Delete url echo

Modify cluster configuration
2025-11-16 11:51:29 +00:00 · 2025-11-15 02:03:33 +07:00 · 2025-11-15 02:02:58 +07:00 · 2025-11-15 01:16:01 +07:00 · 2025-11-15 00:33:26 +07:00 · 2025-11-15 00:18:57 +07:00
45 changed files with 650 additions and 2167 deletions
--- a/.github/workflows/Procedure_push_docker_images.yml
+++ b/.github/workflows/Procedure_push_docker_images.yml
@@ -85,7 +85,6 @@ jobs:
        echo "* id: ${{ inputs.id }}"
        echo "* image_tag: ${{ inputs.image_tag }}"
        echo "* docker_reference: ${{ inputs.docker_reference }}"
        echo "* filebeat_module_version: ${{ inputs.filebeat_module_version }}"
        echo "* revision: ${{ inputs.revision }}"
        echo "* dev: ${{ inputs.dev }}"
        echo "* dev reference: ${{ inputs.reference }}"
@@ -146,6 +145,8 @@ jobs:
          wazuh_agent_url_i386_msi: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.i386.msi --expires-in 3600 --region us-west-1)"
          wazuh_agent_url_intel64_pkg: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.intel64.pkg --expires-in 3600 --region us-west-1)"
          wazuh_agent_url_arm64_pkg: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.arm64.pkg --expires-in 3600 --region us-west-1)"
          wazuh_cert_tool: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/secondary/installation-assistant/5.0.0/wazuh-certs-tool.sh --expires-in 3600 --region us-west-1)"
          wazuh_config_yml: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/secondary/installation-assistant/5.0.0/config.yml --expires-in 3600 --region us-west-1)"
          EOF
      working-directory: ./build-docker-images
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,13 @@
 single-node/config/wazuh_indexer_ssl_certs/*.pem
 single-node/config/wazuh_indexer_ssl_certs/*.key
 multi-node/config/wazuh_indexer_ssl_certs/*.pem
 multi-node/config/wazuh_indexer_ssl_certs/*.key
 *.log
 build-docker-images/packages_env.txt
 build-docker-images/packages_url.txt
 single-node/wazuh-certificates
 single-node/wazuh-certificates/*
 single-node/wazuh-certificates-tool.log
 single-node/config.yml
 single-node/wazuh-certs-tool.sh
 multi-node/wazuh-certificates
 multi-node/wazuh-certificates/*
 multi-node/wazuh-certificates-tool.log
 multi-node/config.yml
 multi-node/wazuh-certs-tool.sh
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ All notable changes to this project will be documented in this file.
 ### Changed
 - Configure deployment with environment variables ([#2081](https://github.com/wazuh/wazuh-puppet/issues/2081))
 - Modify Wazuh components install method ([#2058](https://github.com/wazuh/wazuh-puppet/issues/2058))
 - Image builder Workflow Rebuild ([#2054](https://github.com/wazuh/wazuh-puppet/issues/2054))
 - Wazuh server clean-up ([#2030](https://github.com/wazuh/wazuh-puppet/issues/2030))
@@ -22,6 +23,24 @@ All notable changes to this project will be documented in this file.
 - None
 ## [4.14.2]
 ### Added
 - None
 ### Changed
 - 
 ### Fixed
 - None
 ### Deleted
 - None
 ## [4.14.1]
 ### Added
--- a/build-docker-images/build-images.yml
+++ b/build-docker-images/build-images.yml
@@ -8,6 +8,8 @@ services:
        WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
        wazuh_manager_url_amd64_rpm: ${wazuh_manager_url_x86_64_rpm}
        wazuh_manager_url_arm64_rpm: ${wazuh_manager_url_aarch64_rpm}
        wazuh_cert_tool: ${wazuh_cert_tool}
        wazuh_config_yml: ${wazuh_config_yml}
    image: ${WAZUH_REGISTRY}/wazuh/wazuh-manager:${IMAGE_TAG}
    hostname: wazuh.manager
    restart: always
@@ -49,6 +51,8 @@ services:
        WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
        wazuh_indexer_url_amd64_rpm: ${wazuh_indexer_url_x86_64_rpm}
        wazuh_indexer_url_arm64_rpm: ${wazuh_indexer_url_aarch64_rpm}
        wazuh_cert_tool: ${wazuh_cert_tool}
        wazuh_config_yml: ${wazuh_config_yml}
    image: ${WAZUH_REGISTRY}/wazuh/wazuh-indexer:${IMAGE_TAG}
    hostname: wazuh.indexer
    restart: always
@@ -73,6 +77,8 @@ services:
        WAZUH_UI_REVISION: ${WAZUH_UI_REVISION}
        wazuh_dashboard_url_amd64_rpm: ${wazuh_dashboard_url_x86_64_rpm}
        wazuh_dashboard_url_arm64_rpm: ${wazuh_dashboard_url_aarch64_rpm}
        wazuh_cert_tool: ${wazuh_cert_tool}
        wazuh_config_yml: ${wazuh_config_yml}
    image: ${WAZUH_REGISTRY}/wazuh/wazuh-dashboard:${IMAGE_TAG}
    hostname: wazuh.dashboard
    restart: always
--- a/build-docker-images/wazuh-agent/Dockerfile
+++ b/build-docker-images/wazuh-agent/Dockerfile
@@ -20,6 +20,7 @@ RUN URL_VAR="wazuh_agent_url_${TARGETARCH}_rpm" && \
    dnf install curl-minimal tar gzip procps -y &&\
    curl -o /wazuh-agent.rpm "${agent_url}" && \
    dnf install /wazuh-agent.rpm -y && \
    rm -rf /wazuh-agent.rpm && \
    dnf clean all && \
    sed -i '/<authorization_pass_path>/d' /var/ossec/etc/ossec.conf && \
    curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
--- a/build-docker-images/wazuh-dashboard/Dockerfile
+++ b/build-docker-images/wazuh-dashboard/Dockerfile
@@ -8,6 +8,8 @@ ARG INSTALL_DIR=/usr/share/wazuh-dashboard
 ARG TARGETARCH
 ARG wazuh_dashboard_url_amd64_rpm
 ARG wazuh_dashboard_url_arm64_rpm
 ARG wazuh_cert_tool
 ARG wazuh_config_yml
 # Update and install dependencies
 RUN URL_VAR="wazuh_dashboard_url_${TARGETARCH}_rpm" && \
@@ -15,19 +17,18 @@ RUN URL_VAR="wazuh_dashboard_url_${TARGETARCH}_rpm" && \
    dnf install curl-minimal libcap openssl -y && \
    curl -o /wazuh-dashboard.rpm "${dashboard_url}" && \
    dnf install /wazuh-dashboard.rpm -y && \
    rm -rf /wazuh-dashboard.rpm && \
    dnf clean all
 # Create and set permissions to data directories
 RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
 RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
 RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
 COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
 RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/bin/node
 RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/fallback/bin/node
 # Generate certificates
 COPY config/config.sh .
 COPY config/config.yml /
 RUN bash config.sh
 ################################################################################
@@ -58,34 +59,32 @@ ENV USER="wazuh-dashboard" \
    WAZUH_MONITORING_SHARDS="" \
    WAZUH_MONITORING_REPLICAS=""
-# Update and install dependencies
+# Copy and set permissions to scripts
-RUN dnf install shadow-utils -y && dnf clean all
+COPY config/entrypoint.sh /
 COPY config/wazuh_app_config.sh /
-# Create wazuh-dashboard user and group
+# Update and install dependencies
-RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
+RUN yum install shadow-utils -y && \
-RUN useradd --system \
+    yum clean all && \
    getent group $GROUP || groupadd -r -g 1000 $GROUP && \
    useradd --system \
            --uid 1000 \
            --no-create-home \
            --home-dir $INSTALL_DIR \
            --gid $GROUP \
            --shell /sbin/nologin \
            --comment "$USER user" \
-            $USER
+            $USER && \
-
+    chmod 700 /entrypoint.sh && \
-# Copy and set permissions to scripts
+    chmod 700 /wazuh_app_config.sh && \
-COPY config/entrypoint.sh /
+    mkdir -p $INSTALL_DIR && \
-COPY config/wazuh_app_config.sh /
+    chown 1000:1000 $INSTALL_DIR && \
-RUN chmod 700 /entrypoint.sh
+    chown 1000:1000 /*.sh && \
-RUN chmod 700 /wazuh_app_config.sh
+    mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 RUN chown 1000:1000 /*.sh
 # Copy Install dir from builder to current image
 COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
 # Create custom directory
 RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 # Set workdir and user
 WORKDIR $INSTALL_DIR
 USER wazuh-dashboard
--- a/build-docker-images/wazuh-dashboard/config/config.sh
+++ b/build-docker-images/wazuh-dashboard/config/config.sh
@@ -7,36 +7,51 @@ export TARGET_DIR=${CURDIR}/debian/${NAME}
 export INSTALLATION_DIR=/usr/share/${NAME}
 export CONFIG_DIR=${INSTALLATION_DIR}/config
-## Variables
+##############################################################################
-CERT_TOOL=wazuh-certs-tool.sh
+# Downloading Cert Gen Tool
-PACKAGES_URL=https://packages.wazuh.com/5.0/
+##############################################################################
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/
+# Variables for certificate generation
-
+CERT_TOOL="wazuh-certs-tool.sh"
-## Check if the cert tool exists in S3 buckets
+CERT_CONFIG_FILE="config.yml"
-CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+download_package() {
-CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+    local url=$1
-
+    local package=$2
-## If cert tool exists in some bucket, download it, if not exit 1
+    if curl -fsL "$url" -o "$package"; then
-if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
+        echo "Downloaded $package"
-  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL
+        return 0
  echo "Cert tool exists in Packages bucket"
 elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then
  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL
  echo "Cert tool exists in Packages-dev bucket"
    else
-  echo "Cert tool does not exist in any bucket"
+        echo "Error downloading $package from $url"
-  exit 1
+        return 1
    fi
 }
 # Download the tool to create the certificates
 echo "Downloading the tool to create the certificates..."
 download_package "$wazuh_cert_tool" $CERT_TOOL
 # Download the config file for the certificate tool
 echo "Downloading the config file for the certificate tool..."
 download_package "$wazuh_config_yml" $CERT_CONFIG_FILE
-chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
+# Modify the config file to set the IP to localhost
 sed -i 's/  ip:.*/  ip: "127.0.0.1"/' $CERT_CONFIG_FILE
 chmod 700 "$CERT_CONFIG_FILE"
 # Create the certificates
 chmod 755 "$CERT_TOOL" && bash "$CERT_TOOL" -A
 # Create certs directory
 mkdir -p ${CONFIG_DIR}/certs
 # Copy Wazuh dashboard certs to install config dir
-cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
+mv /etc/wazuh-dashboard/* ${CONFIG_DIR}/
-cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
+cp -pr /wazuh-certificates/dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
-cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
+cp -pr /wazuh-certificates/dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
 cp -pr /wazuh-certificates/root-ca.key ${CONFIG_DIR}/certs/root-ca.key
 cp -pr /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
 cp -pr /wazuh-certificates/admin.pem ${CONFIG_DIR}/certs/admin.pem
 cp -pr /wazuh-certificates/admin-key.pem ${CONFIG_DIR}/certs/admin-key.pem
 # Modify opensearch.yml config paths
 sed -i "s|/etc/wazuh-dashboard|${CONFIG_DIR}|g" ${CONFIG_DIR}/opensearch_dashboards.yml
 chmod -R 500 ${CONFIG_DIR}/certs
 chmod -R 400 ${CONFIG_DIR}/certs/*
--- a/build-docker-images/wazuh-dashboard/config/config.yml
+++ b/build-docker-images/wazuh-dashboard/config/config.yml
@@ -1,5 +0,0 @@
 nodes:
  # Wazuh dashboard server nodes
  dashboard:
    - name: demo.dashboard
      ip: demo.dashboard
--- a/build-docker-images/wazuh-dashboard/config/entrypoint.sh
+++ b/build-docker-images/wazuh-dashboard/config/entrypoint.sh
@@ -1,20 +1,85 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-INSTALL_DIR=/usr/share/wazuh-dashboard
+# Run Wazuh dashboard, using environment variables to
 # set longopts defining Wazuh dashboard's configuration.
 #
 # eg. Setting the environment variable:
 #
 #       OPENSEARCH_STARTUPTIMEOUT=60
 #
 # will cause OpenSearch-Dashboards to be invoked with:
 #
 #       --opensearch.startupTimeout=60
 # Setup Home Directory
 export OPENSEARCH_DASHBOARDS_HOME=/usr/share/wazuh-dashboard
 export PATH=$OPENSEARCH_DASHBOARDS_HOME/bin:$PATH
 DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
 DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
 # Create and configure Wazuh dashboard keystore
-yes | $INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \
+yes | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards-keystore create --allow-root && \
-echo $DASHBOARD_USERNAME | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
+echo $DASHBOARD_USERNAME | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
-echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
+echo $DASHBOARD_PASSWORD | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
-##############################################################################
+opensearch_dashboards_vars=(
-# Start Wazuh dashboard
+    opensearch.hosts
-##############################################################################
+    server.port
    server.host
    opensearch.username
    opensearch.password
 )
-/wazuh_app_config.sh $WAZUH_UI_REVISION
+function runOpensearchDashboards {
    longopts=()
    for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
        # 'opensearch.hosts' -> 'OPENSEARCH_URL'
        env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)
-/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+        # Indirectly lookup env var values via the name of the var.
