4.5.0        |         |        |
-| v4.4.5        |         |        |
-| v4.4.4        |         |        |
-| v4.4.3        |         |        |
-| v4.4.2        |         |        |
 | v4.4.1        |         |        |
 | v4.4.0        |         |        |
-| v4.3.11       |         |        |
 | v4.3.10       |         |        |
 | v4.3.9        |         |        |
 | v4.3.8        |         |        |

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.7.0"
-REVISION="40704"
+WAZUH-DOCKER_VERSION="4.4.1"
+REVISION="40406"

build-docker-images/README.md

@@ -9,24 +9,3 @@ $ build-docker-images/build-images.sh
 ```
 
 This script initializes the environment variables needed to build each of the images.
-
-The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
-
-```
-$ build-docker-images/build-images.sh -v 4.5.2
-```
-
-To get all the available script options use the -h or --help option:
-
-```
-$ build-docker-images/build-images.sh -h
-
-Usage: build-docker-images/build-images.sh [OPTIONS]
-
-    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
-    -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default 0.3.
-    -r, --revision <rev>         [Optional] Package revision. By default 1
-    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 4.7.0.
-    -h, --help                   Show this help.
-
-```

build-docker-images/build-images.sh

@@ -1,144 +1,17 @@
-WAZUH_IMAGE_VERSION=4.7.0
+WAZUH_IMAGE_VERSION=4.4.1
 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
 WAZUH_TAG_REVISION=1
 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
+
+## If wazuh manager exists in apt dev repository, change variables, if not, exit 1
+if [ "$WAZUH_VERSION" -le "$WAZUH_CURRENT_VERSION" ]; then
   IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
-
-# Wazuh package generator
-# Copyright (C) 2023, Wazuh Inc.
-#
-# This program is a free software; you can redistribute it
-# and/or modify it under the terms of the GNU General Public
-# License (version 2) as published by the FSF - Free Software
-# Foundation.
-
-WAZUH_IMAGE_VERSION="4.7.0"
-WAZUH_TAG_REVISION="1"
-WAZUH_DEV_STAGE=""
-FILEBEAT_MODULE_VERSION="0.3"
-
-# -----------------------------------------------------------------------------
-
-trap ctrl_c INT
-
-clean() {
-    exit_code=$1
-
-    exit ${exit_code}
-}
-
-ctrl_c() {
-    clean 1
-}
-
-# -----------------------------------------------------------------------------
-
-
-build() {
-
-    WAZUH_VERSION="$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')"
-    FILEBEAT_TEMPLATE_BRANCH="${WAZUH_IMAGE_VERSION}"
-    WAZUH_FILEBEAT_MODULE="wazuh-filebeat-${FILEBEAT_MODULE_VERSION}.tar.gz"
-    WAZUH_UI_REVISION="${WAZUH_TAG_REVISION}"
-
-    if  [ "${WAZUH_DEV_STAGE}" ];then
-        FILEBEAT_TEMPLATE_BRANCH="v${FILEBEAT_TEMPLATE_BRANCH}-${WAZUH_DEV_STAGE,,}"
-        if ! curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/${FILEBEAT_TEMPLATE_BRANCH}"; then
-            echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}"
-            clean 1
-        fi
 else
-        if curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/v${FILEBEAT_TEMPLATE_BRANCH}"; then
-            FILEBEAT_TEMPLATE_BRANCH="v${FILEBEAT_TEMPLATE_BRANCH}"
-        elif curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/${FILEBEAT_TEMPLATE_BRANCH}"; then
-            FILEBEAT_TEMPLATE_BRANCH="${FILEBEAT_TEMPLATE_BRANCH}"
-        else
-            WAZUH_MASTER_VERSION="$(curl -s https://raw.githubusercontent.com/wazuh/wazuh/master/src/VERSION | sed -e 's/v//g')"
-            if [ "${FILEBEAT_TEMPLATE_BRANCH}" == "${WAZUH_MASTER_VERSION}" ]; then
-                FILEBEAT_TEMPLATE_BRANCH="master"
-            else
-                echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}"
-                clean 1
-            fi
-        fi
+  IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
 fi
 
 echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > .env
-    echo WAZUH_IMAGE_VERSION=$WAZUH_IMAGE_VERSION >> .env
+echo WAZUH_IMAGE_VERSION=$IMAGE_VERSION >> .env
 echo WAZUH_TAG_REVISION=$WAZUH_TAG_REVISION >> .env
-    echo FILEBEAT_TEMPLATE_BRANCH=$FILEBEAT_TEMPLATE_BRANCH >> .env
-    echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> .env
-    echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env
 
 docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache
-
-    return 0
-}
-
-# -----------------------------------------------------------------------------
-
-help() {
-    echo
-    echo "Usage: $0 [OPTIONS]"
-    echo
-    echo "    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default."
-    echo "    -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default ${FILEBEAT_MODULE_VERSION}."
-    echo "    -r, --revision <rev>         [Optional] Package revision. By default ${WAZUH_TAG_REVISION}"
-    echo "    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, ${WAZUH_IMAGE_VERSION}."
-    echo "    -h, --help                   Show this help."
-    echo
-    exit $1
-}
-
-# -----------------------------------------------------------------------------
-
-main() {
-    while [ -n "${1}" ]
-    do
-        case "${1}" in
-        "-h"|"--help")
-            help 0
-            ;;
-        "-d"|"--dev")
-            if [ -n "${2}" ]; then
-                WAZUH_DEV_STAGE="${2}"
-                shift 2
-            else
-                help 1
-            fi
-            ;;
-        "-f"|"--filebeat-module")
-            if [ -n "${2}" ]; then
-                FILEBEAT_MODULE_VERSION="${2}"
-                shift 2
-            else
-                help 1
-            fi
-            ;;
-        "-r"|"--revision")
-            if [ -n "${2}" ]; then
-                WAZUH_TAG_REVISION="${2}"
-                shift 2
-            else
-                help 1
-            fi
-            ;;
-        "-v"|"--version")
-            if [ -n "$2" ]; then
-                WAZUH_IMAGE_VERSION="$2"
-                shift 2
-            else
-                help 1
-            fi
-            ;;
-        *)
-            help 1
-        esac
-    done
-
-    build || clean 1
-
-    clean 0
-}
-
-main "$@"

build-docker-images/build-images.yml

@@ -8,8 +8,6 @@ services:
       args:
         WAZUH_VERSION: ${WAZUH_VERSION}
         WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
-        FILEBEAT_TEMPLATE_BRANCH: ${FILEBEAT_TEMPLATE_BRANCH}
-        WAZUH_FILEBEAT_MODULE: ${WAZUH_FILEBEAT_MODULE}
     image: wazuh/wazuh-manager:${WAZUH_IMAGE_VERSION}
     hostname: wazuh.manager
     restart: always
@@ -63,7 +61,6 @@ services:
       args:
         WAZUH_VERSION: ${WAZUH_VERSION}
         WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
-        WAZUH_UI_REVISION: ${WAZUH_UI_REVISION}
     image: wazuh/wazuh-dashboard:${WAZUH_IMAGE_VERSION}
     hostname: wazuh.dashboard
     restart: always

build-docker-images/wazuh-dashboard/Dockerfile

@@ -4,7 +4,7 @@ FROM ubuntu:focal AS builder
 ARG WAZUH_VERSION
 ARG WAZUH_TAG_REVISION
 ARG INSTALL_DIR=/usr/share/wazuh-dashboard
-ARG WAZUH_UI_REVISION
+ARG WAZUH_UI_REVISION=1
 
 # Update and install dependencies
 RUN apt-get update && apt install curl libcap2-bin xz-utils -y
@@ -66,8 +66,6 @@ ENV PATTERN="" \
     EXTENSIONS_CISCAT="" \
     EXTENSIONS_AWS="" \
     EXTENSIONS_GCP="" \
-    EXTENSIONS_GITHUB=""\
-    EXTENSIONS_OFFICE=""\
     EXTENSIONS_VIRUSTOTAL="" \
     EXTENSIONS_OSQUERY="" \
     EXTENSIONS_DOCKER="" \
@@ -80,6 +78,9 @@ ENV PATTERN="" \
     WAZUH_MONITORING_SHARDS="" \
     WAZUH_MONITORING_REPLICAS=""
 
+# Install dependencies
+RUN apt update && apt install -y libnss3-dev fonts-liberation libfontconfig1
+
 # Create wazuh-dashboard user and group
 RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
 RUN useradd --system \
@@ -101,10 +102,6 @@ RUN chown 1000:1000 /*.sh
 # Copy Install dir from builder to current image
 COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
 
-# Create custom directory
-RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
-RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
-
 # Set workdir and user
 WORKDIR $INSTALL_DIR
 USER wazuh-dashboard

build-docker-images/wazuh-dashboard/config/config.sh

@@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config
 
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.7/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.7/
+PACKAGES_URL=https://packages.wazuh.com/4.4/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.4/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

build-docker-images/wazuh-dashboard/config/wazuh.yml

@@ -16,7 +16,7 @@
 # https://documentation.wazuh.com/current/installation-guide/index.html
 #
 # Also, you can check our repository:
-# https://github.com/wazuh/wazuh-dashboard-plugins
+# https://github.com/wazuh/wazuh-kibana-app
 #
 # ------------------------------- Index patterns -------------------------------
 #

build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh

@@ -25,8 +25,6 @@ declare -A CONFIG_MAP=(
   [extensions.ciscat]=$EXTENSIONS_CISCAT
   [extensions.aws]=$EXTENSIONS_AWS
   [extensions.gcp]=$EXTENSIONS_GCP
-  [extensions.github]=$EXTENSIONS_GITHUB
-  [extensions.office]=$EXTENSIONS_OFFICE
   [extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL
   [extensions.osquery]=$EXTENSIONS_OSQUERY
   [extensions.docker]=$EXTENSIONS_DOCKER

build-docker-images/wazuh-indexer/config/config.sh

@@ -53,8 +53,8 @@ tar -xf ${INDEXER_FILE}
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.7/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.7/
+PACKAGES_URL=https://packages.wazuh.com/4.4/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.4/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
@@ -133,14 +133,6 @@ cp -pr /wazuh-certificates/admin-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin-
 # Delete xms and xmx parameters in jvm.options
 sed '/-Xms/d' -i ${TARGET_DIR}${CONFIG_DIR}/jvm.options
 sed '/-Xmx/d' -i ${TARGET_DIR}${CONFIG_DIR}/jvm.options
-sed -i 's/-Djava.security.policy=file:\/\/\/etc\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/-Djava.security.policy=file:\/\/\/usr\/share\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/g' ${TARGET_DIR}${CONFIG_DIR}/jvm.options
-
 
 chmod -R 500 ${TARGET_DIR}${CONFIG_DIR}/certs
 chmod -R 400 ${TARGET_DIR}${CONFIG_DIR}/certs/*
-
-find ${TARGET_DIR} -type d -exec chmod 750 {} \;
-find ${TARGET_DIR} -type f -perm 644 -exec chmod 640 {} \;
-find ${TARGET_DIR} -type f -perm 664 -exec chmod 660 {} \;
-find ${TARGET_DIR} -type f -perm 755 -exec chmod 750 {} \;
-find ${TARGET_DIR} -type f -perm 744 -exec chmod 740 {} \;

build-docker-images/wazuh-manager/Dockerfile

@@ -5,10 +5,10 @@ RUN rm /bin/sh && ln -s /bin/bash /bin/sh
 
 ARG WAZUH_VERSION
 ARG WAZUH_TAG_REVISION
-ARG FILEBEAT_TEMPLATE_BRANCH
+ARG TEMPLATE_VERSION=4.4
 ARG FILEBEAT_CHANNEL=filebeat-oss
 ARG FILEBEAT_VERSION=7.10.2
-ARG WAZUH_FILEBEAT_MODULE
+ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.2.tar.gz"
 
 RUN apt-get update && apt install curl apt-transport-https lsb-release gnupg -y
 
@@ -24,6 +24,8 @@ RUN curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_
     dpkg -i ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && \
     curl -s https://packages.wazuh.com/4.x/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module
 
+RUN curl -L https://github.com/aelsabbahy/goss/releases/latest/download/goss-linux-amd64 -o /usr/local/bin/goss && chmod +rx /usr/local/bin/goss
+
 ARG S6_VERSION="v2.2.0.3"
 RUN curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
     -o /tmp/s6-overlay-amd64.tar.gz && \
@@ -38,7 +40,7 @@ COPY config/filebeat.yml /etc/filebeat/
 
 RUN chmod go-w /etc/filebeat/filebeat.yml
 
-ADD https://raw.githubusercontent.com/wazuh/wazuh/$FILEBEAT_TEMPLATE_BRANCH/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
+ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
 RUN chmod go-w /etc/filebeat/wazuh-template.json
 
 # Prepare permanent data

build-docker-images/wazuh-manager/config/create_user.py

@@ -13,7 +13,7 @@ SPECIAL_CHARS = "@$!%*?&-_"
 
 
 try:
-    from wazuh.rbac.orm import check_database_integrity
+    from wazuh.rbac.orm import create_rbac_db
     from wazuh.security import (
         create_user,
         get_users,
@@ -69,7 +69,7 @@ if __name__ == "__main__":
     username, password = read_user_file()
 
     # create RBAC database
-    check_database_integrity()
+    create_rbac_db()
 
     initial_users = db_users()
     if username not in initial_users:

build-docker-images/wazuh-manager/config/permanent_data.env

@@ -21,8 +21,6 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"

indexer-certs-creator/config/entrypoint.sh

@@ -8,8 +8,8 @@
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.7/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.7/
+PACKAGES_URL=https://packages.wazuh.com/4.4/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.4/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
@@ -17,13 +17,13 @@ CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E
 
 ## If cert tool exists in some bucket, download it, if not exit 1
 if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
-  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL -s
-  echo "The tool to create the certificates exists in the in Packages bucket"
+  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL
+  echo "Cert tool exists in Packages bucket"
 elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then
-  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL -s
-  echo "The tool to create the certificates exists in Packages-dev bucket"
+  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL
+  echo "Cert tool exists in Packages-dev bucket"
 else
-  echo "The tool to create the certificates does not exist in any bucket"
+  echo "Cert tool does not exist in any bucket"
   echo "ERROR: certificates were not created"
   exit 1
 fi
@@ -41,9 +41,9 @@ source /$CERT_TOOL -A
 nodes_server=$( cert_parseYaml /config.yml | grep nodes_server__name | sed 's/nodes_server__name=//' )
 node_names=($nodes_server)
 
-echo "Moving created certificates to the destination directory"
+echo "Moving created certificates to destination directory"
 cp /wazuh-certificates/* /certificates/
-echo "Changing certificate permissions"
+echo "changing certificate permissions"
 chmod -R 500 /certificates
 chmod -R 400 /certificates/*
 echo "Setting UID indexer and dashboard"

multi-node/config/wazuh_cluster/wazuh_manager.conf

@@ -108,16 +108,15 @@
       <os>xenial</os>
       <os>bionic</os>
       <os>focal</os>
-      <os>jammy</os>
       <update_interval>1h</update_interval>
     </provider>
 
     <!-- Debian OS vulnerabilities -->
     <provider name="debian">
       <enabled>no</enabled>
+      <os>stretch</os>
       <os>buster</os>
       <os>bullseye</os>
-      <os>bookworm</os>
       <update_interval>1h</update_interval>
     </provider>
 
@@ -128,7 +127,6 @@
       <os>6</os>
       <os>7</os>
       <os>8</os>
-      <os>9</os>
       <update_interval>1h</update_interval>
     </provider>
 
@@ -137,19 +135,6 @@
       <enabled>no</enabled>
       <os>amazon-linux</os>
       <os>amazon-linux-2</os>
-      <os>amazon-linux-2023</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- SUSE Linux Enterprise OS vulnerabilities -->
-    <provider name="suse">
-      <enabled>no</enabled>
-      <os>11-server</os>
-      <os>11-desktop</os>
-      <os>12-server</os>
-      <os>12-desktop</os>
-      <os>15-server</os>
-      <os>15-desktop</os>
       <update_interval>1h</update_interval>
     </provider>
 
@@ -165,17 +150,10 @@
       <update_interval>1h</update_interval>
     </provider>
 
-    <!-- Alma Linux OS vulnerabilities -->
-    <provider name="almalinux">
-      <enabled>no</enabled>
-      <os>8</os>
-      <os>9</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
     <!-- Aggregate vulnerabilities -->
     <provider name="nvd">
       <enabled>yes</enabled>
+      <update_from_year>2010</update_from_year>
       <update_interval>1h</update_interval>
     </provider>
 

multi-node/config/wazuh_cluster/wazuh_worker.conf

@@ -108,16 +108,15 @@
       <os>xenial</os>
       <os>bionic</os>
       <os>focal</os>
-      <os>jammy</os>
       <update_interval>1h</update_interval>
     </provider>
 
     <!-- Debian OS vulnerabilities -->
     <provider name="debian">
       <enabled>no</enabled>
+      <os>stretch</os>
       <os>buster</os>
       <os>bullseye</os>
-      <os>bookworm</os>
       <update_interval>1h</update_interval>
     </provider>
 
@@ -128,7 +127,6 @@
       <os>6</os>
       <os>7</os>
       <os>8</os>
-      <os>9</os>
       <update_interval>1h</update_interval>
     </provider>
 
@@ -137,19 +135,6 @@
       <enabled>no</enabled>
       <os>amazon-linux</os>
       <os>amazon-linux-2</os>
-      <os>amazon-linux-2023</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- SUSE Linux Enterprise OS vulnerabilities -->
-    <provider name="suse">
-      <enabled>no</enabled>
-      <os>11-server</os>
-      <os>11-desktop</os>
-      <os>12-server</os>
-      <os>12-desktop</os>
-      <os>15-server</os>
-      <os>15-desktop</os>
       <update_interval>1h</update_interval>
     </provider>
 
@@ -159,14 +144,6 @@
       <update_interval>1h</update_interval>
     </provider>
 
-    <!-- Alma Linux OS vulnerabilities -->
-    <provider name="almalinux">
-      <enabled>no</enabled>
-      <os>8</os>
-      <os>9</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
     <!-- Windows OS vulnerabilities -->
     <provider name="msu">
       <enabled>yes</enabled>
@@ -176,6 +153,7 @@
     <!-- Aggregate vulnerabilities -->
     <provider name="nvd">
       <enabled>yes</enabled>
+      <update_from_year>2010</update_from_year>
       <update_interval>1h</update_interval>
     </provider>
 

multi-node/docker-compose.yml

@@ -3,16 +3,9 @@ version: '3.7'
 
 services:
   wazuh.master:
-    image: wazuh/wazuh-manager:4.7.0
+    image: wazuh/wazuh-manager:4.4.1
     hostname: wazuh.master
     restart: always
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 655360
-        hard: 655360
     ports:
       - "1515:1515"
       - "514:514/udp"
@@ -45,16 +38,9 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.worker:
-    image: wazuh/wazuh-manager:4.7.0
+    image: wazuh/wazuh-manager:4.4.1
     hostname: wazuh.worker
     restart: always
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 655360
-        hard: 655360
     environment:
       - INDEXER_URL=https://wazuh1.indexer:9200
       - INDEXER_USERNAME=admin
@@ -81,7 +67,7 @@ services:
       - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh1.indexer:
-    image: wazuh/wazuh-indexer:4.7.0
+    image: wazuh/wazuh-indexer:4.4.1
     hostname: wazuh1.indexer
     restart: always
     ports:
@@ -107,7 +93,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh2.indexer:
-    image: wazuh/wazuh-indexer:4.7.0
+    image: wazuh/wazuh-indexer:4.4.1
     hostname: wazuh2.indexer
     restart: always
     environment:
@@ -129,7 +115,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh3.indexer:
-    image: wazuh/wazuh-indexer:4.7.0
+    image: wazuh/wazuh-indexer:4.4.1
     hostname: wazuh3.indexer
     restart: always
     environment:
@@ -151,7 +137,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.7.0
+    image: wazuh/wazuh-dashboard:4.4.1
     hostname: wazuh.dashboard
     restart: always
     ports:
@@ -161,16 +147,12 @@ services:
       - WAZUH_API_URL="https://wazuh.master"
       - API_USERNAME=wazuh-wui
       - API_PASSWORD=MyS3cr37P450r.*-
-      - DASHBOARD_USERNAME=kibanaserver
-      - DASHBOARD_PASSWORD=kibanaserver
     volumes:
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
       - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
       - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
-      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
-      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
     depends_on:
       - wazuh1.indexer
     links:
@@ -220,5 +202,3 @@ volumes:
   wazuh-indexer-data-1:
   wazuh-indexer-data-2:
   wazuh-indexer-data-3:
-  wazuh-dashboard-config:
-  wazuh-dashboard-custom:

single-node/config/wazuh_cluster/wazuh_manager.conf

@@ -108,16 +108,15 @@
       <os>xenial</os>
       <os>bionic</os>
       <os>focal</os>
-      <os>jammy</os>
       <update_interval>1h</update_interval>
     </provider>
 
     <!-- Debian OS vulnerabilities -->
     <provider name="debian">
       <enabled>no</enabled>
+      <os>stretch</os>
       <os>buster</os>
       <os>bullseye</os>
-      <os>bookworm</os>
       <update_interval>1h</update_interval>
     </provider>
 
@@ -128,7 +127,6 @@
       <os>6</os>
       <os>7</os>
       <os>8</os>
-      <os>9</os>
       <update_interval>1h</update_interval>
     </provider>
 
@@ -137,19 +135,6 @@
       <enabled>no</enabled>
       <os>amazon-linux</os>
       <os>amazon-linux-2</os>
-      <os>amazon-linux-2023</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- SUSE Linux Enterprise OS vulnerabilities -->
-    <provider name="suse">
-      <enabled>no</enabled>
-      <os>11-server</os>
-      <os>11-desktop</os>
-      <os>12-server</os>
-      <os>12-desktop</os>
-      <os>15-server</os>
-      <os>15-desktop</os>
       <update_interval>1h</update_interval>
     </provider>
 
@@ -159,14 +144,6 @@
       <update_interval>1h</update_interval>
     </provider>
 
-    <!-- Alma Linux OS vulnerabilities -->
-    <provider name="almalinux">
-      <enabled>no</enabled>
-      <os>8</os>
-      <os>9</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
     <!-- Windows OS vulnerabilities -->
     <provider name="msu">
       <enabled>yes</enabled>
@@ -176,6 +153,7 @@
     <!-- Aggregate vulnerabilities -->
     <provider name="nvd">
       <enabled>yes</enabled>
+      <update_from_year>2010</update_from_year>
       <update_interval>1h</update_interval>
     </provider>
 

single-node/docker-compose.yml

@@ -3,16 +3,9 @@ version: '3.7'
 
 services:
   wazuh.manager:
-    image: wazuh/wazuh-manager:4.7.0
+    image: wazuh/wazuh-manager:4.4.1
     hostname: wazuh.manager
     restart: always
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 655360
-        hard: 655360
     ports:
       - "1514:1514"
       - "1515:1515"
@@ -46,7 +39,7 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.indexer:
-    image: wazuh/wazuh-indexer:4.7.0
+    image: wazuh/wazuh-indexer:4.4.1
     hostname: wazuh.indexer
     restart: always
     ports:
@@ -71,7 +64,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.7.0
+    image: wazuh/wazuh-dashboard:4.4.1
     hostname: wazuh.dashboard
     restart: always
     ports:
@@ -80,8 +73,6 @@ services:
       - INDEXER_USERNAME=admin
       - INDEXER_PASSWORD=SecretPassword
       - WAZUH_API_URL=https://wazuh.manager
-      - DASHBOARD_USERNAME=kibanaserver
-      - DASHBOARD_PASSWORD=kibanaserver
       - API_USERNAME=wazuh-wui
       - API_PASSWORD=MyS3cr37P450r.*-
     volumes:
@@ -90,8 +81,6 @@ services:
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
       - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
       - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
-      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
-      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
     depends_on:
       - wazuh.indexer
     links:
@@ -111,5 +100,3 @@ volumes:
   filebeat_etc:
   filebeat_var:
   wazuh-indexer-data:
-  wazuh-dashboard-config:
-  wazuh-dashboard-custom: