Add free space step

Image builder Workflow Rebuild

.env

@@ -1,6 +1,6 @@
-WAZUH_VERSION=6.0.0
-WAZUH_IMAGE_VERSION=6.0.0
+WAZUH_VERSION=main
+WAZUH_IMAGE_VERSION=main
 WAZUH_TAG_REVISION=1
-FILEBEAT_TEMPLATE_BRANCH=6.0.0
-WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz
 WAZUH_UI_REVISION=1
+WAZUH_REGISTRY=docker.io
+IMAGE_TAG=main

.github/.goss.yaml

@@ -56,7 +56,7 @@ package:
   wazuh-manager:
     installed: true
     versions:
-    - 6.0.0
+    - 5.0.0
 port:
   tcp:1514:
     listening: true

.github/workflows/Procedure_push_docker_images.yml

@@ -6,28 +6,19 @@ on:
     inputs:
       image_tag:
         description: 'Docker image tag'
-        default: '6.0.0'
+        default: '5.0.0'
         required: true
       docker_reference:
         description: 'wazuh-docker reference'
         required: true
-      products:
-        description: 'Comma-separated list of the image names to build and push'
-        default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer,wazuh-agent'
-        required: true
-      filebeat_module_version:
-        description: 'Filebeat module version'
-        default: '0.4'
-        required: true
       revision:
         description: 'Package revision'
         default: '1'
         required: true
-      push_images:
-        description: 'Push images'
-        type: boolean
-        default: true
-        required: true
+      reference:
+        description: 'Dev reference'
+        type: string
+        default: latest 
       id:
         description: "ID used to identify the workflow uniquely."
         type: string
@@ -41,33 +32,22 @@ on:
     inputs:
       image_tag:
         description: 'Docker image tag'
-        default: '6.0.0'
+        default: '5.0.0'
         required: true
         type: string
       docker_reference:
         description: 'wazuh-docker reference'
         required: false
         type: string
-      products:
-        description: 'Comma-separated list of the image names to build and push'
-        default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer,wazuh-agent'
-        required: true
-        type: string
-      filebeat_module_version:
-        description: 'Filebeat module version'
-        default: '0.4'
-        required: true
-        type: string
       revision:
         description: 'Package revision'
         default: '1'
         required: true
         type: string
-      push_images:
-        description: 'Push images'
-        type: boolean
-        default: true
-        required: true
+      reference:
+        description: 'Dev reference'
+        type: string
+        default: latest 
       id:
         description: "ID used to identify the workflow uniquely."
         type: string
@@ -82,6 +62,15 @@ jobs:
   build-and-push:
     runs-on: ubuntu-22.04
 
+    permissions:
+      id-token: write
+      contents: read
+
+    env:
+      IMAGE_REGISTRY: ${{ inputs.dev && vars.IMAGE_REGISTRY_DEV || vars.IMAGE_REGISTRY_PROD }}
+      IMAGE_TAG: ${{ inputs.image_tag }}
+      REVISION: ${{ inputs.revision }}
+
     steps:
     - name: Print inputs
       run: |
@@ -96,11 +85,10 @@ jobs:
         echo "* id: ${{ inputs.id }}"
         echo "* image_tag: ${{ inputs.image_tag }}"
         echo "* docker_reference: ${{ inputs.docker_reference }}"
-        echo "* products: ${{ inputs.products }}"
         echo "* filebeat_module_version: ${{ inputs.filebeat_module_version }}"
         echo "* revision: ${{ inputs.revision }}"
-        echo "* push_images: ${{ inputs.push_images }}"
         echo "* dev: ${{ inputs.dev }}"
+        echo "* dev reference: ${{ inputs.reference }}"
         echo "---------------------------------------------"
 
     - name: Checkout repository
@@ -108,33 +96,80 @@ jobs:
       with:
         ref: ${{ inputs.docker_reference }}
 
+    - name: free disk space
+      uses: ./.github/free-disk-space
+    
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Configure aws credentials
+      if: ${{ inputs.dev == true }}
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: ${{ secrets.AWS_IAM_DOCKER_ROLE }}
+        aws-region: "${{ secrets.AWS_REGION }}"
+
+    - name: Log in to Amazon ECR
+      if: ${{ inputs.dev == true }}
+      uses: aws-actions/amazon-ecr-login@v2
+
     - name: Log in to Docker Hub
+      if: ${{ inputs.dev == false }}
       uses: docker/login-action@v3
       with:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
+    - name: Create packages-url.txt file
+      if : ${{ inputs.dev == true }}
+      run: |
+          cat << EOF > packages-url.txt
+          wazuh_manager_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
+          wazuh_manager_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
+          wazuh_manager_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
+          wazuh_manager_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
+          wazuh_indexer_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
+          wazuh_indexer_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
+          wazuh_indexer_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
+          wazuh_indexer_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
+          wazuh_dashboard_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
+          wazuh_dashboard_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
+          wazuh_dashboard_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
+          wazuh_dashboard_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
+          wazuh_agent_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
+          wazuh_agent_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
+          wazuh_agent_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
+          wazuh_agent_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
+          wazuh_agent_url_i386_msi: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.i386.msi --expires-in 3600 --region us-west-1)"
+          wazuh_agent_url_intel64_pkg: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.intel64.pkg --expires-in 3600 --region us-west-1)"
+          wazuh_agent_url_arm64_pkg: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.arm64.pkg --expires-in 3600 --region us-west-1)"
+          EOF
+      working-directory: ./build-docker-images
+
     - name: Build Wazuh images
       run: |
-        IMAGE_TAG=${{ inputs.image_tag }}
-        FILEBEAT_MODULE_VERSION=${{ inputs.filebeat_module_version }}
-        REVISION=${{ inputs.revision }}
-
-        if [[ "$IMAGE_TAG" == *"-"* ]]; then
-          IFS='-' read -r -a tokens <<< "$IMAGE_TAG"
-          if [ -z "${tokens[1]}" ]; then
-            echo "Invalid image tag: $IMAGE_TAG"
-            exit 1
+        if [ "${{ inputs.dev }}" = true ]; then
+          IMAGE_TAG="${{ inputs.image_tag }}-${{ inputs.reference }}"
+          ./build-images.sh -v ${{ inputs.image_tag }} -r $REVISION -d "dev" -rg $IMAGE_REGISTRY -m -ref ${{ inputs.reference }}
+        else  
+          if [[ "$IMAGE_TAG" == *"-"* ]]; then
+            IFS='-' read -r -a tokens <<< "$IMAGE_TAG"
+            if [ -z "${tokens[1]}" ]; then
+              echo "Invalid image tag: $IMAGE_TAG"
+              exit 1
+            fi
+            DEV_STAGE=${tokens[1]}
+            WAZUH_VER=${tokens[0]}
+            ./build-images.sh -v $WAZUH_VER -r $REVISION -d $DEV_STAGE -rg $IMAGE_REGISTRY -m
+          else
+            ./build-images.sh -v $IMAGE_TAG -r $REVISION -rg $IMAGE_REGISTRY -m
           fi
-          DEV_STAGE=${tokens[1]}
-          WAZUH_VER=${tokens[0]}
-          ./build-docker-images/build-images.sh -v $WAZUH_VER -r $REVISION -d $DEV_STAGE -f $FILEBEAT_MODULE_VERSION
-        else
-          ./build-docker-images/build-images.sh -v $IMAGE_TAG -r $REVISION -f $FILEBEAT_MODULE_VERSION
         fi
-
         # Save .env file (generated by build-images.sh) contents to $GITHUB_ENV
-        ENV_FILE_PATH=".env"
+        ENV_FILE_PATH="../.env"
 
         if [ -f $ENV_FILE_PATH ]; then
           while IFS= read -r line || [ -n "$line" ]; do
@@ -144,16 +179,4 @@ jobs:
           echo "The environment file $ENV_FILE_PATH does not exist!"
           exit 1
         fi
-
-    - name: Tag and Push Wazuh images
-      if: ${{ inputs.push_images }}
-      run: |
-        IMAGE_TAG="${{ inputs.image_tag }}$( [ "${{ inputs.dev }}" == "true" ] && echo '-dev' || true )"
-        IMAGE_NAMES=${{ inputs.products }}
-        IFS=',' read -r -a images <<< "$IMAGE_NAMES"
-        for image in "${images[@]}"; do
-          echo "Tagging and pushing wazuh/$image:${WAZUH_VERSION} to wazuh/$image:$IMAGE_TAG"
-          docker tag wazuh/$image:${WAZUH_VERSION} wazuh/$image:$IMAGE_TAG
-          echo "Pushing wazuh/$image:$IMAGE_TAG ..."
-          docker push wazuh/$image:$IMAGE_TAG
-        done
+      working-directory: ./build-docker-images

.github/workflows/push.yml

@@ -23,7 +23,6 @@ jobs:
         docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar
         docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
         docker save wazuh/wazuh-agent:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-agent.tar
-        docker save wazuh/wazuh-cert-tool:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar
 
     - name: Temporarily save Wazuh manager Docker image
       uses: actions/upload-artifact@v4
@@ -51,11 +50,6 @@ jobs:
       with:
         name: docker-artifact-agent
         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-agent.tar
-    - name: Temporarily save Wazuh Cert Tool Docker image
-      uses: actions/upload-artifact@v3
-      with:
-        name: docker-artifact-cert-tool
-        path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar
         retention-days: 1
 
     - name: Install Goss
@@ -99,10 +93,6 @@ jobs:
       uses: actions/download-artifact@v4
       with:
         name: docker-artifact-agent
-    - name: Retrieve saved Wazuh Cert Tool Docker image
-      uses: actions/download-artifact@v3
-      with:
-        name: docker-artifact-cert-tool
 
     - name: Docker load
       run: |
@@ -112,13 +102,7 @@ jobs:
         docker load --input ./wazuh-agent.tar
 
     - name: Create single node certficates
-      run: docker compose -f single-node/generate-certs.yml run --rm generator
-        docker load --input ./wazuh-cert-tool.tar
-        rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar
-
-
-    - name: Create single node certficates
-      run: docker-compose -f single-node/generate-certs.yml run --rm generator
+      run: docker compose -f single-node/generate-indexer-certs.yml run --rm generator
 
     - name: Start single node stack
       run: docker compose -f single-node/docker-compose.yml up -d
@@ -208,7 +192,7 @@ jobs:
       run: sed -i "s/<WAZUH_MANAGER_IP>/$(ip addr show docker0 | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1)/g" wazuh-agent/docker-compose.yml
 
     - name: Start Wazuh agent
-      run: docker-compose -f wazuh-agent/docker-compose.yml up -d
+      run: docker compose -f wazuh-agent/docker-compose.yml up -d
 
     - name: Check Wazuh agent enrollment
       run: |
@@ -253,26 +237,17 @@ jobs:
       uses: actions/download-artifact@v4
       with:
         name: docker-artifact-agent
-    - name: Retrieve saved Wazuh Cert Tool Docker image
-      uses: actions/download-artifact@v3
-      with:
-        name: docker-artifact-cert-tool
 
     - name: Docker load
       run: |
+        docker load --input ./wazuh-manager.tar
         docker load --input ./wazuh-indexer.tar
         docker load --input ./wazuh-dashboard.tar
         docker load --input ./wazuh-agent.tar
         rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-agent.tar
 
     - name: Create multi node certficates
-      run: docker compose -f multi-node/generate-certs.yml run --rm generator
-        docker load --input ./wazuh-manager.tar
-        docker load --input ./wazuh-cert-tool.tar
-        rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar
-
-    - name: Create multi node certficates
-      run: docker-compose -f multi-node/generate-certs.yml run --rm generator
+      run: docker compose -f multi-node/generate-indexer-certs.yml run --rm generator
 
     - name: Start multi node stack
       run: docker compose -f multi-node/docker-compose.yml up -d
@@ -380,7 +355,7 @@ jobs:
       run: sed -i "s/<WAZUH_MANAGER_IP>/$(ip addr show docker0 | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1)/g" wazuh-agent/docker-compose.yml
 
     - name: Start Wazuh agent
-      run: docker-compose -f wazuh-agent/docker-compose.yml up -d
+      run: docker compose -f wazuh-agent/docker-compose.yml up -d
 
     - name: Check Wazuh agent enrollment
       run: |

.gitignore

@@ -2,4 +2,6 @@ single-node/config/wazuh_indexer_ssl_certs/*.pem
 single-node/config/wazuh_indexer_ssl_certs/*.key
 multi-node/config/wazuh_indexer_ssl_certs/*.pem
 multi-node/config/wazuh_indexer_ssl_certs/*.key
-*.log
+*.log
+build-docker-images/packages_env.txt
+build-docker-images/packages-url.txt

CHANGELOG.md

@@ -1,33 +1,16 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
-## [6.0.0]
-
-### Added
-
-- none
-
-### Changed
-
-- None
-
-### Fixed
-
-- None
-
-### Deleted
-
-- None
-
 ## [5.0.0]
 
 ### Added
 
-- none
+- None
 
 ### Changed
 
-- None
+- Wazuh server clean-up ([#2030](https://github.com/wazuh/wazuh-puppet/issues/2030))
+- Fix OpenSearch deprecated settings ([#1366](https://github.com/wazuh/wazuh-puppet/issues/1366))
 
 ### Fixed
 
@@ -37,7 +20,7 @@ All notable changes to this project will be documented in this file.
 
 - None
 
-## [4.10.2]
+## [4.14.1]
 
 ### Added
 
@@ -45,7 +28,7 @@ All notable changes to this project will be documented in this file.
 
 ### Changed
 
-- None
+- Wazuh cert tool generator improvements ([#2027](https://github.com/wazuh/wazuh-docker/pull/2027))
 
 ### Fixed
 
@@ -63,11 +46,19 @@ All notable changes to this project will be documented in this file.
 
 ### Changed
 
+- Change filebeat install method ([#2020](https://github.com/wazuh/wazuh-docker/pull/2020))
+- Remove dashboard chat setting ([#2021](https://github.com/wazuh/wazuh-docker/pull/2021))
+- Rollback data source setting ([#1999](https://github.com/wazuh/wazuh-docker/pull/1999))
+- Dashboard settings added ([#1998](https://github.com/wazuh/wazuh-docker/pull/1998))
+- Add filebeat config file in the PERMANENT_DATA_EXCP list ([#1898](https://github.com/wazuh/wazuh-docker/pull/1898))
 - Change validation of existing certs tool in S3 buckets ([#1880](https://github.com/wazuh/wazuh-docker/pull/1880))
 
 ### Fixed
 
-- None
+- Change Wazuh indexer directory owner ([#2029](https://github.com/wazuh/wazuh-docker/pull/2029))
+- Double the amount of space consumed in Wazuh Indexer ([#1953](https://github.com/wazuh/wazuh-docker/pull/1953))
+- Fix config directory for opensearch_security plugin work ([#1951](https://github.com/wazuh/wazuh-docker/pull/1951))
+- Update Dockerfile to copy opensearch-security files ([#1928](https://github.com/wazuh/wazuh-docker/pull/1928))
 
 ### Deleted
 
@@ -95,6 +86,9 @@ All notable changes to this project will be documented in this file.
 
 ### Added
 
+- Add opensearch_dashboard.yml parameters. ([#1985](https://github.com/wazuh/wazuh-docker/pull/1985))
+- Set right ownership for malicious-ioc files on container start ([#1926](https://github.com/wazuh/wazuh-docker/pull/1926))
+- Delete services statement in wazuh agent deployment. ([#1925](https://github.com/wazuh/wazuh-docker/pull/1925))
 - Add permanent_data exceptions. ([#1890](https://github.com/wazuh/wazuh-docker/pull/1890))
 - Integrate bumper script via GitHub action. ([#1863](https://github.com/wazuh/wazuh-docker/pull/1863))
 - Add missing malicious-ioc ruleset lists ([#1870](https://github.com/wazuh/wazuh-docker/pull/1870))
@@ -106,11 +100,12 @@ All notable changes to this project will be documented in this file.
 
 ### Changed
 
+- Syscollector configuration change ([#1994](https://github.com/wazuh/wazuh-docker/pull/1994))
 - Modify wazuh-keystore use ([#1750](https://github.com/wazuh/wazuh-docker/pull/1750)) \- (wazuh-keystore)
 
 ### Fixed
 
-- None
+- Add wazuh-template.json into permanent data exception ([#1968](https://github.com/wazuh/wazuh-docker/pull/1968))
 
 ### Deleted
 

README.md

@@ -18,7 +18,7 @@ The `wazuh/wazuh-docker` repository provides resources to deploy the Wazuh cyber
 ## Branch Convention
 
 - `main`: Developing and testing of new features.
-- `X.Y.Z`: Version-specific branches (e.g., `6.0.0`, `4.14.0`, etc.).
+- `X.Y.Z`: Version-specific branches (e.g., `5.0.0`, `4.14.0`, etc.).
 
 ## Documentation
 

VERSION.json

@@ -1,4 +1,4 @@
 {
-    "version": "6.0.0",
+    "version": "5.0.0",
     "stage": "alpha0"
 }

build-docker-images/README.md

@@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im
 The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
 
 ```
-$ build-docker-images/build-images.sh -v 6.0.0
+$ build-docker-images/build-images.sh -v 5.0.0
 ```
 
 To get all the available script options use the -h or --help option:
@@ -26,7 +26,7 @@ Usage: build-docker-images/build-images.sh [OPTIONS]
     -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
     -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default 0.4.
     -r, --revision <rev>         [Optional] Package revision. By default 1
-    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 6.0.0.
+    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 5.0.0.
     -h, --help                   Show this help.
 
 ```

build-docker-images/build-images.sh

@@ -1,8 +1,10 @@
-WAZUH_IMAGE_VERSION=6.0.0
+WAZUH_IMAGE_VERSION=main
+IMAGE_TAG=main
 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
 WAZUH_TAG_REVISION=1
 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
 IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
+WAZUH_REGISTRY=docker.io
 
 # Wazuh package generator
 # Copyright (C) 2023, Wazuh Inc.
@@ -12,10 +14,10 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
 # License (version 2) as published by the FSF - Free Software
 # Foundation.
 
-WAZUH_IMAGE_VERSION="6.0.0"
+WAZUH_IMAGE_VERSION="main"
 WAZUH_TAG_REVISION="1"
 WAZUH_DEV_STAGE=""
-FILEBEAT_MODULE_VERSION="0.4"
+WAZUH_TAG_REFERENCE=""
 
 # -----------------------------------------------------------------------------
 
@@ -37,37 +39,44 @@ ctrl_c() {
 build() {
 
     WAZUH_VERSION="$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')"
-    FILEBEAT_TEMPLATE_BRANCH="${WAZUH_IMAGE_VERSION}"
-    WAZUH_FILEBEAT_MODULE="wazuh-filebeat-${FILEBEAT_MODULE_VERSION}.tar.gz"
+    WAZUH_MINOR_VERSION="${WAZUH_IMAGE_VERSION%.*}"
     WAZUH_UI_REVISION="${WAZUH_TAG_REVISION}"
 
-    if  [ "${WAZUH_DEV_STAGE}" ];then
-        FILEBEAT_TEMPLATE_BRANCH="v${FILEBEAT_TEMPLATE_BRANCH}-${WAZUH_DEV_STAGE,,}"
-        if ! curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/${FILEBEAT_TEMPLATE_BRANCH}"; then
-            echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}"
-            clean 1
-        fi
+    # Variables
+    FILE="packages-url.txt"
+
+    if [[ -f "$FILE" ]]; then
+        echo "$FILE exists. Using existing file."
     else
-        if curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/v${FILEBEAT_TEMPLATE_BRANCH}"; then
-            FILEBEAT_TEMPLATE_BRANCH="v${FILEBEAT_TEMPLATE_BRANCH}"
-        elif curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/${FILEBEAT_TEMPLATE_BRANCH}"; then
-            FILEBEAT_TEMPLATE_BRANCH="${FILEBEAT_TEMPLATE_BRANCH}"
+        TAG="v${WAZUH_VERSION}"
+        REPO="wazuh/wazuh-docker"
+        GH_URL="https://api.github.com/repos/${REPO}/git/refs/tags/${TAG}"
+
+        if curl -fsSL "$GH_URL" >/dev/null 2>&1; then
+            curl -fsSL -o "$FILE" "https://packages.wazuh.com/${WAZUH_MINOR_VERSION}/packages_url.txt"
         else
-            echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}"
-            clean 1
+            curl -fsSL -o "$FILE" "https://packages-dev.wazuh.com/${WAZUH_MINOR_VERSION}/packages_url.txt"
         fi
     fi
+    awk -F':' '{name=$1; val=substr($0,length(name)+3); gsub(/[-.]/,"_",name); print name "=" val}' $FILE > packages_env.txt
+    
+    echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > ../.env
+    echo WAZUH_IMAGE_VERSION=$WAZUH_IMAGE_VERSION >> ../.env
+    echo WAZUH_TAG_REVISION=$WAZUH_TAG_REVISION >> ../.env
+    echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> ../.env
+    echo WAZUH_REGISTRY=$WAZUH_REGISTRY >> ../.env
+    echo IMAGE_TAG=$IMAGE_TAG >> ../.env
 
-    echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > .env
-    echo WAZUH_IMAGE_VERSION=$WAZUH_IMAGE_VERSION >> .env
-    echo WAZUH_TAG_REVISION=$WAZUH_TAG_REVISION >> .env
-    echo FILEBEAT_TEMPLATE_BRANCH=$FILEBEAT_TEMPLATE_BRANCH >> .env
-    echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> .env
-    echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env
-
-    docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache
-    docker build -t wazuh/wazuh-cert-tool:$WAZUH_IMAGE_VERSION build-docker-images/cert-tool-image/
+    set -a
+    source ../.env
+    source ./packages_env.txt
+    set +a
 
+    if  [ "${MULTIARCH}" ];then
+        docker buildx bake --file build-images.yml --push --set *.platform=linux/amd64,linux/arm64 --no-cache|| clean 1
+    else
+        docker buildx bake --file build-images.yml --no-cache|| clean 1
+    fi
     return 0
 }
 
@@ -77,10 +86,12 @@ help() {
     echo
     echo "Usage: $0 [OPTIONS]"
     echo
-    echo "    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default."
-    echo "    -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default ${FILEBEAT_MODULE_VERSION}."
+    echo "    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc2 or beta1, not used by default."
     echo "    -r, --revision <rev>         [Optional] Package revision. By default ${WAZUH_TAG_REVISION}"
+    echo "    -ref, --reference <ref>      [Optional] Set the Wazuh reference to build development images. By default, the latest stable release."
+    echo "    -rg, --registry <reg>        [Optional] Set the Docker registry to push the images."
     echo "    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, ${WAZUH_IMAGE_VERSION}."
+    echo "    -m, --multiarch              [Optional] Enable multi-architecture builds."
     echo "    -h, --help                   Show this help."
     echo
     exit $1
@@ -103,17 +114,29 @@ main() {
                 help 1
             fi
             ;;
-        "-f"|"--filebeat-module")
+        "-m"|"--multiarch")
+            MULTIARCH="true"
+                shift
+            ;;
+        "-r"|"--revision")
             if [ -n "${2}" ]; then
-                FILEBEAT_MODULE_VERSION="${2}"
+                WAZUH_TAG_REVISION="${2}"
                 shift 2
             else
                 help 1
             fi
             ;;
-        "-r"|"--revision")
+        "-ref"|"--reference")
             if [ -n "${2}" ]; then
-                WAZUH_TAG_REVISION="${2}"
+                WAZUH_TAG_REFERENCE="${2}"
+                shift 2
+            else
+                help 1
+            fi
+            ;;
+        "-rg"|"--registry")
+            if [ -n "${2}" ]; then
+                WAZUH_REGISTRY="${2}"
                 shift 2
             else
                 help 1

build-docker-images/build-images.yml

@@ -6,9 +6,9 @@ services:
       args:
         WAZUH_VERSION: ${WAZUH_VERSION}
         WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
-        FILEBEAT_TEMPLATE_BRANCH: ${FILEBEAT_TEMPLATE_BRANCH}
-        WAZUH_FILEBEAT_MODULE: ${WAZUH_FILEBEAT_MODULE}
-    image: wazuh/wazuh-manager:${WAZUH_IMAGE_VERSION}
+        wazuh_manager_url_amd64_rpm: ${wazuh_manager_url_x86_64_rpm}
+        wazuh_manager_url_arm64_rpm: ${wazuh_manager_url_aarch64_rpm}
+    image: ${WAZUH_REGISTRY}/wazuh/wazuh-manager:${IMAGE_TAG}
     hostname: wazuh.manager
     restart: always
     ports:
@@ -20,19 +20,14 @@ services:
       - INDEXER_URL=https://wazuh.indexer:9200
       - INDEXER_USERNAME=admin
       - INDEXER_PASSWORD=admin
-      - FILEBEAT_SSL_VERIFICATION_MODE=none
     volumes:
       - wazuh_api_configuration:/var/ossec/api/configuration
       - wazuh_etc:/var/ossec/etc
       - wazuh_logs:/var/ossec/logs
       - wazuh_queue:/var/ossec/queue
       - wazuh_var_multigroups:/var/ossec/var/multigroups
-      - wazuh_integrations:/var/ossec/integrations
       - wazuh_active_response:/var/ossec/active-response/bin
-      - wazuh_agentless:/var/ossec/agentless
       - wazuh_wodles:/var/ossec/wodles
-      - filebeat_etc:/etc/filebeat
-      - filebeat_var:/var/lib/filebeat
 
   wazuh.agent:
     build:
@@ -40,7 +35,9 @@ services:
       args:
         WAZUH_VERSION: ${WAZUH_VERSION}
         WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
-    image: wazuh/wazuh-agent:${WAZUH_IMAGE_VERSION}
+        wazuh_agent_url_amd64_rpm: ${wazuh_agent_url_x86_64_rpm}
+        wazuh_agent_url_arm64_rpm: ${wazuh_agent_url_aarch64_rpm}
+    image: ${WAZUH_REGISTRY}/wazuh/wazuh-agent:${IMAGE_TAG}
     hostname: wazuh.agent
     restart: always
 
@@ -50,7 +47,9 @@ services:
       args:
         WAZUH_VERSION: ${WAZUH_VERSION}
         WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
-    image: wazuh/wazuh-indexer:${WAZUH_IMAGE_VERSION}
+        wazuh_indexer_url_amd64_rpm: ${wazuh_indexer_url_x86_64_rpm}
+        wazuh_indexer_url_arm64_rpm: ${wazuh_indexer_url_aarch64_rpm}
+    image: ${WAZUH_REGISTRY}/wazuh/wazuh-indexer:${IMAGE_TAG}
     hostname: wazuh.indexer
     restart: always
     ports:
@@ -72,7 +71,9 @@ services:
         WAZUH_VERSION: ${WAZUH_VERSION}
         WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
         WAZUH_UI_REVISION: ${WAZUH_UI_REVISION}
-    image: wazuh/wazuh-dashboard:${WAZUH_IMAGE_VERSION}
+        wazuh_dashboard_url_amd64_rpm: ${wazuh_dashboard_url_x86_64_rpm}
+        wazuh_dashboard_url_arm64_rpm: ${wazuh_dashboard_url_aarch64_rpm}
+    image: ${WAZUH_REGISTRY}/wazuh/wazuh-dashboard:${IMAGE_TAG}
     hostname: wazuh.dashboard
     restart: always
     ports:
@@ -94,9 +95,6 @@ volumes:
   wazuh_logs:
   wazuh_queue:
   wazuh_var_multigroups:
-  wazuh_integrations:
   wazuh_active_response:
-  wazuh_agentless:
   wazuh_wodles:
-  filebeat_etc:
-  filebeat_var:
+

build-docker-images/wazuh-agent/Dockerfile

@@ -10,18 +10,17 @@ ARG WAZUH_MANAGER='CHANGE_MANAGER_IP'
 ARG WAZUH_MANAGER_PORT='CHANGE_MANAGER_PORT'
 ARG WAZUH_REGISTRATION_SERVER='CHANGE_ENROLL_IP'
 ARG WAZUH_REGISTRATION_PORT='CHANGE_ENROLL_PORT'
-ARG WAZUH_AGENT_NAME='CHANGEE_AGENT_NAME'
+ARG WAZUH_AGENT_NAME='CHANGE_AGENT_NAME'
+ARG TARGETARCH
+ARG wazuh_agent_url_amd64_rpm
+ARG wazuh_agent_url_arm64_rpm
 
-COPY config/check_repository.sh /
-
-RUN yum install curl-minimal tar gzip procps -y &&\
-    yum clean all
-
-RUN chmod 775 /check_repository.sh
-RUN source /check_repository.sh
-
-RUN yum install wazuh-agent-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
-    yum clean all && \
+RUN URL_VAR="wazuh_agent_url_${TARGETARCH}_rpm" && \
+    agent_url="${!URL_VAR}" && \
+    dnf install curl-minimal tar gzip procps -y &&\
+    curl -o /wazuh-agent.rpm "${agent_url}" && \
+    dnf install /wazuh-agent.rpm -y && \
+    dnf clean all && \
     sed -i '/<authorization_pass_path>/d' /var/ossec/etc/ossec.conf && \
     curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
     -o /tmp/s6-overlay-amd64.tar.gz && \
@@ -31,6 +30,4 @@ RUN yum install wazuh-agent-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
 
 COPY config/etc/ /etc/
 
-RUN rm /etc/yum.repos.d/wazuh.repo
-
 ENTRYPOINT [ "/init" ]

build-docker-images/wazuh-agent/config/check_repository.sh

@@ -1,15 +0,0 @@
-## variables
-APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
-
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
-fi
-
-rpm --import "${APT_KEY}"
-echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo

build-docker-images/wazuh-dashboard/Dockerfile

@@ -5,16 +5,17 @@ ARG WAZUH_VERSION
 ARG WAZUH_TAG_REVISION
 ARG WAZUH_UI_REVISION
 ARG INSTALL_DIR=/usr/share/wazuh-dashboard
+ARG TARGETARCH
+ARG wazuh_dashboard_url_amd64_rpm
+ARG wazuh_dashboard_url_arm64_rpm
 
 # Update and install dependencies
-RUN yum install curl-minimal libcap openssl -y
-
-COPY config/check_repository.sh /
-RUN chmod 775 /check_repository.sh && \
-    source /check_repository.sh
-
-RUN yum install wazuh-dashboard-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
-    yum clean all
+RUN URL_VAR="wazuh_dashboard_url_${TARGETARCH}_rpm" && \
+    dashboard_url="${!URL_VAR}" && \
+    dnf install curl-minimal libcap openssl -y && \
+    curl -o /wazuh-dashboard.rpm "${dashboard_url}" && \
+    dnf install /wazuh-dashboard.rpm -y && \
+    dnf clean all
 
 # Create and set permissions to data directories
 RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
@@ -42,10 +43,8 @@ FROM amazonlinux:2023
 ENV USER="wazuh-dashboard" \
     GROUP="wazuh-dashboard" \
     NAME="wazuh-dashboard" \
-    INSTALL_DIR="/usr/share/wazuh-dashboard"
-
-# Set Wazuh app variables
-ENV PATTERN="" \
+    INSTALL_DIR="/usr/share/wazuh-dashboard" \
+    PATTERN="" \
     CHECKS_PATTERN="" \
     CHECKS_TEMPLATE="" \
     CHECKS_API="" \
@@ -60,7 +59,7 @@ ENV PATTERN="" \
     WAZUH_MONITORING_REPLICAS=""
 
 # Update and install dependencies
-RUN yum install shadow-utils -y
+RUN dnf install shadow-utils -y && dnf clean all
 
 # Create wazuh-dashboard user and group
 RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
@@ -87,15 +86,6 @@ COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
 RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 
-# Set $JAVA_HOME
-RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
-    echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
-ENV JAVA_HOME=$INSTALL_DIR/jdk
-ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
-
-# Add k-NN lib directory to library loading path variable
-ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
-
 # Set workdir and user
 WORKDIR $INSTALL_DIR
 USER wazuh-dashboard
@@ -104,5 +94,3 @@ USER wazuh-dashboard
 EXPOSE 443
 
 ENTRYPOINT [ "/entrypoint.sh" ]
-
-CMD ["opensearch-dashboards"]

build-docker-images/wazuh-dashboard/config/check_repository.sh

@@ -1,15 +0,0 @@
-## variables
-APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
-
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/5.x/yum/\nprotect=1"
-fi
-
-rpm --import "${APT_KEY}"
-echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo

build-docker-images/wazuh-dashboard/config/config.sh

@@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config
 
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/6.0/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/6.0/
+PACKAGES_URL=https://packages.wazuh.com/5.0/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
@@ -34,8 +34,8 @@ chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
 mkdir -p ${CONFIG_DIR}/certs
 
 # Copy Wazuh dashboard certs to install config dir
-cp /wazuh-certificates/dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
-cp /wazuh-certificates/dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
+cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
+cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
 cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
 
 chmod -R 500 ${CONFIG_DIR}/certs

build-docker-images/wazuh-dashboard/config/config.yml

@@ -1,5 +1,5 @@
 nodes:
   # Wazuh dashboard server nodes
   dashboard:
-    - name: dashboard
-      ip: wazuh.dashboard
+    - name: demo.dashboard
+      ip: demo.dashboard

build-docker-images/wazuh-dashboard/config/entrypoint.sh

@@ -2,215 +2,6 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 
 INSTALL_DIR=/usr/share/wazuh-dashboard
-export OPENSEARCH_DASHBOARDS_HOME=$INSTALL_DIR
-WAZUH_CONFIG_MOUNT=/wazuh-config-mount
-
-opensearch_dashboards_vars=(
-    console.enabled
-    console.proxyConfig
-    console.proxyFilter
-    ops.cGroupOverrides.cpuPath
-    ops.cGroupOverrides.cpuAcctPath
-    cpu.cgroup.path.override
-    cpuacct.cgroup.path.override
-    server.basePath
-    server.customResponseHeaders
-    server.compression.enabled
-    server.compression.referrerWhitelist
-    server.cors
-    server.cors.origin
-    server.defaultRoute
-    server.host
-    server.keepAliveTimeout
-    server.maxPayloadBytes
-    server.name
-    server.port
-    csp.rules
-    csp.strict
-    csp.warnLegacyBrowsers
-    data.search.usageTelemetry.enabled
-    opensearch.customHeaders
-    opensearch.hosts
-    opensearch.logQueries
-    opensearch.memoryCircuitBreaker.enabled
-    opensearch.memoryCircuitBreaker.maxPercentage
-    opensearch.password
-    opensearch.pingTimeout
-    opensearch.requestHeadersWhitelist
-    opensearch.requestHeadersAllowlist
-    opensearch_security.multitenancy.enabled
-    opensearch_security.readonly_mode.roles
-    opensearch.requestTimeout
-    opensearch.shardTimeout
-    opensearch.sniffInterval
-    opensearch.sniffOnConnectionFault
-    opensearch.sniffOnStart
-    opensearch.ssl.alwaysPresentCertificate
-    opensearch.ssl.certificate
-    opensearch.ssl.key
-    opensearch.ssl.keyPassphrase
-    opensearch.ssl.keystore.path
-    opensearch.ssl.keystore.password
-    opensearch.ssl.truststore.path
-    opensearch.ssl.truststore.password
-    opensearch.ssl.verificationMode
-    opensearch.username
-    i18n.locale
-    interpreter.enableInVisualize
-    opensearchDashboards.autocompleteTerminateAfter
-    opensearchDashboards.autocompleteTimeout
-    opensearchDashboards.defaultAppId
-    opensearchDashboards.index
-    logging.dest
-    logging.json
-    logging.quiet
-    logging.rotate.enabled
-    logging.rotate.everyBytes
-    logging.rotate.keepFiles
-    logging.rotate.pollingInterval
-    logging.rotate.usePolling
-    logging.silent
-    logging.useUTC
-    logging.verbose
-    map.includeOpenSearchMapsService
-    map.proxyOpenSearchMapsServiceInMaps
-    map.regionmap
-    map.tilemap.options.attribution
-    map.tilemap.options.maxZoom
-    map.tilemap.options.minZoom
-    map.tilemap.options.subdomains
-    map.tilemap.url
-    monitoring.cluster_alerts.email_notifications.email_address
-    monitoring.enabled
-    monitoring.opensearchDashboards.collection.enabled
-    monitoring.opensearchDashboards.collection.interval
-    monitoring.ui.container.opensearch.enabled
-    monitoring.ui.container.logstash.enabled
-    monitoring.ui.opensearch.password
-    monitoring.ui.opensearch.pingTimeout
-    monitoring.ui.opensearch.hosts
-    monitoring.ui.opensearch.username
-    monitoring.ui.opensearch.logFetchCount
-    monitoring.ui.opensearch.ssl.certificateAuthorities
-    monitoring.ui.opensearch.ssl.verificationMode
-    monitoring.ui.enabled
-    monitoring.ui.max_bucket_size
-    monitoring.ui.min_interval_seconds
-    newsfeed.enabled
-    ops.interval
-    path.data
-    pid.file
-    regionmap
-    security.showInsecureClusterWarning
-    server.rewriteBasePath
-    server.socketTimeout
-    server.customResponseHeaders
-    server.ssl.enabled
-    server.ssl.key
-    server.ssl.keyPassphrase
-    server.ssl.keystore.path
-    server.ssl.keystore.password
-    server.ssl.truststore.path
-    server.ssl.truststore.password
-    server.ssl.cert
-    server.ssl.certificate
-    server.ssl.certificateAuthorities
-    server.ssl.cipherSuites
-    server.ssl.clientAuthentication
-    opensearch.ssl.certificateAuthorities
-    server.ssl.redirectHttpFromPort
-    server.ssl.supportedProtocols
-    server.xsrf.disableProtection
-    server.xsrf.whitelist
-    status.allowAnonymous
-    status.v6ApiFormat
-    tilemap.options.attribution
-    tilemap.options.maxZoom
-    tilemap.options.minZoom
-    tilemap.options.subdomains
-    tilemap.url
-    timeline.enabled
-    vega.enableExternalUrls
-    apm_oss.apmAgentConfigurationIndex
-    apm_oss.indexPattern
-    apm_oss.errorIndices
-    apm_oss.onboardingIndices
-    apm_oss.spanIndices
-    apm_oss.sourcemapIndices
-    apm_oss.transactionIndices
-    apm_oss.metricsIndices
-    telemetry.allowChangingOptInStatus
-    telemetry.enabled
-    telemetry.optIn
-    telemetry.optInStatusUrl
-    telemetry.sendUsageFrom
-    vis_builder.enabled
-    data_source.enabled
-    data_source.encryption.wrappingKeyName
-    data_source.encryption.wrappingKeyNamespace
-    data_source.encryption.wrappingKey
-    data_source.audit.enabled
-    data_source.audit.appender.kind
-    data_source.audit.appender.path
-    data_source.audit.appender.layout.kind
-    data_source.audit.appender.layout.highlight
-    data_source.audit.appender.layout.pattern
-    ml_commons_dashboards.enabled
-    assistant.chat.enabled
-    observability.query_assist.enabled
-    uiSettings.overrides.defaultRoute
-)
-
-print() {
-  echo -e $1
-}
-
-error_and_exit() {
-  echo "Error executing command: '$1'."
-  echo 'Exiting.'
-  exit 1
-}
-
-exec_cmd() {
-  eval $1 > /dev/null 2>&1 || error_and_exit "$1"
-}
-
-exec_cmd_stdout() {
-  eval $1 2>&1 || error_and_exit "$1"
-}
-
-function runOpensearchDashboards {
-    touch $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
-      for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
-        env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)
-        value=${!env_var}
-        if [[ -n $value ]]; then
-          longoptfile="${opensearch_dashboards_var}: ${value}"
-          if grep -q $opensearch_dashboards_var $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml; then
-            sed -i "/${opensearch_dashboards_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
-          else
-            echo $longoptfile >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
-          fi
-        fi
-      done
-
-    umask 0002
-
-    /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml \
-        --cpu.cgroup.path.override=/ \
-        --cpuacct.cgroup.path.override=/
-}
-
-mount_files() {
-  if [ -e $WAZUH_CONFIG_MOUNT/* ]
-  then
-    print "Identified Wazuh cdashboard onfiguration files to mount..."
-    exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $INSTALL_DIR"
-  else
-    print "No Wazuh dashboard configuration files to mount..."
-  fi
-}
-
 DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
 DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
 
@@ -226,14 +17,4 @@ echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add o
 
 /wazuh_app_config.sh $WAZUH_UI_REVISION
 
-mount_files
-
-if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
-    set -- opensearch-dashboards "$@"
-fi
-
-if [ "$1" = "opensearch-dashboards" ]; then
-    runOpensearchDashboards "$@"
-else
-    exec "$@"
-fi
+/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml

build-docker-images/wazuh-indexer/Dockerfile

@@ -3,23 +3,19 @@ FROM amazonlinux:2023 AS builder
 
 ARG WAZUH_VERSION
 ARG WAZUH_TAG_REVISION
-
-RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y
-
-COPY config/check_repository.sh /
-RUN chmod 775 /check_repository.sh && \
-    source /check_repository.sh
-
-RUN yum install wazuh-indexer-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
-    yum clean all
-
-COPY config/opensearch.yml /
+ARG TARGETARCH
+ARG wazuh_indexer_url_amd64_rpm
+ARG wazuh_indexer_url_arm64_rpm
 
 COPY config/config.sh .
 
-COPY config/config.yml /
-
-RUN bash config.sh
+RUN URL_VAR="wazuh_indexer_url_${TARGETARCH}_rpm" && \
+    indexer_url="${!URL_VAR}" && \
+    dnf install curl-minimal openssl xz tar findutils shadow-utils -y &&\
+    curl -o /wazuh-indexer.rpm "${indexer_url}" && \
+    dnf install /wazuh-indexer.rpm -y && \
+    dnf clean all && \
+    bash config.sh
 
 ################################################################################
 # Build stage 1 (the actual Wazuh indexer image):
@@ -35,15 +31,6 @@ ENV USER="wazuh-indexer" \
     NAME="wazuh-indexer" \
     INSTALL_DIR="/usr/share/wazuh-indexer"
 
-# Set $JAVA_HOME
-RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
-    echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
-ENV JAVA_HOME="$INSTALL_DIR/jdk"
-ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
-
-# Add k-NN lib directory to library loading path variable
-ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
-
 RUN yum install curl-minimal shadow-utils findutils hostname -y
 
 RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
@@ -63,25 +50,26 @@ COPY config/entrypoint.sh /
 
 COPY config/securityadmin.sh /
 
-RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh
-
-RUN chown 1000:1000 /*.sh
+RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh && \
+    mkdir -p /usr/share/wazuh-indexer && \
+    chown 1000:1000 /usr/share/wazuh-indexer && \
+    chown 1000:1000 /*.sh
 
 COPY --from=builder --chown=1000:1000 /usr/share/wazuh-indexer /usr/share/wazuh-indexer
-COPY --from=builder --chown=1000:1000 /etc/wazuh-indexer /usr/share/wazuh-indexer
+COPY --from=builder --chown=1000:1000 /etc/wazuh-indexer /usr/share/wazuh-indexer/config
+COPY --from=builder --chown=1000:1000 /debian/wazuh-indexer/usr/share/wazuh-indexer /usr/share/wazuh-indexer
 COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/systemd /usr/lib/systemd
 COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sysctl.d /usr/lib/sysctl.d
 COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tmpfiles.d /usr/lib/tmpfiles.d
 
-RUN chown -R 1000:1000 /usr/share/wazuh-indexer
-
 RUN mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer && \
     mkdir -p /usr/share/wazuh-indexer/logs && chown 1000:1000 /usr/share/wazuh-indexer/logs && \
     mkdir -p /run/wazuh-indexer && chown 1000:1000 /run/wazuh-indexer && \
     mkdir -p /var/log/wazuh-indexer && chown 1000:1000 /var/log/wazuh-indexer && \
     chmod 700 /usr/share/wazuh-indexer && \
-    chmod 600 /usr/share/wazuh-indexer/jvm.options && \
-    chmod 600 /usr/share/wazuh-indexer/opensearch.yml
+    chmod 700 /usr/share/wazuh-indexer/config && \
+    chmod 600 /usr/share/wazuh-indexer/config/jvm.options && \
+    chmod 600 /usr/share/wazuh-indexer/config/opensearch.yml
 
 USER wazuh-indexer
 

build-docker-images/wazuh-indexer/config/action_groups.yml

@@ -0,0 +1,12 @@
+---
+_meta:
+  type: "actiongroups"
+  config_version: 2
+
+# ISM API permissions group
+manage_ism:
+  reserved: true
+  hidden: false
+  allowed_actions:
+  - "cluster:admin/opendistro/ism/*"
+  static: false

build-docker-images/wazuh-indexer/config/check_repository.sh

@@ -1,15 +0,0 @@
-## variables
-APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
-
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/5.x/yum/\nprotect=1"
-fi
-
-rpm --import "${APT_KEY}"
-echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo

build-docker-images/wazuh-indexer/config/config.sh

@@ -13,7 +13,7 @@ export LOG_DIR=/var/log/${NAME}
 export LIB_DIR=/var/lib/${NAME}
 export PID_DIR=/run/${NAME}
 export INSTALLATION_DIR=/usr/share/${NAME}
-export CONFIG_DIR=${INSTALLATION_DIR}
+export CONFIG_DIR=${INSTALLATION_DIR}/config
 export BASE_DIR=${NAME}-*
 export INDEXER_FILE=wazuh-indexer-base.tar.xz
 export BASE_FILE=wazuh-indexer-base-${VERSION}-linux-x64.tar.xz
@@ -22,8 +22,8 @@ export REPO_DIR=/unattended_installer
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/6.0/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/6.0/
+PACKAGES_URL=https://packages.wazuh.com/5.0/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

build-docker-images/wazuh-indexer/config/entrypoint.sh

@@ -6,273 +6,13 @@ umask 0002
 
 export USER=wazuh-indexer
 export INSTALLATION_DIR=/usr/share/wazuh-indexer
-export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}
+export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}/config
+export JAVA_HOME=${INSTALLATION_DIR}/jdk
+export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
 export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
 export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem"
 export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem"
 
-opensearch_vars=(
-    cluster.name
-    node.name
-    node.roles
-    path.data
-    path.logs
-    bootstrap.memory_lock
-    network.host
-    http.port
-    transport.port
-    network.bind_host
-    network.publish_host
-    transport.tcp.port
-    compatibility.override_main_response_version
-    http.host
-    http.bind_host
-    http.publish_host
-    http.compression
-    transport.host
-    transport.bind_host
-    transport.publish_host
-    discovery.seed_hosts
-    discovery.seed_providers
-    discovery.type
-    cluster.initial_cluster_manager_nodes
-    cluster.initial_master_nodes
-    node.max_local_storage_nodes
-    gateway.recover_after_nodes
-    gateway.recover_after_data_nodes
-    gateway.expected_data_nodes
-    gateway.recover_after_time
-    plugins.security.nodes_dn
-    plugins.security.nodes_dn_dynamic_config_enabled
-    plugins.security.authcz.admin_dn
-    plugins.security.roles_mapping_resolution
-    plugins.security.dls.mode
-    plugins.security.compliance.salt
-    config.dynamic.http.anonymous_auth_enabled
-    plugins.security.restapi.roles_enabled
-    plugins.security.restapi.password_validation_regex
-    plugins.security.restapi.password_validation_error_message
-    plugins.security.restapi.password_min_length
-    plugins.security.restapi.password_score_based_validation_strength
-    plugins.security.unsupported.restapi.allow_securityconfig_modification
-    plugins.security.authcz.impersonation_dn
-    plugins.security.authcz.rest_impersonation_user
-    plugins.security.allow_default_init_securityindex
-    plugins.security.allow_unsafe_democertificates
-    plugins.security.system_indices.permission.enabled
-    plugins.security.config_index_name
-    plugins.security.cert.oid
-    plugins.security.cert.intercluster_request_evaluator_class
-    plugins.security.enable_snapshot_restore_privilege
-    plugins.security.check_snapshot_restore_write_privileges
-    plugins.security.cache.ttl_minutes
-    plugins.security.protected_indices.enabled
-    plugins.security.protected_indices.roles
-    plugins.security.protected_indices.indices
-    plugins.security.system_indices.enabled
-    plugins.security.system_indices.indices
-    plugins.security.audit.enable_rest
-    plugins.security.audit.enable_transport
-    plugins.security.audit.resolve_bulk_requests
-    plugins.security.audit.config.disabled_categories
-    plugins.security.audit.ignore_requests
-    plugins.security.audit.threadpool.size
-    plugins.security.audit.threadpool.max_queue_len
-    plugins.security.audit.ignore_users
-    plugins.security.audit.type
-    plugins.security.audit.config.http_endpoints
-    plugins.security.audit.config.index
-    plugins.security.audit.config.type
-    plugins.security.audit.config.username
-    plugins.security.audit.config.password
-    plugins.security.audit.config.enable_ssl
-    plugins.security.audit.config.verify_hostnames
-    plugins.security.audit.config.enable_ssl_client_auth
-    plugins.security.audit.config.cert_alias
-    plugins.security.audit.config.pemkey_filepath
-    plugins.security.audit.config.pemkey_content
-    plugins.security.audit.config.pemkey_password
-    plugins.security.audit.config.pemcert_filepath
-    plugins.security.audit.config.pemcert_content
-    plugins.security.audit.config.pemtrustedcas_filepath
-    plugins.security.audit.config.pemtrustedcas_content
-    plugins.security.audit.config.webhook.url
-    plugins.security.audit.config.webhook.format
-    plugins.security.audit.config.webhook.ssl.verify
-    plugins.security.audit.config.webhook.ssl.pemtrustedcas_filepath
-    plugins.security.audit.config.webhook.ssl.pemtrustedcas_content
-    plugins.security.audit.config.log4j.logger_name
-    plugins.security.audit.config.log4j.level
-    opendistro_security.audit.config.disabled_rest_categories
-    opendistro_security.audit.config.disabled_transport_categories
-    plugins.security.ssl.transport.enforce_hostname_verification
-    plugins.security.ssl.transport.resolve_hostname
-    plugins.security.ssl.http.clientauth_mode
-    plugins.security.ssl.http.enabled_ciphers
-    plugins.security.ssl.http.enabled_protocols
-    plugins.security.ssl.transport.enabled_ciphers
-    plugins.security.ssl.transport.enabled_protocols
-    plugins.security.ssl.transport.keystore_type
-    plugins.security.ssl.transport.keystore_filepath
-    plugins.security.ssl.transport.keystore_alias
-    plugins.security.ssl.transport.keystore_password
-    plugins.security.ssl.transport.truststore_type
-    plugins.security.ssl.transport.truststore_filepath
-    plugins.security.ssl.transport.truststore_alias
-    plugins.security.ssl.transport.truststore_password
-    plugins.security.ssl.http.enabled
-    plugins.security.ssl.http.keystore_type
-    plugins.security.ssl.http.keystore_filepath
-    plugins.security.ssl.http.keystore_alias
-    plugins.security.ssl.http.keystore_password
-    plugins.security.ssl.http.truststore_type
-    plugins.security.ssl.http.truststore_filepath
-    plugins.security.ssl.http.truststore_alias
-    plugins.security.ssl.http.truststore_password
-    plugins.security.ssl.transport.enable_openssl_if_available
-    plugins.security.ssl.http.enable_openssl_if_available
-    plugins.security.ssl.transport.pemkey_filepath
-    plugins.security.ssl.transport.pemkey_password
-    plugins.security.ssl.transport.pemcert_filepath
-    plugins.security.ssl.transport.pemtrustedcas_filepath
-    plugins.security.ssl.http.pemkey_filepath
-    plugins.security.ssl.http.pemkey_password
-    plugins.security.ssl.http.pemcert_filepath
-    plugins.security.ssl.http.pemtrustedcas_filepath
-    plugins.security.ssl.transport.enabled
-    plugins.security.ssl.transport.client.pemkey_password
-    plugins.security.ssl.transport.keystore_keypassword
-    plugins.security.ssl.transport.server.keystore_keypassword
-    plugins.sercurity.ssl.transport.server.keystore_alias
-    plugins.sercurity.ssl.transport.client.keystore_alias
-    plugins.sercurity.ssl.transport.server.truststore_alias
-    plugins.sercurity.ssl.transport.client.truststore_alias
-    plugins.security.ssl.client.external_context_id
-    plugins.secuirty.ssl.transport.principal_extractor_class
-    plugins.security.ssl.http.crl.file_path
-    plugins.security.ssl.http.crl.validate
-    plugins.security.ssl.http.crl.prefer_crlfile_over_ocsp
-    plugins.security.ssl.http.crl.check_only_end_entitites
-    plugins.security.ssl.http.crl.disable_ocsp
-    plugins.security.ssl.http.crl.disable_crldp
-    plugins.security.ssl.allow_client_initiated_renegotiation
-    indices.breaker.total.use_real_memory
-    indices.breaker.total.limit
-    indices.breaker.fielddata.limit
-    indices.breaker.fielddata.overhead
-    indices.breaker.request.limit
-    indices.breaker.request.overhead
-    network.breaker.inflight_requests.limit
-    network.breaker.inflight_requests.overhead
-    cluster.routing.allocation.enable
-    cluster.routing.allocation.node_concurrent_incoming_recoveries
-    cluster.routing.allocation.node_concurrent_outgoing_recoveries
-    cluster.routing.allocation.node_concurrent_recoveries
-    cluster.routing.allocation.node_initial_primaries_recoveries
-    cluster.routing.allocation.same_shard.host
-    cluster.routing.rebalance.enable
-    cluster.routing.allocation.allow_rebalance
-    cluster.routing.allocation.cluster_concurrent_rebalance
-    cluster.routing.allocation.balance.shard
-    cluster.routing.allocation.balance.index
-    cluster.routing.allocation.balance.threshold
-    cluster.routing.allocation.balance.prefer_primary
-    cluster.routing.allocation.disk.threshold_enabled
-    cluster.routing.allocation.disk.watermark.low
-    cluster.routing.allocation.disk.watermark.high
-    cluster.routing.allocation.disk.watermark.flood_stage
-    cluster.info.update.interval
-    cluster.routing.allocation.shard_movement_strategy
-    cluster.blocks.read_only
-    cluster.blocks.read_only_allow_delete
-    cluster.max_shards_per_node
-    cluster.persistent_tasks.allocation.enable
-    cluster.persistent_tasks.allocation.recheck_interval
-    cluster.search.request.slowlog.threshold.warn
-    cluster.search.request.slowlog.threshold.info
-    cluster.search.request.slowlog.threshold.debug
-    cluster.search.request.slowlog.threshold.trace
-    cluster.search.request.slowlog.level
-    cluster.fault_detection.leader_check.timeout
-    cluster.fault_detection.follower_check.timeout
-    action.auto_create_index
-    action.destructive_requires_name
-    cluster.default.index.refresh_interval
-    cluster.minimum.index.refresh_interval
-    cluster.indices.close.enable
-    indices.recovery.max_bytes_per_sec
-    indices.recovery.max_concurrent_file_chunks
-    indices.recovery.max_concurrent_operations
-    indices.recovery.max_concurrent_remote_store_streams
-    indices.time_series_index.default_index_merge_policy
-    indices.fielddata.cache.size
-    index.number_of_shards
-    index.number_of_routing_shards
-    index.shard.check_on_startup
-    index.codec
-    index.codec.compression_level
-    index.routing_partition_size
-    index.soft_deletes.retention_lease.period
-    index.load_fixed_bitset_filters_eagerly
-    index.hidden
-    index.merge.policy
-    index.merge_on_flush.enabled
-    index.merge_on_flush.max_full_flush_merge_wait_time
-    index.merge_on_flush.policy
-    index.check_pending_flush.enabled
-    index.number_of_replicas
-    index.auto_expand_replicas
-    index.search.idle.after
-    index.refresh_interval
-    index.max_result_window
-    index.max_inner_result_window
-    index.max_rescore_window
-    index.max_docvalue_fields_search
-    index.max_script_fields
-    index.max_ngram_diff
-    index.max_shingle_diff
-    index.max_refresh_listeners
-    index.analyze.max_token_count
-    index.highlight.max_analyzed_offset
-    index.max_terms_count
-    index.max_regex_length
-    index.query.default_field
-    index.query.max_nested_depth
-    index.routing.allocation.enable
-    index.routing.rebalance.enable
-    index.gc_deletes
-    index.default_pipeline
-    index.final_pipeline
-    index.optimize_doc_id_lookup.fuzzy_set.enabled
-    index.optimize_doc_id_lookup.fuzzy_set.false_positive_probability
-    search.max_buckets
-    search.phase_took_enabled
-    search.allow_expensive_queries
-    search.default_allow_partial_results
-    search.cancel_after_time_interval
-    search.default_search_timeout
-    search.default_keep_alive
-    search.keep_alive_interval
-    search.max_keep_alive
-    search.low_level_cancellation
-    search.max_open_scroll_context
-    search.request_stats_enabled
-    search.highlight.term_vector_multi_value
-    snapshot.max_concurrent_operations
-    cluster.remote_store.translog.buffer_interval
-    remote_store.moving_average_window_size
-    opensearch.notifications.core.allowed_config_types
-    opensearch.notifications.core.email.minimum_header_length
-    opensearch.notifications.core.email.size_limit
-    opensearch.notifications.core.http.connection_timeout
-    opensearch.notifications.core.http.host_deny_list
-    opensearch.notifications.core.http.max_connection_per_route
-    opensearch.notifications.core.http.max_connections
-    opensearch.notifications.core.http.socket_timeout
-    opensearch.notifications.core.tooltip_support
-    opensearch.notifications.general.filter_by_backend_roles
-)
-
 run_as_other_user_if_needed() {
   if [[ "$(id -u)" == "0" ]]; then
     # If running as root, drop to specified UID and run command
@@ -284,37 +24,6 @@ run_as_other_user_if_needed() {
   fi
 }
 
-function buildOpensearchConfig {
-    echo "" >> $OPENSEARCH_PATH_CONF/opensearch.yml
-      for opensearch_var in ${opensearch_vars[*]}; do
-        env_var=$(echo ${opensearch_var^^} | tr . _)
-        value=${!env_var}
-        if [[ -n $value ]]; then
-          if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then
-            lineNum="$(grep -n "$opensearch_var" $OPENSEARCH_PATH_CONF/opensearch.yml | head -n 1 | cut -d: -f1)"
-            sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml
-            charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1)
-          fi
-          while :
-          do
-            case "$charline" in
-              "-"| "#" |" ") sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml;;
-              *) break;;
-            esac
-            charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1)
-          done
-          longoptfile="${opensearch_var}: ${value}"
-          if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then
-            sed -i "/${opensearch_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_PATH_CONF/opensearch.yml
-          else
-            echo $longoptfile >> $OPENSEARCH_PATH_CONF/opensearch.yml
-          fi
-        fi
-      done
-}
-
-buildOpensearchConfig
-
 # Allow user specify custom CMD, maybe bin/opensearch itself
 # for example to directly specify `-E` style parameters for opensearch on k8s
 # or simply to run /bin/bash to check the image
@@ -375,4 +84,10 @@ if [[ "$(id -u)" == "0" ]]; then
 fi
 
 
+#if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then
+  # run securityadmin.sh for single node with CACERT, CERT and KEY parameter
+#  nohup /securityadmin.sh &
+#  touch "/var/lib/wazuh-indexer/.flag"
+#fi
+
 run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD"

build-docker-images/wazuh-indexer/config/internal_users.yml

@@ -0,0 +1,74 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+  type: "internalusers"
+  config_version: 2
+
+# Define your internal users here
+
+## Demo users
+
+admin:
+  hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG"
+  reserved: true
+  backend_roles:
+  - "admin"
+  description: "Demo admin user"
+
+kibanaserver:
+  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
+  reserved: true
+  description: "Demo kibanaserver user"
+
+kibanaro:
+  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
+  reserved: false
+  backend_roles:
+  - "kibanauser"
+  - "readall"
+  attributes:
+    attribute1: "value1"
+    attribute2: "value2"
+    attribute3: "value3"
+  description: "Demo kibanaro user"
+
+logstash:
+  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
+  reserved: false
+  backend_roles:
+  - "logstash"
+  description: "Demo logstash user"
+
+readall:
+  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
+  reserved: false
+  backend_roles:
+  - "readall"
+  description: "Demo readall user"
+
+snapshotrestore:
+  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
+  reserved: false
+  backend_roles:
+  - "snapshotrestore"
+  description: "Demo snapshotrestore user"
+
+wazuh_admin:
+  hash: "$2y$12$d2awHiOYvZjI88VfsDON.u6buoBol0gYPJEgdG1ArKVE0OMxViFfu"
+  reserved: true
+  hidden: false
+  backend_roles: []
+  attributes: {}
+  opendistro_security_roles: []
+  static: false
+  
+wazuh_user:
+  hash: "$2y$12$BQixeoQdRubZdVf/7sq1suHwiVRnSst1.lPI2M0.GPZms4bq2D9vO"
+  reserved: true
+  hidden: false
+  backend_roles: []
+  attributes: {}
+  opendistro_security_roles: []
+  static: false  

build-docker-images/wazuh-indexer/config/opensearch.yml

@@ -0,0 +1,26 @@
+network.host: "0.0.0.0"
+node.name: "wazuh.indexer"
+cluster.name: "wazuh-cluster"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+discovery.type: single-node
+plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem
+plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem
+plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem
+plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+- "CN=demo.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+plugins.security.system_indices.enabled: true
+plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]

build-docker-images/wazuh-indexer/config/roles.yml

@@ -0,0 +1,171 @@
+_meta:
+  type: "roles"
+  config_version: 2
+
+# Restrict users so they can only view visualization and dashboards on kibana
+kibana_read_only:
+  reserved: true
+
+# The security REST API access role is used to assign specific users access to change the security settings through the REST API.
+security_rest_api_access:
+  reserved: true
+
+# Allows users to view monitors, destinations and alerts
+alerting_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/alerting/alerts/get'
+    - 'cluster:admin/opendistro/alerting/destination/get'
+    - 'cluster:admin/opendistro/alerting/monitor/get'
+    - 'cluster:admin/opendistro/alerting/monitor/search'
+
+# Allows users to view and acknowledge alerts
+alerting_ack_alerts:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/alerting/alerts/*'
+
+# Allows users to use all alerting functionality
+alerting_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster_monitor'
+    - 'cluster:admin/opendistro/alerting/*'
+  index_permissions:
+    - index_patterns:
+        - '*'
+      allowed_actions:
+        - 'indices_monitor'
+        - 'indices:admin/aliases/get'
+        - 'indices:admin/mappings/get'
+
+# Allow users to read Anomaly Detection detectors and results
+anomaly_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/ad/detector/info'
+    - 'cluster:admin/opendistro/ad/detector/search'
+    - 'cluster:admin/opendistro/ad/detectors/get'
+    - 'cluster:admin/opendistro/ad/result/search'
+    - 'cluster:admin/opendistro/ad/tasks/search'
+
+# Allows users to use all Anomaly Detection functionality
+anomaly_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster_monitor'
+    - 'cluster:admin/opendistro/ad/*'
+  index_permissions:
+    - index_patterns:
+        - '*'
+      allowed_actions:
+        - 'indices_monitor'
+        - 'indices:admin/aliases/get'
+        - 'indices:admin/mappings/get'
+
+# Allows users to read Notebooks
+notebooks_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/notebooks/list'
+    - 'cluster:admin/opendistro/notebooks/get'
+
+# Allows users to all Notebooks functionality
+notebooks_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/notebooks/create'
+    - 'cluster:admin/opendistro/notebooks/update'
+    - 'cluster:admin/opendistro/notebooks/delete'
+    - 'cluster:admin/opendistro/notebooks/get'
+    - 'cluster:admin/opendistro/notebooks/list'
+
+# Allows users to read and download Reports
+reports_instances_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/reports/instance/list'
+    - 'cluster:admin/opendistro/reports/instance/get'
+    - 'cluster:admin/opendistro/reports/menu/download'
+
+# Allows users to read and download Reports and Report-definitions
+reports_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/reports/definition/get'
+    - 'cluster:admin/opendistro/reports/definition/list'
+    - 'cluster:admin/opendistro/reports/instance/list'
+    - 'cluster:admin/opendistro/reports/instance/get'
+    - 'cluster:admin/opendistro/reports/menu/download'
+
+# Allows users to all Reports functionality
+reports_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/reports/definition/create'
+    - 'cluster:admin/opendistro/reports/definition/update'
+    - 'cluster:admin/opendistro/reports/definition/on_demand'
+    - 'cluster:admin/opendistro/reports/definition/delete'
+    - 'cluster:admin/opendistro/reports/definition/get'
+    - 'cluster:admin/opendistro/reports/definition/list'
+    - 'cluster:admin/opendistro/reports/instance/list'
+    - 'cluster:admin/opendistro/reports/instance/get'
+    - 'cluster:admin/opendistro/reports/menu/download'
+
+# Allows users to use all asynchronous-search functionality
+asynchronous_search_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/asynchronous_search/*'
+  index_permissions:
+    - index_patterns:
+        - '*'
+      allowed_actions:
+        - 'indices:data/read/search*'
+
+# Allows users to read stored asynchronous-search results
+asynchronous_search_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opendistro/asynchronous_search/get'
+
+wazuh_ui_user:
+  reserved: true
+  hidden: false
+  cluster_permissions: []
+  index_permissions:
+  - index_patterns:
+    - "wazuh-*"
+    dls: ""
+    fls: []
+    masked_fields: []
+    allowed_actions:
+    - "read"
+  tenant_permissions: []
+  static: false
+
+wazuh_ui_admin:
+  reserved: true
+  hidden: false
+  cluster_permissions: []
+  index_permissions:
+  - index_patterns:
+    - "wazuh-*"
+    dls: ""
+    fls: []
+    masked_fields: []
+    allowed_actions:
+    - "read"
+    - "delete"
+    - "manage"
+    - "index"
+  tenant_permissions: []
+  static: false
+
+# ISM API permissions role
+manage_ism:
+  reserved: true
+  hidden: false
+  cluster_permissions:
+  - "manage_ism"
+  static: false

build-docker-images/wazuh-indexer/config/roles_mapping.yml

@@ -0,0 +1,78 @@
+---
+# In this file users, backendroles and hosts can be mapped to Wazuh indexer Security roles.
+# Permissions for Wazuh indexer roles are configured in roles.yml
+
+_meta:
+  type: "rolesmapping"
+  config_version: 2
+
+# Define your roles mapping here
+
+## Demo roles mapping
+
+all_access:
+  reserved: false
+  backend_roles:
+  - "admin"
+  description: "Maps admin to all_access"
+
+own_index:
+  reserved: false
+  users:
+  - "*"
+  description: "Allow full access to an index named like the username"
+
+logstash:
+  reserved: false
+  backend_roles:
+  - "logstash"
+
+kibana_user:
+  reserved: false
+  backend_roles:
+  - "kibanauser"
+  users:
+  - "wazuh_user"
+  - "wazuh_admin"
+  description: "Maps kibanauser to kibana_user"
+
+readall:
+  reserved: false
+  backend_roles:
+  - "readall"
+
+manage_snapshots:
+  reserved: false
+  backend_roles:
+  - "snapshotrestore"
+
+kibana_server:
+  reserved: true
+  users:
+  - "kibanaserver"
+
+wazuh_ui_admin:
+  reserved: true
+  hidden: false
+  backend_roles: []
+  hosts: []
+  users:
+  - "wazuh_admin"
+  - "kibanaserver"
+  and_backend_roles: []
+
+wazuh_ui_user:
+  reserved: true
+  hidden: false
+  backend_roles: []
+  hosts: []
+  users:
+  - "wazuh_user"
+  and_backend_roles: []
+
+# ISM API permissions role mapping
+manage_ism:
+  reserved: true
+  hidden: false
+  users:
+  - "kibanaserver"

build-docker-images/wazuh-manager/Dockerfile

@@ -5,27 +5,18 @@ RUN rm /bin/sh && ln -s /bin/bash /bin/sh
 
 ARG WAZUH_VERSION
 ARG WAZUH_TAG_REVISION
-ARG FILEBEAT_TEMPLATE_BRANCH
-ARG FILEBEAT_CHANNEL=filebeat-oss
-ARG FILEBEAT_VERSION=7.10.2
-ARG WAZUH_FILEBEAT_MODULE
 ARG S6_VERSION="v2.2.0.3"
+ARG TARGETARCH
+ARG wazuh_manager_url_amd64_rpm
+ARG wazuh_manager_url_arm64_rpm
 
-RUN yum install curl-minimal xz gnupg tar gzip openssl findutils procps -y &&\
-    yum clean all
-
-COPY config/check_repository.sh /
-COPY config/filebeat_module.sh /
-COPY config/permanent_data.env config/permanent_data.sh /
-
-RUN chmod 775 /check_repository.sh
-RUN source /check_repository.sh
-
-RUN yum install wazuh-manager-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
-    yum clean all && \
-    chmod 775 /filebeat_module.sh && \
-    source /filebeat_module.sh && \
-    rm /filebeat_module.sh && \
+RUN URL_VAR="wazuh_manager_url_${TARGETARCH}_rpm" && \
+    manager_url="${!URL_VAR}" && \
+    dnf install curl-minimal xz gnupg tar gzip openssl findutils procps -y &&\
+    dnf clean all && \
+    curl -o /wazuh-manager.rpm "${manager_url}" && \
+    dnf install /wazuh-manager.rpm -y && \
+    dnf clean all && \
     curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
     -o /tmp/s6-overlay-amd64.tar.gz && \
     tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \
@@ -35,24 +26,16 @@ RUN yum install wazuh-manager-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
 COPY config/etc/ /etc/
 COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py
 
-COPY config/filebeat.yml /etc/filebeat/
-
-RUN chmod go-w /etc/filebeat/filebeat.yml
-
-ADD https://raw.githubusercontent.com/wazuh/wazuh/$FILEBEAT_TEMPLATE_BRANCH/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
-RUN chmod go-w /etc/filebeat/wazuh-template.json
-
 # Prepare permanent data
 # Sync calls are due to https://github.com/docker/docker/issues/9547
 
+COPY config/permanent_data.env config/permanent_data.sh /
+
 #Make mount directories for keep permissions
 
 RUN mkdir -p /var/ossec/var/multigroups && \
     chown root:wazuh /var/ossec/var/multigroups && \
     chmod 770 /var/ossec/var/multigroups && \
-    mkdir -p /var/ossec/agentless && \
-    chown root:wazuh /var/ossec/agentless && \
-    chmod 770 /var/ossec/agentless && \
     mkdir -p /var/ossec/active-response/bin && \
     chown root:wazuh /var/ossec/active-response/bin && \
     chmod 770 /var/ossec/active-response/bin && \
@@ -60,8 +43,6 @@ RUN mkdir -p /var/ossec/var/multigroups && \
     sync && /permanent_data.sh && \
     sync && rm /permanent_data.sh
 
-RUN rm /etc/yum.repos.d/wazuh.repo
-
 # Services ports
 EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp
 

build-docker-images/wazuh-manager/config/check_repository.sh

@@ -1,15 +0,0 @@
-## variables
-APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
-
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/5.x/yum/\nprotect=1"
-fi
-
-rpm --import "${APT_KEY}"
-echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo

build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init

@@ -167,16 +167,17 @@ set_custom_cluster_key() {
 }
 
 ##############################################################################
-# Modify /var/ossec/queue/rids directory owner on
-# container start.
+# Set correct ownership for Wazuh related directories
+# on container start.
 ##############################################################################
 
-set_rids_owner() {
+configure_permissions() {
   chown -R wazuh:wazuh /var/ossec/queue/rids
+  chown -R wazuh:wazuh /var/ossec/etc/lists
 }
 
 ##############################################################################
-# Change any ossec user/group to wazuh user/group 
+# Change any ossec user/group to wazuh user/group
 ##############################################################################
 
 set_correct_permOwner() {
@@ -226,8 +227,8 @@ main() {
   # Delete temporary data folder
   rm -rf ${WAZUH_INSTALL_PATH}/data_tmp
 
-  # Set rids directory owner
-  set_rids_owner
+  # Set correct ownership for Wazuh related directories
+  configure_permissions
 }
 
 main

build-docker-images/wazuh-manager/config/etc/cont-init.d/1-config-filebeat

@@ -1,51 +0,0 @@
-#!/usr/bin/with-contenv bash
-# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-
-set -e
-
-if [ "$INDEXER_URL" != "" ]; then
-  >&2 echo "Customize Elasticsearch output IP"
-  sed -i "s|hosts:.*|hosts: ['$INDEXER_URL']|g" /etc/filebeat/filebeat.yml
-fi
-
-# Configure filebeat.yml security settings
-
-if [ "$INDEXER_USERNAME" != "" ]; then
-  >&2 echo "Configuring username."
-  sed -i "s|#username:.*|username:|g" /etc/filebeat/filebeat.yml
-  sed -i "s|username:.*|username: '$INDEXER_USERNAME'|g" /etc/filebeat/filebeat.yml
-fi
-
-if [ "$INDEXER_PASSWORD" != "" ]; then
-  >&2 echo "Configuring password."
-  sed -i "s|#password:.*|password:|g" /etc/filebeat/filebeat.yml
-  sed -i "s|password:.*|password: '$INDEXER_PASSWORD'|g" /etc/filebeat/filebeat.yml
-fi
-
-if [ "$FILEBEAT_SSL_VERIFICATION_MODE" != "" ]; then
-  >&2 echo "Configuring SSL verification mode."
-  sed -i "s|#ssl.verification_mode:.*|ssl.verification_mode:|g" /etc/filebeat/filebeat.yml
-  sed -i "s|ssl.verification_mode:.*|ssl.verification_mode: '$FILEBEAT_SSL_VERIFICATION_MODE'|g" /etc/filebeat/filebeat.yml
-fi
-
-if [ "$SSL_CERTIFICATE_AUTHORITIES" != "" ]; then
-  >&2 echo "Configuring Certificate Authorities."
-  sed -i "s|#ssl.certificate_authorities:.*|ssl.certificate_authorities:|g" /etc/filebeat/filebeat.yml
-  sed -i "s|ssl.certificate_authorities:.*|ssl.certificate_authorities: ['$SSL_CERTIFICATE_AUTHORITIES']|g" /etc/filebeat/filebeat.yml
-fi
-
-if [ "$SSL_CERTIFICATE" != "" ]; then
-  >&2 echo "Configuring SSL Certificate."
-  sed -i "s|#ssl.certificate:.*|ssl.certificate:|g" /etc/filebeat/filebeat.yml
-  sed -i "s|ssl.certificate:.*|ssl.certificate: '$SSL_CERTIFICATE'|g" /etc/filebeat/filebeat.yml
-fi
-
-if [ "$SSL_KEY" != "" ]; then
-  >&2 echo "Configuring SSL Key."
-  sed -i "s|#ssl.key:.*|ssl.key:|g" /etc/filebeat/filebeat.yml
-  sed -i "s|ssl.key:.*|ssl.key: '$SSL_KEY'|g" /etc/filebeat/filebeat.yml
-fi
-
-
-chmod go-w /etc/filebeat/filebeat.yml || true
-chown root: /etc/filebeat/filebeat.yml || true

build-docker-images/wazuh-manager/config/etc/cont-init.d/1-manager

@@ -60,12 +60,6 @@ function_wazuh_migration(){
       chown wazuh:wazuh /var/ossec/etc/rules/*
       chmod 660 /var/ossec/etc/rules/*
 
-      if [ -e /wazuh-migration/data/agentless/.passlist ]; then
-        \cp -f /wazuh-migration/data/agentless/.passlist /var/ossec/agentless/.passlist
-        chown root:wazuh /var/ossec/agentless/.passlist
-        chmod 640 /var/ossec/agentless/.passlist
-      fi
-
       \cp -f /wazuh-migration/global.db /var/ossec/queue/db/global.db
       chown wazuh:wazuh /var/ossec/queue/db/global.db
       chmod 640 /var/ossec/queue/db/global.db

build-docker-images/wazuh-manager/config/etc/services.d/filebeat/finish

@@ -1,6 +0,0 @@
-#!/usr/bin/env sh
-echo >&2 "Filebeat exited. code=${1}"
-
-# terminate other services to exit from the container
-exec s6-svscanctl -t /var/run/s6/services
-

build-docker-images/wazuh-manager/config/etc/services.d/filebeat/run

@@ -1,4 +0,0 @@
-#!/usr/bin/with-contenv sh
-echo >&2 "starting Filebeat"
-
-exec /usr/share/filebeat/bin/filebeat -e -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat

build-docker-images/wazuh-manager/config/filebeat_module.sh

@@ -1,12 +0,0 @@
-## variables
-REPOSITORY="packages-dev.wazuh.com/pre-release"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
-
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  REPOSITORY="packages.wazuh.com/5.x"
-fi
-
-curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm &&\
-yum install -y ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && \
-curl -s https://${REPOSITORY}/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module

build-docker-images/wazuh-manager/config/permanent_data.env

@@ -4,28 +4,15 @@ PERMANENT_DATA[((i++))]="/var/ossec/api/configuration"
 PERMANENT_DATA[((i++))]="/var/ossec/etc"
 PERMANENT_DATA[((i++))]="/var/ossec/logs"
 PERMANENT_DATA[((i++))]="/var/ossec/queue"
-PERMANENT_DATA[((i++))]="/var/ossec/agentless"
 PERMANENT_DATA[((i++))]="/var/ossec/var/multigroups"
-PERMANENT_DATA[((i++))]="/var/ossec/integrations"
 PERMANENT_DATA[((i++))]="/var/ossec/active-response/bin"
 PERMANENT_DATA[((i++))]="/var/ossec/wodles"
-PERMANENT_DATA[((i++))]="/etc/filebeat"
 
 export PERMANENT_DATA
 
 # Files mounted in a volume that should not be permanent
 i=0
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/internal_options.conf"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/maltiverse"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/maltiverse.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
@@ -41,18 +28,6 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-wazuh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/sshlogin.exp"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_pixconfig_diff"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_asa-fwsmconfig_diff"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_integrity_check_bsd"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/main.exp"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/su.exp"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_integrity_check_linux"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/register_host.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_generic_diff"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_foundry_diff"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_nopass.exp"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh.exp"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3.py"
@@ -97,9 +72,6 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/bucket.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/access_logs.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/lists/malicious-ioc/malicious-ip"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/lists/malicious-ioc/malicious-domains"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/lists/malicious-ioc/malware-hashes"
 export PERMANENT_DATA_EXCP
 
 # Files mounted in a volume that should be deleted

docs/README.md

@@ -138,7 +138,7 @@ The folder `wazuh-agent` contains a README explaining how to run a container wit
 	│   │       ├── wazuh2.indexer.yml
 	│   │       └── wazuh3.indexer.yml
 	│   ├── docker-compose.yml
-	│   ├── generate-certs.yml
+	│   ├── generate-indexer-certs.yml
 	│   ├── Migration-to-Wazuh-4.4.md
 	│   ├── README.md
 	│   └── volume-migrator.sh
@@ -157,7 +157,7 @@ The folder `wazuh-agent` contains a README explaining how to run a container wit
 	│   │   │   └── wazuh.indexer.yml
 	│   │   └── wazuh_indexer_ssl_certs  [error opening dir]
 	│   ├── docker-compose.yml
-	│   ├── generate-certs.yml
+	│   ├── generate-indexer-certs.yml
 	│   └── README.md
 	├── VERSION.json
 	└── wazuh-agent

docs/dev/build-image.md

@@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im
 The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
 
 ```
-$ build-docker-images/build-images.sh -v 6.0.0
+$ build-docker-images/build-images.sh -v 5.0.0
 ```
 
 To get all the available script options use the -h or --help option:
@@ -23,10 +23,9 @@ $ build-docker-images/build-images.sh -h
 
 Usage: build-docker-images/build-images.sh [OPTIONS]
 
-    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
-    -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default 0.4.
+    -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc2 or beta1, not used by default.
     -r, --revision <rev>         [Optional] Package revision. By default 1
-    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 6.0.0.
+    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 5.0.0.
     -h, --help                   Show this help.
 
 ```

docs/dev/introduction.md

@@ -1,6 +1,6 @@
 # Development Guide - Introduction
 
-Welcome to the Development Guide for Wazuh-docker version 6.0.0 This guide is intended for developers, contributors, and advanced users who wish to understand the development aspects of the Wazuh-Docker project, build custom Docker images, or contribute to its development.
+Welcome to the Development Guide for Wazuh-docker version 5.0.0 This guide is intended for developers, contributors, and advanced users who wish to understand the development aspects of the Wazuh-Docker project, build custom Docker images, or contribute to its development.
 
 ## Purpose of This Guide
 

docs/dev/setup.md

@@ -1,6 +1,6 @@
 # Development Guide - Setup Environment
 
-This section outlines the steps required to set up your local development environment for working with the Wazuh-Docker project (version 6.0.0). A proper setup is crucial for building images, running tests, and contributing effectively.
+This section outlines the steps required to set up your local development environment for working with the Wazuh-Docker project (version 5.0.0). A proper setup is crucial for building images, running tests, and contributing effectively.
 
 ## Prerequisites
 
@@ -26,12 +26,12 @@ Before you begin, ensure your system meets the following requirements:
 Follow these steps to prepare your development environment:
 
 1.  **Clone the Repository**:
-    Clone the `wazuh-docker` repository from GitHub. It's important to check out the specific branch you intend to work with, in this case, `6.0.0`.
+    Clone the `wazuh-docker` repository from GitHub. It's important to check out the specific branch you intend to work with, in this case, `5.0.0`.
 
     ```bash
     git clone [https://github.com/wazuh/wazuh-docker.git](https://github.com/wazuh/wazuh-docker.git)
     cd wazuh-docker
-    git checkout v6.0.0
+    git checkout v5.0.0
     ```
 
 2.  **Verify Docker Installation**:

docs/ref/Introduction/description.md

@@ -1,6 +1,6 @@
 # Reference Manual - Description
 
-This section provides a detailed description of Wazuh-docker (version 6.0.0), its components, and its architecture when deployed using Docker containers. Understanding these aspects is key to effectively deploying and managing your Wazuh environment.
+This section provides a detailed description of Wazuh-docker (version 5.0.0), its components, and its architecture when deployed using Docker containers. Understanding these aspects is key to effectively deploying and managing your Wazuh environment.
 
 ## What is Wazuh?
 
@@ -18,7 +18,7 @@ Wazuh-docker is a project that provides Docker images and `docker compose` confi
 
 ## Core Components in Wazuh-Docker
 
-The Wazuh-Docker project typically provides images for the following core Wazuh components, adapted for version 6.0.0:
+The Wazuh-Docker project typically provides images for the following core Wazuh components, adapted for version 5.0.0:
 
 1.  **Wazuh Manager**:
     -   The central component that collects and analyzes data from deployed Wazuh agents.
@@ -28,7 +28,7 @@ The Wazuh-Docker project typically provides images for the following core Wazuh
 2.  **Wazuh Indexer**:
     -   A highly scalable, full-text search and analytics engine.
     -   Based on OpenSearch (or historically Elasticsearch), it stores and indexes alerts and monitoring data generated by the Wazuh manager.
-    -   The Wazuh indexer container provides the data persistence layer for Wazuh alerts and events. For version 6.0.0, this is typically an OpenSearch-based component.
+    -   The Wazuh indexer container provides the data persistence layer for Wazuh alerts and events. For version 5.0.0, this is typically an OpenSearch-based component.
 
 3.  **Wazuh Dashboard**:
     -   A flexible visualization tool based on OpenSearch Dashboards (or historically Kibana).

docs/ref/Introduction/introduction.md

@@ -1,6 +1,6 @@
 # Reference Manual - Introduction
 
-Welcome to the Reference Manual for Wazuh-Docker, version 6.0.0. This manual provides comprehensive information about deploying, configuring, and managing your Wazuh environment using Docker.
+Welcome to the Reference Manual for Wazuh-Docker, version 5.0.0. This manual provides comprehensive information about deploying, configuring, and managing your Wazuh environment using Docker.
 
 ## Purpose of This Manual
 
@@ -44,4 +44,4 @@ This manual is structured to help you find information efficiently:
 -   If you need to customize your deployment, refer to the [Configuration](configuration/configuration.md) section.
 -   For specific terms or concepts, consult the [Glossary](glossary.md).
 
-This manual refers to version 6.0.0 of Wazuh-Docker. Ensure you are using the documentation that corresponds to your deployed version.
+This manual refers to version 5.0.0 of Wazuh-Docker. Ensure you are using the documentation that corresponds to your deployed version.

docs/ref/configuration/configuration-files.md

@@ -2,7 +2,7 @@
 
 ### 1. Wazuh Manager Configuration
 
-* **`ossec.conf`**: The main configuration file for the Wazuh manager. It controls rules, decoders, agent enrollment, active responses, integrations, clustering, and more.
+* **`ossec.conf`**: The main configuration file for the Wazuh manager. It controls rules, decoders, agent enrollment, active responses, clustering, and more.
     * **Customization**: Mount a custom `ossec.conf` or specific configuration snippets (e.g., local rules in `local_rules.xml`) into the manager container at `/wazuh-mount-point/`, which will be copied to the path `/var/ossec` (e.g., the file `/var/ossec/etc/ossec.conf` must be mounted at `/wazuh-mount-point/etc/ossec.conf`) .
 
 ### 2. Wazuh Indexer Configuration
@@ -29,4 +29,4 @@
         ```
 
 
-Consult the official Wazuh documentation for version 6.0.0 for detailed information on all possible configuration parameters for each component.
+Consult the official Wazuh documentation for version 5.0.0 for detailed information on all possible configuration parameters for each component.

docs/ref/configuration/configuration.md

@@ -1,6 +1,6 @@
 # Reference Manual - Configuration
 
-This section details how to configure your Wazuh-Docker deployment (version 6.0.0). Proper configuration is key to tailoring the Wazuh stack to your specific needs, managing data persistence, and integrating with your environment.
+This section details how to configure your Wazuh-Docker deployment (version 5.0.0). Proper configuration is key to tailoring the Wazuh stack to your specific needs, managing data persistence, and integrating with your environment.
 
 ## Overview of Configuration Methods
 

docs/ref/getting-started/deployment/deployment.md

@@ -1,6 +1,6 @@
 # Reference Manual - Deployment
 
-This section provides detailed instructions for deploying Wazuh-Docker (version 6.0.0) in various configurations. Choose the deployment model that best suits your needs, from simple single-node setups for testing to more robust multi-node configurations for production environments.
+This section provides detailed instructions for deploying Wazuh-Docker (version 5.0.0) in various configurations. Choose the deployment model that best suits your needs, from simple single-node setups for testing to more robust multi-node configurations for production environments.
 
 ## Overview of Deployment Options
 
@@ -24,11 +24,11 @@ Ensure you have:
 
 -   Met all the [System Requirements](ref/getting-started/requirements.md).
 -   Installed Docker and Docker Compose on your host(s).
--   Cloned the `wazuh-docker` repository (version `6.0.0`) or downloaded the necessary deployment files.
+-   Cloned the `wazuh-docker` repository (version `5.0.0`) or downloaded the necessary deployment files.
     ```bash
     git clone [https://github.com/wazuh/wazuh-docker.git](https://github.com/wazuh/wazuh-docker.git)
     cd wazuh-docker
-    git checkout v6.0.0
+    git checkout v5.0.0
     ```
 -   Made a backup of any existing Wazuh data if you are migrating or upgrading.
 

docs/ref/getting-started/deployment/multi-node.md

@@ -17,18 +17,18 @@ This deployment utilizes the `multi-node/docker-compose.yml` file, which defines
 
 3.  Run the script to generate the necessary certificates for the Wazuh Stack. This ensures secure communication between the nodes:
     ```bash
-    docker-compose -f generate-certs.yml run --rm generator
+    docker compose -f generate-indexer-certs.yml run --rm generator
     ```
 
-4.  Start the Wazuh environment using `docker-compose`:
+4.  Start the Wazuh environment using `docker compose`:
 
     * To run in the foreground (logs will be displayed in your current terminal; press `Ctrl+C` to stop):
         ```bash
-        docker-compose up
+        docker compose up
         ```
     * To run in the background (detached mode, allowing the containers to run independently of your terminal):
         ```bash
-        docker-compose up -d
+        docker compose up -d
         ```
 
 Please allow some time for the environment to initialize, especially on the first run. A multi-node setup can take a few minutes (depending on your host resources and network) as the Wazuh Indexer cluster forms, and the necessary indexes and index patterns are generated.

docs/ref/getting-started/deployment/single-node.md

@@ -17,18 +17,18 @@ This deployment uses the `single-node/docker-compose.yml` file, which defines a
 
 3.  Run the script to generate the necessary certificates for the Wazuh Stack. This ensures secure communication between the nodes:
     ```bash
-    docker-compose -f generate-certs.yml run --rm generator
+    docker compose -f generate-indexer-certs.yml run --rm generator
     ```
 
-4.  Start the Wazuh environment using `docker-compose`:
+4.  Start the Wazuh environment using `docker compose`:
 
     * To run in the foreground (logs will be displayed in your current terminal; press `Ctrl+C` to stop):
         ```bash
-        docker-compose up
+        docker compose up
         ```
     * To run in the background (detached mode, allowing the containers to run independently of your terminal):
         ```bash
-        docker-compose up -d
+        docker compose up -d
         ```
 
 Please allow some time for the environment to initialize, especially on the first run. It can take approximately a minute or two (depending on your host's resources) as the Wazuh Indexer starts up and generates the necessary indexes and index patterns.

docs/ref/getting-started/deployment/wazuh-agent.md

@@ -23,14 +23,14 @@ Follow these steps to deploy the Wazuh agent using Docker.
     ```
     **Note:** Replace `<YOUR_WAZUH_MANAGER_IP_OR_HOSTNAME>` with the actual IP address or hostname of your Wazuh manager.
 
-3.  Start the environment using `docker-compose`:
+3.  Start the environment using `docker compose`:
 
     * To run in the foreground (logs will be displayed in your current terminal, and you can stop it with `Ctrl+C`):
         ```bash
-        docker-compose up
+        docker compose up
         ```
 
     * To run in the background (detached mode, allowing the container to run independently of your terminal):
         ```bash
-        docker-compose up -d
+        docker compose up -d
         ```

docs/ref/getting-started/getting-started.md

@@ -1,6 +1,6 @@
 # Reference Manual - Getting Started
 
-This section guides you through the initial steps to get your Wazuh-docker (version 6.0.0) environment up and running. We will cover the prerequisites and point you to the deployment instructions.
+This section guides you through the initial steps to get your Wazuh-docker (version 5.0.0) environment up and running. We will cover the prerequisites and point you to the deployment instructions.
 
 ## Overview
 
@@ -27,11 +27,11 @@ Before diving into the deployment, please ensure you have reviewed:
     Verify that your host system has sufficient RAM, CPU, and disk space. Ensure Docker and Docker Compose are installed and functioning correctly.
 
 2.  **Obtain Wazuh-docker Configuration**:
-    You'll need the Docker Compose files and any associated configuration files from the `wazuh-docker` repository for version 6.0.0.
+    You'll need the Docker Compose files and any associated configuration files from the `wazuh-docker` repository for version 5.0.0.
     ```bash
     git clone [https://github.com/wazuh/wazuh-docker.git](https://github.com/wazuh/wazuh-docker.git)
     cd wazuh-docker
-    git checkout v6.0.0
+    git checkout v5.0.0
     # Navigate to the specific docker-compose directory, e.g., single-node or multi-node
     # cd docker-compose/single-node/ (example path)
     ```

docs/ref/getting-started/requirements.md

@@ -1,6 +1,6 @@
 # Reference Manual - Requirements
 
-Before deploying Wazuh-Docker (version 6.0.0), it's essential to ensure your environment meets the necessary hardware and software requirements. Meeting these prerequisites will help ensure a stable and performant Wazuh deployment.
+Before deploying Wazuh-Docker (version 5.0.0), it's essential to ensure your environment meets the necessary hardware and software requirements. Meeting these prerequisites will help ensure a stable and performant Wazuh deployment.
 
 ## Host System Requirements
 

docs/ref/glossary.md

@@ -1,6 +1,6 @@
 # Reference Manual - Glossary
 
-This glossary defines key terms and concepts related to Wazuh, Docker, and their use together in the Wazuh-Docker project (version 6.0.0).
+This glossary defines key terms and concepts related to Wazuh, Docker, and their use together in the Wazuh-Docker project (version 5.0.0).
 
 ---
 
@@ -22,7 +22,7 @@ This glossary defines key terms and concepts related to Wazuh, Docker, and their
 
 **D**
 
--   **Dashboard (Wazuh Dashboard / OpenSearch Dashboards / Kibana)**: A web-based visualization tool used to explore, analyze, and visualize data stored in the Wazuh Indexer. It provides dashboards, visualizations, and a query interface for security events and alerts. For Wazuh 6.0.0, this is typically OpenSearch Dashboards.
+-   **Dashboard (Wazuh Dashboard / OpenSearch Dashboards / Kibana)**: A web-based visualization tool used to explore, analyze, and visualize data stored in the Wazuh Indexer. It provides dashboards, visualizations, and a query interface for security events and alerts. For Wazuh 5.0.0, this is typically OpenSearch Dashboards.
 -   **Decoder**: A component in the Wazuh Manager that parses and extracts relevant information (fields) from raw log messages or event data.
 -   **Docker**: An open platform for developing, shipping, and running applications inside containers.
 -   **Docker Compose**: A tool for defining and running multi-container Docker applications. It uses a YAML file (`docker-compose.yml`) to configure the application's services, networks, and volumes.
@@ -42,7 +42,7 @@ This glossary defines key terms and concepts related to Wazuh, Docker, and their
 
 **I**
 
--   **Indexer (Wazuh Indexer / OpenSearch / Elasticsearch)**: The component responsible for storing, indexing, and making searchable the alerts and event data generated by the Wazuh Manager. For Wazuh 6.0.0, this is typically OpenSearch.
+-   **Indexer (Wazuh Indexer / OpenSearch / Elasticsearch)**: The component responsible for storing, indexing, and making searchable the alerts and event data generated by the Wazuh Manager. For Wazuh 5.0.0, this is typically OpenSearch.
 
 **L**
 

indexer-certs-creator/Dockerfile

@@ -1,8 +1,7 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 FROM amazonlinux:2023
 
-RUN yum install curl-minimal openssl -y &&\
-yum clean all
+RUN yum update -y && yum install openssl curl-minimal -y
 
 WORKDIR /
 

indexer-certs-creator/README.md

@@ -5,5 +5,5 @@ The dockerfile hosted in this directory is used to build the image used to boot
 To create the image, the following command must be executed:
 
 ```
-$ docker build -t wazuh/wazuh-certs-generator:0.0.2 .
+$ docker build -t wazuh/wazuh-certs-generator:0.0.3 .
 ```

indexer-certs-creator/config/entrypoint.sh

@@ -8,29 +8,35 @@
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/6.0/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/6.0/
+PACKAGES_URL=https://packages.wazuh.com/$CERT_TOOL_VERSION/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/$CERT_TOOL_VERSION/
 
-## Check if the cert tool exists in S3 buckets
-CERT_TOOL_PACKAGES=$(curl --silent --head --location --output /dev/null --write-out "%{http_code}" "$PACKAGES_URL$CERT_TOOL")
-CERT_TOOL_PACKAGES_DEV=$(curl --silent --head --location --output /dev/null --write-out "%{http_code}" "$PACKAGES_DEV_URL$CERT_TOOL")
+OUTPUT_FILE="/$CERT_TOOL"
 
-## If cert tool exists in some bucket, download it, if not exit 1
-if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
-  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL -s
-  echo "The tool to create the certificates exists in the in Packages bucket"
-elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then
-  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL -s
-  echo "The tool to create the certificates exists in Packages-dev bucket"
+download_package() {
+    local url=$1
+    echo "Checking $url$CERT_TOOL ..."
+    if curl -fsL "$url$CERT_TOOL" -o "$OUTPUT_FILE"; then
+        echo "Downloaded $CERT_TOOL from $url"
+        return 0
+    else
+        return 1
+    fi
+}
+
+# Try first the prod URL, if it fails try the dev URL
+if download_package "$PACKAGES_URL"; then
+    :
+elif download_package "$PACKAGES_DEV_URL"; then
+    :
 else
-  echo "The tool to create the certificates does not exist in any bucket"
-  echo "ERROR: certificates were not created"
-  exit 1
+    echo "The tool to create the certificates does not exist in any bucket"
+    echo "ERROR: certificates were not created"
+    exit 1
 fi
 
 cp /config/certs.yml /config.yml
-
-chmod 700 /$CERT_TOOL
+chmod 700 "$OUTPUT_FILE"
 
 ##############################################################################
 # Creating Cluster certificates

multi-node/Migration-to-Wazuh-4.4.md

@@ -80,13 +80,6 @@ docker volume create \
            multi-node_master-wazuh-var-multigroups
 ```
 ```
-docker volume create \
-           --label com.docker.compose.project=multi-node \
-           --label com.docker.compose.version=1.25.0 \
-           --label com.docker.compose.volume=master-wazuh-integrations \
-           multi-node_master-wazuh-integrations
-```
-```
 docker volume create \
            --label com.docker.compose.project=multi-node \
            --label com.docker.compose.version=1.25.0 \
@@ -94,13 +87,6 @@ docker volume create \
            multi-node_master-wazuh-active-response
 ```
 ```
-docker volume create \
-           --label com.docker.compose.project=multi-node \
-           --label com.docker.compose.version=1.25.0 \
-           --label com.docker.compose.volume=master-wazuh-agentless \
-           multi-node_master-wazuh-agentless
-```
-```
 docker volume create \
            --label com.docker.compose.project=multi-node \
            --label com.docker.compose.version=1.25.0 \
@@ -157,13 +143,6 @@ docker volume create \
            multi-node_worker-wazuh-var-multigroups
 ```
 ```
-docker volume create \
-           --label com.docker.compose.project=multi-node \
-           --label com.docker.compose.version=1.25.0 \
-           --label com.docker.compose.volume=worker-wazuh-integrations \
-           multi-node_worker-wazuh-integrations
-```
-```
 docker volume create \
            --label com.docker.compose.project=multi-node \
            --label com.docker.compose.version=1.25.0 \
@@ -171,13 +150,6 @@ docker volume create \
            multi-node_worker-wazuh-active-response
 ```
 ```
-docker volume create \
-           --label com.docker.compose.project=multi-node \
-           --label com.docker.compose.version=1.25.0 \
-           --label com.docker.compose.volume=worker-wazuh-agentless \
-           multi-node_worker-wazuh-agentless
-```
-```
 docker volume create \
            --label com.docker.compose.project=multi-node \
            --label com.docker.compose.version=1.25.0 \
@@ -248,24 +220,12 @@ docker container run --rm -it \
            alpine ash -c "cd /from ; cp -avp . /to"
 ```
 ```
-docker container run --rm -it \
-           -v wazuh-docker_ossec-integrations:/from \
-           -v multi-node_master-wazuh-integrations:/to \
-           alpine ash -c "cd /from ; cp -avp . /to"
-```
-```
 docker container run --rm -it \
            -v wazuh-docker_ossec-active-response:/from \
            -v multi-node_master-wazuh-active-response:/to \
            alpine ash -c "cd /from ; cp -avp . /to"
 ```
 ```
-docker container run --rm -it \
-           -v wazuh-docker_ossec-agentless:/from \
-           -v multi-node_master-wazuh-agentless:/to \
-           alpine ash -c "cd /from ; cp -avp . /to"
-```
-```
 docker container run --rm -it \
            -v wazuh-docker_ossec-wodles:/from \
            -v multi-node_master-wazuh-wodles:/to \
@@ -314,24 +274,12 @@ docker container run --rm -it \
            alpine ash -c "cd /from ; cp -avp . /to"
 ```
 ```
-docker container run --rm -it \
-           -v wazuh-docker_worker-ossec-integrations:/from \
-           -v multi-node_worker-wazuh-integrations:/to \
-           alpine ash -c "cd /from ; cp -avp . /to"
-```
-```
 docker container run --rm -it \
            -v wazuh-docker_worker-ossec-active-response:/from \
            -v multi-node_worker-wazuh-active-response:/to \
            alpine ash -c "cd /from ; cp -avp . /to"
 ```
 ```
-docker container run --rm -it \
-           -v wazuh-docker_worker-ossec-agentless:/from \
-           -v multi-node_worker-wazuh-agentless:/to \
-           alpine ash -c "cd /from ; cp -avp . /to"
-```
-```
 docker container run --rm -it \
            -v wazuh-docker_worker-ossec-wodles:/from \
            -v multi-node_worker-wazuh-wodles:/to \
@@ -354,7 +302,7 @@ docker container run --rm -it \
 ```
 git checkout 4.4
 cd multi-node
-docker-compose -f generate-certs.yml run --rm generator
+docker-compose -f generate-indexer-certs.yml run --rm generator
 docker-compose up -d
 ```
 

multi-node/README.md

@@ -8,7 +8,7 @@ $ sysctl -w vm.max_map_count=262144
 ```
 2) Run the certificate creation script:
 ```
-$ docker compose -f generate-certs.yml run --rm generator
+$ docker compose -f generate-indexer-certs.yml run --rm generator
 ```
 3) Start the environment with docker compose:
 

multi-node/config/wazuh_cluster/wazuh_manager.conf

@@ -1,24 +1,10 @@
 <ossec_config>
   <global>
-    <jsonout_output>yes</jsonout_output>
-    <alerts_log>yes</alerts_log>
-    <logall>no</logall>
-    <logall_json>no</logall_json>
-    <email_notification>no</email_notification>
-    <smtp_server>smtp.example.wazuh.com</smtp_server>
-    <email_from>wazuh@example.wazuh.com</email_from>
-    <email_to>recipient@example.wazuh.com</email_to>
-    <email_maxperhour>12</email_maxperhour>
-    <email_log_source>alerts.log</email_log_source>
-    <agents_disconnection_time>10m</agents_disconnection_time>
+    <agents_disconnection_time>15m</agents_disconnection_time>
     <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
+    <update_check>yes</update_check>
   </global>
 
-  <alerts>
-    <log_alert_level>3</log_alert_level>
-    <email_alert_level>12</email_alert_level>
-  </alerts>
-
   <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
   <logging>
     <log_format>plain</log_format>
@@ -34,8 +20,6 @@
   <!-- Policy monitoring -->
   <rootcheck>
     <disabled>no</disabled>
-    <check_files>yes</check_files>
-    <check_trojans>yes</check_trojans>
     <check_dev>yes</check_dev>
     <check_sys>yes</check_sys>
     <check_pids>yes</check_pids>
@@ -45,31 +29,12 @@
     <!-- Frequency that rootcheck is executed - every 12 hours -->
     <frequency>43200</frequency>
 
-    <rootkit_files>etc/rootcheck/rootkit_files.txt</rootkit_files>
-    <rootkit_trojans>etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
-
     <skip_nfs>yes</skip_nfs>
+
+    <ignore>/var/lib/containerd</ignore>
+    <ignore>/var/lib/docker/overlay2</ignore>
   </rootcheck>
 
-  <wodle name="cis-cat">
-    <disabled>yes</disabled>
-    <timeout>1800</timeout>
-    <interval>1d</interval>
-    <scan-on-start>yes</scan-on-start>
-
-    <java_path>wodles/java</java_path>
-    <ciscat_path>wodles/ciscat</ciscat_path>
-  </wodle>
-
-  <!-- Osquery integration -->
-  <wodle name="osquery">
-    <disabled>yes</disabled>
-    <run_daemon>yes</run_daemon>
-    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
-    <config_path>/etc/osquery/osquery.conf</config_path>
-    <add_labels>yes</add_labels>
-  </wodle>
-
   <!-- System inventory -->
   <wodle name="syscollector">
     <disabled>no</disabled>
@@ -79,11 +44,17 @@
     <os>yes</os>
     <network>yes</network>
     <packages>yes</packages>
-    <ports all="no">yes</ports>
+    <ports all="yes">yes</ports>
     <processes>yes</processes>
+    <users>yes</users>
+    <groups>yes</groups>
+    <services>yes</services>
+    <browser_extensions>yes</browser_extensions>
 
     <!-- Database synchronization settings -->
     <synchronization>
+      <enabled>yes</enabled>
+      <interval>5m</interval>
       <max_eps>10</max_eps>
     </synchronization>
   </wodle>
@@ -92,7 +63,13 @@
     <enabled>yes</enabled>
     <scan_on_start>yes</scan_on_start>
     <interval>12h</interval>
-    <skip_nfs>yes</skip_nfs>
+
+    <!-- Database synchronization settings -->
+    <synchronization>
+      <enabled>yes</enabled>
+      <interval>5m</interval>
+      <max_eps>10</max_eps>
+    </synchronization>
   </sca>
 
   <vulnerability-detection>
@@ -124,8 +101,6 @@
     <!-- Frequency that syscheck is executed default every 12 hours -->
     <frequency>43200</frequency>
 
-    <scan_on_start>yes</scan_on_start>
-
     <!-- Generate alert when new file detected -->
     <alert_new_files>yes</alert_new_files>
 
@@ -165,13 +140,12 @@
     <process_priority>10</process_priority>
 
     <!-- Maximum output throughput -->
-    <max_eps>100</max_eps>
+    <max_eps>50</max_eps>
 
     <!-- Database synchronization settings -->
     <synchronization>
       <enabled>yes</enabled>
       <interval>5m</interval>
-      <max_interval>1h</max_interval>
       <max_eps>10</max_eps>
     </synchronization>
   </syscheck>
@@ -266,13 +240,6 @@
     <rule_dir>etc/rules</rule_dir>
   </ruleset>
 
-  <rule_test>
-    <enabled>yes</enabled>
-    <threads>1</threads>
-    <max_sessions>64</max_sessions>
-    <session_timeout>15m</session_timeout>
-  </rule_test>
-
   <!-- Configuration for wazuh-authd -->
   <auth>
     <disabled>no</disabled>
@@ -305,9 +272,19 @@
 </ossec_config>
 
 <ossec_config>
+  <localfile>
+    <log_format>journald</log_format>
+    <location>journald</location>
+  </localfile>
+
+  <localfile>
+    <log_format>audit</log_format>
+    <location>/var/log/audit/audit.log</location>
+  </localfile>
+
   <localfile>
     <log_format>syslog</log_format>
     <location>/var/ossec/logs/active-responses.log</location>
   </localfile>
 
-</ossec_config>
+</ossec_config>

multi-node/config/wazuh_cluster/wazuh_worker.conf

@@ -1,24 +1,10 @@
 <ossec_config>
   <global>
-    <jsonout_output>yes</jsonout_output>
-    <alerts_log>yes</alerts_log>
-    <logall>no</logall>
-    <logall_json>no</logall_json>
-    <email_notification>no</email_notification>
-    <smtp_server>smtp.example.wazuh.com</smtp_server>
-    <email_from>wazuh@example.wazuh.com</email_from>
-    <email_to>recipient@example.wazuh.com</email_to>
-    <email_maxperhour>12</email_maxperhour>
-    <email_log_source>alerts.log</email_log_source>
-    <agents_disconnection_time>10m</agents_disconnection_time>
+    <agents_disconnection_time>15m</agents_disconnection_time>
     <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
+    <update_check>yes</update_check>
   </global>
 
-  <alerts>
-    <log_alert_level>3</log_alert_level>
-    <email_alert_level>12</email_alert_level>
-  </alerts>
-
   <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
   <logging>
     <log_format>plain</log_format>
@@ -34,8 +20,6 @@
   <!-- Policy monitoring -->
   <rootcheck>
     <disabled>no</disabled>
-    <check_files>yes</check_files>
-    <check_trojans>yes</check_trojans>
     <check_dev>yes</check_dev>
     <check_sys>yes</check_sys>
     <check_pids>yes</check_pids>
@@ -45,31 +29,12 @@
     <!-- Frequency that rootcheck is executed - every 12 hours -->
     <frequency>43200</frequency>
 
-    <rootkit_files>etc/rootcheck/rootkit_files.txt</rootkit_files>
-    <rootkit_trojans>etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
-
     <skip_nfs>yes</skip_nfs>
+
+    <ignore>/var/lib/containerd</ignore>
+    <ignore>/var/lib/docker/overlay2</ignore>
   </rootcheck>
 
-  <wodle name="cis-cat">
-    <disabled>yes</disabled>
-    <timeout>1800</timeout>
-    <interval>1d</interval>
-    <scan-on-start>yes</scan-on-start>
-
-    <java_path>wodles/java</java_path>
-    <ciscat_path>wodles/ciscat</ciscat_path>
-  </wodle>
-
-  <!-- Osquery integration -->
-  <wodle name="osquery">
-    <disabled>yes</disabled>
-    <run_daemon>yes</run_daemon>
-    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
-    <config_path>/etc/osquery/osquery.conf</config_path>
-    <add_labels>yes</add_labels>
-  </wodle>
-
   <!-- System inventory -->
   <wodle name="syscollector">
     <disabled>no</disabled>
@@ -79,11 +44,17 @@
     <os>yes</os>
     <network>yes</network>
     <packages>yes</packages>
-    <ports all="no">yes</ports>
+    <ports all="yes">yes</ports>
     <processes>yes</processes>
+    <users>yes</users>
+    <groups>yes</groups>
+    <services>yes</services>
+    <browser_extensions>yes</browser_extensions>
 
     <!-- Database synchronization settings -->
     <synchronization>
+      <enabled>yes</enabled>
+      <interval>5m</interval>
       <max_eps>10</max_eps>
     </synchronization>
   </wodle>
@@ -92,7 +63,13 @@
     <enabled>yes</enabled>
     <scan_on_start>yes</scan_on_start>
     <interval>12h</interval>
-    <skip_nfs>yes</skip_nfs>
+
+    <!-- Database synchronization settings -->
+    <synchronization>
+      <enabled>yes</enabled>
+      <interval>5m</interval>
+      <max_eps>10</max_eps>
+    </synchronization>
   </sca>
 
   <vulnerability-detection>
@@ -124,8 +101,6 @@
     <!-- Frequency that syscheck is executed default every 12 hours -->
     <frequency>43200</frequency>
 
-    <scan_on_start>yes</scan_on_start>
-
     <!-- Generate alert when new file detected -->
     <alert_new_files>yes</alert_new_files>
 
@@ -165,13 +140,12 @@
     <process_priority>10</process_priority>
 
     <!-- Maximum output throughput -->
-    <max_eps>100</max_eps>
+    <max_eps>50</max_eps>
 
     <!-- Database synchronization settings -->
     <synchronization>
       <enabled>yes</enabled>
       <interval>5m</interval>
-      <max_interval>1h</max_interval>
       <max_eps>10</max_eps>
     </synchronization>
   </syscheck>
@@ -266,13 +240,6 @@
     <rule_dir>etc/rules</rule_dir>
   </ruleset>
 
-  <rule_test>
-    <enabled>yes</enabled>
-    <threads>1</threads>
-    <max_sessions>64</max_sessions>
-    <session_timeout>15m</session_timeout>
-  </rule_test>
-
   <!-- Configuration for wazuh-authd -->
   <auth>
     <disabled>no</disabled>
@@ -305,9 +272,19 @@
 </ossec_config>
 
 <ossec_config>
+  <localfile>
+    <log_format>journald</log_format>
+    <location>journald</location>
+  </localfile>
+
+  <localfile>
+    <log_format>audit</log_format>
+    <location>/var/log/audit/audit.log</location>
+  </localfile>
+
   <localfile>
     <log_format>syslog</log_format>
     <location>/var/ossec/logs/active-responses.log</location>
   </localfile>
 
-</ossec_config>
+</ossec_config>

multi-node/config/wazuh_dashboard/opensearch_dashboards.yml

@@ -0,0 +1,16 @@
+server.host: 0.0.0.0
+server.port: 5601
+opensearch.hosts: https://wazuh1.indexer:9200
+opensearch.ssl.verificationMode: certificate
+opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: true
+server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
+server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
+opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
+uiSettings.overrides.defaultRoute: /app/wz-home
+# Session expiration settings
+opensearch_security.cookie.ttl: 900000
+opensearch_security.session.ttl: 900000
+opensearch_security.session.keepalive: true

multi-node/config/wazuh_indexer/wazuh1.indexer.yml

@@ -0,0 +1,37 @@
+network.host: wazuh1.indexer
+node.name: wazuh1.indexer
+cluster.initial_cluster_manager_nodes:
+        - wazuh1.indexer
+        - wazuh2.indexer
+        - wazuh3.indexer
+cluster.name: "wazuh-cluster"
+discovery.seed_hosts:
+        - wazuh1.indexer
+        - wazuh2.indexer
+        - wazuh3.indexer
+node.max_local_storage_nodes: "3"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false

multi-node/config/wazuh_indexer/wazuh2.indexer.yml

@@ -0,0 +1,37 @@
+network.host: wazuh2.indexer
+node.name: wazuh2.indexer
+cluster.initial_cluster_manager_nodes:
+        - wazuh1.indexer
+        - wazuh2.indexer
+        - wazuh3.indexer
+cluster.name: "wazuh-cluster"
+discovery.seed_hosts:
+        - wazuh1.indexer
+        - wazuh2.indexer
+        - wazuh3.indexer
+node.max_local_storage_nodes: "3"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false

multi-node/config/wazuh_indexer/wazuh3.indexer.yml

@@ -0,0 +1,37 @@
+network.host: wazuh3.indexer
+node.name: wazuh3.indexer
+cluster.initial_cluster_manager_nodes:
+        - wazuh1.indexer
+        - wazuh2.indexer
+        - wazuh3.indexer
+cluster.name: "wazuh-cluster"
+discovery.seed_hosts:
+        - wazuh1.indexer
+        - wazuh2.indexer
+        - wazuh3.indexer
+node.max_local_storage_nodes: "3"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false

multi-node/docker-compose.yml

@@ -1,7 +1,7 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 services:
   wazuh.master:
-    image: wazuh/wazuh-manager:6.0.0
+    image: wazuh/wazuh-manager:5.0.0
     hostname: wazuh.master
     restart: always
     ulimits:
@@ -16,24 +16,22 @@ services:
       - "514:514/udp"
       - "55000:55000"
     environment:
-      INDEXER_URL: https://wazuh1.indexer:9200
-      INDEXER_USERNAME: admin
-      INDEXER_PASSWORD: admin
-      FILEBEAT_SSL_VERIFICATION_MODE: full
-      SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
-      SSL_CERTIFICATE: /etc/ssl/filebeat.pem
-      SSL_KEY: /etc/ssl/filebeat.key
-      API_USERNAME: wazuh-wui
-      API_PASSWORD: MyS3cr37P450r.*-
+      - INDEXER_URL=https://wazuh1.indexer:9200
+      - INDEXER_USERNAME=admin
+      - INDEXER_PASSWORD=SecretPassword
+      - FILEBEAT_SSL_VERIFICATION_MODE=full
+      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
+      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
+      - SSL_KEY=/etc/ssl/filebeat.key
+      - API_USERNAME=wazuh-wui
+      - API_PASSWORD=MyS3cr37P450r.*-
     volumes:
       - master-wazuh-api-configuration:/var/ossec/api/configuration
       - master-wazuh-etc:/var/ossec/etc
       - master-wazuh-logs:/var/ossec/logs
       - master-wazuh-queue:/var/ossec/queue
       - master-wazuh-var-multigroups:/var/ossec/var/multigroups
-      - master-wazuh-integrations:/var/ossec/integrations
       - master-wazuh-active-response:/var/ossec/active-response/bin
-      - master-wazuh-agentless:/var/ossec/agentless
       - master-wazuh-wodles:/var/ossec/wodles
       - master-filebeat-etc:/etc/filebeat
       - master-filebeat-var:/var/lib/filebeat
@@ -43,7 +41,7 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.worker:
-    image: wazuh/wazuh-manager:6.0.0
+    image: wazuh/wazuh-manager:5.0.0
     hostname: wazuh.worker
     restart: always
     ulimits:
@@ -54,22 +52,20 @@ services:
         soft: 655360
         hard: 655360
     environment:
-      INDEXER_URL: https://wazuh1.indexer:9200
-      INDEXER_USERNAME: admin
-      INDEXER_PASSWORD: admin
-      FILEBEAT_SSL_VERIFICATION_MODE: full
-      SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
-      SSL_CERTIFICATE: /etc/ssl/filebeat.pem
-      SSL_KEY: /etc/ssl/filebeat.key
+      - INDEXER_URL=https://wazuh1.indexer:9200
+      - INDEXER_USERNAME=admin
+      - INDEXER_PASSWORD=SecretPassword
+      - FILEBEAT_SSL_VERIFICATION_MODE=full
+      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
+      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
+      - SSL_KEY=/etc/ssl/filebeat.key
     volumes:
       - worker-wazuh-api-configuration:/var/ossec/api/configuration
       - worker-wazuh-etc:/var/ossec/etc
       - worker-wazuh-logs:/var/ossec/logs
       - worker-wazuh-queue:/var/ossec/queue
       - worker-wazuh-var-multigroups:/var/ossec/var/multigroups
-      - worker-wazuh-integrations:/var/ossec/integrations
       - worker-wazuh-active-response:/var/ossec/active-response/bin
-      - worker-wazuh-agentless:/var/ossec/agentless
       - worker-wazuh-wodles:/var/ossec/wodles
       - worker-filebeat-etc:/etc/filebeat
       - worker-filebeat-var:/var/lib/filebeat
@@ -79,62 +75,38 @@ services:
       - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh1.indexer:
-    image: wazuh/wazuh-indexer:6.0.0
+    image: wazuh/wazuh-indexer:5.0.0
     hostname: wazuh1.indexer
     restart: always
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 65536
-        hard: 65536
     ports:
       - "9200:9200"
     environment:
-      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
-      bootstrap.memory_lock: "true"
-      NETWORK_HOST: wazuh1.indexer
-      NODE_NAME: wazuh1.indexer
-      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
-      CLUSTER_NAME: "wazuh-cluster"
-      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
-      NODE_MAX_LOCAL_STORAGE_NODES: "3"
-      PATH_DATA: /var/lib/wazuh-indexer
-      PATH_LOGS: /var/log/wazuh-indexer
-      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
-      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key
-      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
-      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
-      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
-      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
-      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
-      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
-      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
-      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
-      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
-      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
-      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
-      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
-      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "bootstrap.memory_lock=true"
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
     volumes:
       - wazuh-indexer-data-1:/var/lib/wazuh-indexer
-      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.key
-      - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
-      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
-      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
-      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
-      # - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh1.indexer.key
+      - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh1.indexer.pem
+      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem
+      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem
+      - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
+      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml
 
   wazuh2.indexer:
-    image: wazuh/wazuh-indexer:6.0.0
+    image: wazuh/wazuh-indexer:5.0.0
     hostname: wazuh2.indexer
     restart: always
+    environment:
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "bootstrap.memory_lock=true"
     ulimits:
       memlock:
         soft: -1
@@ -142,48 +114,21 @@ services:
       nofile:
         soft: 65536
         hard: 65536
-    environment:
-      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
-      bootstrap.memory_lock: "true"
-      NETWORK_HOST: wazuh2.indexer
-      NODE_NAME: wazuh2.indexer
-      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
-      CLUSTER_NAME: "wazuh-cluster"
-      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
-      NODE_MAX_LOCAL_STORAGE_NODES: "3"
-      PATH_DATA: /var/lib/wazuh-indexer
-      PATH_LOGS: /var/log/wazuh-indexer
-      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
-      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key
-      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
-      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
-      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
-      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
-      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
-      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
-      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
-      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
-      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
-      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
-      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
-      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
-      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
     volumes:
       - wazuh-indexer-data-2:/var/lib/wazuh-indexer
-      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.key
-      - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
-      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
-      # - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh2.indexer.key
+      - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh2.indexer.pem
+      - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
+      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml
 
   wazuh3.indexer:
-    image: wazuh/wazuh-indexer:6.0.0
+    image: wazuh/wazuh-indexer:5.0.0
     hostname: wazuh3.indexer
     restart: always
+    environment:
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "bootstrap.memory_lock=true"
     ulimits:
       memlock:
         soft: -1
@@ -191,84 +136,35 @@ services:
       nofile:
         soft: 65536
         hard: 65536
-    environment:
-      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
-      bootstrap.memory_lock: "true"
-      NETWORK_HOST: wazuh3.indexer
-      NODE_NAME: wazuh3.indexer
-      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
-      CLUSTER_NAME: "wazuh-cluster"
-      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
-      NODE_MAX_LOCAL_STORAGE_NODES: "3"
-      PATH_DATA: /var/lib/wazuh-indexer
-      PATH_LOGS: /var/log/wazuh-indexer
-      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
-      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key
-      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
-      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
-      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
-      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
-      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
-      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
-      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
-      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
-      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
-      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
-      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
-      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
-      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
     volumes:
       - wazuh-indexer-data-3:/var/lib/wazuh-indexer
-      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.key
-      - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
-      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
-      # - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh3.indexer.key
+      - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh3.indexer.pem
+      - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
+      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:6.0.0
+    image: wazuh/wazuh-dashboard:5.0.0
     hostname: wazuh.dashboard
     restart: always
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 65536
-        hard: 65536
     ports:
       - 443:5601
     environment:
-      OPENSEARCH_HOSTS: "https://wazuh1.indexer:9200"
-      WAZUH_API_URL: "https://wazuh.master"
-      API_USERNAME: wazuh-wui
-      API_PASSWORD: MyS3cr37P450r.*-
-      DASHBOARD_USERNAME: kibanaserver
-      DASHBOARD_PASSWORD: kibanaserver
-      SERVER_HOST: "0.0.0.0"
-      SERVER_PORT: "5601"
-      OPENSEARCH_SSL_VERIFICATIONMODE: certificate
-      OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]'
-      OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false"
-      SERVER_SSL_ENABLED: "true"
-      OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]'
-      SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
-      SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
-      OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]'
-      UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home
+      - OPENSEARCH_HOSTS="https://wazuh1.indexer:9200"
+      - WAZUH_API_URL="https://wazuh.master"
+      - API_USERNAME=wazuh-wui
+      - API_PASSWORD=MyS3cr37P450r.*-
+      - DASHBOARD_USERNAME=kibanaserver
+      - DASHBOARD_PASSWORD=kibanaserver
     volumes:
-      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
-      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
+      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
       - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
-      #  if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables
-      # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
+      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
     depends_on:
       - wazuh1.indexer
     links:
@@ -298,9 +194,7 @@ volumes:
   master-wazuh-logs:
   master-wazuh-queue:
   master-wazuh-var-multigroups:
-  master-wazuh-integrations:
   master-wazuh-active-response:
-  master-wazuh-agentless:
   master-wazuh-wodles:
   master-filebeat-etc:
   master-filebeat-var:
@@ -309,9 +203,7 @@ volumes:
   worker-wazuh-logs:
   worker-wazuh-queue:
   worker-wazuh-var-multigroups:
-  worker-wazuh-integrations:
   worker-wazuh-active-response:
-  worker-wazuh-agentless:
   worker-wazuh-wodles:
   worker-filebeat-etc:
   worker-filebeat-var:

multi-node/generate-indexer-certs.yml

@@ -0,0 +1,10 @@
+# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+services:
+  generator:
+    image: wazuh/wazuh-certs-generator:0.0.3
+    hostname: wazuh-certs-generator
+    environment:
+      - CERT_TOOL_VERSION=4.14
+    volumes:
+      - ./config/wazuh_indexer_ssl_certs/:/certificates/
+      - ./config/certs.yml:/config/certs.yml

multi-node/volume-migrator.sh

@@ -46,24 +46,12 @@ docker volume create \
            --label com.docker.compose.volume=master-wazuh-var-multigroups \
            $2_master-wazuh-var-multigroups
 
-docker volume create \
-           --label com.docker.compose.project=$2 \
-           --label com.docker.compose.version=$1 \
-           --label com.docker.compose.volume=master-wazuh-integrations \
-           $2_master-wazuh-integrations
-
 docker volume create \
            --label com.docker.compose.project=$2 \
            --label com.docker.compose.version=$1 \
            --label com.docker.compose.volume=master-wazuh-active-response \
            $2_master-wazuh-active-response
 
-docker volume create \
-           --label com.docker.compose.project=$2 \
-           --label com.docker.compose.version=$1 \
-           --label com.docker.compose.volume=master-wazuh-agentless \
-           $2_master-wazuh-agentless
-
 docker volume create \
            --label com.docker.compose.project=$2 \
            --label com.docker.compose.version=$1 \
@@ -112,24 +100,12 @@ docker volume create \
            --label com.docker.compose.volume=worker-wazuh-var-multigroups \
            $2_worker-wazuh-var-multigroups
 
-docker volume create \
-           --label com.docker.compose.project=$2 \
-           --label com.docker.compose.version=$1 \
-           --label com.docker.compose.volume=worker-wazuh-integrations \
-           $2_worker-wazuh-integrations
-
 docker volume create \
            --label com.docker.compose.project=$2 \
            --label com.docker.compose.version=$1 \
            --label com.docker.compose.volume=worker-wazuh-active-response \
            $2_worker-wazuh-active-response
 
-docker volume create \
-           --label com.docker.compose.project=$2 \
-           --label com.docker.compose.version=$1 \
-           --label com.docker.compose.volume=worker-wazuh-agentless \
-           $2_worker-wazuh-agentless
-
 docker volume create \
            --label com.docker.compose.project=$2 \
            --label com.docker.compose.version=$1 \
@@ -193,21 +169,11 @@ docker container run --rm -it \
            -v $2_master-wazuh-var-multigroups:/to \
            alpine ash -c "cd /from ; cp -avp . /to"
 
-docker container run --rm -it \
-           -v wazuh-docker_ossec-integrations:/from \
-           -v $2_master-wazuh-integrations:/to \
-           alpine ash -c "cd /from ; cp -avp . /to"
-
 docker container run --rm -it \
            -v wazuh-docker_ossec-active-response:/from \
            -v $2_master-wazuh-active-response:/to \
            alpine ash -c "cd /from ; cp -avp . /to"
 
-docker container run --rm -it \
-           -v wazuh-docker_ossec-agentless:/from \
-           -v $2_master-wazuh-agentless:/to \
-           alpine ash -c "cd /from ; cp -avp . /to"
-
 docker container run --rm -it \
            -v wazuh-docker_ossec-wodles:/from \
            -v $2_master-wazuh-wodles:/to \
@@ -248,21 +214,11 @@ docker container run --rm -it \
            -v $2_worker-wazuh-var-multigroups:/to \
            alpine ash -c "cd /from ; cp -avp . /to"
 
-docker container run --rm -it \
-           -v wazuh-docker_worker-ossec-integrations:/from \
-           -v $2_worker-wazuh-integrations:/to \
-           alpine ash -c "cd /from ; cp -avp . /to"
-
 docker container run --rm -it \
            -v wazuh-docker_worker-ossec-active-response:/from \
            -v $2_worker-wazuh-active-response:/to \
            alpine ash -c "cd /from ; cp -avp . /to"
 
-docker container run --rm -it \
-           -v wazuh-docker_worker-ossec-agentless:/from \
-           -v $2_worker-wazuh-agentless:/to \
-           alpine ash -c "cd /from ; cp -avp . /to"
-
 docker container run --rm -it \
            -v wazuh-docker_worker-ossec-wodles:/from \
            -v $2_worker-wazuh-wodles:/to \

single-node/README.md

@@ -8,7 +8,7 @@ $ sysctl -w vm.max_map_count=262144
 ```
 2) Run the certificate creation script:
 ```
-$ docker-compose -f generate-certs.yml run --rm generator
+$ docker compose -f generate-indexer-certs.yml run --rm generator
 ```
 3) Start the environment with docker compose:
 

single-node/config/wazuh_cluster/wazuh_manager.conf

@@ -1,24 +1,10 @@
 <ossec_config>
   <global>
-    <jsonout_output>yes</jsonout_output>
-    <alerts_log>yes</alerts_log>
-    <logall>no</logall>
-    <logall_json>no</logall_json>
-    <email_notification>no</email_notification>
-    <smtp_server>smtp.example.wazuh.com</smtp_server>
-    <email_from>wazuh@example.wazuh.com</email_from>
-    <email_to>recipient@example.wazuh.com</email_to>
-    <email_maxperhour>12</email_maxperhour>
-    <email_log_source>alerts.log</email_log_source>
-    <agents_disconnection_time>10m</agents_disconnection_time>
+    <agents_disconnection_time>15m</agents_disconnection_time>
     <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
+    <update_check>yes</update_check>
   </global>
 
-  <alerts>
-    <log_alert_level>3</log_alert_level>
-    <email_alert_level>12</email_alert_level>
-  </alerts>
-
   <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
   <logging>
     <log_format>plain</log_format>
@@ -34,8 +20,6 @@
   <!-- Policy monitoring -->
   <rootcheck>
     <disabled>no</disabled>
-    <check_files>yes</check_files>
-    <check_trojans>yes</check_trojans>
     <check_dev>yes</check_dev>
     <check_sys>yes</check_sys>
     <check_pids>yes</check_pids>
@@ -45,31 +29,12 @@
     <!-- Frequency that rootcheck is executed - every 12 hours -->
     <frequency>43200</frequency>
 
-    <rootkit_files>etc/rootcheck/rootkit_files.txt</rootkit_files>
-    <rootkit_trojans>etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
-
     <skip_nfs>yes</skip_nfs>
+
+    <ignore>/var/lib/containerd</ignore>
+    <ignore>/var/lib/docker/overlay2</ignore>
   </rootcheck>
 
-  <wodle name="cis-cat">
-    <disabled>yes</disabled>
-    <timeout>1800</timeout>
-    <interval>1d</interval>
-    <scan-on-start>yes</scan-on-start>
-
-    <java_path>wodles/java</java_path>
-    <ciscat_path>wodles/ciscat</ciscat_path>
-  </wodle>
-
-  <!-- Osquery integration -->
-  <wodle name="osquery">
-    <disabled>yes</disabled>
-    <run_daemon>yes</run_daemon>
-    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
-    <config_path>/etc/osquery/osquery.conf</config_path>
-    <add_labels>yes</add_labels>
-  </wodle>
-
   <!-- System inventory -->
   <wodle name="syscollector">
     <disabled>no</disabled>
@@ -79,11 +44,17 @@
     <os>yes</os>
     <network>yes</network>
     <packages>yes</packages>
-    <ports all="no">yes</ports>
+    <ports all="yes">yes</ports>
     <processes>yes</processes>
+    <users>yes</users>
+    <groups>yes</groups>
+    <services>yes</services>
+    <browser_extensions>yes</browser_extensions>
 
     <!-- Database synchronization settings -->
     <synchronization>
+      <enabled>yes</enabled>
+      <interval>5m</interval>
       <max_eps>10</max_eps>
     </synchronization>
   </wodle>
@@ -92,7 +63,13 @@
     <enabled>yes</enabled>
     <scan_on_start>yes</scan_on_start>
     <interval>12h</interval>
-    <skip_nfs>yes</skip_nfs>
+
+    <!-- Database synchronization settings -->
+    <synchronization>
+      <enabled>yes</enabled>
+      <interval>5m</interval>
+      <max_eps>10</max_eps>
+    </synchronization>
   </sca>
 
   <vulnerability-detection>
@@ -122,8 +99,6 @@
     <!-- Frequency that syscheck is executed default every 12 hours -->
     <frequency>43200</frequency>
 
-    <scan_on_start>yes</scan_on_start>
-
     <!-- Generate alert when new file detected -->
     <alert_new_files>yes</alert_new_files>
 
@@ -163,13 +138,12 @@
     <process_priority>10</process_priority>
 
     <!-- Maximum output throughput -->
-    <max_eps>100</max_eps>
+    <max_eps>50</max_eps>
 
     <!-- Database synchronization settings -->
     <synchronization>
       <enabled>yes</enabled>
       <interval>5m</interval>
-      <max_interval>1h</max_interval>
       <max_eps>10</max_eps>
     </synchronization>
   </syscheck>
@@ -264,13 +238,6 @@
     <rule_dir>etc/rules</rule_dir>
   </ruleset>
 
-  <rule_test>
-    <enabled>yes</enabled>
-    <threads>1</threads>
-    <max_sessions>64</max_sessions>
-    <session_timeout>15m</session_timeout>
-  </rule_test>
-
   <!-- Configuration for wazuh-authd -->
   <auth>
     <disabled>no</disabled>
@@ -303,9 +270,19 @@
 </ossec_config>
 
 <ossec_config>
+  <localfile>
+    <log_format>journald</log_format>
+    <location>journald</location>
+  </localfile>
+
+  <localfile>
+    <log_format>audit</log_format>
+    <location>/var/log/audit/audit.log</location>
+  </localfile>
+
   <localfile>
     <log_format>syslog</log_format>
     <location>/var/ossec/logs/active-responses.log</location>
   </localfile>
 
-</ossec_config>
+</ossec_config>

single-node/config/wazuh_dashboard/opensearch_dashboards.yml

@@ -2,7 +2,7 @@ server.host: 0.0.0.0
 server.port: 5601
 opensearch.hosts: https://wazuh.indexer:9200
 opensearch.ssl.verificationMode: certificate
-opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
+opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
 opensearch_security.multitenancy.enabled: false
 opensearch_security.readonly_mode.roles: ["kibana_read_only"]
 server.ssl.enabled: true
@@ -10,3 +10,7 @@ server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
 server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
 opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
 uiSettings.overrides.defaultRoute: /app/wz-home
+# Session expiration settings
+opensearch_security.cookie.ttl: 900000
+opensearch_security.session.ttl: 900000
+opensearch_security.session.keepalive: true

single-node/config/wazuh_indexer/wazuh.indexer.yml

@@ -1,11 +1,11 @@
 network.host: "0.0.0.0"
 node.name: "wazuh.indexer"
+cluster.name: "wazuh-cluster"
 path.data: /var/lib/wazuh-indexer
 path.logs: /var/log/wazuh-indexer
 discovery.type: single-node
 http.port: 9200-9299
 transport.tcp.port: 9300-9399
-compatibility.override_main_response_version: true
 plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
 plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
 plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem

single-node/docker-compose.yml

@@ -1,7 +1,7 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 services:
   wazuh.manager:
-    image: wazuh/wazuh-manager:6.0.0
+    image: wazuh/wazuh-manager:5.0.0
     hostname: wazuh.manager
     restart: always
     ulimits:
@@ -17,24 +17,22 @@ services:
       - "514:514/udp"
       - "55000:55000"
     environment:
-      INDEXER_URL: https://wazuh.indexer:9200
-      INDEXER_USERNAME: admin
-      INDEXER_PASSWORD: admin
-      FILEBEAT_SSL_VERIFICATION_MODE: full
-      SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
-      SSL_CERTIFICATE: /etc/ssl/filebeat.pem
-      SSL_KEY: /etc/ssl/filebeat.key
-      API_USERNAME: wazuh-wui
-      API_PASSWORD: MyS3cr37P450r.*-
+      - INDEXER_URL=https://wazuh.indexer:9200
+      - INDEXER_USERNAME=admin
+      - INDEXER_PASSWORD=SecretPassword
+      - FILEBEAT_SSL_VERIFICATION_MODE=full
+      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
+      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
+      - SSL_KEY=/etc/ssl/filebeat.key
+      - API_USERNAME=wazuh-wui
+      - API_PASSWORD=MyS3cr37P450r.*-
     volumes:
       - wazuh_api_configuration:/var/ossec/api/configuration
       - wazuh_etc:/var/ossec/etc
       - wazuh_logs:/var/ossec/logs
       - wazuh_queue:/var/ossec/queue
       - wazuh_var_multigroups:/var/ossec/var/multigroups
-      - wazuh_integrations:/var/ossec/integrations
       - wazuh_active_response:/var/ossec/active-response/bin
-      - wazuh_agentless:/var/ossec/agentless
       - wazuh_wodles:/var/ossec/wodles
       - filebeat_etc:/etc/filebeat
       - filebeat_var:/var/lib/filebeat
@@ -44,61 +42,13 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.indexer:
-    image: wazuh/wazuh-indexer:6.0.0
+    image: wazuh/wazuh-indexer:5.0.0
     hostname: wazuh.indexer
     restart: always
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 65536
-        hard: 65536
     ports:
       - "9200:9200"
     environment:
-      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
-      bootstrap.memory_lock: "true"
-      NODE_NAME: "wazuh.indexer"
-      CLUSTER_INITIAL_MASTER_NODES: "wazuh.indexer"
-      CLUSTER_NAME: "wazuh-cluster"
-      PATH_DATA: /var/lib/wazuh-indexer
-      PATH_LOGS: /var/log/wazuh-indexer
-      HTTP_PORT: 9200-9299
-      TRANSPORT_TCP_PORT: 9300-9399
-      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
-      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
-      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
-      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
-      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
-      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
-      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
-      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
-      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
-      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
-      PLUGINS_SECURITY_NODES_DN: "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
-      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
-      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
-      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
-      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
-    volumes:
-      - wazuh-indexer-data:/var/lib/wazuh-indexer
-      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
-      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
-      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
-      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
-      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
-      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
-      # - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
-
-  wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:6.0.0
-    hostname: wazuh.dashboard
-    restart: always
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
     ulimits:
       memlock:
         soft: -1
@@ -106,35 +56,38 @@ services:
       nofile:
         soft: 65536
         hard: 65536
+    volumes:
+      - wazuh-indexer-data:/var/lib/wazuh-indexer
+      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
+      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.key
+      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
+      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem
+      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem
+      - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
+      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml
+
+  wazuh.dashboard:
+    image: wazuh/wazuh-dashboard:5.0.0
+    hostname: wazuh.dashboard
+    restart: always
     ports:
       - 443:5601
     environment:
-      WAZUH_API_URL: https://wazuh.manager
-      DASHBOARD_USERNAME: kibanaserver
-      DASHBOARD_PASSWORD: kibanaserver
-      API_USERNAME: wazuh-wui
-      API_PASSWORD: MyS3cr37P450r.*-
-      SERVER_HOST: 0.0.0.0
-      SERVER_PORT: 5601
-      OPENSEARCH_HOSTS: https://wazuh.indexer:9200
-      OPENSEARCH_SSL_VERIFICATIONMODE: certificate
-      OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]'
-      OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false"
-      SERVER_SSL_ENABLED: "true"
-      OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]'
-      SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
-      SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
-      OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]'
-      UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home
+      - INDEXER_USERNAME=admin
+      - INDEXER_PASSWORD=SecretPassword
+      - WAZUH_API_URL=https://wazuh.manager
+      - DASHBOARD_USERNAME=kibanaserver
+      - DASHBOARD_PASSWORD=kibanaserver
+      - API_USERNAME=wazuh-wui
+      - API_PASSWORD=MyS3cr37P450r.*-
     volumes:
-      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
-      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
-      - ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml
-      #  if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables
-      # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml
+      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
+      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
     depends_on:
       - wazuh.indexer
     links:
@@ -147,9 +100,7 @@ volumes:
   wazuh_logs:
   wazuh_queue:
   wazuh_var_multigroups:
-  wazuh_integrations:
   wazuh_active_response:
-  wazuh_agentless:
   wazuh_wodles:
   filebeat_etc:
   filebeat_var:

single-node/generate-certs.yml

@@ -1,10 +0,0 @@
-# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-services:
-  generator:
-    image: wazuh/wazuh-cert-tool:6.0.0
-    hostname: wazuh-cert-tool
-    container_name: wazuh-cert-tool
-    volumes:
-      - ./config/wazuh_indexer_ssl_certs/:/certificates/
-      - ./config/certs.yml:/config/certs.yml
-

single-node/generate-indexer-certs.yml

@@ -1,9 +1,10 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 services:
   generator:
-    image: wazuh/wazuh-cert-tool:6.0.0
-    hostname: wazuh-cert-tool
-    container_name: wazuh-cert-tool
+    image: wazuh/wazuh-certs-generator:0.0.3
+    hostname: wazuh-certs-generator
+    environment:
+      - CERT_TOOL_VERSION=4.14
     volumes:
       - ./config/wazuh_indexer_ssl_certs/:/certificates/
       - ./config/certs.yml:/config/certs.yml

tools/repository_bumper.sh

@@ -78,7 +78,7 @@ update_stage_in_files() {
 
 update_docker_images_tag() {
     local NEW_TAG="$1"
-    local DOCKERFILES=( $(grep_command "wazuh/wazuh-[a-zA-Z0-9._-]*" "${DIR}" "--exclude="README.md"  --exclude="generate-certs.yml"") )
+    local DOCKERFILES=( $(grep_command "wazuh/wazuh-[a-zA-Z0-9._-]*" "${DIR}" "--exclude="README.md"  --exclude="generate-indexer-certs.yml"") )
     for file in "${DOCKERFILES[@]}"; do
         sed -i -E "s/(wazuh\/wazuh-[a-zA-Z0-9._-]*):[a-zA-Z0-9._-]+/\1:${NEW_TAG}/g" "${file}"
         if [[ $(git diff --name-only "${file}") ]]; then

wazuh-agent/config/wazuh-agent-conf

@@ -83,7 +83,7 @@
     <os>yes</os>
     <network>yes</network>
     <packages>yes</packages>
-    <ports all="no">yes</ports>
+    <ports all="yes">yes</ports>
     <processes>yes</processes>
 
     <!-- Database synchronization settings -->

wazuh-agent/docker-compose.yml

@@ -1,9 +1,7 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-version: '3.7'
-
 services:
   wazuh.agent:
-    image: wazuh/wazuh-agent:6.0.0
+    image: wazuh/wazuh-agent:5.0.0
     restart: always
     environment:
       - WAZUH_MANAGER_SERVER=<WAZUH_MANAGER_IP>