Merge pull request #1747 from wazuh/enhancement/1745-revert-image-tag

Revert docker image for 4.11.1-rc2

.env

@@ -1,6 +1,6 @@
-WAZUH_VERSION=4.9.0
-WAZUH_IMAGE_VERSION=4.9.0
+WAZUH_VERSION=4.11.1
+WAZUH_IMAGE_VERSION=4.11.1
 WAZUH_TAG_REVISION=1
-FILEBEAT_TEMPLATE_BRANCH=4.9.0
+FILEBEAT_TEMPLATE_BRANCH=4.11.1
 WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz
 WAZUH_UI_REVISION=1

.github/.goss.yaml

@@ -56,7 +56,7 @@ package:
   wazuh-manager:
     installed: true
     versions:
-    - 4.9.0
+    - 4.11.1
 port:
   tcp:1514:
     listening: true

.github/free-disk-space/action.yml

@@ -0,0 +1,245 @@
+name: "Free Disk Space (Ubuntu)"
+description: "A configurable GitHub Action to free up disk space on an Ubuntu GitHub Actions runner."
+
+# Thanks @jlumbroso for the action code https://github.com/jlumbroso/free-disk-space/
+# See: https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#branding
+
+inputs:
+  android:
+    description: "Remove Android runtime"
+    required: false
+    default: "true"
+  dotnet:
+    description: "Remove .NET runtime"
+    required: false
+    default: "true"
+  haskell:
+    description: "Remove Haskell runtime"
+    required: false
+    default: "true"
+
+  # option inspired by:
+  # https://github.com/apache/flink/blob/master/tools/azure-pipelines/free_disk_space.sh
+  large-packages:
+    description: "Remove large packages"
+    required: false
+    default: "true"
+
+  docker-images:
+    description: "Remove Docker images"
+    required: false
+    default: "true"
+
+  # option inspired by:
+  # https://github.com/actions/virtual-environments/issues/2875#issuecomment-1163392159
+  tool-cache:
+    description: "Remove image tool cache"
+    required: false
+    default: "false"
+
+  swap-storage:
+    description: "Remove swap storage"
+    required: false
+    default: "true"
+
+runs:
+  using: "composite"
+  steps:
+    - shell: bash
+      run: |
+
+        # ======
+        # MACROS
+        # ======
+
+        # macro to print a line of equals
+        # (silly but works)
+        printSeparationLine() {
+          str=${1:=}
+          num=${2:-80}
+          counter=1
+          output=""
+          while [ $counter -le $num ]
+          do
+             output="${output}${str}"
+             counter=$((counter+1))
+          done
+          echo "${output}"
+        }
+
+        # macro to compute available space
+        # REF: https://unix.stackexchange.com/a/42049/60849
+        # REF: https://stackoverflow.com/a/450821/408734
+        getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); }
+
+        # macro to make Kb human readable (assume the input is Kb)
+        # REF: https://unix.stackexchange.com/a/44087/60849
+        formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); }
+
+        # macro to output saved space
+        printSavedSpace() {
+          saved=${1}
+          title=${2:-}
+
+          echo ""
+          printSeparationLine '*' 80
+          if [ ! -z "${title}" ]; then
+            echo "=> ${title}: Saved $(formatByteCount $saved)"
+          else
+            echo "=> Saved $(formatByteCount $saved)"
+          fi
+          printSeparationLine '*' 80
+          echo ""
+        }
+
+        # macro to print output of dh with caption
+        printDH() {
+          caption=${1:-}
+
+          printSeparationLine '=' 80
+          echo "${caption}"
+          echo ""
+          echo "$ dh -h /"
+          echo ""
+          df -h /
+          echo "$ dh -a /"
+          echo ""
+          df -a /
+          echo "$ dh -a"
+          echo ""
+          df -a
+          printSeparationLine '=' 80
+        }
+
+
+
+        # ======
+        # SCRIPT
+        # ======
+
+        # Display initial disk space stats
+
+        AVAILABLE_INITIAL=$(getAvailableSpace)
+        AVAILABLE_ROOT_INITIAL=$(getAvailableSpace '/')
+
+        printDH "BEFORE CLEAN-UP:"
+        echo ""
+
+
+        # Option: Remove Android library
+
+        if [[ ${{ inputs.android }} == 'true' ]]; then
+          BEFORE=$(getAvailableSpace)
+          
+          sudo rm -rf /usr/local/lib/android || true
+
+          AFTER=$(getAvailableSpace)
+          SAVED=$((AFTER-BEFORE))
+          printSavedSpace $SAVED "Android library"
+        fi
+
+        # Option: Remove .NET runtime
+
+        if [[ ${{ inputs.dotnet }} == 'true' ]]; then
+          BEFORE=$(getAvailableSpace)
+
+          # https://github.community/t/bigger-github-hosted-runners-disk-space/17267/11
+          sudo rm -rf /usr/share/dotnet || true