        # REF: http://tldp.org/LDP/abs/html/bashver2.html#EX78
        value=${!env_var}
        if [[ -n $value ]]; then
            longopt="--${opensearch_dashboards_var}=${value}"
            longopts+=("${longopt}")
        fi
    done
    # Files created at run-time should be group-writable, for Openshift's sake.
    umask 0002
    # TO DO:
    # Confirm with Mihir if this is necessary
    # The virtual file /proc/self/cgroup should list the current cgroup
    # membership. For each hierarchy, you can follow the cgroup path from
    # this file to the cgroup filesystem (usually /sys/fs/cgroup/) and
    # introspect the statistics for the cgroup for the given
    # hierarchy. Alas, Docker breaks this by mounting the container
    # statistics at the root while leaving the cgroup paths as the actual
    # paths. Therefore, OpenSearch-Dashboards provides a mechanism to override
    # reading the cgroup path from /proc/self/cgroup and instead uses the
    # cgroup path defined the configuration properties
    # cpu.cgroup.path.override and cpuacct.cgroup.path.override.
    # Therefore, we set this value here so that cgroup statistics are
    # available for the container this process will run in.
    exec "$@" \
        --ops.cGroupOverrides.cpuPath=/ \
        --ops.cGroupOverrides.cpuAcctPath=/ \
        "${longopts[@]}"
 }
 # Prepend "opensearch-dashboards" command if no argument was provided or if the
 # first argument looks like a flag (i.e. starts with a dash).
 if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
    set -- opensearch-dashboards "$@"
 fi
 if [ "$1" = "opensearch-dashboards" ]; then
    runOpensearchDashboards "$@"
 else
    exec "$@"
 fi
--- a/build-docker-images/wazuh-dashboard/config/wazuh.yml
+++ b/build-docker-images/wazuh-dashboard/config/wazuh.yml
@@ -1,155 +0,0 @@
 ---
 #
 # Wazuh app - App configuration file
 # Copyright (C) 2017, Wazuh Inc.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 2 of the License, or
 # (at your option) any later version.
 #
 # Find more information about this on the LICENSE file.
 #
 # ======================== Wazuh app configuration file ========================
 #
 # Please check the documentation for more information on configuration options:
 # https://documentation.wazuh.com/current/installation-guide/index.html
 #
 # Also, you can check our repository:
 # https://github.com/wazuh/wazuh-dashboard-plugins
 #
 # ------------------------------- Index patterns -------------------------------
 #
 # Default index pattern to use.
 #pattern: wazuh-alerts-*
 #
 # ----------------------------------- Checks -----------------------------------
 #
 # Defines which checks must to be consider by the healthcheck
 # step once the Wazuh app starts. Values must to be true or false.
 #checks.pattern : true
 #checks.template: true
 #checks.api     : true
 #checks.setup   : true
 #checks.metaFields: true
 #
 # --------------------------------- Extensions ---------------------------------
 #
 # Defines which extensions should be activated when you add a new API entry.
 # You can change them after Wazuh app starts.
 # Values must to be true or false.
 #extensions.pci       : true
 #extensions.gdpr      : true
 #extensions.hipaa     : true
 #extensions.nist      : true
 #extensions.tsc       : true
 #extensions.audit     : true
 #extensions.oscap     : false
 #extensions.ciscat    : false
 #extensions.aws       : false
 #extensions.gcp       : false
 #extensions.virustotal: false
 #extensions.osquery   : false
 #extensions.docker    : false
 #
 # ---------------------------------- Time out ----------------------------------
 #
 # Defines maximum timeout to be used on the Wazuh app requests.
 # It will be ignored if it is bellow 1500.
 # It means milliseconds before we consider a request as failed.
 # Default: 20000
 #timeout: 20000
 #
 # -------------------------------- API selector --------------------------------
 #
 # Defines if the user is allowed to change the selected
 # API directly from the Wazuh app top menu.
 # Default: true
 #api.selector: true
 #
 # --------------------------- Index pattern selector ---------------------------
 #
 # Defines if the user is allowed to change the selected
 # index pattern directly from the Wazuh app top menu.
 # Default: true
 #ip.selector: true
 #
 # List of index patterns to be ignored
 #ip.ignore: []
 #
 # ------------------------------ wazuh-monitoring ------------------------------
 #
 # Custom setting to enable/disable wazuh-monitoring indices.
 # Values: true, false, worker
 # If worker is given as value, the app will show the Agents status
 # visualization but won't insert data on wazuh-monitoring indices.
 # Default: true
 #wazuh.monitoring.enabled: true
 #
 # Custom setting to set the frequency for wazuh-monitoring indices cron task.
 # Default: 900 (s)
 #wazuh.monitoring.frequency: 900
 #
 # Configure wazuh-monitoring-* indices shards and replicas.
 #wazuh.monitoring.shards: 2
 #wazuh.monitoring.replicas: 0
 #
 # Configure wazuh-monitoring-* indices custom creation interval.
 # Values: h (hourly), d (daily), w (weekly), m (monthly)
 # Default: d
 #wazuh.monitoring.creation: d
 #
 # Default index pattern to use for Wazuh monitoring
 #wazuh.monitoring.pattern: wazuh-monitoring-*
 #
 # --------------------------------- wazuh-cron ----------------------------------
 #
 # Customize the index prefix of predefined jobs
 # This change is not retroactive, if you change it new indexes will be created
 # cron.prefix: test
 #
 # ------------------------------ wazuh-statistics -------------------------------
 #
 # Custom setting to enable/disable statistics tasks.
 #cron.statistics.status: true
 #
 # Enter the ID of the APIs you want to save data from, leave this empty to run
 # the task on all configured APIs
 #cron.statistics.apis: []
 #
 # Define the frequency of task execution using cron schedule expressions
 #cron.statistics.interval: 0 0 * * * *
 #
 # Define the name of the index in which the documents are to be saved.
 #cron.statistics.index.name: statistics
 #
 # Define the interval in which the index will be created
 #cron.statistics.index.creation: w
 #
 # ------------------------------- App privileges --------------------------------
 #admin: true
 #
 # ---------------------------- Hide manager alerts ------------------------------
 # Hide the alerts of the manager in all dashboards and discover
 #hideManagerAlerts: false
 #
 # ------------------------------- App logging level -----------------------------
 # Set the logging level for the Wazuh App log files.
 # Default value: info
 # Allowed values: info, debug
 #logs.level: info
 #
 # -------------------------------- Enrollment DNS -------------------------------
 # Set the variable WAZUH_REGISTRATION_SERVER in agents deployment.
 # Default value: ''
 #enrollment.dns: ''
 #
 #-------------------------------- API entries -----------------------------------
 #The following configuration is the default structure to define an API entry.
 #
 #hosts:
 #  - <id>:
 #     url: http(s)://<url>
 #     port: <port>
 #     username: <username>
 #     password: <password>
--- a/build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh
+++ b/build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh
@@ -32,7 +32,6 @@ do
    fi
 done
 grep -q 1513629884013 $dashboard_config_file
 _config_exists=$?
@@ -49,4 +48,3 @@ EOF
 else
  echo "Wazuh APP already configured"
 fi
--- a/build-docker-images/wazuh-indexer/Dockerfile
+++ b/build-docker-images/wazuh-indexer/Dockerfile
@@ -6,6 +6,8 @@ ARG WAZUH_TAG_REVISION
 ARG TARGETARCH
 ARG wazuh_indexer_url_amd64_rpm
 ARG wazuh_indexer_url_arm64_rpm
 ARG wazuh_cert_tool
 ARG wazuh_config_yml
 COPY config/config.sh .
@@ -14,6 +16,7 @@ RUN URL_VAR="wazuh_indexer_url_${TARGETARCH}_rpm" && \
    dnf install curl-minimal openssl xz tar findutils shadow-utils -y &&\
    curl -o /wazuh-indexer.rpm "${indexer_url}" && \
    dnf install /wazuh-indexer.rpm -y && \
    rm -rf /wazuh-indexer.rpm && \
    dnf clean all && \
    bash config.sh
@@ -22,7 +25,6 @@ RUN URL_VAR="wazuh_indexer_url_${TARGETARCH}_rpm" && \
 #
 # Copy wazuh-indexer from stage 0
 # Add entrypoint
 ################################################################################
 FROM amazonlinux:2023
@@ -31,51 +33,43 @@ ENV USER="wazuh-indexer" \
    NAME="wazuh-indexer" \
    INSTALL_DIR="/usr/share/wazuh-indexer"
 RUN yum install curl-minimal shadow-utils findutils hostname -y
-RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
+COPY config/entrypoint.sh /
 COPY config/securityadmin.sh /
-RUN useradd --system \
+RUN yum install curl-minimal shadow-utils findutils hostname -y && \
    yum clean all && \
    getent group $GROUP || groupadd -r -g 1000 $GROUP && \
    useradd --system \
            --uid 1000 \
            --no-create-home \
            --home-dir $INSTALL_DIR \
            --gid $GROUP \
            --shell /sbin/nologin \
            --comment "$USER user" \
-            $USER
+            $USER && \
-
+    chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh && \
-WORKDIR $INSTALL_DIR
+    mkdir -p $INSTALL_DIR && \
-
+    chown 1000:1000 $INSTALL_DIR && \
-COPY config/entrypoint.sh /
+    chown 1000:1000 /*.sh && \
-
+    mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer && \
-COPY config/securityadmin.sh /
+    mkdir -p $INSTALL_DIR/logs && chown 1000:1000 $INSTALL_DIR/logs && \
 RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh && \
    mkdir -p /usr/share/wazuh-indexer && \
    chown 1000:1000 /usr/share/wazuh-indexer && \
    chown 1000:1000 /*.sh
 COPY --from=builder --chown=1000:1000 /usr/share/wazuh-indexer /usr/share/wazuh-indexer
 COPY --from=builder --chown=1000:1000 /etc/wazuh-indexer /usr/share/wazuh-indexer/config
 COPY --from=builder --chown=1000:1000 /debian/wazuh-indexer/usr/share/wazuh-indexer /usr/share/wazuh-indexer
 COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/systemd /usr/lib/systemd
 COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sysctl.d /usr/lib/sysctl.d
 COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tmpfiles.d /usr/lib/tmpfiles.d
 RUN mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer && \
    mkdir -p /usr/share/wazuh-indexer/logs && chown 1000:1000 /usr/share/wazuh-indexer/logs && \
    mkdir -p /run/wazuh-indexer && chown 1000:1000 /run/wazuh-indexer && \
-    mkdir -p /var/log/wazuh-indexer && chown 1000:1000 /var/log/wazuh-indexer && \
+    mkdir -p /var/log/wazuh-indexer && chown 1000:1000 /var/log/wazuh-indexer    
-    chmod 700 /usr/share/wazuh-indexer && \
+
-    chmod 700 /usr/share/wazuh-indexer/config && \
+COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
-    chmod 600 /usr/share/wazuh-indexer/config/jvm.options && \
+
-    chmod 600 /usr/share/wazuh-indexer/config/opensearch.yml
+RUN chmod 700 $INSTALL_DIR && \
    chmod 700 $INSTALL_DIR/config && \
    chmod 600 $INSTALL_DIR/config/jvm.options && \
    chmod 600 $INSTALL_DIR/config/opensearch.yml
 USER wazuh-indexer
 WORKDIR $INSTALL_DIR
 # Services ports
 EXPOSE 9200
 ENTRYPOINT ["/entrypoint.sh"]
 # Dummy overridable parameter parsed by entrypoint
-CMD ["opensearchwrapper"]
+CMD ["opensearch"]
--- a/build-docker-images/wazuh-indexer/config/action_groups.yml
+++ b/build-docker-images/wazuh-indexer/config/action_groups.yml
@@ -1,12 +0,0 @@
 ---
 _meta:
  type: "actiongroups"
  config_version: 2
 # ISM API permissions group
 manage_ism:
  reserved: true
  hidden: false
  allowed_actions:
  - "cluster:admin/opendistro/ism/*"
  static: false
--- a/build-docker-images/wazuh-indexer/config/config.sh
+++ b/build-docker-images/wazuh-indexer/config/config.sh
@@ -3,7 +3,6 @@
 export DH_OPTIONS
 export NAME=wazuh-indexer
 export TARGET_DIR=${CURDIR}/debian/${NAME}
 # Package build options
 export USER=${NAME}
@@ -14,89 +13,54 @@ export LIB_DIR=/var/lib/${NAME}
 export PID_DIR=/run/${NAME}
 export INSTALLATION_DIR=/usr/share/${NAME}
 export CONFIG_DIR=${INSTALLATION_DIR}/config
 export BASE_DIR=${NAME}-*
 export INDEXER_FILE=wazuh-indexer-base.tar.xz
 export BASE_FILE=wazuh-indexer-base-${VERSION}-linux-x64.tar.xz
 export REPO_DIR=/unattended_installer
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
 PACKAGES_URL=https://packages.wazuh.com/5.0/
 PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/
-## Check if the cert tool exists in S3 buckets
+##############################################################################
-CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+# Downloading Cert Gen Tool
-CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+##############################################################################
-
+# Variables for certificate generation
-## If cert tool exists in some bucket, download it, if not exit 1
+CERT_TOOL="wazuh-certs-tool.sh"
-if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
+CERT_CONFIG_FILE="config.yml"
-  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL
+download_package() {
-  echo "Cert tool exists in Packages bucket"
+    local url=$1
-elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then
+    local package=$2
-  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL
+    if curl -fsL "$url" -o "$package"; then
-  echo "Cert tool exists in Packages-dev bucket"
+        echo "Downloaded $package"
        return 0
    else
-  echo "Cert tool does not exist in any bucket"
+        echo "Error downloading $package from $url"
-  exit 1
+        return 1
    fi
 }
 # Download the tool to create the certificates
 echo "Downloading the tool to create the certificates..."
 download_package "$wazuh_cert_tool" $CERT_TOOL
 # Download the config file for the certificate tool
 echo "Downloading the config file for the certificate tool..."
 download_package "$wazuh_config_yml" $CERT_CONFIG_FILE
 # Modify the config file to set the IP to localhost
 sed -i 's/  ip:.*/  ip: "127.0.0.1"/' $CERT_CONFIG_FILE
-## Check if the password tool exists in S3 buckets
+chmod 700 "$CERT_CONFIG_FILE"
-PASSWORD_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$PASSWORD_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+# Create the certificates
-PASSWORD_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$PASSWORD_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+chmod 755 "$CERT_TOOL" && bash "$CERT_TOOL" -A
-## If password tool exists in some bucket, download it, if not exit 1
+# Copy Wazuh indexer's certificates and config files to $CONFIG_DIR
-if [ "$PASSWORD_TOOL_PACKAGES" = "200" ]; then
+mkdir -p ${CONFIG_DIR}/certs
-  curl -o $PASSWORD_TOOL $PACKAGES_URL$PASSWORD_TOOL
+mv /etc/wazuh-indexer/* ${CONFIG_DIR}/
-  echo "Password tool exists in Packages bucket"
+cp -pr /wazuh-certificates/node-1.pem ${CONFIG_DIR}/certs/indexer.pem
-elif [ "$PASSWORD_TOOL_PACKAGES_DEV" = "200" ]; then
+cp -pr /wazuh-certificates/node-1-key.pem ${CONFIG_DIR}/certs/indexer-key.pem
-  curl -o $PASSWORD_TOOL $PACKAGES_DEV_URL$PASSWORD_TOOL
+cp -pr /wazuh-certificates/root-ca.key ${CONFIG_DIR}/certs/root-ca.key
-  echo "Password tool exists in Packages-dev bucket"
+cp -pr /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
-else
+cp -pr /wazuh-certificates/admin.pem ${CONFIG_DIR}/certs/admin.pem
-  echo "Password tool does not exist in any bucket"
+cp -pr /wazuh-certificates/admin-key.pem ${CONFIG_DIR}/certs/admin-key.pem
  exit 1
 fi
-chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
+# Modify opensearch.yml config paths
 sed -i "s|/etc/wazuh-indexer|${CONFIG_DIR}|g" ${CONFIG_DIR}/opensearch.yml
 # copy to target
 mkdir -p ${TARGET_DIR}${INSTALLATION_DIR}
 mkdir -p ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 mkdir -p ${TARGET_DIR}${CONFIG_DIR}
 mkdir -p ${TARGET_DIR}${LIB_DIR}
 mkdir -p ${TARGET_DIR}${LOG_DIR}
 mkdir -p ${TARGET_DIR}/etc/init.d
 mkdir -p ${TARGET_DIR}/etc/default
 mkdir -p ${TARGET_DIR}/usr/lib/tmpfiles.d
 mkdir -p ${TARGET_DIR}/usr/lib/sysctl.d
 mkdir -p ${TARGET_DIR}/usr/lib/systemd/system
 mkdir -p ${TARGET_DIR}${CONFIG_DIR}/certs
 # Copy Wazuh's config files for the security plugin
 cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
 # Copy Wazuh indexer's certificates
 cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem
 cp -pr /wazuh-certificates/demo.indexer-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer-key.pem
 cp -pr /wazuh-certificates/root-ca.key ${TARGET_DIR}${CONFIG_DIR}/certs/root-ca.key
 cp -pr /wazuh-certificates/root-ca.pem ${TARGET_DIR}${CONFIG_DIR}/certs/root-ca.pem
 cp -pr /wazuh-certificates/admin.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin.pem
 cp -pr /wazuh-certificates/admin-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin-key.pem
 # Delete xms and xmx parameters in jvm.options
 sed '/-Xms/d' -i /etc/wazuh-indexer/jvm.options
 sed '/-Xmx/d' -i /etc/wazuh-indexer/jvm.options
 sed -i 's/-Djava.security.policy=file:\/\/\/etc\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/-Djava.security.policy=file:\/\/\/usr\/share\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/g' /etc/wazuh-indexer/jvm.options
-
+chown -R ${USER}:${GROUP} ${CONFIG_DIR}
-chmod -R 500 ${TARGET_DIR}${CONFIG_DIR}/certs
+chmod -R 500 ${CONFIG_DIR}/certs
-chmod -R 400 ${TARGET_DIR}${CONFIG_DIR}/certs/*
+chmod -R 400 ${CONFIG_DIR}/certs/*
 find ${TARGET_DIR} -type d -exec chmod 750 {} \;
 find ${TARGET_DIR} -type f -perm 644 -exec chmod 640 {} \;
 find ${TARGET_DIR} -type f -perm 664 -exec chmod 660 {} \;
 find ${TARGET_DIR} -type f -perm 755 -exec chmod 750 {} \;
 find ${TARGET_DIR} -type f -perm 744 -exec chmod 740 {} \;
--- a/build-docker-images/wazuh-indexer/config/config.yml
+++ b/build-docker-images/wazuh-indexer/config/config.yml
@@ -1,5 +0,0 @@
 nodes:
  # Wazuh indexer server nodes
  indexer:
    - name: demo.indexer
      ip: demo.indexer
--- a/build-docker-images/wazuh-indexer/config/entrypoint.sh
+++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh
@@ -1,93 +1,109 @@
-#!/usr/bin/env bash
+#!/bin/bash
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 set -e
 # Copyright OpenSearch Contributors
 # SPDX-License-Identifier: Apache-2.0
 # This script specify the entrypoint startup actions for opensearch
 # It will start both opensearch and performance analyzer plugin cli
 # If either process failed, the entire docker container will be removed
 # in favor of a newly started container
 # Export OpenSearch Home
 export OPENSEARCH_HOME=/usr/share/wazuh-indexer
 export OPENSEARCH_PATH_CONF=$OPENSEARCH_HOME/config
 export CONFIG_FILE=${OPENSEARCH_PATH_CONF}/opensearch.yml
 export PATH=$OPENSEARCH_HOME/bin:$PATH
 # The virtual file /proc/self/cgroup should list the current cgroup
 # membership. For each hierarchy, you can follow the cgroup path from
 # this file to the cgroup filesystem (usually /sys/fs/cgroup/) and
 # introspect the statistics for the cgroup for the given
 # hierarchy. Alas, Docker breaks this by mounting the container
 # statistics at the root while leaving the cgroup paths as the actual
 # paths. Therefore, OpenSearch provides a mechanism to override
 # reading the cgroup path from /proc/self/cgroup and instead uses the
 # cgroup path defined the JVM system property
 # opensearch.cgroups.hierarchy.override. Therefore, we set this value here so
 # that cgroup statistics are available for the container this process
 # will run in.
 export OPENSEARCH_JAVA_OPTS="-Dopensearch.cgroups.hierarchy.override=/ $OPENSEARCH_JAVA_OPTS"
 # Start up the opensearch and performance analyzer agent processes.
 # When either of them halts, this script exits, or we receive a SIGTERM or SIGINT signal then we want to kill both these processes.
 function runOpensearch {
    # Files created by OpenSearch should always be group writable too
    umask 0002
 export USER=wazuh-indexer
 export INSTALLATION_DIR=/usr/share/wazuh-indexer
 export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}/config
 export JAVA_HOME=${INSTALLATION_DIR}/jdk
 export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
 export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
 export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem"
 export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem"
 run_as_other_user_if_needed() {
    if [[ "$(id -u)" == "0" ]]; then
-    # If running as root, drop to specified UID and run command
+        echo "Wazuh indexer cannot run as root. Please start your container as another user."
-    exec chroot --userspec=1000:0 / "${@}"
+        exit 1
-  else
+    fi
-    # Either we are running in Openshift with random uid and are a member of the root group
+
-    # or with a custom --user
+    # Parse Docker env vars to customize Wazuh indexer / OpenSearch configuration
-    exec "${@}"
+    #
    # e.g. Setting the env var cluster.name=testcluster
    # will cause Wazuh indexer to be invoked with -Ecluster.name=testcluster
    opensearch_opts=()
    while IFS='=' read -r envvar_key envvar_value
    do
        # OpenSearch settings need to have at least two dot separated lowercase
        # words, e.g. `cluster.name`, except for `processors` which we handle
        # specially
        if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ || "$envvar_key" == "processors" ]]; then
            if [[ ! -z $envvar_value ]]; then
            opensearch_opt="-E${envvar_key}=${envvar_value}"
            opensearch_opts+=("${opensearch_opt}")
            fi
        fi
    done < <(env)
    # Start opensearch
    exec "$@" "${opensearch_opts[@]}"
 }
 function configureOpensearch {
 # Update opensearch.yml with NODES_DN if set
 if [ -n "$NODES_DN" ]; then
  CLEAN_NODES_DN=$(echo "$NODES_DN" | sed 's/^["'\'']//; s/["'\'']$//; s/""/"/g')
  NODES_DN_YAML=$(echo $CLEAN_NODES_DN | tr ';' '\n' | sed 's/^/- "/; s/$/"/')
  awk '
    /^plugins\.security\.nodes_dn:/ {in_block=1; print; next}
    in_block && /^[^#[:space:]-]/ {in_block=0}
    !in_block || /^plugins\.security\.nodes_dn:/ {next}
    {print}
  ' "$CONFIG_FILE" > "${CONFIG_FILE}.tmp"
  awk -v repl="$NODES_DN_YAML" '
    /^plugins\.security\.nodes_dn:/ {
      print "plugins.security.nodes_dn:";
      print repl;
      skip=1; next
    }
    skip && /^[^#[:space:]-]/ {skip=0}
    !skip
  ' "${CONFIG_FILE}" > "${CONFIG_FILE}.new"
  mv "${CONFIG_FILE}.new" "$CONFIG_FILE"
  rm -f "${CONFIG_FILE}.tmp"
 fi
 }
-# Allow user specify custom CMD, maybe bin/opensearch itself
+# Prepend "opensearch" command if no argument was provided or if the first
-# for example to directly specify `-E` style parameters for opensearch on k8s
+# argument looks like a flag (i.e. starts with a dash).
-# or simply to run /bin/bash to check the image
+
-if [[ "$1" != "opensearchwrapper" ]]; then
+configureOpensearch
-  if [[ "$(id -u)" == "0" && $(basename "$1") == "opensearch" ]]; then
+
-    # Rewrite CMD args to replace $1 with `opensearch` explicitly,
+if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
-    # Without this, user could specify `opensearch -E x.y=z` but
+    set -- opensearch "$@"
-    # `bin/opensearch -E x.y=z` would not work.
+fi
-    set -- "opensearch" "${@:2}"
+
-    # Use chroot to switch to UID 1000 / GID 0
+if [ "$1" = "opensearch" ]; then
-    exec chroot --userspec=1000:0 / "$@"
+    # If the first argument is opensearch, then run the setup script.
    runOpensearch "$@"
 else
-    # User probably wants to run something else, like /bin/bash, with another uid forced (Openshift?)
+    # Otherwise, just exec the command.
    exec "$@"
 fi
 fi
 # Allow environment variables to be set by creating a file with the
 # contents, and setting an environment variable with the suffix _FILE to
 # point to it. This can be used to provide secrets to a container, without
 # the values being specified explicitly when running the container.
 #
 # This is also sourced in opensearch-env, and is only needed here
 # as well because we use INDEXER_PASSWORD below. Sourcing this script
 # is idempotent.
 source /usr/share/wazuh-indexer/bin/opensearch-env-from-file
 if [[ -f bin/opensearch-users ]]; then
  # Check for the INDEXER_PASSWORD environment variable to set the
  # bootstrap password for Security.
  #
  # This is only required for the first node in a cluster with Security
  # enabled, but we have no way of knowing which node we are yet. We'll just
  # honor the variable if it's present.
  if [[ -n "$INDEXER_PASSWORD" ]]; then
    [[ -f /usr/share/wazuh-indexer/opensearch.keystore ]] || (run_as_other_user_if_needed opensearch-keystore create)
    if ! (run_as_other_user_if_needed opensearch-keystore has-passwd --silent) ; then
      # keystore is unencrypted
      if ! (run_as_other_user_if_needed opensearch-keystore list | grep -q '^bootstrap.password$'); then
        (run_as_other_user_if_needed echo "$INDEXER_PASSWORD" | opensearch-keystore add -x 'bootstrap.password')
      fi
    else
      # keystore requires password
      if ! (run_as_other_user_if_needed echo "$KEYSTORE_PASSWORD" \
          | opensearch-keystore list | grep -q '^bootstrap.password$') ; then
        COMMANDS="$(printf "%s\n%s" "$KEYSTORE_PASSWORD" "$INDEXER_PASSWORD")"
        (run_as_other_user_if_needed echo "$COMMANDS" | opensearch-keystore add -x 'bootstrap.password')
      fi
    fi
  fi
 fi
 if [[ "$(id -u)" == "0" ]]; then
  # If requested and running as root, mutate the ownership of bind-mounts
  if [[ -n "$TAKE_FILE_OWNERSHIP" ]]; then
    chown -R 1000:0 /usr/share/wazuh-indexer/{data,logs}
  fi
 fi
 #if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then
  # run securityadmin.sh for single node with CACERT, CERT and KEY parameter
 #  nohup /securityadmin.sh &
 #  touch "/var/lib/wazuh-indexer/.flag"
 #fi
 run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD"
--- a/build-docker-images/wazuh-indexer/config/internal_users.yml
+++ b/build-docker-images/wazuh-indexer/config/internal_users.yml
@@ -1,74 +0,0 @@
 ---
 # This is the internal user database
 # The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
 _meta:
  type: "internalusers"
  config_version: 2
 # Define your internal users here
 ## Demo users
 admin:
  hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG"
  reserved: true
  backend_roles:
  - "admin"
  description: "Demo admin user"
 kibanaserver:
  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
  reserved: true
  description: "Demo kibanaserver user"
 kibanaro:
  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
  reserved: false
  backend_roles:
  - "kibanauser"
  - "readall"
  attributes:
    attribute1: "value1"
    attribute2: "value2"
    attribute3: "value3"
  description: "Demo kibanaro user"
 logstash:
  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
  reserved: false
  backend_roles:
  - "logstash"
  description: "Demo logstash user"
 readall:
  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
  reserved: false
  backend_roles:
  - "readall"
  description: "Demo readall user"
 snapshotrestore:
  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
  reserved: false
  backend_roles:
  - "snapshotrestore"
  description: "Demo snapshotrestore user"
 wazuh_admin:
  hash: "$2y$12$d2awHiOYvZjI88VfsDON.u6buoBol0gYPJEgdG1ArKVE0OMxViFfu"
  reserved: true
  hidden: false
  backend_roles: []
  attributes: {}
  opendistro_security_roles: []
  static: false
 wazuh_user:
  hash: "$2y$12$BQixeoQdRubZdVf/7sq1suHwiVRnSst1.lPI2M0.GPZms4bq2D9vO"
  reserved: true
  hidden: false
  backend_roles: []
  attributes: {}
  opendistro_security_roles: []
  static: false  
--- a/build-docker-images/wazuh-indexer/config/opensearch.yml
+++ b/build-docker-images/wazuh-indexer/config/opensearch.yml
@@ -1,26 +0,0 @@
 network.host: "0.0.0.0"
 node.name: "wazuh.indexer"
 cluster.name: "wazuh-cluster"
 path.data: /var/lib/wazuh-indexer
 path.logs: /var/log/wazuh-indexer
 discovery.type: single-node
 plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem
 plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem
 plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
 plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem
 plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem
 plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false
 plugins.security.authcz.admin_dn:
 - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.check_snapshot_restore_write_privileges: true
 plugins.security.enable_snapshot_restore_privilege: true
 plugins.security.nodes_dn:
 - "CN=demo.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.restapi.roles_enabled:
 - "all_access"
 - "security_rest_api_access"
 plugins.security.system_indices.enabled: true
 plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
--- a/build-docker-images/wazuh-indexer/config/roles.yml
+++ b/build-docker-images/wazuh-indexer/config/roles.yml
@@ -1,171 +0,0 @@
 _meta:
  type: "roles"
  config_version: 2
 # Restrict users so they can only view visualization and dashboards on kibana
 kibana_read_only:
  reserved: true
 # The security REST API access role is used to assign specific users access to change the security settings through the REST API.
 security_rest_api_access:
  reserved: true
 # Allows users to view monitors, destinations and alerts
 alerting_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/alerting/alerts/get'
    - 'cluster:admin/opendistro/alerting/destination/get'
    - 'cluster:admin/opendistro/alerting/monitor/get'
    - 'cluster:admin/opendistro/alerting/monitor/search'
 # Allows users to view and acknowledge alerts
 alerting_ack_alerts:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/alerting/alerts/*'
 # Allows users to use all alerting functionality
 alerting_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster_monitor'
    - 'cluster:admin/opendistro/alerting/*'
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - 'indices_monitor'
        - 'indices:admin/aliases/get'
        - 'indices:admin/mappings/get'
 # Allow users to read Anomaly Detection detectors and results
 anomaly_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/ad/detector/info'
    - 'cluster:admin/opendistro/ad/detector/search'
    - 'cluster:admin/opendistro/ad/detectors/get'
    - 'cluster:admin/opendistro/ad/result/search'
    - 'cluster:admin/opendistro/ad/tasks/search'
 # Allows users to use all Anomaly Detection functionality
 anomaly_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster_monitor'
    - 'cluster:admin/opendistro/ad/*'
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - 'indices_monitor'
        - 'indices:admin/aliases/get'
        - 'indices:admin/mappings/get'
 # Allows users to read Notebooks
 notebooks_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/notebooks/list'
    - 'cluster:admin/opendistro/notebooks/get'
 # Allows users to all Notebooks functionality
 notebooks_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/notebooks/create'
    - 'cluster:admin/opendistro/notebooks/update'
    - 'cluster:admin/opendistro/notebooks/delete'
    - 'cluster:admin/opendistro/notebooks/get'
    - 'cluster:admin/opendistro/notebooks/list'
 # Allows users to read and download Reports
 reports_instances_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/reports/instance/list'
    - 'cluster:admin/opendistro/reports/instance/get'
    - 'cluster:admin/opendistro/reports/menu/download'
 # Allows users to read and download Reports and Report-definitions
 reports_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/reports/definition/get'
    - 'cluster:admin/opendistro/reports/definition/list'
    - 'cluster:admin/opendistro/reports/instance/list'
    - 'cluster:admin/opendistro/reports/instance/get'
    - 'cluster:admin/opendistro/reports/menu/download'
 # Allows users to all Reports functionality
 reports_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/reports/definition/create'
    - 'cluster:admin/opendistro/reports/definition/update'
    - 'cluster:admin/opendistro/reports/definition/on_demand'
    - 'cluster:admin/opendistro/reports/definition/delete'
    - 'cluster:admin/opendistro/reports/definition/get'
    - 'cluster:admin/opendistro/reports/definition/list'
    - 'cluster:admin/opendistro/reports/instance/list'
    - 'cluster:admin/opendistro/reports/instance/get'
    - 'cluster:admin/opendistro/reports/menu/download'
 # Allows users to use all asynchronous-search functionality
 asynchronous_search_full_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/asynchronous_search/*'
  index_permissions:
    - index_patterns:
        - '*'
      allowed_actions:
        - 'indices:data/read/search*'
 # Allows users to read stored asynchronous-search results
 asynchronous_search_read_access:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opendistro/asynchronous_search/get'
 wazuh_ui_user:
  reserved: true
  hidden: false
  cluster_permissions: []
  index_permissions:
  - index_patterns:
    - "wazuh-*"
    dls: ""
    fls: []
    masked_fields: []
    allowed_actions:
    - "read"
  tenant_permissions: []
  static: false
 wazuh_ui_admin:
  reserved: true
  hidden: false
  cluster_permissions: []
  index_permissions:
  - index_patterns:
    - "wazuh-*"
    dls: ""
    fls: []
    masked_fields: []
    allowed_actions:
    - "read"
    - "delete"
    - "manage"
    - "index"
  tenant_permissions: []
  static: false
 # ISM API permissions role
 manage_ism:
  reserved: true
  hidden: false
  cluster_permissions:
  - "manage_ism"
  static: false
--- a/build-docker-images/wazuh-indexer/config/roles_mapping.yml
+++ b/build-docker-images/wazuh-indexer/config/roles_mapping.yml
@@ -1,78 +0,0 @@
 ---
 # In this file users, backendroles and hosts can be mapped to Wazuh indexer Security roles.
 # Permissions for Wazuh indexer roles are configured in roles.yml
 _meta:
  type: "rolesmapping"
  config_version: 2
 # Define your roles mapping here
 ## Demo roles mapping
 all_access:
  reserved: false
  backend_roles:
  - "admin"
  description: "Maps admin to all_access"
 own_index:
  reserved: false
  users:
  - "*"
  description: "Allow full access to an index named like the username"
 logstash:
  reserved: false
  backend_roles:
  - "logstash"
 kibana_user:
  reserved: false
  backend_roles:
  - "kibanauser"
  users:
  - "wazuh_user"
  - "wazuh_admin"
  description: "Maps kibanauser to kibana_user"
 readall:
  reserved: false
  backend_roles:
  - "readall"
 manage_snapshots:
  reserved: false
  backend_roles:
  - "snapshotrestore"
 kibana_server:
  reserved: true
  users:
  - "kibanaserver"
 wazuh_ui_admin:
  reserved: true
  hidden: false
  backend_roles: []
  hosts: []
  users:
  - "wazuh_admin"
  - "kibanaserver"
  and_backend_roles: []
 wazuh_ui_user:
  reserved: true
  hidden: false
  backend_roles: []
  hosts: []
  users:
  - "wazuh_user"
  and_backend_roles: []
 # ISM API permissions role mapping
 manage_ism:
  reserved: true
  hidden: false
  users:
  - "kibanaserver"
--- a/build-docker-images/wazuh-manager/Dockerfile
+++ b/build-docker-images/wazuh-manager/Dockerfile
@@ -9,6 +9,10 @@ ARG S6_VERSION="v2.2.0.3"
 ARG TARGETARCH
 ARG wazuh_manager_url_amd64_rpm
 ARG wazuh_manager_url_arm64_rpm
 ARG wazuh_cert_tool
 ARG wazuh_config_yml
 COPY config/config.sh .
 RUN URL_VAR="wazuh_manager_url_${TARGETARCH}_rpm" && \
    manager_url="${!URL_VAR}" && \
@@ -16,7 +20,10 @@ RUN URL_VAR="wazuh_manager_url_${TARGETARCH}_rpm" && \
    dnf clean all && \
    curl -o /wazuh-manager.rpm "${manager_url}" && \
    dnf install /wazuh-manager.rpm -y && \
    rm -rf /wazuh-manager.rpm && \
    dnf clean all && \
    chmod 755 /config.sh && \
    /config.sh && \
    curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
    -o /tmp/s6-overlay-amd64.tar.gz && \
    tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \
--- a/build-docker-images/wazuh-manager/config/config.sh
+++ b/build-docker-images/wazuh-manager/config/config.sh
@@ -0,0 +1,40 @@
 ##############################################################################
 # Downloading Cert Gen Tool
 ##############################################################################
 # Variables for certificate generation
 CERT_TOOL="wazuh-certs-tool.sh"
 CERT_CONFIG_FILE="config.yml"
 CERT_DIR=/etc/filebeat/certs
 download_package() {
    local url=$1
    local package=$2
    if curl -fsL "$url" -o "$package"; then
        echo "Downloaded $package"
        return 0
    else
        echo "Error downloading $package from $url"
        return 1
    fi
 }
 mkdir -p $CERT_DIR
 # Download the tool to create the certificates
 echo "Downloading the tool to create the certificates..."
 download_package "$wazuh_cert_tool" $CERT_TOOL
 # Download the config file for the certificate tool
 echo "Downloading the config file for the certificate tool..."
 download_package "$wazuh_config_yml" $CERT_CONFIG_FILE
 # Modify the config file to set the IP to localhost
 sed -i 's/  ip:.*/  ip: "127.0.0.1"/' $CERT_CONFIG_FILE
 chmod 700 "$CERT_CONFIG_FILE"
 # Create the certificates
 chmod 755 "$CERT_TOOL" && bash "$CERT_TOOL" -A
 # Copy Wazuh manager certs
 cp -pr /wazuh-certificates/wazuh-1.pem ${CERT_DIR}/wazuh-1.pem
 cp -pr /wazuh-certificates/wazuh-1-key.pem ${CERT_DIR}/wazuh-1-key.pem
 cp -pr /wazuh-certificates/root-ca.key ${CERT_DIR}/root-ca.key
 cp -pr /wazuh-certificates/root-ca.pem ${CERT_DIR}/root-ca.pem
 cp -pr /wazuh-certificates/admin.pem ${CERT_DIR}/admin.pem
 cp -pr /wazuh-certificates/admin-key.pem ${CERT_DIR}/admin-key.pem
--- a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
+++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
@@ -152,18 +152,81 @@ set_custom_hostname() {
  sed -i 's/<node_name>to_be_replaced_by_hostname<\/node_name>/<node_name>'"${HOSTNAME}"'<\/node_name>/g' ${WAZUH_INSTALL_PATH}/etc/ossec.conf
 }
-##############################################################################
+function_configure_ossec_conf() {
-# Allow users to set the container cluster key dynamically on
+OSSEC_CONF="${WAZUH_INSTALL_PATH}/etc/ossec.conf"
 # container start.
 #
 # To use this:
 # 1. Create your own ossec.conf file
 # 2. In your ossec.conf file, set to_be_replaced_by_cluster_key as your key
 # 3. Mount your custom ossec.conf file at $WAZUH_CONFIG_MOUNT/etc/ossec.conf
 ##############################################################################
-set_custom_cluster_key() {
+# --------------------------
-  sed -i 's/<key>to_be_replaced_by_cluster_key<\/key>/<key>'"${WAZUH_CLUSTER_KEY}"'<\/key>/g' ${WAZUH_INSTALL_PATH}/etc/ossec.conf
+# Defaults based on OSSEC_CONF
 # --------------------------
 if [[ -z "$WAZUH_CLUSTER_KEY" ]]; then
    WAZUH_CLUSTER_KEY=$(sed -n '/<cluster>/,/<\/cluster>/s/.*<key>\(.*\)<\/key>.*/\1/p' "$OSSEC_CONF" | head -n1)
 fi
 # Node type logic
 if [[ "$WAZUH_NODE_TYPE" != "worker" ]]; then
    WAZUH_NODE_TYPE="master"
 fi
 # Default node name → HOSTNAME if not defined
 WAZUH_NODE_NAME="${WAZUH_NODE_NAME:-$HOSTNAME}"
 # --------------------------
 # Replace Indexer Hosts
 # --------------------------
 if [[ -n "$WAZUH_INDEXER_HOSTS" ]]; then
    TMP_HOSTS=$(mktemp)
    {
        echo "    <hosts>"
        for NODE in $WAZUH_INDEXER_HOSTS; do
            IP="${NODE%:*}"
            PORT="${NODE#*:}"
            echo "      <host>https://$IP:$PORT</host>"
        done
        echo "    </hosts>"
    } > "$TMP_HOSTS";
    sed -i -e '/<indexer>/,/<\/indexer>/{ /<hosts>/,/<\/hosts>/{ /<hosts>/r '"$TMP_HOSTS" \
            -e 'd }}' "$OSSEC_CONF";
    rm -f "$TMP_HOSTS";
 fi
 # --------------------------
 # Cluster: node_name
 # --------------------------
 sed -i "/<cluster>/,/<\/cluster>/ s|<node_name>.*</node_name>|<node_name>$WAZUH_NODE_NAME</node_name>|" "$OSSEC_CONF"
 # --------------------------
 # Cluster: node_type
 # --------------------------
 sed -i "/<cluster>/,/<\/cluster>/ s|<node_type>.*</node_type>|<node_type>$WAZUH_NODE_TYPE</node_type>|" "$OSSEC_CONF"
 # --------------------------
 # Cluster: key
 # --------------------------
 sed -i "/<cluster>/,/<\/cluster>/ s|<key>.*</key>|<key>$WAZUH_CLUSTER_KEY</key>|" "$OSSEC_CONF"
 # --------------------------
 # Cluster: bind_addr
 # --------------------------
 sed -i "/<cluster>/,/<\/cluster>/ s|<bind_addr>.*</bind_addr>|<bind_addr>$WAZUH_CLUSTER_BIND_ADDR</bind_addr>|" "$OSSEC_CONF"
 # --------------------------
 # Cluster: nodes list
 # --------------------------
 if [[ -n "$WAZUH_CLUSTER_NODES" ]]; then
    TMP_NODES=$(mktemp)
    {
        echo "    <nodes>"
        for N in $WAZUH_CLUSTER_NODES; do
            echo "        <node>$N</node>"
        done
        echo "    </nodes>"
    } > "$TMP_NODES";
    sed -i -e '/<cluster>/,/<\/cluster>/{ /<nodes>/,/<\/nodes>/{ /<nodes>/r '"$TMP_NODES" \
            -e 'd }}' "$OSSEC_CONF";
    rm -f "$TMP_NODES";
 fi
 echo "Wazuh manager config modified successfully."
 }
 ##############################################################################
@@ -221,8 +284,8 @@ main() {
  # Allow setting custom hostname
  set_custom_hostname
-  # Allow setting custom cluster key
+  # Configure ossec.conf based on environment variables
-  set_custom_cluster_key
+  function_configure_ossec_conf
  # Delete temporary data folder
  rm -rf ${WAZUH_INSTALL_PATH}/data_tmp
--- a/build-docker-images/wazuh-manager/config/filebeat.yml
+++ b/build-docker-images/wazuh-manager/config/filebeat.yml
@@ -1,31 +0,0 @@
 # Wazuh - Filebeat configuration file
 filebeat.modules:
  - module: wazuh
    alerts:
      enabled: true
    archives:
      enabled: false
 setup.template.json.enabled: true
 setup.template.overwrite: true
 setup.template.json.path: '/etc/filebeat/wazuh-template.json'
 setup.template.json.name: 'wazuh'
 setup.ilm.enabled: false
 output.elasticsearch:
  hosts: ['https://wazuh.indexer:9200']
  #username:
  #password:
  #ssl.verification_mode:
  #ssl.certificate_authorities:
  #ssl.certificate:
  #ssl.key:
 logging.metrics.enabled: false
 seccomp:
  default_action: allow
  syscalls:
  - action: allow
    names:
    - rseq
--- a/multi-node/README.md
+++ b/multi-node/README.md
@@ -6,11 +6,47 @@ This deployment is defined in the `docker-compose.yml` file with two Wazuh manag
 ```
 $ sysctl -w vm.max_map_count=262144
 ```
-2) Run the certificate creation script:
+
 2) Download the certificate creation script and config.yml file:
 ```
-$ docker compose -f generate-indexer-certs.yml run --rm generator
+$ curl -sO https://packages.wazuh.com/5.0/wazuh-certs-tool.sh
 $ curl -sO https://packages.wazuh.com/5.0/config.yml
 ```
-3) Start the environment with docker compose:
+
 3) Edit the config.yml file with the configuration of the Wazuh components to be deployed
 ```
 nodes:
  # Wazuh indexer server nodes
  indexer:
    - name: wazuh1.indexer
      ip: wazuh1.indexer
    - name: wazuh2.indexer
      ip: wazuh2.indexer
    - name: wazuh3.indexer
      ip: wazuh3.indexer
  # Wazuh server nodes
  # Use node_type only with more than one Wazuh manager
  server:
    - name: wazuh.master
      ip: wazuh.master
      node_type: master
    - name: wazuh.worker
      ip: wazuh.worker
      node_type: worker
  # Wazuh dashboard node
  dashboard:
    - name: wazuh.dashboard
      ip: wazuh.dashboard
 ```
 4) Run the certificate creation script:
 ```
 bash ./wazuh-certs-tool.sh -A
 ```
 5) Start the environment with docker compose:
 - In the foregroud:
 ```
--- a/multi-node/config/certs.yml
+++ b/multi-node/config/certs.yml
@@ -1,24 +0,0 @@
 nodes:
  # Wazuh indexer server nodes
  indexer:
    - name: wazuh1.indexer
      ip: wazuh1.indexer
    - name: wazuh2.indexer
      ip: wazuh2.indexer
    - name: wazuh3.indexer
      ip: wazuh3.indexer
  # Wazuh server nodes
  # Use node_type only with more than one Wazuh manager
  server:
    - name: wazuh.master
      ip: wazuh.master
      node_type: master
    - name: wazuh.worker
      ip: wazuh.worker
      node_type: worker
  # Wazuh dashboard node
  dashboard:
    - name: wazuh.dashboard
      ip: wazuh.dashboard
--- a/multi-node/config/wazuh_cluster/wazuh_manager.conf
+++ b/multi-node/config/wazuh_cluster/wazuh_manager.conf
@@ -1,290 +0,0 @@
 <ossec_config>
  <global>
    <agents_disconnection_time>15m</agents_disconnection_time>
    <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
    <update_check>yes</update_check>
  </global>
  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
  <logging>
    <log_format>plain</log_format>
  </logging>
  <remote>
    <connection>secure</connection>
    <port>1514</port>
    <protocol>tcp</protocol>
    <queue_size>131072</queue_size>
  </remote>
  <!-- Policy monitoring -->
  <rootcheck>
    <disabled>no</disabled>
    <check_dev>yes</check_dev>
    <check_sys>yes</check_sys>
    <check_pids>yes</check_pids>
    <check_ports>yes</check_ports>
    <check_if>yes</check_if>
    <!-- Frequency that rootcheck is executed - every 12 hours -->
    <frequency>43200</frequency>
    <skip_nfs>yes</skip_nfs>
    <ignore>/var/lib/containerd</ignore>
    <ignore>/var/lib/docker/overlay2</ignore>
  </rootcheck>
  <!-- System inventory -->
  <wodle name="syscollector">
    <disabled>no</disabled>
    <interval>1h</interval>
    <scan_on_start>yes</scan_on_start>
    <hardware>yes</hardware>
    <os>yes</os>
    <network>yes</network>
    <packages>yes</packages>
    <ports all="yes">yes</ports>
    <processes>yes</processes>
    <users>yes</users>
    <groups>yes</groups>
    <services>yes</services>
    <browser_extensions>yes</browser_extensions>
    <!-- Database synchronization settings -->
    <synchronization>
      <enabled>yes</enabled>
      <interval>5m</interval>
      <max_eps>10</max_eps>
    </synchronization>
  </wodle>
  <sca>
    <enabled>yes</enabled>
    <scan_on_start>yes</scan_on_start>
    <interval>12h</interval>
    <!-- Database synchronization settings -->
    <synchronization>
      <enabled>yes</enabled>
      <interval>5m</interval>
      <max_eps>10</max_eps>
    </synchronization>
  </sca>
  <vulnerability-detection>
    <enabled>yes</enabled>
    <index-status>yes</index-status>
    <feed-update-interval>60m</feed-update-interval>
  </vulnerability-detection>
  <indexer>
    <enabled>yes</enabled>
    <hosts>
      <host>https://wazuh1.indexer:9200</host>
      <host>https://wazuh2.indexer:9200</host>
      <host>https://wazuh3.indexer:9200</host>
    </hosts>
    <ssl>
      <certificate_authorities>
        <ca>/etc/ssl/root-ca.pem</ca>
      </certificate_authorities>
      <certificate>/etc/ssl/filebeat.pem</certificate>
      <key>/etc/ssl/filebeat.key</key>
    </ssl>
  </indexer>
  <!-- File integrity monitoring -->
  <syscheck>
    <disabled>no</disabled>
    <!-- Frequency that syscheck is executed default every 12 hours -->
    <frequency>43200</frequency>
    <!-- Generate alert when new file detected -->
    <alert_new_files>yes</alert_new_files>
    <!-- Don't ignore files that change more than 'frequency' times -->
    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
    <!-- Directories to check  (perform all possible verifications) -->
    <directories>/etc,/usr/bin,/usr/sbin</directories>
    <directories>/bin,/sbin,/boot</directories>
    <!-- Files/directories to ignore -->
    <ignore>/etc/mtab</ignore>
    <ignore>/etc/hosts.deny</ignore>
    <ignore>/etc/mail/statistics</ignore>
    <ignore>/etc/random-seed</ignore>
    <ignore>/etc/random.seed</ignore>
    <ignore>/etc/adjtime</ignore>
    <ignore>/etc/httpd/logs</ignore>
    <ignore>/etc/utmpx</ignore>
    <ignore>/etc/wtmpx</ignore>
    <ignore>/etc/cups/certs</ignore>
    <ignore>/etc/dumpdates</ignore>
    <ignore>/etc/svc/volatile</ignore>
    <!-- File types to ignore -->
    <ignore type="sregex">.log$|.swp$</ignore>
    <!-- Check the file, but never compute the diff -->
    <nodiff>/etc/ssl/private.key</nodiff>
    <skip_nfs>yes</skip_nfs>
    <skip_dev>yes</skip_dev>
    <skip_proc>yes</skip_proc>
    <skip_sys>yes</skip_sys>
    <!-- Nice value for Syscheck process -->
    <process_priority>10</process_priority>
    <!-- Maximum output throughput -->
    <max_eps>50</max_eps>
    <!-- Database synchronization settings -->
    <synchronization>
      <enabled>yes</enabled>
      <interval>5m</interval>
      <max_eps>10</max_eps>
    </synchronization>
  </syscheck>
  <!-- Active response -->
  <global>
    <white_list>127.0.0.1</white_list>
    <white_list>^localhost.localdomain$</white_list>
  </global>
  <command>
    <name>disable-account</name>
    <executable>disable-account</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>restart-wazuh</name>
    <executable>restart-wazuh</executable>
  </command>
  <command>
    <name>firewall-drop</name>
    <executable>firewall-drop</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>host-deny</name>
    <executable>host-deny</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>route-null</name>
    <executable>route-null</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>win_route-null</name>
    <executable>route-null.exe</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>netsh</name>
    <executable>netsh.exe</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <!--
  <active-response>
    active-response options here
  </active-response>
  -->
  <!-- Log analysis -->
  <localfile>
    <log_format>command</log_format>
    <command>df -P</command>
    <frequency>360</frequency>
  </localfile>
  <localfile>
    <log_format>full_command</log_format>
    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
    <alias>netstat listening ports</alias>
    <frequency>360</frequency>
  </localfile>
  <localfile>
    <log_format>full_command</log_format>
    <command>last -n 20</command>
    <frequency>360</frequency>
  </localfile>
  <ruleset>
    <!-- Default ruleset -->
    <decoder_dir>ruleset/decoders</decoder_dir>
    <rule_dir>ruleset/rules</rule_dir>
    <rule_exclude>0215-policy_rules.xml</rule_exclude>
    <list>etc/lists/audit-keys</list>
    <list>etc/lists/amazon/aws-eventnames</list>
    <list>etc/lists/security-eventchannel</list>
    <list>etc/lists/malicious-ioc/malicious-ip</list>
    <list>etc/lists/malicious-ioc/malicious-domains</list>
    <list>etc/lists/malicious-ioc/malware-hashes</list>
    <!-- User-defined ruleset -->
    <decoder_dir>etc/decoders</decoder_dir>
    <rule_dir>etc/rules</rule_dir>
  </ruleset>
  <!-- Configuration for wazuh-authd -->
  <auth>
    <disabled>no</disabled>
    <port>1515</port>
    <use_source_ip>no</use_source_ip>
    <purge>yes</purge>
    <use_password>no</use_password>
    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
    <!-- <ssl_agent_ca></ssl_agent_ca> -->
    <ssl_verify_host>no</ssl_verify_host>
    <ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
    <ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
    <ssl_auto_negotiate>no</ssl_auto_negotiate>
  </auth>
  <cluster>
    <name>wazuh</name>
    <node_name>manager</node_name>
    <node_type>master</node_type>
    <key>c98b6ha9b6169zc5f67rae55ae4z5647</key>
    <port>1516</port>
    <bind_addr>0.0.0.0</bind_addr>
    <nodes>
        <node>wazuh.master</node>
    </nodes>
    <hidden>no</hidden>
    <disabled>no</disabled>
  </cluster>
 </ossec_config>
 <ossec_config>
  <localfile>
    <log_format>journald</log_format>
    <location>journald</location>
  </localfile>
  <localfile>
    <log_format>audit</log_format>
    <location>/var/log/audit/audit.log</location>
  </localfile>
  <localfile>
    <log_format>syslog</log_format>
    <location>/var/ossec/logs/active-responses.log</location>
  </localfile>
 </ossec_config>
--- a/multi-node/config/wazuh_cluster/wazuh_worker.conf
+++ b/multi-node/config/wazuh_cluster/wazuh_worker.conf
@@ -1,290 +0,0 @@
 <ossec_config>
  <global>
    <agents_disconnection_time>15m</agents_disconnection_time>
    <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
    <update_check>yes</update_check>
  </global>
  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
  <logging>
    <log_format>plain</log_format>
  </logging>
  <remote>
    <connection>secure</connection>
    <port>1514</port>
    <protocol>tcp</protocol>
    <queue_size>131072</queue_size>
  </remote>
  <!-- Policy monitoring -->
  <rootcheck>
    <disabled>no</disabled>
    <check_dev>yes</check_dev>
    <check_sys>yes</check_sys>
    <check_pids>yes</check_pids>
    <check_ports>yes</check_ports>
    <check_if>yes</check_if>
    <!-- Frequency that rootcheck is executed - every 12 hours -->
    <frequency>43200</frequency>
    <skip_nfs>yes</skip_nfs>
    <ignore>/var/lib/containerd</ignore>
    <ignore>/var/lib/docker/overlay2</ignore>
  </rootcheck>
  <!-- System inventory -->
  <wodle name="syscollector">
    <disabled>no</disabled>
    <interval>1h</interval>
    <scan_on_start>yes</scan_on_start>
    <hardware>yes</hardware>
    <os>yes</os>
    <network>yes</network>
    <packages>yes</packages>
    <ports all="yes">yes</ports>
    <processes>yes</processes>
    <users>yes</users>
    <groups>yes</groups>
    <services>yes</services>
    <browser_extensions>yes</browser_extensions>
    <!-- Database synchronization settings -->
    <synchronization>
      <enabled>yes</enabled>
      <interval>5m</interval>
      <max_eps>10</max_eps>
    </synchronization>
  </wodle>
  <sca>
    <enabled>yes</enabled>
    <scan_on_start>yes</scan_on_start>
    <interval>12h</interval>
    <!-- Database synchronization settings -->
    <synchronization>
      <enabled>yes</enabled>
      <interval>5m</interval>
      <max_eps>10</max_eps>
    </synchronization>
  </sca>
  <vulnerability-detection>
    <enabled>yes</enabled>
    <index-status>yes</index-status>
    <feed-update-interval>60m</feed-update-interval>
  </vulnerability-detection>
  <indexer>
    <enabled>yes</enabled>
    <hosts>
      <host>https://wazuh1.indexer:9200</host>
      <host>https://wazuh2.indexer:9200</host>
      <host>https://wazuh3.indexer:9200</host>
    </hosts>
    <ssl>
      <certificate_authorities>
        <ca>/etc/ssl/root-ca.pem</ca>
      </certificate_authorities>
      <certificate>/etc/ssl/filebeat.pem</certificate>
      <key>/etc/ssl/filebeat.key</key>
    </ssl>
  </indexer>
  <!-- File integrity monitoring -->
  <syscheck>
    <disabled>no</disabled>
    <!-- Frequency that syscheck is executed default every 12 hours -->
    <frequency>43200</frequency>
    <!-- Generate alert when new file detected -->
    <alert_new_files>yes</alert_new_files>
    <!-- Don't ignore files that change more than 'frequency' times -->
    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
    <!-- Directories to check  (perform all possible verifications) -->
    <directories>/etc,/usr/bin,/usr/sbin</directories>
    <directories>/bin,/sbin,/boot</directories>
    <!-- Files/directories to ignore -->
    <ignore>/etc/mtab</ignore>
    <ignore>/etc/hosts.deny</ignore>
    <ignore>/etc/mail/statistics</ignore>
    <ignore>/etc/random-seed</ignore>
    <ignore>/etc/random.seed</ignore>
    <ignore>/etc/adjtime</ignore>
    <ignore>/etc/httpd/logs</ignore>
    <ignore>/etc/utmpx</ignore>
    <ignore>/etc/wtmpx</ignore>
    <ignore>/etc/cups/certs</ignore>
    <ignore>/etc/dumpdates</ignore>
    <ignore>/etc/svc/volatile</ignore>
    <!-- File types to ignore -->
    <ignore type="sregex">.log$|.swp$</ignore>
    <!-- Check the file, but never compute the diff -->
    <nodiff>/etc/ssl/private.key</nodiff>
    <skip_nfs>yes</skip_nfs>
    <skip_dev>yes</skip_dev>
    <skip_proc>yes</skip_proc>
    <skip_sys>yes</skip_sys>
    <!-- Nice value for Syscheck process -->
    <process_priority>10</process_priority>
    <!-- Maximum output throughput -->
    <max_eps>50</max_eps>
    <!-- Database synchronization settings -->
    <synchronization>
      <enabled>yes</enabled>
      <interval>5m</interval>
      <max_eps>10</max_eps>
    </synchronization>
  </syscheck>
  <!-- Active response -->
  <global>
    <white_list>127.0.0.1</white_list>
    <white_list>^localhost.localdomain$</white_list>
  </global>
  <command>
    <name>disable-account</name>
    <executable>disable-account</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>restart-wazuh</name>
    <executable>restart-wazuh</executable>
  </command>
  <command>
    <name>firewall-drop</name>
    <executable>firewall-drop</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>host-deny</name>
    <executable>host-deny</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>route-null</name>
    <executable>route-null</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>win_route-null</name>
    <executable>route-null.exe</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>netsh</name>
    <executable>netsh.exe</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <!--
  <active-response>
    active-response options here
  </active-response>
  -->
  <!-- Log analysis -->
  <localfile>
    <log_format>command</log_format>
    <command>df -P</command>
    <frequency>360</frequency>
  </localfile>
  <localfile>
    <log_format>full_command</log_format>
    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
    <alias>netstat listening ports</alias>
    <frequency>360</frequency>
  </localfile>
  <localfile>
    <log_format>full_command</log_format>
    <command>last -n 20</command>
    <frequency>360</frequency>
  </localfile>
  <ruleset>
    <!-- Default ruleset -->
    <decoder_dir>ruleset/decoders</decoder_dir>
    <rule_dir>ruleset/rules</rule_dir>
    <rule_exclude>0215-policy_rules.xml</rule_exclude>
    <list>etc/lists/audit-keys</list>
    <list>etc/lists/amazon/aws-eventnames</list>
    <list>etc/lists/security-eventchannel</list>
    <list>etc/lists/malicious-ioc/malicious-ip</list>
    <list>etc/lists/malicious-ioc/malicious-domains</list>
    <list>etc/lists/malicious-ioc/malware-hashes</list>
    <!-- User-defined ruleset -->
    <decoder_dir>etc/decoders</decoder_dir>
    <rule_dir>etc/rules</rule_dir>
  </ruleset>
  <!-- Configuration for wazuh-authd -->
  <auth>
    <disabled>no</disabled>
    <port>1515</port>
    <use_source_ip>no</use_source_ip>
    <purge>yes</purge>
    <use_password>no</use_password>
    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
    <!-- <ssl_agent_ca></ssl_agent_ca> -->
    <ssl_verify_host>no</ssl_verify_host>
    <ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
    <ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
    <ssl_auto_negotiate>no</ssl_auto_negotiate>
  </auth>
  <cluster>
    <name>wazuh</name>
    <node_name>worker01</node_name>
    <node_type>worker</node_type>
    <key>c98b6ha9b6169zc5f67rae55ae4z5647</key>
    <port>1516</port>
    <bind_addr>0.0.0.0</bind_addr>
    <nodes>
        <node>wazuh.master</node>
    </nodes>
    <hidden>no</hidden>
    <disabled>no</disabled>
  </cluster>
 </ossec_config>
 <ossec_config>
  <localfile>
    <log_format>journald</log_format>
    <location>journald</location>
  </localfile>
  <localfile>
    <log_format>audit</log_format>
    <location>/var/log/audit/audit.log</location>
  </localfile>
  <localfile>
    <log_format>syslog</log_format>
    <location>/var/ossec/logs/active-responses.log</location>
  </localfile>
 </ossec_config>
--- a/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml
+++ b/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml
@@ -1,16 +0,0 @@
 server.host: 0.0.0.0
 server.port: 5601
 opensearch.hosts: https://wazuh1.indexer:9200
 opensearch.ssl.verificationMode: certificate
 opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
 opensearch_security.multitenancy.enabled: false
 opensearch_security.readonly_mode.roles: ["kibana_read_only"]
 server.ssl.enabled: true
 server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
 server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
 opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
 uiSettings.overrides.defaultRoute: /app/wz-home
 # Session expiration settings
 opensearch_security.cookie.ttl: 900000
 opensearch_security.session.ttl: 900000
 opensearch_security.session.keepalive: true
--- a/multi-node/config/wazuh_dashboard/wazuh.yml
+++ b/multi-node/config/wazuh_dashboard/wazuh.yml
@@ -1,7 +0,0 @@
 hosts:
  - 1513629884013:
      url: "https://wazuh.master"
      port: 55000
      username: wazuh-wui
      password: "MyS3cr37P450r.*-"
      run_as: false
--- a/multi-node/config/wazuh_indexer/internal_users.yml
+++ b/multi-node/config/wazuh_indexer/internal_users.yml
@@ -1,56 +0,0 @@
 ---
 # This is the internal user database
 # The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
 _meta:
  type: "internalusers"
  config_version: 2
 # Define your internal users here
 ## Demo users
 admin:
  hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
  reserved: true
  backend_roles:
  - "admin"
  description: "Demo admin user"
 kibanaserver:
  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
  reserved: true
  description: "Demo kibanaserver user"
 kibanaro:
  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
  reserved: false
  backend_roles:
  - "kibanauser"
  - "readall"
  attributes:
    attribute1: "value1"
    attribute2: "value2"
    attribute3: "value3"
  description: "Demo kibanaro user"
 logstash:
  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
  reserved: false
  backend_roles:
  - "logstash"
  description: "Demo logstash user"
 readall:
  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
  reserved: false
  backend_roles:
  - "readall"
  description: "Demo readall user"
 snapshotrestore:
  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
  reserved: false
  backend_roles:
  - "snapshotrestore"
  description: "Demo snapshotrestore user"
--- a/multi-node/config/wazuh_indexer/wazuh1.indexer.yml
+++ b/multi-node/config/wazuh_indexer/wazuh1.indexer.yml
@@ -1,37 +0,0 @@
 network.host: wazuh1.indexer
 node.name: wazuh1.indexer
 cluster.initial_cluster_manager_nodes:
        - wazuh1.indexer
        - wazuh2.indexer
        - wazuh3.indexer
 cluster.name: "wazuh-cluster"
 discovery.seed_hosts:
        - wazuh1.indexer
        - wazuh2.indexer
        - wazuh3.indexer
 node.max_local_storage_nodes: "3"
 path.data: /var/lib/wazuh-indexer
 path.logs: /var/log/wazuh-indexer
 plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
 plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
 plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
 plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
 plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
 plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false
 plugins.security.authcz.admin_dn:
 - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.check_snapshot_restore_write_privileges: true
 plugins.security.enable_snapshot_restore_privilege: true
 plugins.security.nodes_dn:
 - "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
 - "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
 - "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
 - "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.restapi.roles_enabled:
 - "all_access"
 - "security_rest_api_access"
 plugins.security.allow_default_init_securityindex: true
 cluster.routing.allocation.disk.threshold_enabled: false
--- a/multi-node/config/wazuh_indexer/wazuh2.indexer.yml
+++ b/multi-node/config/wazuh_indexer/wazuh2.indexer.yml
@@ -1,37 +0,0 @@
 network.host: wazuh2.indexer
 node.name: wazuh2.indexer
 cluster.initial_cluster_manager_nodes:
        - wazuh1.indexer
        - wazuh2.indexer
        - wazuh3.indexer
 cluster.name: "wazuh-cluster"
 discovery.seed_hosts:
        - wazuh1.indexer
        - wazuh2.indexer
        - wazuh3.indexer
 node.max_local_storage_nodes: "3"
 path.data: /var/lib/wazuh-indexer
 path.logs: /var/log/wazuh-indexer
 plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
 plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
 plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
 plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
 plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
 plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false
 plugins.security.authcz.admin_dn:
 - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.check_snapshot_restore_write_privileges: true
 plugins.security.enable_snapshot_restore_privilege: true
 plugins.security.nodes_dn:
 - "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
 - "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
 - "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
 - "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.restapi.roles_enabled:
 - "all_access"
 - "security_rest_api_access"
 plugins.security.allow_default_init_securityindex: true
 cluster.routing.allocation.disk.threshold_enabled: false
--- a/multi-node/config/wazuh_indexer/wazuh3.indexer.yml
+++ b/multi-node/config/wazuh_indexer/wazuh3.indexer.yml
@@ -1,37 +0,0 @@
 network.host: wazuh3.indexer
 node.name: wazuh3.indexer
 cluster.initial_cluster_manager_nodes:
        - wazuh1.indexer
        - wazuh2.indexer
        - wazuh3.indexer
 cluster.name: "wazuh-cluster"
 discovery.seed_hosts:
        - wazuh1.indexer
        - wazuh2.indexer
        - wazuh3.indexer
 node.max_local_storage_nodes: "3"
 path.data: /var/lib/wazuh-indexer
 path.logs: /var/log/wazuh-indexer
 plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
 plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
 plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
 plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
 plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
 plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false
 plugins.security.authcz.admin_dn:
 - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.check_snapshot_restore_write_privileges: true
 plugins.security.enable_snapshot_restore_privilege: true
 plugins.security.nodes_dn:
 - "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
 - "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
 - "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
 - "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.restapi.roles_enabled:
 - "all_access"
 - "security_rest_api_access"
 plugins.security.allow_default_init_securityindex: true
 cluster.routing.allocation.disk.threshold_enabled: false
--- a/multi-node/docker-compose.yml
+++ b/multi-node/docker-compose.yml
@@ -1,7 +1,7 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 services:
  wazuh.master:
-    image: wazuh/wazuh-manager:5.0.0
+    image: wazuh/wazuh-manager:main
    hostname: wazuh.master
    restart: always
    ulimits:
@@ -16,13 +16,13 @@ services:
      - "514:514/udp"
      - "55000:55000"
    environment:
-      - INDEXER_URL=https://wazuh1.indexer:9200
+      - WAZUH_INDEXER_HOSTS=wazuh1.indexer:9200,wazuh2.indexer:9200,wazuh3.indexer:9200
      - WAZUH_NODE_NAME=master
      - WAZUH_NODE_TYPE=master
      - WAZUH_CLUSTER_BIND_ADDR=0.0.0.0
      - WAZUH_CLUSTER_NODES=wazuh.master
      - INDEXER_USERNAME=admin
-      - INDEXER_PASSWORD=SecretPassword
+      - INDEXER_PASSWORD=admin
      - FILEBEAT_SSL_VERIFICATION_MODE=full
      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
      - SSL_KEY=/etc/ssl/filebeat.key
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
@@ -33,15 +33,11 @@ services:
      - master-wazuh-var-multigroups:/var/ossec/var/multigroups
      - master-wazuh-active-response:/var/ossec/active-response/bin
      - master-wazuh-wodles:/var/ossec/wodles
-      - master-filebeat-etc:/etc/filebeat
+      - ./wazuh-certificates/root-ca.pem:/etc/ssl/root-ca.pem
-      - master-filebeat-var:/var/lib/filebeat
+      - ./wazuh-certificates/wazuh.master.pem:/etc/ssl/filebeat.pem
-      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
+      - ./wazuh-certificates/wazuh.master-key.pem:/etc/ssl/filebeat.key
      - ./config/wazuh_indexer_ssl_certs/wazuh.master.pem:/etc/ssl/filebeat.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.master-key.pem:/etc/ssl/filebeat.key
      - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
  wazuh.worker:
-    image: wazuh/wazuh-manager:5.0.0
+    image: wazuh/wazuh-manager:main
    hostname: wazuh.worker
    restart: always
    ulimits:
@@ -52,13 +48,15 @@ services:
        soft: 655360
        hard: 655360
    environment:
-      - INDEXER_URL=https://wazuh1.indexer:9200
+      - WAZUH_INDEXER_HOSTS=wazuh1.indexer:9200,wazuh2.indexer:9200,wazuh3.indexer:9200
      - WAZUH_NODE_NAME=worker01
      - WAZUH_NODE_TYPE=worker
      - WAZUH_CLUSTER_BIND_ADDR=0.0.0.0
      - WAZUH_CLUSTER_NODES=wazuh.master
      - INDEXER_USERNAME=admin
-      - INDEXER_PASSWORD=SecretPassword
+      - INDEXER_PASSWORD=admin
-      - FILEBEAT_SSL_VERIFICATION_MODE=full
+      - API_USERNAME=wazuh-wui
-      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
+      - API_PASSWORD=MyS3cr37P450r.*-
      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
      - SSL_KEY=/etc/ssl/filebeat.key
    volumes:
      - worker-wazuh-api-configuration:/var/ossec/api/configuration
      - worker-wazuh-etc:/var/ossec/etc
@@ -67,22 +65,26 @@ services:
      - worker-wazuh-var-multigroups:/var/ossec/var/multigroups
      - worker-wazuh-active-response:/var/ossec/active-response/bin
      - worker-wazuh-wodles:/var/ossec/wodles
-      - worker-filebeat-etc:/etc/filebeat
+      - ./wazuh-certificates/root-ca.pem:/etc/filebeat/certs/root-ca.pem
-      - worker-filebeat-var:/var/lib/filebeat
+      - ./wazuh-certificates/wazuh.worker.pem:/etc/filebeat/certs/filebeat.pem
-      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
+      - ./wazuh-certificates/wazuh.worker-key.pem:/etc/filebeat/certs/filebeat-key.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.worker.pem:/etc/ssl/filebeat.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.worker-key.pem:/etc/ssl/filebeat.key
      - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
  wazuh1.indexer:
-    image: wazuh/wazuh-indexer:5.0.0
+    image: wazuh/wazuh-indexer:main
    hostname: wazuh1.indexer
    restart: always
    ports:
      - "9200:9200"
    environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g
-      - "bootstrap.memory_lock=true"
+      - bootstrap.memory_lock=true
      - network.host=wazuh1.indexer
      - node.name=wazuh1.indexer
      - cluster.initial_cluster_manager_nodes=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer
      - discovery.seed_hosts=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer
      - node.max_local_storage_nodes=3
      - plugins.security.allow_default_init_securityindex=true
      - NODES_DN=CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US
    ulimits:
      memlock:
        soft: -1
@@ -92,21 +94,26 @@ services:
        hard: 65536
    volumes:
      - wazuh-indexer-data-1:/var/lib/wazuh-indexer
-      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
+      - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh1.indexer.key
+      - ./wazuh-certificates/wazuh1.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/indexer-key.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh1.indexer.pem
+      - ./wazuh-certificates/wazuh1.indexer.pem:/usr/share/wazuh-indexer/config/certs/indexer.pem
-      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem
+      - ./wazuh-certificates/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem
-      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem
+      - ./wazuh-certificates/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem
      - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml
  wazuh2.indexer:
-    image: wazuh/wazuh-indexer:5.0.0
+    image: wazuh/wazuh-indexer:main
    hostname: wazuh2.indexer
    restart: always
    environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g
-      - "bootstrap.memory_lock=true"
+      - bootstrap.memory_lock=true
      - network.host=wazuh2.indexer
      - node.name=wazuh2.indexer
      - cluster.initial_cluster_manager_nodes=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer
      - discovery.seed_hosts=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer
      - node.max_local_storage_nodes=3
      - plugins.security.allow_default_init_securityindex=true
      - NODES_DN=CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US
    ulimits:
      memlock:
        soft: -1
@@ -116,19 +123,24 @@ services:
        hard: 65536
    volumes:
      - wazuh-indexer-data-2:/var/lib/wazuh-indexer
-      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
+      - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh2.indexer.key
+      - ./wazuh-certificates/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/indexer-key.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh2.indexer.pem
+      - ./wazuh-certificates/wazuh2.indexer.pem:/usr/share/wazuh-indexer/config/certs/indexer.pem
      - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml
  wazuh3.indexer:
-    image: wazuh/wazuh-indexer:5.0.0
+    image: wazuh/wazuh-indexer:main
    hostname: wazuh3.indexer
    restart: always
    environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g
-      - "bootstrap.memory_lock=true"
+      - bootstrap.memory_lock=true
      - network.host=wazuh3.indexer
      - node.name=wazuh3.indexer
      - cluster.initial_cluster_manager_nodes=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer
      - discovery.seed_hosts=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer
      - node.max_local_storage_nodes=3
      - plugins.security.allow_default_init_securityindex=true
      - NODES_DN=CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US
    ulimits:
      memlock:
        soft: -1
@@ -138,35 +150,36 @@ services:
        hard: 65536
    volumes:
      - wazuh-indexer-data-3:/var/lib/wazuh-indexer
-      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
+      - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh3.indexer.key
+      - ./wazuh-certificates/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/indexer-key.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh3.indexer.pem
+      - ./wazuh-certificates/wazuh3.indexer.pem:/usr/share/wazuh-indexer/config/certs/indexer.pem
      - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml
  wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:5.0.0
+    image: wazuh/wazuh-dashboard:main
    hostname: wazuh.dashboard
    restart: always
    ports:
      - 443:5601
    environment:
-      - OPENSEARCH_HOSTS="https://wazuh1.indexer:9200"
+      - SERVER_PORT=5601
-      - WAZUH_API_URL="https://wazuh.master"
+      - SERVER_HOST=0.0.0.0
-      - API_USERNAME=wazuh-wui
+      - OPENSEARCH_HOSTS=["https://wazuh1.indexer:9200","https://wazuh2.indexer:9200","https://wazuh3.indexer:9200"]
-      - API_PASSWORD=MyS3cr37P450r.*-
+      - INDEXER_USERNAME=admin
      - INDEXER_PASSWORD=admin
      - WAZUH_API_URL=https://wazuh.master
      - DASHBOARD_USERNAME=kibanaserver
      - DASHBOARD_PASSWORD=kibanaserver
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
-      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
+      - ./wazuh-certificates/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/config/certs/wazuh-dashboard.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
+      - ./wazuh-certificates/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/config/certs/wazuh-dashboard-key.pem
-      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
+      - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-dashboard/config/certs/root-ca.pem
      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
    depends_on:
      - wazuh1.indexer
      - wazuh.master
    links:
      - wazuh1.indexer:wazuh1.indexer
      - wazuh.master:wazuh.master
@@ -196,8 +209,6 @@ volumes:
  master-wazuh-var-multigroups:
  master-wazuh-active-response:
  master-wazuh-wodles:
  master-filebeat-etc:
  master-filebeat-var:
  worker-wazuh-api-configuration:
  worker-wazuh-etc:
  worker-wazuh-logs:
@@ -205,8 +216,6 @@ volumes:
  worker-wazuh-var-multigroups:
  worker-wazuh-active-response:
  worker-wazuh-wodles:
  worker-filebeat-etc:
  worker-filebeat-var:
  wazuh-indexer-data-1:
  wazuh-indexer-data-2:
  wazuh-indexer-data-3:
--- a/multi-node/generate-indexer-certs.yml
+++ b/multi-node/generate-indexer-certs.yml
@@ -1,10 +0,0 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 services:
  generator:
    image: wazuh/wazuh-certs-generator:0.0.3
    hostname: wazuh-certs-generator
    environment:
      - CERT_TOOL_VERSION=4.14
    volumes:
      - ./config/wazuh_indexer_ssl_certs/:/certificates/
      - ./config/certs.yml:/config/certs.yml
--- a/single-node/README.md
+++ b/single-node/README.md
@@ -6,16 +6,45 @@ This deployment is defined in the `docker-compose.yml` file with one Wazuh manag
 ```
 $ sysctl -w vm.max_map_count=262144
 ```
-2) Run the certificate creation script:
+
 2) Download the certificate creation script and config.yml file:
 ```
-$ docker compose -f generate-indexer-certs.yml run --rm generator
+$ curl -sO https://packages.wazuh.com/5.0/wazuh-certs-tool.sh
 $ curl -sO https://packages.wazuh.com/5.0/config.yml
 ```
-3) Start the environment with docker compose:
+
 3) Edit the config.yml file with the configuration of the Wazuh components to be deployed
 ```
 nodes:
  # Wazuh indexer server nodes
  indexer:
    - name: wazuh.indexer
      ip: wazuh.indexer
  # Wazuh server nodes
  # Use node_type only with more than one Wazuh manager
  server:
    - name: wazuh.manager
      ip: wazuh.manager
  # Wazuh dashboard node
  dashboard:
    - name: wazuh.dashboard
      ip: wazuh.dashboard
 ```
 4) Run the certificate creation script:
 ```
 bash ./wazuh-certs-tool.sh -A
 ```
 5) Start the environment with docker compose:
 - In the foregroud:
 ```
 $ docker compose up
 ```
 - In the background:
 ```
 $ docker compose up -d
--- a/single-node/config/certs.yml
+++ b/single-node/config/certs.yml
@@ -1,16 +0,0 @@
 nodes:
  # Wazuh indexer server nodes
  indexer:
    - name: wazuh.indexer
      ip: wazuh.indexer
  # Wazuh server nodes
  # Use node_type only with more than one Wazuh manager
  server:
    - name: wazuh.manager
      ip: wazuh.manager
  # Wazuh dashboard node
  dashboard:
    - name: wazuh.dashboard
      ip: wazuh.dashboard
--- a/single-node/config/wazuh_cluster/wazuh_manager.conf
+++ b/single-node/config/wazuh_cluster/wazuh_manager.conf
@@ -1,288 +0,0 @@
 <ossec_config>
  <global>
    <agents_disconnection_time>15m</agents_disconnection_time>
    <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
    <update_check>yes</update_check>
  </global>
  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
  <logging>
    <log_format>plain</log_format>
  </logging>
  <remote>
    <connection>secure</connection>
    <port>1514</port>
    <protocol>tcp</protocol>
    <queue_size>131072</queue_size>
  </remote>
  <!-- Policy monitoring -->
  <rootcheck>
    <disabled>no</disabled>
    <check_dev>yes</check_dev>
    <check_sys>yes</check_sys>
    <check_pids>yes</check_pids>
    <check_ports>yes</check_ports>
    <check_if>yes</check_if>
    <!-- Frequency that rootcheck is executed - every 12 hours -->
    <frequency>43200</frequency>
    <skip_nfs>yes</skip_nfs>
    <ignore>/var/lib/containerd</ignore>
    <ignore>/var/lib/docker/overlay2</ignore>
  </rootcheck>
  <!-- System inventory -->
  <wodle name="syscollector">
    <disabled>no</disabled>
    <interval>1h</interval>
    <scan_on_start>yes</scan_on_start>
    <hardware>yes</hardware>
    <os>yes</os>
    <network>yes</network>
    <packages>yes</packages>
    <ports all="yes">yes</ports>
    <processes>yes</processes>
    <users>yes</users>
    <groups>yes</groups>
    <services>yes</services>
    <browser_extensions>yes</browser_extensions>
    <!-- Database synchronization settings -->
    <synchronization>
      <enabled>yes</enabled>
      <interval>5m</interval>
      <max_eps>10</max_eps>
    </synchronization>
  </wodle>
  <sca>
    <enabled>yes</enabled>
    <scan_on_start>yes</scan_on_start>
    <interval>12h</interval>
    <!-- Database synchronization settings -->
    <synchronization>
      <enabled>yes</enabled>
      <interval>5m</interval>
      <max_eps>10</max_eps>
    </synchronization>
  </sca>
  <vulnerability-detection>
    <enabled>yes</enabled>
    <index-status>yes</index-status>
    <feed-update-interval>60m</feed-update-interval>
  </vulnerability-detection>
  <indexer>
    <enabled>yes</enabled>
    <hosts>
      <host>https://wazuh.indexer:9200</host>
    </hosts>
    <ssl>
      <certificate_authorities>
        <ca>/etc/ssl/root-ca.pem</ca>
      </certificate_authorities>
      <certificate>/etc/ssl/filebeat.pem</certificate>
      <key>/etc/ssl/filebeat.key</key>
    </ssl>
  </indexer>
  <!-- File integrity monitoring -->
  <syscheck>
    <disabled>no</disabled>
    <!-- Frequency that syscheck is executed default every 12 hours -->
    <frequency>43200</frequency>
    <!-- Generate alert when new file detected -->
    <alert_new_files>yes</alert_new_files>
    <!-- Don't ignore files that change more than 'frequency' times -->
    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
    <!-- Directories to check  (perform all possible verifications) -->
    <directories>/etc,/usr/bin,/usr/sbin</directories>
    <directories>/bin,/sbin,/boot</directories>
    <!-- Files/directories to ignore -->
    <ignore>/etc/mtab</ignore>
    <ignore>/etc/hosts.deny</ignore>
    <ignore>/etc/mail/statistics</ignore>
    <ignore>/etc/random-seed</ignore>
    <ignore>/etc/random.seed</ignore>
    <ignore>/etc/adjtime</ignore>
    <ignore>/etc/httpd/logs</ignore>
    <ignore>/etc/utmpx</ignore>
    <ignore>/etc/wtmpx</ignore>
    <ignore>/etc/cups/certs</ignore>
    <ignore>/etc/dumpdates</ignore>
    <ignore>/etc/svc/volatile</ignore>
    <!-- File types to ignore -->
    <ignore type="sregex">.log$|.swp$</ignore>
    <!-- Check the file, but never compute the diff -->
    <nodiff>/etc/ssl/private.key</nodiff>
    <skip_nfs>yes</skip_nfs>
    <skip_dev>yes</skip_dev>
    <skip_proc>yes</skip_proc>
    <skip_sys>yes</skip_sys>
    <!-- Nice value for Syscheck process -->
    <process_priority>10</process_priority>
    <!-- Maximum output throughput -->
    <max_eps>50</max_eps>
    <!-- Database synchronization settings -->
    <synchronization>
      <enabled>yes</enabled>
      <interval>5m</interval>
      <max_eps>10</max_eps>
    </synchronization>
  </syscheck>
  <!-- Active response -->
  <global>
    <white_list>127.0.0.1</white_list>
    <white_list>^localhost.localdomain$</white_list>
  </global>
  <command>
    <name>disable-account</name>
    <executable>disable-account</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>restart-wazuh</name>
    <executable>restart-wazuh</executable>
  </command>
  <command>
    <name>firewall-drop</name>
    <executable>firewall-drop</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>host-deny</name>
    <executable>host-deny</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>route-null</name>
    <executable>route-null</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>win_route-null</name>
    <executable>route-null.exe</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <command>
    <name>netsh</name>
    <executable>netsh.exe</executable>
    <timeout_allowed>yes</timeout_allowed>
  </command>
  <!--
  <active-response>
    active-response options here
  </active-response>
  -->
  <!-- Log analysis -->
  <localfile>
    <log_format>command</log_format>
    <command>df -P</command>
    <frequency>360</frequency>
  </localfile>
  <localfile>
    <log_format>full_command</log_format>
    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
    <alias>netstat listening ports</alias>
    <frequency>360</frequency>
  </localfile>
  <localfile>
    <log_format>full_command</log_format>
    <command>last -n 20</command>
    <frequency>360</frequency>
  </localfile>
  <ruleset>
    <!-- Default ruleset -->
    <decoder_dir>ruleset/decoders</decoder_dir>
    <rule_dir>ruleset/rules</rule_dir>
    <rule_exclude>0215-policy_rules.xml</rule_exclude>
    <list>etc/lists/audit-keys</list>
    <list>etc/lists/amazon/aws-eventnames</list>
    <list>etc/lists/security-eventchannel</list>
    <list>etc/lists/malicious-ioc/malicious-ip</list>
    <list>etc/lists/malicious-ioc/malicious-domains</list>
    <list>etc/lists/malicious-ioc/malware-hashes</list>
    <!-- User-defined ruleset -->
    <decoder_dir>etc/decoders</decoder_dir>
    <rule_dir>etc/rules</rule_dir>
  </ruleset>
  <!-- Configuration for wazuh-authd -->
  <auth>
    <disabled>no</disabled>
    <port>1515</port>
    <use_source_ip>no</use_source_ip>
    <purge>yes</purge>
    <use_password>no</use_password>
    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
    <!-- <ssl_agent_ca></ssl_agent_ca> -->
    <ssl_verify_host>no</ssl_verify_host>
    <ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
    <ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
    <ssl_auto_negotiate>no</ssl_auto_negotiate>
  </auth>
  <cluster>
    <name>wazuh</name>
    <node_name>node01</node_name>
    <node_type>master</node_type>
    <key>aa093264ef885029653eea20dfcf51ae</key>
    <port>1516</port>
    <bind_addr>0.0.0.0</bind_addr>
    <nodes>
        <node>wazuh.manager</node>
    </nodes>
    <hidden>no</hidden>
    <disabled>yes</disabled>
  </cluster>
 </ossec_config>
 <ossec_config>
  <localfile>
    <log_format>journald</log_format>
    <location>journald</location>
  </localfile>
  <localfile>
    <log_format>audit</log_format>
    <location>/var/log/audit/audit.log</location>
  </localfile>
  <localfile>
    <log_format>syslog</log_format>
    <location>/var/ossec/logs/active-responses.log</location>
  </localfile>
 </ossec_config>
--- a/single-node/config/wazuh_dashboard/opensearch_dashboards.yml
+++ b/single-node/config/wazuh_dashboard/opensearch_dashboards.yml
@@ -1,16 +0,0 @@
 server.host: 0.0.0.0
 server.port: 5601
 opensearch.hosts: https://wazuh.indexer:9200
 opensearch.ssl.verificationMode: certificate
 opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
 opensearch_security.multitenancy.enabled: false
 opensearch_security.readonly_mode.roles: ["kibana_read_only"]
 server.ssl.enabled: true
 server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
 server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
 opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
 uiSettings.overrides.defaultRoute: /app/wz-home
 # Session expiration settings
 opensearch_security.cookie.ttl: 900000
 opensearch_security.session.ttl: 900000
 opensearch_security.session.keepalive: true
--- a/single-node/config/wazuh_dashboard/wazuh.yml
+++ b/single-node/config/wazuh_dashboard/wazuh.yml
@@ -1,7 +0,0 @@
 hosts:
  - 1513629884013:
      url: "https://wazuh.manager"
      port: 55000
      username: wazuh-wui
      password: "MyS3cr37P450r.*-"
      run_as: false
--- a/single-node/config/wazuh_indexer/internal_users.yml
+++ b/single-node/config/wazuh_indexer/internal_users.yml
@@ -1,56 +0,0 @@
 ---
 # This is the internal user database
 # The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
 _meta:
  type: "internalusers"
  config_version: 2
 # Define your internal users here
 ## Demo users
 admin:
  hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
  reserved: true
  backend_roles:
  - "admin"
  description: "Demo admin user"
 kibanaserver:
  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
  reserved: true
  description: "Demo kibanaserver user"
 kibanaro:
  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
  reserved: false
  backend_roles:
  - "kibanauser"
  - "readall"
  attributes:
    attribute1: "value1"
    attribute2: "value2"
    attribute3: "value3"
  description: "Demo kibanaro user"
 logstash:
  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
  reserved: false
  backend_roles:
  - "logstash"
  description: "Demo logstash user"
 readall:
  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
  reserved: false
  backend_roles:
  - "readall"
  description: "Demo readall user"
 snapshotrestore:
  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
  reserved: false
  backend_roles:
  - "snapshotrestore"
  description: "Demo snapshotrestore user"
--- a/single-node/config/wazuh_indexer/wazuh.indexer.yml
+++ b/single-node/config/wazuh_indexer/wazuh.indexer.yml
@@ -1,30 +0,0 @@
 network.host: "0.0.0.0"
 node.name: "wazuh.indexer"
 cluster.name: "wazuh-cluster"
 path.data: /var/lib/wazuh-indexer
 path.logs: /var/log/wazuh-indexer
 discovery.type: single-node
 http.port: 9200-9299
 transport.tcp.port: 9300-9399
 plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
 plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
 plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
 plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
 plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
 plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false
 plugins.security.authcz.admin_dn:
 - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.check_snapshot_restore_write_privileges: true
 plugins.security.enable_snapshot_restore_privilege: true
 plugins.security.nodes_dn:
 - "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
 plugins.security.restapi.roles_enabled:
 - "all_access"
 - "security_rest_api_access"
 plugins.security.system_indices.enabled: true
 plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
 plugins.security.allow_default_init_securityindex: true
 cluster.routing.allocation.disk.threshold_enabled: false
--- a/single-node/docker-compose.yml
+++ b/single-node/docker-compose.yml
@@ -1,7 +1,7 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 services:
  wazuh.manager:
-    image: wazuh/wazuh-manager:5.0.0
+    image: wazuh/wazuh-manager:main
    hostname: wazuh.manager
    restart: always
    ulimits:
@@ -17,13 +17,11 @@ services:
      - "514:514/udp"
      - "55000:55000"
    environment:
-      - INDEXER_URL=https://wazuh.indexer:9200
+      - WAZUH_INDEXER_HOSTS=wazuh.indexer:9200
      - WAZUH_NODE_NAME=manager
      - WAZUH_CLUSTER_NODES=wazuh.manager
      - INDEXER_USERNAME=admin
-      - INDEXER_PASSWORD=SecretPassword
+      - INDEXER_PASSWORD=admin
      - FILEBEAT_SSL_VERIFICATION_MODE=full
      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
      - SSL_KEY=/etc/ssl/filebeat.key
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
@@ -34,21 +32,25 @@ services:
      - wazuh_var_multigroups:/var/ossec/var/multigroups
      - wazuh_active_response:/var/ossec/active-response/bin
      - wazuh_wodles:/var/ossec/wodles
-      - filebeat_etc:/etc/filebeat
+      - ./wazuh-certificates/root-ca.pem:/etc/filebeat/certs/root-ca.pem
-      - filebeat_var:/var/lib/filebeat
+      - ./wazuh-certificates/wazuh.manager.pem:/etc/filebeat/certs/filebeat.pem
-      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
+      - ./wazuh-certificates/wazuh.manager-key.pem:/etc/filebeat/certs/filebeat-key.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
      - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
  wazuh.indexer:
-    image: wazuh/wazuh-indexer:5.0.0
+    image: wazuh/wazuh-indexer:main
    hostname: wazuh.indexer
    restart: always
    ports:
      - "9200:9200"
    environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g
      - bootstrap.memory_lock=true
      - network.host=wazuh.indexer
      - node.name=wazuh.indexer
      - cluster.initial_cluster_manager_nodes=wazuh.indexer
      - node.max_local_storage_nodes=1
      - plugins.security.allow_default_init_securityindex=true
      - NODES_DN=CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US
    ulimits:
      memlock:
        soft: -1
@@ -58,34 +60,33 @@ services:
        hard: 65536
    volumes:
      - wazuh-indexer-data:/var/lib/wazuh-indexer
-      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
+      - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.key
+      - ./wazuh-certificates/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/indexer-key.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
+      - ./wazuh-certificates/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/certs/indexer.pem
-      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem
+      - ./wazuh-certificates/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem
-      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem
+      - ./wazuh-certificates/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem
      - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml
  wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:5.0.0
+    image: wazuh/wazuh-dashboard:main
    hostname: wazuh.dashboard
    restart: always
    ports:
      - 443:5601
    environment:
      - SERVER_PORT=5601
      - SERVER_HOST=0.0.0.0
      - OPENSEARCH_HOSTS=https://wazuh.indexer:9200
      - INDEXER_USERNAME=admin
-      - INDEXER_PASSWORD=SecretPassword
+      - INDEXER_PASSWORD=admin
      - WAZUH_API_URL=https://wazuh.manager
      - DASHBOARD_USERNAME=kibanaserver
      - DASHBOARD_PASSWORD=kibanaserver
      - API_USERNAME=wazuh-wui
      - API_PASSWORD=MyS3cr37P450r.*-
    volumes:
-      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
+      - ./wazuh-certificates/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/config/certs/dashboard.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
+      - ./wazuh-certificates/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/config/certs/dashboard-key.pem
-      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
+      - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-dashboard/config/certs/root-ca.pem
      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
    depends_on:
@@ -102,8 +103,6 @@ volumes:
  wazuh_var_multigroups:
  wazuh_active_response:
  wazuh_wodles:
  filebeat_etc:
  filebeat_var:
  wazuh-indexer-data:
  wazuh-dashboard-config:
  wazuh-dashboard-custom:
--- a/single-node/generate-indexer-certs.yml
+++ b/single-node/generate-indexer-certs.yml
@@ -1,10 +0,0 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 services:
  generator:
    image: wazuh/wazuh-certs-generator:0.0.3
    hostname: wazuh-certs-generator
    environment:
      - CERT_TOOL_VERSION=4.14
    volumes:
      - ./config/wazuh_indexer_ssl_certs/:/certificates/
      - ./config/certs.yml:/config/certs.yml
Author	SHA1	Message	Date
Victor Carlos Erenu	819595a25f	Delete url echo	2025-11-15 02:03:33 +07:00
Victor Carlos Erenu	8c0b724bd3	Delete url echo	2025-11-15 02:02:58 +07:00
Victor Carlos Erenu	1ceb1734e8	Modify cluster configuration	2025-11-15 01:16:01 +07:00
Victor Carlos Erenu	0fa0b3186a	Add Changelog	2025-11-15 00:33:26 +07:00
Victor Carlos Erenu	1c6c1be20a	Add newline	2025-11-15 00:18:57 +07:00
Victor Carlos Erenu	fb6de67a94	Delete Filebeat DN	2025-11-15 00:13:49 +07:00
Victor Carlos Erenu	1e343cf274	Modify docker deployments	2025-11-15 00:04:22 +07:00
Carlos Anguita	b6bbd7de04	Merge pull request #2075 from wazuh/merge-4.14.2-into-main	2025-11-13 10:55:18 +01:00
Enrique Araque	d73c158a9a	Merge branch '4.14.2' into merge-4.14.2-into-main	2025-11-13 10:53:01 +01:00
Gonzalo Acuña	2f02e0adeb	Merge pull request #2072 from wazuh/change/2693-delete-config-files Exclude config files customized from image build	2025-11-11 15:39:59 -03:00
Victor Carlos Erenu	d60c2ebb35	dashboard entrypoint	2025-11-11 21:47:44 +07:00
Victor Carlos Erenu	c9f379d02e	Add download check	2025-11-11 21:44:08 +07:00
Victor Carlos Erenu	cd8253845f	Modify cert generation process	2025-11-11 20:24:45 +07:00
Wazuh CI	aed6d3eea2	Merge pull request #2071 from wazuh/enhancement/wqa4626-bump-4.14.2 Bump 4.14.2 branch	2025-11-10 18:16:57 +01:00
wazuhci	7adc50cf81	feat: bump 4.14.2	2025-11-10 17:16:53 +00:00
Victor Carlos Erenu	e104803267	Add Wazuh dashboard ad manager entrypoint configuration	2025-11-11 00:13:46 +07:00
Carlos Bordon	d444c12b85	Merge pull request #2070 from wazuh/merge-4.14.1-into-main Merge 4.14.1 into main	2025-11-07 14:27:39 -03:00
Gonzalo Acuña	530cae664a	Merge branch 'main' into merge-4.14.1-into-main	2025-11-07 14:19:57 -03:00
Carlos Anguita	4e99641d02	Merge pull request #2068 from wazuh/enhancement/2066-revert-image-tag-for-4.14.1rc2	2025-11-07 10:47:58 +01:00
Enrique Araque	b39237b2c0	Remove docker image tag for 4.14.1-rc2	2025-11-07 10:31:22 +01:00
Wazuh CI	582e5d67ef	Merge pull request #2067 from wazuh/enhancement/wqa4608-bump-4.14.1 Bump 4.14.1 branch	2025-11-07 09:45:57 +01:00
wazuhci	4dac06e335	feat: bump 4.14.1	2025-11-07 08:45:51 +00:00
Victor Carlos Erenu	9f12a03bfc	Delete old comment	2025-11-05 22:12:17 +07:00
Victor Carlos Erenu	742a948715	Delete config files and adapt dockerfiles	2025-11-05 22:08:36 +07:00