+          
+          AFTER=$(getAvailableSpace)
+          SAVED=$((AFTER-BEFORE))
+          printSavedSpace $SAVED ".NET runtime"
+        fi
+
+        # Option: Remove Haskell runtime
+
+        if [[ ${{ inputs.haskell }} == 'true' ]]; then
+          BEFORE=$(getAvailableSpace)
+
+          sudo rm -rf /opt/ghc || true
+          sudo rm -rf /usr/local/.ghcup || true
+          
+          AFTER=$(getAvailableSpace)
+          SAVED=$((AFTER-BEFORE))
+          printSavedSpace $SAVED "Haskell runtime"
+        fi
+
+        # Option: Remove large packages
+        # REF: https://github.com/apache/flink/blob/master/tools/azure-pipelines/free_disk_space.sh
+
+        if [[ ${{ inputs.large-packages }} == 'true' ]]; then
+          BEFORE=$(getAvailableSpace)
+          
+          sudo apt-get remove -y '^aspnetcore-.*' || echo "::warning::The command [sudo apt-get remove -y '^aspnetcore-.*'] failed to complete successfully. Proceeding..."
+          sudo apt-get remove -y '^dotnet-.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y '^dotnet-.*' --fix-missing] failed to complete successfully. Proceeding..."
+          sudo apt-get remove -y '^llvm-.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y '^llvm-.*' --fix-missing] failed to complete successfully. Proceeding..."
+          sudo apt-get remove -y 'php.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y 'php.*' --fix-missing] failed to complete successfully. Proceeding..."
+          sudo apt-get remove -y '^mongodb-.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y '^mongodb-.*' --fix-missing] failed to complete successfully. Proceeding..."
+          sudo apt-get remove -y '^mysql-.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y '^mysql-.*' --fix-missing] failed to complete successfully. Proceeding..."
+          sudo apt-get remove -y azure-cli google-chrome-stable firefox powershell mono-devel libgl1-mesa-dri --fix-missing || echo "::warning::The command [sudo apt-get remove -y azure-cli google-chrome-stable firefox powershell mono-devel libgl1-mesa-dri --fix-missing] failed to complete successfully. Proceeding..."
+          sudo apt-get remove -y google-cloud-sdk --fix-missing || echo "::debug::The command [sudo apt-get remove -y google-cloud-sdk --fix-missing] failed to complete successfully. Proceeding..."
+          sudo apt-get remove -y google-cloud-cli --fix-missing || echo "::debug::The command [sudo apt-get remove -y google-cloud-cli --fix-missing] failed to complete successfully. Proceeding..."
+          sudo apt-get autoremove -y || echo "::warning::The command [sudo apt-get autoremove -y] failed to complete successfully. Proceeding..."
+          sudo apt-get clean || echo "::warning::The command [sudo apt-get clean] failed to complete successfully. Proceeding..."
+
+          AFTER=$(getAvailableSpace)
+          SAVED=$((AFTER-BEFORE))
+          printSavedSpace $SAVED "Large misc. packages"
+        fi
+
+        # Option: Remove Docker images
+
+        if [[ ${{ inputs.docker-images }} == 'true' ]]; then
+          BEFORE=$(getAvailableSpace)
+
+          sudo docker image prune --all --force || true
+
+          AFTER=$(getAvailableSpace)
+          SAVED=$((AFTER-BEFORE))
+          printSavedSpace $SAVED "Docker images"
+        fi
+
+        # Option: Remove tool cache
+        # REF: https://github.com/actions/virtual-environments/issues/2875#issuecomment-1163392159
+
+        if [[ ${{ inputs.tool-cache }} == 'true' ]]; then
+          BEFORE=$(getAvailableSpace)
+
+          sudo rm -rf "$AGENT_TOOLSDIRECTORY" || true
+          
+          AFTER=$(getAvailableSpace)
+          SAVED=$((AFTER-BEFORE))
+          printSavedSpace $SAVED "Tool cache"
+        fi
+
+        # Option: Remove Swap storage
+
+        if [[ ${{ inputs.swap-storage }} == 'true' ]]; then
+          BEFORE=$(getAvailableSpace)
+
+          sudo swapoff -a || true
+          sudo rm -f /mnt/swapfile || true
+          free -h
+          
+          AFTER=$(getAvailableSpace)
+          SAVED=$((AFTER-BEFORE))
+          printSavedSpace $SAVED "Swap storage"
+        fi
+
+
+
+        # Output saved space statistic
+
+        AVAILABLE_END=$(getAvailableSpace)
+        AVAILABLE_ROOT_END=$(getAvailableSpace '/')
+
+        echo ""
+        printDH "AFTER CLEAN-UP:"
+
+        echo ""
+        echo ""
+
+        echo "/dev/root:"
+        printSavedSpace $((AVAILABLE_ROOT_END - AVAILABLE_ROOT_INITIAL))
+        echo "overall:"
+        printSavedSpace $((AVAILABLE_END - AVAILABLE_INITIAL))

.github/workflows/Procedure_push_docker_images.yml

@@ -0,0 +1,167 @@
+run-name: Launch Push Docker Images - ${{ inputs.id }}
+name: Push Docker Images
+
+on:
+  workflow_dispatch:
+    inputs:
+      image_tag:
+        description: 'Docker image tag'
+        default: '4.11.1'
+        required: true
+      docker_reference:
+        description: 'wazuh-docker reference'
+        default: 'v4.11.1'
+        required: true
+      products:
+        description: 'Comma-separated list of the image names to build and push'
+        default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer'
+        required: true
+      filebeat_module_version:
+        description: 'Filebeat module version'
+        default: '0.4'
+        required: true
+      revision:
+        description: 'Package revision'
+        default: '1'
+        required: true
+      push_images:
+        description: 'Push images'
+        type: boolean
+        default: true
+        required: true
+      id:
+        description: "ID used to identify the workflow uniquely."
+        type: string
+        required: false
+      dev:
+        description: "Add tag suffix '-dev' to the image tag ?"
+        type: boolean
+        default: true
+        required: false
+  workflow_call:
+    inputs:
+      image_tag:
+        description: 'Docker image tag'
+        default: '4.11.1'
+        required: true
+        type: string
+      docker_reference:
+        description: 'wazuh-docker reference'
+        default: 'v4.11.1'
+        required: false
+        type: string
+      products:
+        description: 'Comma-separated list of the image names to build and push'
+        default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer'
+        required: true
+        type: string
+      filebeat_module_version:
+        description: 'Filebeat module version'
+        default: '0.4'
+        required: true
+        type: string
+      revision:
+        description: 'Package revision'
+        default: '1'
+        required: true
+        type: string
+      push_images:
+        description: 'Push images'
+        type: boolean
+        default: true
+        required: true
+      id:
+        description: "ID used to identify the workflow uniquely."
+        type: string
+        required: false
+      dev:
+        description: "Add tag suffix '-dev' to the image tag ?"
+        type: boolean
+        default: false
+        required: false
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Print inputs
+      run: |
+        echo "---------------------------------------------"
+        echo "Running Procedure_push_docker_images workflow"
+        echo "---------------------------------------------"
+        echo "* BRANCH: ${{ github.ref }}"
+        echo "* COMMIT: ${{ github.sha }}"
+        echo "---------------------------------------------"
+        echo "Inputs provided:"
+        echo "---------------------------------------------"
+        echo "* id: ${{ inputs.id }}"
+        echo "* image_tag: ${{ inputs.image_tag }}"
+        echo "* docker_reference: ${{ inputs.docker_reference }}"
+        echo "* products: ${{ inputs.products }}"
+        echo "* filebeat_module_version: ${{ inputs.filebeat_module_version }}"
+        echo "* revision: ${{ inputs.revision }}"
+        echo "* push_images: ${{ inputs.push_images }}"
+        echo "* dev: ${{ inputs.dev }}"
+        echo "---------------------------------------------"
+
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ inputs.docker_reference }}
+
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+    - name: Install Docker Compose
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y docker-compose
+        echo "Installed Docker Compose version: $(docker-compose --version)"
+
+    - name: Build Wazuh images
+      run: |
+        IMAGE_TAG=${{ inputs.image_tag }}
+        FILEBEAT_MODULE_VERSION=${{ inputs.filebeat_module_version }}
+        REVISION=${{ inputs.revision }}
+
+        if [[ "$IMAGE_TAG" == *"-"* ]]; then
+          IFS='-' read -r -a tokens <<< "$IMAGE_TAG"
+          if [ -z "${tokens[1]}" ]; then
+            echo "Invalid image tag: $IMAGE_TAG"
+            exit 1
+          fi
+          DEV_STAGE=${tokens[1]}
+          WAZUH_VER=${tokens[0]}
+          ./build-docker-images/build-images.sh -v $WAZUH_VER -r $REVISION -d $DEV_STAGE -f $FILEBEAT_MODULE_VERSION
+        else
+          ./build-docker-images/build-images.sh -v $IMAGE_TAG -r $REVISION -f $FILEBEAT_MODULE_VERSION
+        fi
+
+        # Save .env file (generated by build-images.sh) contents to $GITHUB_ENV
+        ENV_FILE_PATH=".env"
+
+        if [ -f $ENV_FILE_PATH ]; then
+          while IFS= read -r line || [ -n "$line" ]; do
+            echo "$line" >> $GITHUB_ENV
+          done < $ENV_FILE_PATH
+        else
+          echo "The environment file $ENV_FILE_PATH does not exist!"
+          exit 1
+        fi
+
+    - name: Tag and Push Wazuh images
+      if: ${{ inputs.push_images }}
+      run: |
+        IMAGE_TAG="${{ inputs.image_tag }}$( [ "${{ inputs.dev }}" == "true" ] && echo '-dev' || true )"
+        IMAGE_NAMES=${{ inputs.products }}
+        IFS=',' read -r -a images <<< "$IMAGE_NAMES"
+        for image in "${images[@]}"; do
+          echo "Tagging and pushing wazuh/$image:${WAZUH_VERSION} to wazuh/$image:$IMAGE_TAG"
+          docker tag wazuh/$image:${WAZUH_VERSION} wazuh/$image:$IMAGE_TAG
+          echo "Pushing wazuh/$image:$IMAGE_TAG ..."
+          docker push wazuh/$image:$IMAGE_TAG
+        done

.github/workflows/push.yml

@@ -29,21 +29,21 @@ jobs:
         docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
 
     - name: Temporarily save Wazuh manager Docker image
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: docker-artifact-manager
         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar
         retention-days: 1
 
     - name: Temporarily save Wazuh indexer Docker image
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: docker-artifact-indexer
         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar
         retention-days: 1
 
     - name: Temporarily save Wazuh dashboard Docker image
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: docker-artifact-dashboard
         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
@@ -77,17 +77,17 @@ jobs:
       run: cat .env > $GITHUB_ENV
 
     - name: Retrieve saved Wazuh indexer Docker image
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: docker-artifact-indexer
 
     - name: Retrieve saved Wazuh manager Docker image
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: docker-artifact-manager
 
     - name: Retrieve saved Wazuh dashboard Docker image
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: docker-artifact-dashboard
 
@@ -205,25 +205,20 @@ jobs:
       run: cat .env > $GITHUB_ENV
 
     - name: free disk space
-      run: |
-        sudo swapoff -a
-        sudo rm -f /swapfile
-        sudo apt clean
-        docker rmi $(docker image ls -aq)
-        df -h
+      uses: ./.github/free-disk-space
 
     - name: Retrieve saved Wazuh dashboard Docker image
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: docker-artifact-dashboard
 
     - name: Retrieve saved Wazuh manager Docker image
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: docker-artifact-manager
 
     - name: Retrieve saved Wazuh indexer Docker image
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: docker-artifact-indexer
 

CHANGELOG.md

@@ -1,6 +1,107 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## [4.11.1]
+
+### Added
+
+- None
+
+### Changed
+
+- None
+
+### Fixed
+
+- None
+
+### Deleted
+
+- None
+
+## [4.11.0]
+
+### Added
+
+- None
+
+### Changed
+
+- None
+
+### Fixed
+
+- Change the cleaning disk step ([#1663](https://github.com/wazuh/wazuh-docker/pull/1663))
+
+### Deleted
+
+- None
+
+## [4.10.1]
+
+### Added
+
+- None
+
+### Changed
+
+- None
+
+### Fixed
+
+- None
+
+### Deleted
+
+- None
+
+## [4.10.0]
+
+### Added
+
+- Improve the push docker images workflow ([#1551](https://github.com/wazuh/wazuh-docker/pull/1551))
+- Update the Procedure push docker images workflow file ([#1524](https://github.com/wazuh/wazuh-docker/pull/1524))
+- Add the push_docker_images procedure workflow file ([#1518](https://github.com/wazuh/wazuh-docker/pull/1518))
+
+### Changed
+
+- None
+
+### Fixed
+
+- Add unset capabilities. ([#1619](https://github.com/wazuh/wazuh-docker/pull/1619))
+- Removed references to module enabling because they are now enabled by default. ([#1416](https://github.com/wazuh/wazuh-docker/pull/1416))
+
+### Deleted
+
+- None
+
+## [4.9.2]
+
+### Added
+
+- Update Wazuh to version [4.9.2](https://github.com/wazuh/wazuh/blob/v4.9.2/CHANGELOG.md#v492)
+
+## [4.9.1]
+
+### Added
+
+- None
+
+### Changed
+
+- None
+
+
+### Fixed
+
+- Fix typos into Wazuh manager entrypoint ([#1569](https://github.com/wazuh/wazuh-docker/pull/1569))
+
+### Deleted
+
+- None
+
+
 ## Wazuh Docker v4.9.0
 ### Added
 

README.md

@@ -58,20 +58,6 @@ CHECKS_TEMPLATE=true            # step once the Wazuh app starts. Values must be
 CHECKS_API=true
 CHECKS_SETUP=true
 
-EXTENSIONS_PCI=true             # Enable PCI Extension
-EXTENSIONS_GDPR=true            # Enable GDPR Extension
-EXTENSIONS_HIPAA=true           # Enable HIPAA Extension
-EXTENSIONS_NIST=true            # Enable NIST Extension
-EXTENSIONS_TSC=true             # Enable TSC Extension
-EXTENSIONS_AUDIT=true           # Enable Audit Extension
-EXTENSIONS_OSCAP=false          # Enable OpenSCAP Extension
-EXTENSIONS_CISCAT=false         # Enable CISCAT Extension
-EXTENSIONS_AWS=false            # Enable AWS Extension
-EXTENSIONS_GCP=false            # Enable GCP Extension
-EXTENSIONS_VIRUSTOTAL=false     # Enable Virustotal Extension
-EXTENSIONS_OSQUERY=false        # Enable OSQuery Extension
-EXTENSIONS_DOCKER=false         # Enable Docker Extension
-
 APP_TIMEOUT=20000               # Defines maximum timeout to be used on the Wazuh app requests
 
 API_SELECTOR=true               Defines if the user is allowed to change the selected API directly from the Wazuh app top menu
@@ -192,6 +178,12 @@ WAZUH_MONITORING_REPLICAS=0         ##
 
 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
+| v4.11.1       |         |        |
+| v4.11.0       |         |        |
+| v4.10.1       |         |        |
+| v4.10.0       |         |        |
+| v4.9.2        |         |        |
+| v4.9.1        |         |        |
 | v4.9.0        |         |        |
 | v4.8.2        |         |        |
 | v4.8.1        |         |        |

SECURITY.md

@@ -16,11 +16,11 @@ Please submit your findings as security advisories under the "Security" tab in t
 ## Vulnerability Disclosure Policy
 Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps:
 
-- Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
-- Validation: We will validate the issue and work on reproducing it in our environment.
-- Remediation: We will work on a fix and thoroughly test it
-- Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
-- Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
+1. Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
+2. Validation: We will validate the issue and work on reproducing it in our environment.
+3. Remediation: We will work on a fix and thoroughly test it
+4. Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
+5. Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
 
 This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability.
 
@@ -33,7 +33,7 @@ We believe in giving credit where credit is due. If you report a security vulner
 We do appreciate and encourage feedback from our community, but currently we do not have a bounty program. We might start bounty programs in the future.
 
 ## Compliance with this Policy
-We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications. 
+We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications.
 
 Furthermore, we will not take legal action against or suspend or terminate access to the site or services of those who discover and report security vulnerabilities in accordance with this policy because of the fact.
 
@@ -42,4 +42,4 @@ We ask that all users and contributors respect this policy and the security of o
 ## Changes to this Security Policy
 This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date.
 
-If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com).
+If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com)

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.9.0"
-REVISION="40907"
+WAZUH-DOCKER_VERSION="4.11.1"
+REVISION="41112"

build-docker-images/README.md

@@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im
 The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
 
 ```
-$ build-docker-images/build-images.sh -v 4.9.0
+$ build-docker-images/build-images.sh -v 4.11.1
 ```
 
 To get all the available script options use the -h or --help option:
@@ -26,7 +26,7 @@ Usage: build-docker-images/build-images.sh [OPTIONS]
     -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
     -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default 0.4.
     -r, --revision <rev>         [Optional] Package revision. By default 1
-    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 4.9.0.
+    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 4.11.1.
     -h, --help                   Show this help.
 
 ```

build-docker-images/build-images.sh

@@ -1,4 +1,4 @@
-WAZUH_IMAGE_VERSION=4.9.0
+WAZUH_IMAGE_VERSION=4.11.1
 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
 WAZUH_TAG_REVISION=1
 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
@@ -12,7 +12,7 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
 # License (version 2) as published by the FSF - Free Software
 # Foundation.
 
-WAZUH_IMAGE_VERSION="4.9.0"
+WAZUH_IMAGE_VERSION="4.11.1"
 WAZUH_TAG_REVISION="1"
 WAZUH_DEV_STAGE=""
 FILEBEAT_MODULE_VERSION="0.4"
@@ -70,7 +70,7 @@ build() {
     echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> .env
     echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env
 
-    docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache
+    docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache || clean 1
 
     return 0
 }

build-docker-images/wazuh-dashboard/Dockerfile

@@ -21,6 +21,8 @@ RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
 RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
 RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
 COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
+RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/bin/node
+RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/fallback/bin/node
 
 # Generate certificates
 COPY config/config.sh .
@@ -48,21 +50,6 @@ ENV PATTERN="" \
     CHECKS_TEMPLATE="" \
     CHECKS_API="" \
     CHECKS_SETUP="" \
-    EXTENSIONS_PCI="" \
-    EXTENSIONS_GDPR="" \
-    EXTENSIONS_HIPAA="" \
-    EXTENSIONS_NIST="" \
-    EXTENSIONS_TSC="" \
-    EXTENSIONS_AUDIT="" \
-    EXTENSIONS_OSCAP="" \
-    EXTENSIONS_CISCAT="" \
-    EXTENSIONS_AWS="" \
-    EXTENSIONS_GCP="" \
-    EXTENSIONS_GITHUB=""\
-    EXTENSIONS_OFFICE=""\
-    EXTENSIONS_VIRUSTOTAL="" \
-    EXTENSIONS_OSQUERY="" \
-    EXTENSIONS_DOCKER="" \
     APP_TIMEOUT="" \
     API_SELECTOR="" \
     IP_SELECTOR="" \

build-docker-images/wazuh-dashboard/config/check_repository.sh

@@ -1,29 +1,14 @@
 ## variables
-APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
 GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
-WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
-MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
-MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
-MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
-MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
-MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
-MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
+REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
 
-## check version to use the correct repository
-if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
-  APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
-  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
-    APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-    REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
-    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
-      APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-      REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-    fi
-  fi
+## check tag to use the correct repository
+if [[ -n "${WAZUH_TAG}" ]]; then
+  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
+  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
 fi
 
 rpm --import "${APT_KEY}"

build-docker-images/wazuh-dashboard/config/config.sh

@@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config
 
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.9/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.9/
+PACKAGES_URL=https://packages.wazuh.com/4.11/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.11/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh

@@ -15,21 +15,6 @@ declare -A CONFIG_MAP=(
   [checks.template]=$CHECKS_TEMPLATE
   [checks.api]=$CHECKS_API
   [checks.setup]=$CHECKS_SETUP
-  [extensions.pci]=$EXTENSIONS_PCI
-  [extensions.gdpr]=$EXTENSIONS_GDPR
-  [extensions.hipaa]=$EXTENSIONS_HIPAA
-  [extensions.nist]=$EXTENSIONS_NIST
-  [extensions.tsc]=$EXTENSIONS_TSC
-  [extensions.audit]=$EXTENSIONS_AUDIT
-  [extensions.oscap]=$EXTENSIONS_OSCAP
-  [extensions.ciscat]=$EXTENSIONS_CISCAT
-  [extensions.aws]=$EXTENSIONS_AWS
-  [extensions.gcp]=$EXTENSIONS_GCP
-  [extensions.github]=$EXTENSIONS_GITHUB
-  [extensions.office]=$EXTENSIONS_OFFICE
-  [extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL
-  [extensions.osquery]=$EXTENSIONS_OSQUERY
-  [extensions.docker]=$EXTENSIONS_DOCKER
   [timeout]=$APP_TIMEOUT
   [api.selector]=$API_SELECTOR
   [ip.selector]=$IP_SELECTOR

build-docker-images/wazuh-indexer/config/check_repository.sh

@@ -1,29 +1,14 @@
 ## variables
-APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
 GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
-WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
-MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
-MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
-MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
-MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
-MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
-MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
+REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
 
-## check version to use the correct repository
-if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
-  APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
-  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
-    APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-    REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
-    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
-      APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-      REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-    fi
-  fi
+## check tag to use the correct repository
+if [[ -n "${WAZUH_TAG}" ]]; then
+  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
+  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
 fi
 
 rpm --import "${APT_KEY}"

build-docker-images/wazuh-indexer/config/config.sh

@@ -22,8 +22,8 @@ export REPO_DIR=/unattended_installer
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.9/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.9/
+PACKAGES_URL=https://packages.wazuh.com/4.11/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.11/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

build-docker-images/wazuh-manager/Dockerfile

@@ -60,6 +60,8 @@ RUN mkdir -p /var/ossec/var/multigroups && \
     sync && /permanent_data.sh && \
     sync && rm /permanent_data.sh
 
+RUN rm /etc/yum.repos.d/wazuh.repo
+
 # Services ports
 EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp
 

build-docker-images/wazuh-manager/config/check_repository.sh

@@ -1,29 +1,14 @@
 ## variables
-APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
 GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
-WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
-MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
-MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
-MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
-MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
-MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
-MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
+REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
 
-## check version to use the correct repository
-if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
-  APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
-  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
-    APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-    REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
-    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
-      APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-      REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-    fi
-  fi
+## check tag to use the correct repository
+if [[ -n "${WAZUH_TAG}" ]]; then
+  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
+  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
 fi
 
 rpm --import "${APT_KEY}"

build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init

@@ -51,7 +51,7 @@ mount_permanent_data() {
         print "Installing ${permanent_dir}"
         exec_cmd "cp -a ${data_tmp}. ${permanent_dir}"
       else
-        print "The path ${permanent_dir} is empty, skiped"
+        print "The path ${permanent_dir} is empty, skipped"
       fi
     fi
   done

build-docker-images/wazuh-manager/config/etc/cont-init.d/1-config-filebeat

@@ -4,7 +4,7 @@
 set -e
 
 if [ "$INDEXER_URL" != "" ]; then
-  >&2 echo "Customize Elasticsearch ouput IP"
+  >&2 echo "Customize Elasticsearch output IP"
   sed -i "s|hosts:.*|hosts: ['$INDEXER_URL']|g" /etc/filebeat/filebeat.yml
 fi
 

build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager

@@ -93,7 +93,6 @@ EOF
     if /var/ossec/framework/python/bin/python3  /var/ossec/framework/scripts/create_user.py; then
       # remove json if exit code is 0
       rm /var/ossec/api/configuration/admin.json
-      rm /var/ossec/framework/scripts/create_user.py
     else
       echored "There was an error configuring the API user"
       # terminate container to avoid unpredictable behavior

build-docker-images/wazuh-manager/config/filebeat_module.sh

@@ -1,23 +1,10 @@
-REPOSITORY="packages.wazuh.com/4.x"
-WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
-MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
-MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
-MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
-MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
-MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
-MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
+## variables
+REPOSITORY="packages-dev.wazuh.com/pre-release"
+WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
 
-## check version to use the correct repository
-if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
-  REPOSITORY="packages-dev.wazuh.com/pre-release"
-elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
-  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
-    REPOSITORY="packages-dev.wazuh.com/pre-release"
-  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
-    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
-      REPOSITORY="packages-dev.wazuh.com/pre-release"
-    fi
-  fi
+## check tag to use the correct repository
+if [[ -n "${WAZUH_TAG}" ]]; then
+  REPOSITORY="packages.wazuh.com/4.x"
 fi
 
 curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm &&\

build-docker-images/wazuh-manager/config/permanent_data.env

@@ -82,6 +82,11 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/orm.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/utils.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/__init__.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_utils.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/__init__.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/analytics.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/graph.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/storage.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
@@ -89,6 +94,9 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/bucket.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/access_logs.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py"
 export PERMANENT_DATA_EXCP
 
 # Files mounted in a volume that should be deleted

indexer-certs-creator/config/entrypoint.sh

@@ -8,8 +8,8 @@
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.9/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.9/
+PACKAGES_URL=https://packages.wazuh.com/4.11/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.11/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

multi-node/docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh.master:
-    image: wazuh/wazuh-manager:4.9.0
+    image: wazuh/wazuh-manager:4.11.1
     hostname: wazuh.master
     restart: always
     ulimits:
@@ -45,7 +45,7 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.worker:
-    image: wazuh/wazuh-manager:4.9.0
+    image: wazuh/wazuh-manager:4.11.1
     hostname: wazuh.worker
     restart: always
     ulimits:
@@ -81,7 +81,7 @@ services:
       - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh1.indexer:
-    image: wazuh/wazuh-indexer:4.9.0
+    image: wazuh/wazuh-indexer:4.11.1
     hostname: wazuh1.indexer
     restart: always
     ports:
@@ -107,7 +107,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh2.indexer:
-    image: wazuh/wazuh-indexer:4.9.0
+    image: wazuh/wazuh-indexer:4.11.1
     hostname: wazuh2.indexer
     restart: always
     environment:
@@ -129,7 +129,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh3.indexer:
-    image: wazuh/wazuh-indexer:4.9.0
+    image: wazuh/wazuh-indexer:4.11.1
     hostname: wazuh3.indexer
     restart: always
     environment:
@@ -151,7 +151,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.9.0
+    image: wazuh/wazuh-dashboard:4.11.1
     hostname: wazuh.dashboard
     restart: always
     ports:

single-node/docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh.manager:
-    image: wazuh/wazuh-manager:4.9.0
+    image: wazuh/wazuh-manager:4.11.1
     hostname: wazuh.manager
     restart: always
     ulimits:
@@ -46,7 +46,7 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.indexer:
-    image: wazuh/wazuh-indexer:4.9.0
+    image: wazuh/wazuh-indexer:4.11.1
     hostname: wazuh.indexer
     restart: always
     ports:
@@ -71,7 +71,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.9.0
+    image: wazuh/wazuh-dashboard:4.11.1
     hostname: wazuh.dashboard
     restart: always
     ports: