Update Wazuh version to v4.3.8 (#724 )

Include gcloud pubsub and buckets files (#723 )
Adapt Cloud to Wazuh v4.3.6-debug and fix Dockerfile (#710 )
2025-10-31 03:53:32 +00:00 · 2022-09-20 10:48:26 +02:00 · 2022-09-20 10:18:06 +02:00 · 2022-08-19 09:35:04 +02:00 · 2022-08-04 09:35:18 +02:00 · 2022-07-27 12:42:27 +02:00
52 changed files with 300 additions and 3638 deletions
--- a/README.md
+++ b/README.md
@@ -26,30 +26,29 @@ In addition, a docker-compose file is provided to launch the containers mentione
 	wazuh-docker
 	├── docker-compose.yml
 	├── kibana
 	│   ├── config
 	│   │   ├── entrypoint.sh
 	│   │   └── kibana.yml
 	│   └── Dockerfile
 	├── LICENSE
 	├── nginx
 	│   ├── config
 	│   │   └── entrypoint.sh
 	│   └── Dockerfile
 	├── README.md
 	├── CHANGELOG.md
 	├── VERSION
 	├── test.txt
 	└── wazuh
 		├── config
-	    │   ├── data_dirs.env
+		│	├── 00-decrypt_credentials.sh
-	    │   ├── entrypoint.sh
+		│	├── 01-wazuh.sh
-	    │   ├── filebeat.runit.service
+		│	├── 02-set_filebeat_destination.sh
-	    │   ├── filebeat.yml
+		│	├── 03-config_filebeat.sh
-	    │   ├── init.bash
+		│	├── 20-ossec-configuration.sh
-	    │   ├── postfix.runit.service
+		│	├── 25-backups.sh
-	    │   ├── wazuh-api.runit.service
+		│	├── 35-remove_credentials_file.sh
-	    │   └── wazuh.runit.service
+		│	├── 85-save_wazuh_version.sh
 		│	├── create_user.py
 		│	├── entrypoint.sh
 		│	├── filebeat_to_elasticsearch.yml
 		│	├── filebeat_to_logstash.yml
 		│	├── filebeat.runit.service
 		│	├── permanent_data.env
 		│	├── postfix.runit.service
 		│	└── wazuh.runit.service
 		└── Dockerfile
--- a/4
+++ b/4
@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="3.10.2_7.3.2"
+WAZUH-DOCKER_VERSION="3.11.5_7.3.2"
-REVISION="31020"
+REVISION="31150"
--- a/elasticsearch/Dockerfile
+++ b/elasticsearch/Dockerfile
@@ -1,96 +0,0 @@
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 ARG ELASTIC_VERSION=7.3.2
 FROM docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}
 ARG TEMPLATE_VERSION=v3.10.2
 ENV ELASTICSEARCH_URL="http://elasticsearch:9200"
 ENV API_USER="foo" \
    API_PASS="bar"
 ENV XPACK_ML="true" 
 ENV ENABLE_CONFIGURE_S3="false"
 ENV WAZUH_ALERTS_SHARDS="1" \
    WAZUH_ALERTS_REPLICAS="0"
 ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /usr/share/elasticsearch/config
 RUN yum install epel-release -y && \
    yum install jq -y
 # This CA is created for testing. Please set your own CA zip containing the key and the signed certificate. 
 # command: $ docker build <elasticsearch_directory> --build-arg SECURITY_CA_PEM_LOCATION=<CA_PEM_LOCATION> --build-arg SECURITY_CA_KEY_LOCATION=<CA_KEY_LOCATION>
 # ENV variables are necessary: SECURITY_CA_PEM, SECURITY_CA_KEY, SECURITY_CA_TRUST, SECURITY_OPENSSL_CONF 
 # Example:
 # ARG SECURITY_CA_PEM_LOCATION="config/server.TEST-CA-signed.pem"
 # ARG SECURITY_CA_KEY_LOCATION="config/server.TEST-CA.key"
 # ARG SECURITY_OPENSSL_CONF_LOCATION="config/TEST_openssl.cnf"
 # ARG SECURITY_CA_TRUST_LOCATION="config/server.TEST-CA-signed.pem"
 ARG SECURITY_CA_PEM_LOCATION=""
 ARG SECURITY_CA_KEY_LOCATION=""
 ARG SECURITY_OPENSSL_CONF_LOCATION=""
 ARG SECURITY_CA_TRUST_LOCATION=""
 # Elasticearch cluster configuration environment variables
 # If ELASTIC_CLUSTER is set to "true" the following variables will be added to the Elasticsearch configuration
 # CLUSTER_INITIAL_MASTER_NODES set to own node by default.
 ENV ELASTIC_CLUSTER="false" \
    CLUSTER_NAME="wazuh" \
    CLUSTER_NODE_MASTER="false" \
    CLUSTER_NODE_DATA="true" \
    CLUSTER_NODE_INGEST="true" \
    CLUSTER_MEMORY_LOCK="true" \
    CLUSTER_DISCOVERY_SERVICE="wazuh-elasticsearch" \
    CLUSTER_NUMBER_OF_MASTERS="2" \
    CLUSTER_MAX_NODES="1" \
    CLUSTER_DELAYED_TIMEOUT="1m" \
    CLUSTER_INITIAL_MASTER_NODES="wazuh-elasticsearch" \
    CLUSTER_DISCOVERY_SEED="elasticsearch"
 # CA cert for Transport SSL
 ADD $SECURITY_CA_PEM_LOCATION /usr/share/elasticsearch/config
 ADD $SECURITY_CA_KEY_LOCATION /usr/share/elasticsearch/config 
 ADD $SECURITY_OPENSSL_CONF_LOCATION /usr/share/elasticsearch/config 
 ADD $SECURITY_CA_TRUST_LOCATION /usr/share/elasticsearch/config 
 RUN mkdir /entrypoint-scripts
 COPY config/entrypoint.sh /entrypoint.sh
 RUN chmod 755 /entrypoint.sh
 RUN bin/elasticsearch-plugin install repository-s3 -b
 COPY --chown=elasticsearch:elasticsearch ./config/10-config_cluster.sh /entrypoint-scripts/10-config_cluster.sh
 COPY --chown=elasticsearch:elasticsearch ./config/15-get_CA_key.sh /entrypoint-scripts/15-get_CA_key.sh
 COPY --chown=elasticsearch:elasticsearch ./config/20-security_instances.sh /entrypoint-scripts/20-security_instances.sh
 COPY --chown=elasticsearch:elasticsearch ./config/22-security_certs.sh /entrypoint-scripts/22-security_certs.sh
 COPY --chown=elasticsearch:elasticsearch ./config/24-security_configuration.sh /entrypoint-scripts/24-security_configuration.sh
 COPY --chown=elasticsearch:elasticsearch ./config/26-security_keystore.sh /entrypoint-scripts/26-security_keystore.sh
 COPY --chown=elasticsearch:elasticsearch ./config/30-decrypt_credentials.sh /entrypoint-scripts/30-decrypt_credentials.sh
 COPY --chown=elasticsearch:elasticsearch ./config/35-entrypoint.sh /entrypoint-scripts/35-entrypoint.sh
 COPY --chown=elasticsearch:elasticsearch ./config/35-entrypoint_load_settings.sh ./
 COPY config/35-load_settings_configure_s3.sh ./config/35-load_settings_configure_s3.sh
 COPY --chown=elasticsearch:elasticsearch ./config/35-load_settings_users_management.sh ./
 COPY --chown=elasticsearch:elasticsearch ./config/35-load_settings_policies.sh ./
 COPY --chown=elasticsearch:elasticsearch ./config/35-load_settings_templates.sh ./
 COPY --chown=elasticsearch:elasticsearch ./config/35-load_settings_aliases.sh ./
 RUN chmod +x /entrypoint-scripts/10-config_cluster.sh && \
    chmod +x /entrypoint-scripts/15-get_CA_key.sh && \
    chmod +x /entrypoint-scripts/20-security_instances.sh && \
    chmod +x /entrypoint-scripts/22-security_certs.sh && \
    chmod +x /entrypoint-scripts/24-security_configuration.sh && \
    chmod +x /entrypoint-scripts/26-security_keystore.sh && \
    chmod +x /entrypoint-scripts/30-decrypt_credentials.sh && \
    chmod +x /entrypoint-scripts/35-entrypoint.sh && \
    chmod +x ./35-entrypoint_load_settings.sh && \
    chmod 755 ./config/35-load_settings_configure_s3.sh && \
    chmod +x ./35-load_settings_users_management.sh && \
    chmod +x ./35-load_settings_policies.sh && \
    chmod +x ./35-load_settings_templates.sh && \
    chmod +x ./35-load_settings_aliases.sh
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["elasticsearch"]
--- a/elasticsearch/config/10-config_cluster.sh
+++ b/elasticsearch/config/10-config_cluster.sh
@@ -1,93 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 elastic_config_file="/usr/share/elasticsearch/config/elasticsearch.yml"
 original_file="/usr/share/elasticsearch/config/original-elasticsearch.yml"
 ELASTIC_HOSTAME=`hostname`
 echo "CLUSTER: - Prepare Configuration"
 echo "CLUSTER: - Hostname"
 echo $ELASTIC_HOSTAME
 echo "CLUSTER: - Security main node"
 echo $SECURITY_MAIN_NODE
 echo "CLUSTER: - Discovery seed"
 echo $CLUSTER_DISCOVERY_SEED
 echo "CLUSTER: - Elastic cluster flag"
 echo $ELASTIC_CLUSTER
 echo "CLUSTER: - Node Master"
 echo $CLUSTER_NODE_MASTER
 echo "CLUSTER: - Node Data"
 echo $CLUSTER_NODE_DATA
 echo "CLUSTER: - Node Ingest"
 echo $CLUSTER_NODE_INGEST
 cp $elastic_config_file $original_file 
 remove_single_node_conf(){
  if grep -Fq "discovery.type" $1; then
    sed -i '/discovery.type\: /d' $1 
  fi
 }
 remove_cluster_config(){
  sed -i '/# cluster node/,/# end cluster config/d' $1
 }
 # If Elasticsearch cluster is enable, then set up the elasticsearch.yml
 if [[ $ELASTIC_CLUSTER == "true" && $CLUSTER_NODE_MASTER != "" && $CLUSTER_NODE_DATA != "" && $CLUSTER_NODE_INGEST != "" && $ELASTIC_HOSTAME != "" ]]; then
  # Remove the old configuration
  remove_single_node_conf $elastic_config_file
  remove_cluster_config $elastic_config_file
  echo "CLUSTER: - Remove old configuration"
 if [[ $ELASTIC_HOSTAME == $SECURITY_MAIN_NODE ]]; then
 # Add the master configuration
 # cluster.initial_master_nodes for bootstrap the cluster
 echo "CLUSTER: - Add the master configuration"
 cat > $elastic_config_file << EOF
 # cluster node
 cluster.name: $CLUSTER_NAME
 bootstrap.memory_lock: $CLUSTER_MEMORY_LOCK
 network.host: 0.0.0.0
 node.name: $ELASTIC_HOSTAME
 node.master: $CLUSTER_NODE_MASTER
 node.data: $CLUSTER_NODE_DATA
 node.ingest: $CLUSTER_NODE_INGEST
 node.max_local_storage_nodes: $CLUSTER_MAX_NODES
 cluster.initial_master_nodes: 
  - $ELASTIC_HOSTAME
 # end cluster config" 
 EOF
 elif [[ $CLUSTER_DISCOVERY_SEED != "" ]]; then
 # Remove the old configuration
 remove_single_node_conf $elastic_config_file
 remove_cluster_config $elastic_config_file
 echo "CLUSTER: - Add standard cluster configuration."
 cat > $elastic_config_file << EOF
 # cluster node
 cluster.name: $CLUSTER_NAME
 bootstrap.memory_lock: $CLUSTER_MEMORY_LOCK
 network.host: 0.0.0.0
 node.name: $ELASTIC_HOSTAME
 node.master: $CLUSTER_NODE_MASTER
 node.data: $CLUSTER_NODE_DATA
 node.ingest: $CLUSTER_NODE_INGEST
 node.max_local_storage_nodes: $CLUSTER_MAX_NODES
 discovery.seed_hosts: 
  - $CLUSTER_DISCOVERY_SEED
 # end cluster config" 
 EOF
 fi
 # If the cluster is disabled, then set a single-node configuration
 else
  # Remove the old configuration
  remove_single_node_conf $elastic_config_file
  remove_cluster_config $elastic_config_file
  echo "discovery.type: single-node" >> $elastic_config_file
  echo "CLUSTER: - Discovery type: single-node"
 fi
 echo "CLUSTER: - Configured"
--- a/elasticsearch/config/15-get_CA_key.sh
+++ b/elasticsearch/config/15-get_CA_key.sh
@@ -1,11 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 ##############################################################################
 # Decrypt credentials.
 # If the CA key is encrypted, it must be decrypted for later use. 
 ##############################################################################
 echo "TO DO"
 # TO DO
--- a/elasticsearch/config/20-security_instances.sh
+++ b/elasticsearch/config/20-security_instances.sh
@@ -1,21 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 ##############################################################################
 # instances.yml
 # This file is necessary for the creation of the Elasticsaerch certificate.
 ##############################################################################
 if [[ $SECURITY_ENABLED == "yes" ]]; then
    echo "SECURITY - Setting Elasticserach security."
    # instance.yml to be added by the user. 
    # Example:
    #       echo "
    # instances:
    # - name: \"elasticsearch\"
    #   dns:
    #     - \"elasticsearch\"
    # " > /user/share/elasticsearch/instances.yml
 fi
--- a/elasticsearch/config/22-security_certs.sh
+++ b/elasticsearch/config/22-security_certs.sh
@@ -1,16 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 ##############################################################################
 # Creation and management of certificates. 
 ##############################################################################
 if [[ $SECURITY_ENABLED == "yes" ]]; then
    echo "SECURITY - Elasticserach security certificates."
    # Creation of the certificate for Elasticsearch.
    # After the execution of this script will have generated 
    # the Elasticsearch certificate and related keys and passphrase. 
    # Example: TO DO
 fi
--- a/elasticsearch/config/24-security_configuration.sh
+++ b/elasticsearch/config/24-security_configuration.sh
@@ -1,32 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 ##############################################################################
 # Adapt elasticsearch.yml configuration file 
 ##############################################################################
 if [[ $SECURITY_ENABLED == "yes" ]]; then
    echo "SECURITY - Elasticserach security configuration."
    echo "SECURITY - Setting configuration options."
    # Settings for elasticsearch.yml to be added by the user. 
    # Example: 
    #     echo "
    # # Required to set the passwords and TLS options
    # xpack.security.enabled: true
    # xpack.security.transport.ssl.enabled: true
    # xpack.security.transport.ssl.verification_mode: certificate
    # xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch/elasticsearch.key
    # xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.cert.pem
    # xpack.security.transport.ssl.certificate_authorities: [\"/usr/share/elasticsearch/config/ca.cert.pem\"]
    # # HTTP layer
    # xpack.security.http.ssl.enabled: true
    # xpack.security.http.ssl.verification_mode: certificate
    # xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch/elasticsearch.key
    # xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.cert.pem
    # xpack.security.http.ssl.certificate_authorities: [\"/usr/share/elasticsearch/config/ca.cert.pem\"]
    # " >> /usr/share/elasticsearch/config/elasticsearch.yml
 fi
--- a/elasticsearch/config/26-security_keystore.sh
+++ b/elasticsearch/config/26-security_keystore.sh
@@ -1,21 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 ##############################################################################
 # Adapt elasticsearch.yml keystore management
 ##############################################################################
 if [[ $SECURITY_ENABLED == "yes" ]]; then
    echo "SECURITY - Elasticserach keystore management."
    # Create keystore
    # /usr/share/elasticsearch/bin/elasticsearch-keystore create
    # Add keys to keystore by the user. 
    # Example
    # echo -e "$abcd_1234" | /usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.transport.ssl.secure_key_passphrase --stdin
    # echo -e "$abcd_1234" | /usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.http.ssl.secure_key_passphrase --stdin
 else
    echo "SECURITY - Elasticsearch security not established."
 fi
--- a/elasticsearch/config/30-decrypt_credentials.sh
+++ b/elasticsearch/config/30-decrypt_credentials.sh
@@ -1,15 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 ##############################################################################
 # Decrypt credentials.
 # If the credentials of the users to be created are encrypted,
 # they must be decrypted for later use. 
 ##############################################################################
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
    echo "Security credentials file not used. Nothing to do."
 else
    echo "TO DO"
 fi
 # TO DO
--- a/elasticsearch/config/35-entrypoint.sh
+++ b/elasticsearch/config/35-entrypoint.sh
@@ -1,70 +0,0 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 # For more information https://github.com/elastic/elasticsearch-docker/blob/6.8.1/build/elasticsearch/bin/docker-entrypoint.sh
 set -e
 # Files created by Elasticsearch should always be group writable too
 umask 0002
 run_as_other_user_if_needed() {
  if [[ "$(id -u)" == "0" ]]; then
    # If running as root, drop to specified UID and run command
    exec chroot --userspec=1000 / "${@}"
  else
    # Either we are running in Openshift with random uid and are a member of the root group
    # or with a custom --user
    exec "${@}"
  fi
 }
 #Disabling xpack features
 elasticsearch_config_file="/usr/share/elasticsearch/config/elasticsearch.yml"
 if grep -Fq  "#xpack features" "$elasticsearch_config_file" ;
 then 
  declare -A CONFIG_MAP=(
  [xpack.ml.enabled]=$XPACK_ML
  )
  for i in "${!CONFIG_MAP[@]}"
  do
    if [ "${CONFIG_MAP[$i]}" != "" ]; then
      sed -i 's/.'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $elasticsearch_config_file
    fi
  done
 else
  echo "
 #xpack features
 xpack.ml.enabled: $XPACK_ML
 " >> $elasticsearch_config_file
 fi
 # Run load settings script.
 bash /usr/share/elasticsearch/35-entrypoint_load_settings.sh &
 # Execute elasticsearch
 if [[ $SECURITY_ENABLED == "yes" ]]; then
  echo "Change Elastic password"
  if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
    run_as_other_user_if_needed echo "$SECURITY_ELASTIC_PASSWORD" | elasticsearch-keystore add -xf 'bootstrap.password'
  else
    input=${SECURITY_CREDENTIALS_FILE}
    ELASTIC_PASSWORD_FROM_FILE=""
    while IFS= read -r line
    do
      if [[ $line == *"ELASTIC_PASSWORD"* ]]; then
        arrIN=(${line//:/ })
        ELASTIC_PASSWORD_FROM_FILE=${arrIN[1]}
      fi
    done < "$input"
    run_as_other_user_if_needed echo "$ELASTIC_PASSWORD_FROM_FILE" | elasticsearch-keystore add -xf 'bootstrap.password'
  fi
  echo "Elastic password changed"
 fi
 run_as_other_user_if_needed /usr/share/elasticsearch/bin/elasticsearch 
--- a/elasticsearch/config/35-entrypoint_load_settings.sh
+++ b/elasticsearch/config/35-entrypoint_load_settings.sh
@@ -1,265 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 set -e
 ##############################################################################
 # Set Elasticsearch API url and Wazuh API url.
 ##############################################################################
 if [[ "x${ELASTICSEARCH_PROTOCOL}" = "x" || "x${ELASTICSEARCH_IP}" = "x" || "x${ELASTICSEARCH_PORT}" = "x" ]]; then
  el_url="http://elasticsearch:9200"
 else
  el_url="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_IP}:${ELASTICSEARCH_PORT}"
 fi
 if [[ "x${WAZUH_API_URL}" = "x" ]]; then
  wazuh_url="https://wazuh"
 else
  wazuh_url="${WAZUH_API_URL}"
 fi
 echo "LOAD SETTINGS - Elasticsearch url: $el_url"
 ##############################################################################
 # If Elasticsearch security is enabled get the elastic user password and
 # WAZUH API credentials.
 ##############################################################################
 ELASTIC_PASS=""
 WAZH_API_USER=""
 WAZH_API_PASS=""
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  ELASTIC_PASS=${SECURITY_ELASTIC_PASSWORD}
  WAZH_API_USER=${API_USER}
  WAZH_API_PASS=${API_PASS}
 else
  input=${SECURITY_CREDENTIALS_FILE}
  while IFS= read -r line
  do
    if [[ $line == *"ELASTIC_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      ELASTIC_PASS=${arrIN[1]}
    elif [[ $line == *"WAZUH_API_USER"* ]]; then
      arrIN=(${line//:/ })
      WAZH_API_USER=${arrIN[1]}
    elif [[ $line == *"WAZUH_API_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      WAZH_API_PASS=${arrIN[1]}
    fi
  done < "$input"
 fi
 ##############################################################################
 # Set authentication for curl if Elasticsearch security is enabled.
 ##############################################################################
 if [ ${SECURITY_ENABLED} != "no" ]; then
  auth="-uelastic:${ELASTIC_PASS} -k"
  echo "LOAD SETTINGS - authentication for curl established."
 elif [[ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
  auth=""
  echo "LOAD SETTINGS - authentication for curl not established."
 else
  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
  echo "LOAD SETTINGS - authentication for curl established."
 fi
 ##############################################################################
 # Wait until Elasticsearch is active. 
 ##############################################################################
 until curl ${auth} -XGET $el_url; do
  >&2 echo "LOAD SETTINGS - Elastic is unavailable - sleeping"
  sleep 5
 done
 >&2 echo "LOAD SETTINGS - Elastic is up - executing command"
 ##############################################################################
 # Configure S3 repository for Elasticsearch snapshots. 
 ##############################################################################
 if [ $ENABLE_CONFIGURE_S3 ]; then
  #Wait for Elasticsearch to be ready to create the repository
  sleep 10
  >&2 echo "S3 - Configure S3"
  if [ "x$S3_PATH" != "x" ]; then
    >&2 echo "S3 - Path: $S3_PATH"
    if [ "x$S3_ELASTIC_MAJOR" != "x" ]; then
      >&2 echo "S3 - Elasticsearch major version: $S3_ELASTIC_MAJOR"
      echo "LOAD SETTINGS - Run 35-load_settings_configure_s3.sh."
      bash /usr/share/elasticsearch/config/35-load_settings_configure_s3.sh $el_url $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME $S3_ELASTIC_MAJOR
    else
      >&2 echo "S3 - Elasticserach major version not given."
      echo "LOAD SETTINGS - Run 35-load_settings_configure_s3.sh."
      bash /usr/share/elasticsearch/config/35-load_settings_configure_s3.sh $el_url $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME
    fi
  fi
 fi
 ##############################################################################
 # Load custom policies.
 ##############################################################################
 echo "LOAD SETTINGS - Loading custom Elasticsearch policies."
 bash /usr/share/elasticsearch/35-load_settings_policies.sh
 ##############################################################################
 # Modify wazuh-alerts template shards and replicas
 ##############################################################################
 echo "LOAD SETTINGS - Change shards and replicas of wazuh-alerts template."
 sed -i 's:"index.number_of_shards"\: "3":"index.number_of_shards"\: "'$WAZUH_ALERTS_SHARDS'":g' /usr/share/elasticsearch/config/wazuh-template.json
 sed -i 's:"index.number_of_replicas"\: "0":"index.number_of_replicas"\: "'$WAZUH_ALERTS_REPLICAS'":g' /usr/share/elasticsearch/config/wazuh-template.json
 ##############################################################################
 # Load default templates
 ##############################################################################
 echo "LOAD SETTINGS - Loading wazuh-alerts template"
 bash /usr/share/elasticsearch/35-load_settings_templates.sh
 ##############################################################################
 # Load custom aliases.
 ##############################################################################
 echo "LOAD SETTINGS - Loading custom Elasticsearch aliases."
 bash /usr/share/elasticsearch/35-load_settings_aliases.sh
 ##############################################################################
 # Elastic Stack users creation. 
 # Only security main node can manage users. 
 ##############################################################################
 echo "LOAD SETTINGS - Run users_management.sh."
 MY_HOSTNAME=`hostname`
 echo "LOAD SETTINGS - Hostname: $MY_HOSTNAME"
 if [[ $SECURITY_MAIN_NODE == $MY_HOSTNAME ]]; then
  bash /usr/share/elasticsearch/35-load_settings_users_management.sh &
 fi
 ##############################################################################
 # Prepare Wazuh API credentials
 ##############################################################################
 API_PASS_Q=`echo "$WAZH_API_PASS" | tr -d '"'`
 API_USER_Q=`echo "$WAZH_API_USER" | tr -d '"'`
 API_PASSWORD=`echo -n $API_PASS_Q | base64`
 echo "LOAD SETTINGS - Setting API credentials into Wazuh APP"
 CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013 ${auth})
 if [ "x$CONFIG_CODE" != "x200" ]; then
  curl -s -XPOST $el_url/.wazuh/_doc/1513629884013 ${auth} -H 'Content-Type: application/json' -d'
  {
    "api_user": "'"$API_USER_Q"'",
    "api_password": "'"$API_PASSWORD"'",
    "url": "'"$wazuh_url"'",
    "api_port": "55000",
    "insecure": "true",
    "component": "API",
    "cluster_info": {
      "manager": "wazuh-manager",
      "cluster": "Disabled",
      "status": "disabled"
    },
    "extensions": {
      "oscap": true,
      "audit": true,
      "pci": true,
      "aws": true,
      "virustotal": true,
      "gdpr": true,
      "ciscat": true
    }
  }
  ' > /dev/null
 else
  echo "LOAD SETTINGS - Wazuh APP already configured"
  echo "LOAD SETTINGS - Check if it is an upgrade from Elasticsearch 6.x to 7.x"
  wazuh_search_request=`curl -s ${auth} "$el_url/.wazuh/_search?pretty"`
  full_type=`echo $wazuh_search_request | jq .hits.hits | jq .[] | jq ._type`
  elasticsearch_request=`curl -s $auth "$el_url"`
  full_elasticsearch_version=`echo $elasticsearch_request | jq .version.number`
  type=`echo "$full_type" | tr -d '"'`
  elasticsearch_version=`echo "$full_elasticsearch_version" | tr -d '"'`
  elasticsearch_major="${elasticsearch_version:0:1}"
  if [[ $type == "wazuh-configuration" ]] && [[ $elasticsearch_major == "7" ]]; then
    echo "LOAD SETTINGS - Elasticsearch major = $elasticsearch_major."
    echo "LOAD SETTINGS - Reindex .wazuh in .wazuh-backup."
    curl -s ${auth} -XPOST "$el_url/_reindex" -H 'Content-Type: application/json' -d'
    {
      "source": {
        "index": ".wazuh"
      },
      "dest": {
        "index": ".wazuh-backup"
      }
    }
    '
    echo "LOAD SETTINGS - Remove .wazuh index."
    curl -s  ${auth} -XDELETE "$el_url/.wazuh"
    echo "LOAD SETTINGS - Reindex .wazuh-backup in .wazuh."
    curl -s ${auth} -XPOST "$el_url/_reindex" -H 'Content-Type: application/json' -d'
    {
      "source": {
        "index": ".wazuh-backup"
      },
      "dest": {
        "index": ".wazuh"
      }
    }
    '
    curl -s ${auth} -XPUT "https://elasticsearch:9200/.wazuh-backup/_settings?pretty" -H 'Content-Type: application/json' -d'
    {
        "index" : {
            "number_of_replicas" : 0
        }
    }
    '
  fi
 fi
 sleep 5
 curl -XPUT "$el_url/_cluster/settings" ${auth} -H 'Content-Type: application/json' -d'
 {
  "persistent": {
    "xpack.monitoring.collection.enabled": true
  }
 }
 '
 ##############################################################################
 # Set cluster delayed timeout when node falls
 ##############################################################################
 curl -X PUT "$el_url/_all/_settings" ${auth} -H 'Content-Type: application/json' -d'
 {
  "settings": {
    "index.unassigned.node_left.delayed_timeout": "'"$CLUSTER_DELAYED_TIMEOUT"'"
  }
 }
 '
 echo "LOAD SETTINGS - cluster delayed timeout changed."
 echo "LOAD SETTINGS - Elasticsearch is ready."
--- a/elasticsearch/config/35-load_settings_aliases.sh
+++ b/elasticsearch/config/35-load_settings_aliases.sh
@@ -1,86 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 set -e
 ##############################################################################
 # Set Elasticsearch API url
 ##############################################################################
 if [[ "x${ELASTICSEARCH_PROTOCOL}" = "x" || "x${ELASTICSEARCH_IP}" = "x" || "x${ELASTICSEARCH_PORT}" = "x" ]]; then
  el_url="http://elasticsearch:9200"
 else
  el_url="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_IP}:${ELASTICSEARCH_PORT}"
 fi
 echo "ALIASES - Elasticsearch url: $el_url"
 ##############################################################################
 # If Elasticsearch security is enabled get the elastic user password.
 ##############################################################################
 ELASTIC_PASS=""
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  ELASTIC_PASS=${SECURITY_ELASTIC_PASSWORD}
 else
  input=${SECURITY_CREDENTIALS_FILE}
  while IFS= read -r line
  do
    if [[ $line == *"ELASTIC_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      ELASTIC_PASS=${arrIN[1]}
    fi
  done < "$input"
 fi
 ##############################################################################
 # If Elasticsearch security is enabled get the users credentials.
 ##############################################################################
 # The user must get the credentials of the users.
 # TO DO. 
 ##############################################################################
 # Set authentication for curl if Elasticsearch security is enabled.
 ##############################################################################
 if [ ${SECURITY_ENABLED} != "no" ]; then
  auth="-uelastic:${ELASTIC_PASS} -k"
  echo "ALIASES - authentication for curl established."
 elif [[ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
  auth=""
  echo "ALIASES - authentication for curl not established."
 else
  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
  echo "ALIASES - authentication for curl established."
 fi
 ##############################################################################
 # Wait until Elasticsearch is active. 
 ##############################################################################
 until curl ${auth} -XGET $el_url; do
  >&2 echo "ALIASES - Elastic is unavailable - sleeping"
  sleep 5
 done
 >&2 echo "ALIASES - Elastic is up - executing command"
 ##############################################################################
 # Add custom aliases.
 ##############################################################################
 # The user must add the credentials of the users.
 # TO DO.
 # Example 
 # echo "ALIASES - Add custom_user password and role:"
 # curl ${auth} -k -XPOST -H 'Content-Type: application/json' 'https://localhost:9200/_ilm/policy/my_policy?pretty' -d'
 # {  "policy": { "phases": { "hot": { "actions": { "rollover": {"max_size": "50GB", "max_age": "5m"}}}}}}'
--- a/elasticsearch/config/35-load_settings_configure_s3.sh
+++ b/elasticsearch/config/35-load_settings_configure_s3.sh
@@ -1,107 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 set -e
 ##############################################################################
 # If Secure access to Kibana is enabled, we must set the credentials for 
 # monitoring
 ##############################################################################
 ELASTIC_PASS=""
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  ELASTIC_PASS=${SECURITY_ELASTIC_PASSWORD}
 else
  input=${SECURITY_CREDENTIALS_FILE}
  while IFS= read -r line
  do
    if [[ $line == *"ELASTIC_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      ELASTIC_PASS=${arrIN[1]}
    fi
  done < "$input"
 fi
 if [ ${SECURITY_ENABLED} != "no" ]; then
  auth="-u elastic:${ELASTIC_PASS} -k"
 else
  auth=""
 fi
 # Check number of arguments passed to configure_s3.sh. If it is different from 4 or 5, the process will finish with error.
 # param 1: number of arguments passed to configure_s3.sh
 function CheckArgs()
 {
    if [ $1 != 4 ] && [ $1 != 5 ];then
        echo "Use: configure_s3.sh <Elastic_Server_IP:Port> <Bucket> <Path> <RepositoryName> (By default <current_elasticsearch_major_version> is added to the path and the repository name)"
        echo "or use: configure_s3.sh <Elastic_Server_IP:Port> <Bucket> <Path> <RepositoryName> <Elasticsearch major version>" 
        exit 1
    fi
 }
 # Create S3 repository from base_path <path>/<elasticsearch_major_version> (if there is no <Elasticsearch major version> argument, current version is added)
 # Repository name would be <RepositoryName>-<elasticsearch_major_version> (if there is no <Elasticsearch major version> argument, current version is added)
 # param 1: <Elastic_Server_IP:Port>
 # param 2: <Bucket>
 # param 3: <Path>
 # param 4: <RepositoryName>
 # param 5: Optional <Elasticsearch major version>
 # output: It will show "acknowledged" if the repository has been successfully created
 function CreateRepo()
 {
    elastic_ip_port="$2"
    bucket_name="$3"
    path="$4"
    repository_name="$5"
    if [ $1 == 5 ];then
        version="$6"
    else
        version=`curl ${auth} -s $elastic_ip_port | grep number | cut -d"\"" -f4 | cut -c1`
    fi
    if ! [[ "$version" =~ ^[0-9]+$ ]];then
        echo "Elasticsearch major version must be an integer"
        exit 1
    fi
    repository="$repository_name-$version"
    s3_path="$path/$version"
    >&2 echo "Create S3 repository"
    until curl ${auth} -X PUT "$elastic_ip_port/_snapshot/$repository" -H 'Content-Type: application/json' -d' {"type": "s3", "settings": { "bucket": "'$bucket_name'", "base_path": "'$s3_path'"} }'; do
      >&2 echo "Elastic is unavailable, S3 repository not created - sleeping"
      sleep 5
    done
    >&2 echo "S3 repository created"
 }
 # Run functions CheckArgs and CreateRepo
 # param 1: number of arguments passed to configure_s3.sh
 # param 2: <Elastic_Server_IP:Port>
 # param 3: <Bucket>
 # param 4: <Path>
 # param 5: <RepositoryName>
 # param 6: Optional <Elasticsearch major version>
 function Main()
 {
    CheckArgs $1
    CreateRepo $1 $2 $3 $4 $5 $6
 }
 Main $# $1 $2 $3 $4 $5
--- a/elasticsearch/config/35-load_settings_policies.sh
+++ b/elasticsearch/config/35-load_settings_policies.sh
@@ -1,86 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 set -e
 ##############################################################################
 # Set Elasticsearch API url
 ##############################################################################
 if [[ "x${ELASTICSEARCH_PROTOCOL}" = "x" || "x${ELASTICSEARCH_IP}" = "x" || "x${ELASTICSEARCH_PORT}" = "x" ]]; then
  el_url="http://elasticsearch:9200"
 else
  el_url="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_IP}:${ELASTICSEARCH_PORT}"
 fi
 echo "POLICIES - Elasticsearch url: $el_url"
 ##############################################################################
 # If Elasticsearch security is enabled get the elastic user password.
 ##############################################################################
 ELASTIC_PASS=""
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  ELASTIC_PASS=${SECURITY_ELASTIC_PASSWORD}
 else
  input=${SECURITY_CREDENTIALS_FILE}
  while IFS= read -r line
  do
    if [[ $line == *"ELASTIC_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      ELASTIC_PASS=${arrIN[1]}
    fi
  done < "$input"
 fi
 ##############################################################################
 # If Elasticsearch security is enabled get the users credentials.
 ##############################################################################
 # The user must get the credentials of the users.
 # TO DO. 
 ##############################################################################
 # Set authentication for curl if Elasticsearch security is enabled.
 ##############################################################################
 if [ ${SECURITY_ENABLED} != "no" ]; then
  auth="-uelastic:${ELASTIC_PASS} -k"
  echo "POLICIES - authentication for curl established."
 elif [[ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
  auth=""
  echo "POLICIES - authentication for curl not established."
 else
  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
  echo "POLICIES - authentication for curl established."
 fi
 ##############################################################################
 # Wait until Elasticsearch is active. 
 ##############################################################################
 until curl ${auth} -XGET $el_url; do
  >&2 echo "POLICIES - Elastic is unavailable - sleeping"
  sleep 5
 done
 >&2 echo "POLICIES - Elastic is up - executing command"
 ##############################################################################
 # Add custom policies.
 ##############################################################################
 # The user must add the credentials of the users.
 # TO DO.
 # Example 
 # echo "POLICIES - Add custom_user password and role:"
 # curl ${auth} -k -XPOST -H 'Content-Type: application/json' 'https://localhost:9200/_ilm/policy/my_policy?pretty' -d'
 # {  "policy": { "phases": { "hot": { "actions": { "rollover": {"max_size": "50GB", "max_age": "5m"}}}}}}'
--- a/elasticsearch/config/35-load_settings_templates.sh
+++ b/elasticsearch/config/35-load_settings_templates.sh
@@ -1,81 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 set -e
 ##############################################################################
 # Set Elasticsearch API url
 ##############################################################################
 if [[ "x${ELASTICSEARCH_PROTOCOL}" = "x" || "x${ELASTICSEARCH_IP}" = "x" || "x${ELASTICSEARCH_PORT}" = "x" ]]; then
  el_url="http://elasticsearch:9200"
 else
  el_url="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_IP}:${ELASTICSEARCH_PORT}"
 fi
 echo "TEMPLATES - Elasticsearch url: $el_url"
 ##############################################################################
 # If Elasticsearch security is enabled get the elastic user password.
 ##############################################################################
 ELASTIC_PASS=""
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  ELASTIC_PASS=${SECURITY_ELASTIC_PASSWORD}
 else
  input=${SECURITY_CREDENTIALS_FILE}
  while IFS= read -r line
  do
    if [[ $line == *"ELASTIC_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      ELASTIC_PASS=${arrIN[1]}
    fi
  done < "$input"
 fi
 ##############################################################################
 # If Elasticsearch security is enabled get the users credentials.
 ##############################################################################
 # The user must get the credentials of the users.
 # TO DO. 
 ##############################################################################
 # Set authentication for curl if Elasticsearch security is enabled.
 ##############################################################################
 if [ ${SECURITY_ENABLED} != "no" ]; then
  auth="-uelastic:${ELASTIC_PASS} -k"
  echo "TEMPLATES - authentication for curl established."
 elif [[ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
  auth=""
  echo "TEMPLATES - authentication for curl not established."
 else
  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
  echo "TEMPLATES - authentication for curl established."
 fi
 ##############################################################################
 # Wait until Elasticsearch is active. 
 ##############################################################################
 until curl ${auth} -XGET $el_url; do
  >&2 echo "TEMPLATES - Elastic is unavailable - sleeping"
  sleep 5
 done
 >&2 echo "TEMPLATES - Elastic is up - executing command"
 ##############################################################################
 # Add wazuh-alerts templates.
 ##############################################################################
 echo "TEMPLATES - Loading default wazuh-alerts template."
 cat /usr/share/elasticsearch/config/wazuh-template.json | curl -XPUT "$el_url/_template/wazuh" ${auth} -H 'Content-Type: application/json' -d @-
--- a/elasticsearch/config/35-load_settings_users_management.sh
+++ b/elasticsearch/config/35-load_settings_users_management.sh
@@ -1,100 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 set -e
 ##############################################################################
 # Set Elasticsearch API url
 ##############################################################################
 if [[ "x${ELASTICSEARCH_PROTOCOL}" = "x" || "x${ELASTICSEARCH_IP}" = "x" || "x${ELASTICSEARCH_PORT}" = "x" ]]; then
  el_url="http://elasticsearch:9200"
 else
  el_url="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_IP}:${ELASTICSEARCH_PORT}"
 fi
 echo "USERS - Elasticsearch url: $el_url"
 ##############################################################################
 # If Elasticsearch security is enabled get the elastic user password.
 ##############################################################################
 ELASTIC_PASS=""
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  ELASTIC_PASS=${SECURITY_ELASTIC_PASSWORD}
 else
  input=${SECURITY_CREDENTIALS_FILE}
  while IFS= read -r line
  do
    if [[ $line == *"ELASTIC_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      ELASTIC_PASS=${arrIN[1]}
    fi
  done < "$input"
 fi
 ##############################################################################
 # If Elasticsearch security is enabled get the users credentials.
 ##############################################################################
 # The user must get the credentials of the users.
 # TO DO. 
 ##############################################################################
 # Set authentication for curl if Elasticsearch security is enabled.
 ##############################################################################
 if [ ${SECURITY_ENABLED} != "no" ]; then
  auth="-uelastic:${ELASTIC_PASS} -k"
  echo "USERS - authentication for curl established."
 elif [[ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
  auth=""
  echo "USERS - authentication for curl not established."
 else
  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
  echo "USERS - authentication for curl established."
 fi
 ##############################################################################
 # Wait until Elasticsearch is active. 
 ##############################################################################
 until curl ${auth} -XGET $el_url; do
  >&2 echo "USERS - Elastic is unavailable - sleeping"
  sleep 5
 done
 >&2 echo "USERS - Elastic is up - executing command"
 ##############################################################################
 # Setup passwords for Elastic Stack users.
 ##############################################################################
 # The user must add the credentials of the users.
 # TO DO.
 # Example 
 # echo "USERS - Add custom_user password and role:"
 # curl ${auth} -k -XPOST -H 'Content-Type: application/json' 'https://localhost:9200/_xpack/security/role/custom_user_role ' -d '
 # { "indices": [ { "names": [ ".kibana*" ],  "privileges": ["read"] }, { "names": [ "wazuh-monitoring*"],  "privileges": ["all"] }] }'
 # curl ${auth} -k -XPOST -H 'Content-Type: application/json' 'https://localhost:9200/_xpack/security/user/custom_user'  -d '
 # { "password":"'$CUSTOM_USER_PASSWORD'", "roles" : [ "kibana_system", "custom_user_role"],  "full_name" : "Custom User" }'
 ##############################################################################
 # Remove credentials file.
 ##############################################################################
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  echo "USERS - Security credentials file not used. Nothing to do."
 else
  shred -zvu ${SECURITY_CREDENTIALS_FILE}
  echo "USERS - Security credentials file removed."
 fi
--- a/elasticsearch/config/TEST_openssl.cnf
+++ b/elasticsearch/config/TEST_openssl.cnf
@@ -1,132 +0,0 @@
 # OpenSSL intermediate CA configuration file.
 # Copy to `/root/ca/intermediate/openssl.cnf`.
 [ ca ]
 # `man ca`
 default_ca = CA_default
 [ CA_default ]
 # Directory and file locations.
 dir               = /root/ca/intermediate
 certs             = $dir/certs
 crl_dir           = $dir/crl
 new_certs_dir     = $dir/newcerts
 database          = $dir/index.txt
 serial            = $dir/serial
 RANDFILE          = $dir/private/.rand
 # The root key and root certificate.
 private_key       = $dir/private/intermediate.key.pem
 certificate       = $dir/certs/intermediate.cert.pem
 # For certificate revocation lists.
 crlnumber         = $dir/crlnumber
 crl               = $dir/crl/intermediate.crl.pem
 crl_extensions    = crl_ext
 default_crl_days  = 30
 # SHA-1 is deprecated, so use SHA-2 instead.
 default_md        = sha256
 name_opt          = ca_default
 cert_opt          = ca_default
 default_days      = 375
 preserve          = no
 policy            = policy_loose
 [ policy_strict ]
 # The root CA should only sign intermediate certificates that match.
 # See the POLICY FORMAT section of `man ca`.
 countryName             = match
 stateOrProvinceName     = match
 organizationName        = match
 organizationalUnitName  = optional
 commonName              = supplied
 emailAddress            = optional
 [ policy_loose ]
 # Allow the intermediate CA to sign a more diverse range of certificates.
 # See the POLICY FORMAT section of the `ca` man page.
 countryName             = optional
 stateOrProvinceName     = optional
 localityName            = optional
 organizationName        = optional
 organizationalUnitName  = optional
 commonName              = supplied
 emailAddress            = optional
 [ req ]
 # Options for the `req` tool (`man req`).
 default_bits        = 2048
 distinguished_name  = req_distinguished_name
 string_mask         = utf8only
 # SHA-1 is deprecated, so use SHA-2 instead.
 default_md          = sha256
 # Extension to add when the -x509 option is used.
 x509_extensions     = v3_ca
 [ req_distinguished_name ]
 # See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
 countryName                     = Country Name (2 letter code)
 stateOrProvinceName             = State or Province Name
 localityName                    = Locality Name
 0.organizationName              = Organization Name
 organizationalUnitName          = Organizational Unit Name
 commonName                      = Common Name
 emailAddress                    = Email Address
 # Optionally, specify some defaults.
 countryName_default             = GB
 stateOrProvinceName_default     = England
 localityName_default            =
 0.organizationName_default      = Alice Ltd
 organizationalUnitName_default  =
 emailAddress_default            =
 [ v3_ca ]
 # Extensions for a typical CA (`man x509v3_config`).
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always,issuer
 basicConstraints = critical, CA:true
 keyUsage = critical, digitalSignature, cRLSign, keyCertSign
 [ v3_intermediate_ca ]
 # Extensions for a typical intermediate CA (`man x509v3_config`).
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always,issuer
 basicConstraints = critical, CA:true, pathlen:0
 keyUsage = critical, digitalSignature, cRLSign, keyCertSign
 [ usr_cert ]
 # Extensions for client certificates (`man x509v3_config`).
 basicConstraints = CA:FALSE
 nsCertType = client, email
 nsComment = "OpenSSL Generated Client Certificate"
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid,issuer
 keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
 extendedKeyUsage = clientAuth, emailProtection
 [ server_cert ]
 # Extensions for server certificates (`man x509v3_config`).
 basicConstraints = CA:FALSE
 nsCertType = server
 nsComment = "OpenSSL Generated Server Certificate"
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid,issuer:always
 keyUsage = critical, digitalSignature, keyEncipherment
 extendedKeyUsage = serverAuth
 [ crl_ext ]
 # Extension for CRLs (`man x509v3_config`).
 authorityKeyIdentifier=keyid:always
 [ ocsp ]
 # Extension for OCSP signing certificates (`man ocsp`).
 basicConstraints = CA:FALSE
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid,issuer
 keyUsage = critical, digitalSignature
 extendedKeyUsage = critical, OCSPSigning
--- a/elasticsearch/config/entrypoint.sh
+++ b/elasticsearch/config/entrypoint.sh
@@ -1,8 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 # It will run every .sh script located in entrypoint-scripts folder in lexicographical order
 for script in `ls /entrypoint-scripts/*.sh | sort -n`; do
  bash "$script"
 done
--- a/kibana/Dockerfile
+++ b/kibana/Dockerfile
@@ -1,101 +0,0 @@
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 FROM docker.elastic.co/kibana/kibana:7.3.2
 ARG ELASTIC_VERSION=7.3.2
 ARG WAZUH_VERSION=3.10.2
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
 USER root
 # App: 3.10.2 - 7.3.2 with this fix: https://github.com/wazuh/wazuh-kibana-app/issues/1815
 #ADD  https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip /tmp
 COPY config/wazuhapp-${WAZUH_APP_VERSION}.zip /tmp
 USER kibana
 RUN /usr/share/kibana/bin/kibana-plugin install  --allow-root file:///tmp/wazuhapp-${WAZUH_APP_VERSION}.zip 
 USER root
 RUN rm -rf /tmp/wazuhapp-${WAZUH_APP_VERSION}.zip
 COPY config/entrypoint.sh ./entrypoint.sh
 RUN chmod 755 ./entrypoint.sh
 RUN mkdir /entrypoint-scripts
 USER kibana
 ENV CONFIGURATION_FROM_FILE="false"
 ENV PATTERN="" \
    CHECKS_PATTERN="" \
    CHECKS_TEMPLATE="" \
    CHECKS_API="" \
    CHECKS_SETUP="" \
    EXTENSIONS_PCI="" \
    EXTENSIONS_GDPR="" \
    EXTENSIONS_AUDIT="" \
    EXTENSIONS_OSCAP="" \
    EXTENSIONS_CISCAT="" \
    EXTENSIONS_AWS="" \
    EXTENSIONS_VIRUSTOTAL="" \
    EXTENSIONS_OSQUERY="" \
    APP_TIMEOUT="" \
    WAZUH_SHARDS="" \
    WAZUH_REPLICAS="" \
    WAZUH_VERSION_SHARDS="" \
    WAZUH_VERSION_REPLICAS="" \
    IP_SELECTOR="" \
    IP_IGNORE="" \
    XPACK_RBAC_ENABLED="" \
    WAZUH_MONITORING_ENABLED="" \
    WAZUH_MONITORING_FREQUENCY="" \
    WAZUH_MONITORING_SHARDS="" \
    WAZUH_MONITORING_REPLICAS="" \
    ADMIN_PRIVILEGES=""
 ARG XPACK_CANVAS="false"
 ARG XPACK_LOGS="false"
 ARG XPACK_INFRA="false"
 ARG XPACK_ML="false"
 ARG XPACK_DEVTOOLS="false"
 ARG XPACK_MONITORING="false"
 ARG XPACK_APM="false"
 ARG XPACK_MAPS="false"
 ARG XPACK_UPTIME="false"
 ARG XPACK_SIEM="false"
 ARG CHANGE_WELCOME="true"
 COPY --chown=kibana:kibana ./config/10-wazuh_app_config.sh /entrypoint-scripts/10-wazuh_app_config.sh
 COPY --chown=kibana:kibana ./config/12-custom_logos.sh /entrypoint-scripts/12-custom_logos.sh
 COPY --chown=kibana:kibana ./config/15-decrypt_credentials.sh /entrypoint-scripts/15-decrypt_credentials.sh
 COPY --chown=kibana:kibana ./config/20-entrypoint.sh /entrypoint-scripts/20-entrypoint.sh
 COPY --chown=kibana:kibana ./config/20-entrypoint_kibana_settings.sh ./
 COPY --chown=kibana:kibana ./config/20-entrypoint_certs_management.sh ./
 RUN chmod +x /entrypoint-scripts/10-wazuh_app_config.sh && \
    chmod +x /entrypoint-scripts/12-custom_logos.sh && \
    chmod +x /entrypoint-scripts/15-decrypt_credentials.sh && \
    chmod +x /entrypoint-scripts/20-entrypoint.sh && \
    chmod +x ./20-entrypoint_kibana_settings.sh && \
    chmod +x ./20-entrypoint_certs_management.sh
 COPY --chown=kibana:kibana ./config/xpack_config.sh ./
 RUN chmod +x ./xpack_config.sh
 RUN ./xpack_config.sh
 COPY --chown=kibana:kibana ./config/welcome_wazuh.sh ./
 RUN chmod +x ./welcome_wazuh.sh
 RUN ./welcome_wazuh.sh
 RUN /usr/local/bin/kibana-docker --optimize
 USER root
 RUN chmod 660 /usr/share/kibana/plugins/wazuh/config.yml && \
    chmod 775 /usr/share/kibana/plugins/wazuh && \
    chown root:kibana /usr/share/kibana/plugins/wazuh/config.yml && \
    chown root:kibana /usr/share/kibana/plugins/wazuh
 USER kibana
 ENTRYPOINT ./entrypoint.sh
--- a/kibana/config/10-wazuh_app_config.sh
+++ b/kibana/config/10-wazuh_app_config.sh
@@ -1,40 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 kibana_config_file="/usr/share/kibana/plugins/wazuh/config.yml"
 declare -A CONFIG_MAP=(
  [pattern]=$PATTERN
  [checks.pattern]=$CHECKS_PATTERN
  [checks.template]=$CHECKS_TEMPLATE
  [checks.api]=$CHECKS_API
  [checks.setup]=$CHECKS_SETUP
  [extensions.pci]=$EXTENSIONS_PCI
  [extensions.gdpr]=$EXTENSIONS_GDPR
  [extensions.audit]=$EXTENSIONS_AUDIT
  [extensions.oscap]=$EXTENSIONS_OSCAP
  [extensions.ciscat]=$EXTENSIONS_CISCAT
  [extensions.aws]=$EXTENSIONS_AWS
  [extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL
  [extensions.osquery]=$EXTENSIONS_OSQUERY
  [timeout]=$APP_TIMEOUT
  [wazuh.shards]=$WAZUH_SHARDS
  [wazuh.replicas]=$WAZUH_REPLICAS
  [wazuh-version.shards]=$WAZUH_VERSION_SHARDS
  [wazuh-version.replicas]=$WAZUH_VERSION_REPLICAS
  [ip.selector]=$IP_SELECTOR
  [ip.ignore]=$IP_IGNORE
  [xpack.rbac.enabled]=$XPACK_RBAC_ENABLED
  [wazuh.monitoring.enabled]=$WAZUH_MONITORING_ENABLED
  [wazuh.monitoring.frequency]=$WAZUH_MONITORING_FREQUENCY
  [wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS
  [wazuh.monitoring.replicas]=$WAZUH_MONITORING_REPLICAS
  [admin]=$ADMIN_PRIVILEGES
 )
 for i in "${!CONFIG_MAP[@]}"
 do
    if [ "${CONFIG_MAP[$i]}" != "" ]; then
        sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file
    fi
 done
--- a/kibana/config/12-custom_logos.sh
+++ b/kibana/config/12-custom_logos.sh
@@ -1,14 +0,0 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 ##############################################################################
 # Kibana logos
 ##############################################################################
 if [[ $CUSTOM_LOGO == "true" ]]; then
    echo "CUSTOM LOGO - Change Kibana logos."
    # TO DO
 fi
--- a/kibana/config/15-decrypt_credentials.sh
+++ b/kibana/config/15-decrypt_credentials.sh
@@ -1,15 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 ##############################################################################
 # Decrypt credentials.
 # If the credentials of the users to be created are encrypted,
 # they must be decrypted for later use. 
 ##############################################################################
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
    echo "Security credentials file not used. Nothing to do."
 else
    echo "TO DO"
 fi
 # TO DO
--- a/kibana/config/20-entrypoint.sh
+++ b/kibana/config/20-entrypoint.sh
@@ -1,126 +0,0 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 set -e
 ##############################################################################
 # Set Elasticsearch API url.
 ##############################################################################
 if [ "x${ELASTICSEARCH_URL}" = "x" ]; then
  el_url="http://elasticsearch:9200"
 else
  el_url="${ELASTICSEARCH_URL}"
 fi
 echo "ENTRYPOINT - Set Elasticsearc url:${ELASTICSEARCH_URL}"
 ##############################################################################
 # If there are credentials for Kibana they are obtained. 
 ##############################################################################
 KIBANA_USER=""
 KIBANA_PASS=""
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  KIBANA_USER=${SECURITY_KIBANA_USER}
  KIBANA_PASS=${SECURITY_KIBANA_PASS}
 else
  input=${SECURITY_CREDENTIALS_FILE}
  while IFS= read -r line
  do
    if [[ $line == *"KIBANA_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      KIBANA_PASS=${arrIN[1]}
    elif [[ $line == *"KIBANA_USER"* ]]; then
      arrIN=(${line//:/ })
      KIBANA_USER=${arrIN[1]}
    fi
  done < "$input"
 fi
 echo "ENTRYPOINT - Kibana credentials obtained."
 ##############################################################################
 # Establish the way to run the curl command, with or without authentication. 
 ##############################################################################
 if [ ${SECURITY_ENABLED} != "no" ]; then
  auth="-u ${KIBANA_USER}:${KIBANA_PASS} -k"
 elif [ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]; then
  auth=""
 else
  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
 fi
 echo "ENTRYPOINT - Kibana authentication established."
 ##############################################################################
 # Waiting for elasticsearch.
 ##############################################################################
 until curl -XGET $el_url ${auth}; do
  >&2 echo "ENTRYPOINT - Elastic is unavailable: sleeping"
  sleep 5
 done
 sleep 2
 >&2 echo "ENTRYPOINT - Elasticsearch is up."
 ##############################################################################
 # Waiting for wazuh alerts template.
 ##############################################################################
 strlen=0
 while [[ $strlen -eq 0 ]]
 do
  template=$(curl $auth $el_url/_cat/templates/wazuh -s)
  strlen=${#template}
  >&2 echo "ENTRYPOINT - Wazuh alerts template not loaded - sleeping."
  sleep 2
 done
 sleep 2
 >&2 echo "ENTRYPOINT - Wazuh alerts template is loaded."
 ##############################################################################
 # Create keystore if security is enabled.
 ##############################################################################
 if [[ $SECURITY_ENABLED == "yes" ]]; then
  echo "ENTRYPOINT - Create Keystore."
  /usr/share/kibana/bin/kibana-keystore create
  # Add keys to keystore
  echo -e "$KIBANA_PASS" | /usr/share/kibana/bin/kibana-keystore add elasticsearch.password --stdin
  echo -e "$KIBANA_USER" | /usr/share/kibana/bin/kibana-keystore add elasticsearch.username --stdin
  echo "ENTRYPOINT - Keystore created."
 fi
 ##############################################################################
 # If security is enabled set Kibana configuration.
 # Create the ssl certificate.
 ##############################################################################
 if [[ $SECURITY_ENABLED == "yes" ]]; then
  bash /usr/share/kibana/20-entrypoint_certs_management.sh
 fi
 ##############################################################################
 # Run kibana_settings.sh script.
 ##############################################################################
 bash /usr/share/kibana/20-entrypoint_kibana_settings.sh &
 /usr/local/bin/kibana-docker
--- a/kibana/config/20-entrypoint_certs_management.sh
+++ b/kibana/config/20-entrypoint_certs_management.sh
@@ -1,14 +0,0 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 ##############################################################################
 # Kibana certs and keystore management 
 ##############################################################################
 if [[ $SECURITY_ENABLED == "yes" ]]; then
    echo "CERTS_MANAGEMENT - Create certificates. TO DO."
    # TO DO
 fi
--- a/kibana/config/20-entrypoint_kibana_settings.sh
+++ b/kibana/config/20-entrypoint_kibana_settings.sh
@@ -1,183 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 WAZUH_MAJOR=3
 ##############################################################################
 # Wait for the Kibana API to start. It is necessary to do it in this container
 # because the others are running Elastic Stack and we can not interrupt them.
 #
 # The following actions are performed:
 #
 # Add the wazuh alerts index as default.
 # Set the Discover time interval to 24 hours instead of 15 minutes.
 # Do not ask user to help providing usage statistics to Elastic.
 ##############################################################################
 ##############################################################################
 # Customize elasticsearch ip
 ##############################################################################
 if [[ "$ELASTICSEARCH_KIBANA_IP" != "" && "$CONFIGURATION_FROM_FILE" == "false" ]]; then
  sed -i "s:#elasticsearch.hosts:elasticsearch.hosts:g" /usr/share/kibana/config/kibana.yml
  sed -i 's|http://elasticsearch:9200|'$ELASTICSEARCH_KIBANA_IP'|g' /usr/share/kibana/config/kibana.yml
 fi
 echo "SETTINGS - Update Elasticsearch host."
 # If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate.
 if [[ "$KIBANA_INDEX" != "" && "$CONFIGURATION_FROM_FILE" == "false" ]]; then
  if grep -q 'kibana.index' /usr/share/kibana/config/kibana.yml; then
    sed -i '/kibana.index/d' /usr/share/kibana/config/kibana.yml
  fi
    echo "kibana.index: $KIBANA_INDEX" >> /usr/share/kibana/config/kibana.yml
 fi
 # If XPACK_SECURITY_ENABLED was set, then change the xpack.security.enabled option from true (default) to false.
 if [[ "$XPACK_SECURITY_ENABLED" != "" && "$CONFIGURATION_FROM_FILE" == "false" ]]; then
  if grep -q 'xpack.security.enabled' /usr/share/kibana/config/kibana.yml; then
    sed -i '/xpack.security.enabled/d' /usr/share/kibana/config/kibana.yml
  fi
    echo "xpack.security.enabled: $XPACK_SECURITY_ENABLED" >> /usr/share/kibana/config/kibana.yml
 fi
 ##############################################################################
 # Get Kibana credentials
 ##############################################################################
 if [ "$KIBANA_IP" != "" ]; then
  kibana_ip="$KIBANA_IP"
 else
  kibana_ip="kibana"
 fi
 KIBANA_USER=""
 KIBANA_PASS=""
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  KIBANA_USER=${SECURITY_KIBANA_USER}
  KIBANA_PASS=${SECURITY_KIBANA_PASS}
 else
  input=${SECURITY_CREDENTIALS_FILE}
  while IFS= read -r line
  do
    if [[ $line == *"KIBANA_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      KIBANA_PASS=${arrIN[1]}
    elif [[ $line == *"KIBANA_USER"* ]]; then
      arrIN=(${line//:/ })
      KIBANA_USER=${arrIN[1]}
    fi
  done < "$input"
 fi
 echo "SETTINGS - Kibana credentials obtained."
 ##############################################################################
 # Set url authentication.
 ##############################################################################
 if [ ${SECURITY_ENABLED} != "no" ]; then
  auth="-k -u $KIBANA_USER:${KIBANA_PASS}"
  kibana_secure_ip="https://$kibana_ip"
 else
  auth=""
  kibana_secure_ip="http://$kibana_ip"
 fi
 echo "SETTINGS - Kibana authentication established."
 ##############################################################################
 # Waiting for Kibana.
 ##############################################################################
 while [[ "$(curl $auth -XGET -I  -s -o /dev/null -w ''%{http_code}'' $kibana_secure_ip:5601/status)" != "200" ]]; do
  echo "SETTINGS - Waiting for Kibana API. Sleeping 5 seconds"
  sleep 5
 done
 echo "SETTINGS - Kibana API is running"
 ##############################################################################
 # Prepare index selection.
 ##############################################################################
 echo "SETTINGS - Prepare index selection."
 default_index="/tmp/default_index.json"
 if [[ $PATTERN == "" ]]; then
  cat > ${default_index} << EOF
 {
  "changes": {
    "defaultIndex": "wazuh-alerts-${WAZUH_MAJOR}.x-*"
  }
 }
 EOF
 else
  cat > ${default_index} << EOF
 {
  "changes": {
    "defaultIndex": "$PATTERN"
  }
 }
 EOF
 fi
 sleep 5
 ##############################################################################
 # Add the wazuh alerts index as default.
 ##############################################################################
 echo "SETTINGS - Add the wazuh alerts index as default."
 curl $auth -POST "$kibana_secure_ip:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d@${default_index}
 rm -f ${default_index}
 sleep 5
 ##############################################################################
 # Configuring Kibana TimePicker.
 ##############################################################################
 echo "SETTINGS - Configuring Kibana TimePicker."
 curl $auth -POST "$kibana_secure_ip:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
 '{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-24h\",\n  \"to\": \"now\",\n  \"mode\": \"quick\"}"}}'
 sleep 5
 ##############################################################################
 # Do not ask user to help providing usage statistics to Elastic.
 ##############################################################################
 echo "SETTINGS - Do not ask user to help providing usage statistics to Elastic."
 curl $auth -POST "$kibana_secure_ip:5601/api/telemetry/v2/optIn" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d '{"enabled":false}'
 ##############################################################################
 # Remove credentials file.
 ##############################################################################
 echo "SETTINGS - Remove credentials file."
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  echo "Security credentials file not used. Nothing to do."
 else
  shred -zvu ${SECURITY_CREDENTIALS_FILE}
 fi
 echo "End settings"
--- a/kibana/config/entrypoint.sh
+++ b/kibana/config/entrypoint.sh
@@ -1,8 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 # It will run every .sh script located in entrypoint-scripts folder in lexicographical order
 for script in `ls /entrypoint-scripts/*.sh | sort -n`; do
  bash "$script"
 done
--- a/kibana/config/wazuhapp-3.10.2_7.3.2.zip.REMOVED.git-id
+++ b/kibana/config/wazuhapp-3.10.2_7.3.2.zip.REMOVED.git-id
@@ -1 +0,0 @@
 1bda3f0db629fab2a64f859fe0769afc8a359fc7
--- a/kibana/config/welcome_wazuh.sh
+++ b/kibana/config/welcome_wazuh.sh
@@ -1,30 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 if [[ $CHANGE_WELCOME == "true" ]]
 then
    rm -rf ./optimize/bundles
    kibana_path="/usr/share/kibana"
    # Set Wazuh app as the default landing page
    echo "Set Wazuh app as the default landing page"
    echo "server.defaultRoute: /app/wazuh" >> $kibana_path/config/kibana.yml
    # Redirect Kibana welcome screen to Discover
    echo "Redirect Kibana welcome screen to Discover"
    sed -i "s:'/app/kibana#/home':'/app/wazuh':g" $kibana_path/src/core/public/chrome/chrome_service.js
    # Hide management undesired links
    echo "Hide management undesired links"
    sed -i 's#visible: true#visible: false#g' $kibana_path/x-pack/legacy/plugins/rollup/public/crud_app/index.js
    sed -i 's#visible: true#visible: false#g' $kibana_path/x-pack/legacy/plugins/license_management/public/management_section.js
    sed -i 's#visible: true#visible: false#g' $kibana_path/x-pack/legacy/plugins/index_lifecycle_management/public/register_management_section.js
    sed -i 's#visible: true#visible: false#g' $kibana_path/x-pack/legacy/plugins/cross_cluster_replication/public/register_routes.js
    sed -i 's#visible: true#visible: false#g' $kibana_path/x-pack/legacy/plugins/remote_clusters/public/index.js
    sed -i 's#visible: true#visible: false#g' $kibana_path/x-pack/legacy/plugins/upgrade_assistant/public/index.js
    sed -i 's#visible: true#visible: false#g' $kibana_path/x-pack/legacy/plugins/snapshot_restore/public/plugin.js
    sed -i 's#visible: true#visible: false#g' $kibana_path/x-pack/legacy/plugins/remote_clusters/public/plugin.js
    sed -i 's#visible: true#visible: false#g' $kibana_path/x-pack/legacy/plugins/index_management/public/register_management_section.js
 fi
--- a/kibana/config/xpack_config.sh
+++ b/kibana/config/xpack_config.sh
@@ -1,43 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 kibana_config_file="/usr/share/kibana/config/kibana.yml"
 if grep -Fq  "#xpack features" "$kibana_config_file";
 then 
  declare -A CONFIG_MAP=(
    [xpack.apm.ui.enabled]=$XPACK_APM
    [xpack.grokdebugger.enabled]=$XPACK_DEVTOOLS
    [xpack.searchprofiler.enabled]=$XPACK_DEVTOOLS
    [xpack.ml.enabled]=$XPACK_ML
    [xpack.canvas.enabled]=$XPACK_CANVAS
    [xpack.logstash.enabled]=$XPACK_LOGS
    [xpack.infra.enabled]=$XPACK_INFRA
    [xpack.monitoring.enabled]=$XPACK_MONITORING
    [xpack.maps.enabled]=$XPACK_MAPS
    [xpack.uptime.enabled]=$XPACK_UPTIME
    [xpack.siem.enabled]=$XPACK_SIEM
    [console.enabled]=$XPACK_DEVTOOLS
  )
  for i in "${!CONFIG_MAP[@]}"
  do
    if [ "${CONFIG_MAP[$i]}" != "" ]; then
      sed -i 's/.'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file
    fi
  done
 else
  echo "
 #xpack features
 xpack.apm.ui.enabled: $XPACK_APM 
 xpack.grokdebugger.enabled: $XPACK_DEVTOOLS
 xpack.searchprofiler.enabled: $XPACK_DEVTOOLS
 xpack.ml.enabled: $XPACK_ML
 xpack.canvas.enabled: $XPACK_CANVAS
 xpack.logstash.enabled: $XPACK_LOGS
 xpack.infra.enabled: $XPACK_INFRA
 xpack.monitoring.enabled: $XPACK_MONITORING
 xpack.maps.enabled: $XPACK_MAPS
 xpack.uptime.enabled: $XPACK_UPTIME
 xpack.siem.enabled: $XPACK_SIEM
 console.enabled: $XPACK_DEVTOOLS
 " >> $kibana_config_file
 fi
--- a/logstash/Dockerfile
+++ b/logstash/Dockerfile
@@ -1,46 +0,0 @@
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 ARG LOGSTASH_VERSION=7.3.2
 FROM docker.elastic.co/logstash/logstash:${LOGSTASH_VERSION}
 COPY --chown=logstash:logstash config/entrypoint.sh /entrypoint.sh
 RUN chmod 755 /entrypoint.sh
 RUN rm -f /usr/share/logstash/pipeline/logstash.conf
 ENV PIPELINE_FROM_FILE="false"
 COPY config/01-wazuh.conf /usr/share/logstash/pipeline/01-wazuh.conf
 # This CA is created for testing. Please set your own CA pem signed certificate. 
 # command: $ docker build <logstash_directory> --build-arg SECURITY_CA_PEM_LOCATION=<CA_PEM_LOCATION> --build-arg SECURITY_CA_PEM_ARG=<CA_PEM_NAME>
 # ENV variables are necessary: SECURITY_CA_PEM 
 # Sample:
 # ARG SECURITY_CA_PEM_LOCATION="config/server.TEST-CA-signed.pem"
 # ARG SECURITY_CA_PEM_ARG="server.TEST-CA-signed.pem"
 ARG SECURITY_CA_PEM_LOCATION=""
 ARG SECURITY_CA_PEM_ARG=""
 # CA for secure communication with Elastic
 ADD $SECURITY_CA_PEM_LOCATION /usr/share/logstash/config
 # Set permissions for CA
 USER root
 RUN if [[ "x$SECURITY_CA_PEM_LOCATION" == x ]] ; then echo Nothing to do ; else chown logstash: /usr/share/logstash/config/$SECURITY_CA_PEM_ARG ; fi
 RUN if [[ "x$SECURITY_CA_PEM_LOCATION" == x ]] ; then echo Nothing to do ; else chmod 400 /usr/share/logstash/config/$SECURITY_CA_PEM_ARG ; fi
 # Add entrypoint scripts
 RUN mkdir /entrypoint-scripts
 RUN chmod -R 774 /entrypoint-scripts
 RUN chown -R logstash:logstash /entrypoint-scripts
 COPY --chown=logstash:logstash ./config/05-decrypt_credentials.sh /entrypoint-scripts/05-decrypt_credentials.sh
 COPY --chown=logstash:logstash ./config/10-entrypoint.sh /entrypoint-scripts/10-entrypoint.sh
 COPY --chown=logstash:logstash ./config/10-entrypoint_configuration.sh ./config/10-entrypoint_configuration.sh
 RUN chmod +x /entrypoint-scripts/05-decrypt_credentials.sh && \
    chmod +x /entrypoint-scripts/10-entrypoint.sh && \
    chmod +x ./config/10-entrypoint_configuration.sh
 USER logstash
 ENTRYPOINT /entrypoint.sh
--- a/logstash/config/01-wazuh.conf
+++ b/logstash/config/01-wazuh.conf
@@ -1,64 +0,0 @@
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 # Wazuh - Logstash configuration file
 ## Remote Wazuh Manager - Filebeat input
 input {
    beats {
        port => 5000
 #       ssl => true
 #       ssl_certificate => "/etc/logstash/logstash.crt"
 #       ssl_key => "/etc/logstash/logstash.key"
    }
 }
 filter {
    json {
      source => "message"
    }
 }
 filter {
    if [data][srcip] {
        mutate {
            add_field => [ "@src_ip", "%{[data][srcip]}" ]
        }
    }
    if [data][aws][sourceIPAddress] {
        mutate {
            add_field => [ "@src_ip", "%{[data][aws][sourceIPAddress]}" ]
        }
    }
 }
 filter {
    geoip {
        source => "@src_ip"
        target => "GeoLocation"
        fields => ["city_name", "country_name", "region_name", "location"]
    }
    date {
        match => ["timestamp", "ISO8601"]
        target => "@timestamp"
    }
    mutate {
        remove_field => [ "beat", "input_type", "tags", "count", "@version", "log", "offset", "type", "@src_ip", "host"]
    }
 }
 filter {
    # Workarounds for vulnerability-detector
    if "vulnerability-detector" in [rule][groups] {
        # Drop vulnerability-detector events from Manager
        if [agent][id] == "000"{
            drop { }
        }
        # if exists, remove data.vulnerability.published field due to conflicts
        if [data][vulnerability][published] {
            mutate {
                remove_field => [ "[data][vulnerability][published]" ]
            }
        }
    }
 }
 output {
    elasticsearch {
        hosts => ["elasticsearch:9200"]
        index => "wazuh-alerts-3.x-%{+YYYY.MM.dd}"
    }
 }
--- a/logstash/config/05-decrypt_credentials.sh
+++ b/logstash/config/05-decrypt_credentials.sh
@@ -1,15 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 ##############################################################################
 # Decrypt credentials.
 # If the credentials of the users to be created are encrypted,
 # they must be decrypted for later use. 
 ##############################################################################
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
    echo "Security credentials file not used. Nothing to do."
 else
    echo "TO DO"
 fi
 # TO DO
--- a/logstash/config/10-entrypoint.sh
+++ b/logstash/config/10-entrypoint.sh
@@ -1,163 +0,0 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 #
 # OSSEC container bootstrap. See the README for information of the environment
 # variables expected by this script.
 #
 set -e
 ##############################################################################
 # Set elasticsearch url.
 ##############################################################################
 if [ "x${ELASTICSEARCH_URL}" = "x" ]; then
  el_url="http://elasticsearch:9200"
 else
  el_url="${ELASTICSEARCH_URL}"
 fi
 echo "ENTRYPOINT - Elasticsearch url: $el_url"
 ##############################################################################
 # Get Logstash credentials.
 ##############################################################################
 LOGSTASH_USER=""
 LOGSTASH_PASS=""
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  LOGSTASH_USER=${SECURITY_LOGSTASH_USER}
  LOGSTASH_PASS=${SECURITY_LOGSTASH_PASS}
 else
  input=${SECURITY_CREDENTIALS_FILE}
  while IFS= read -r line
  do
    if [[ $line == *"LOGSTASH_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      LOGSTASH_PASS=${arrIN[1]}
    elif [[ $line == *"LOGSTASH_USER"* ]]; then
      arrIN=(${line//:/ })
      LOGSTASH_USER=${arrIN[1]}
    fi
  done < "$input"
 fi
 echo "ENTRYPOINT - Logstash credentials obtained."
 ##############################################################################
 # Set authentication for curl command. 
 ##############################################################################
 if [ ${SECURITY_ENABLED} != "no" ]; then
  auth="-u ${LOGSTASH_USER}:${LOGSTASH_PASS} -k"
 elif [ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]; then
  auth=""
 else
  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
 fi
 echo "ENTRYPOINT - curl authentication established"
 ##############################################################################
 # Customize logstash output ip.
 ##############################################################################
 if [ "$LOGSTASH_OUTPUT" != "" ]; then
  >&2 echo "ENTRYPOINT - Customize Logstash ouput ip."
  sed -i 's|http://elasticsearch:9200|'$LOGSTASH_OUTPUT'|g' /usr/share/logstash/config/logstash.yml
  if [[ "$PIPELINE_FROM_FILE" == "false" ]]; then
    sed -i 's|elasticsearch:9200|'$LOGSTASH_OUTPUT'|g' /usr/share/logstash/pipeline/01-wazuh.conf
  fi
 fi
 ##############################################################################
 # Waiting for elasticsearch.
 ##############################################################################
 until curl $auth -XGET $el_url; do
  >&2 echo "ENTRYPOINT - Elastic is unavailable - sleeping."
  sleep 5
 done
 sleep 2
 >&2 echo "ENTRYPOINT - Elasticsearch is up."
 ##############################################################################
 # Create keystore if security is enabled.
 ##############################################################################
 if [[ $SECURITY_ENABLED == "yes" ]]; then
  echo "ENTRYPOINT - Create Keystore."
  ## Create secure keystore
  SECURITY_RANDOM_PASS=`date +%s | sha256sum | base64 | head -c 32 ; echo`
  export LOGSTASH_KEYSTORE_PASS=$SECURITY_RANDOM_PASS
  /usr/share/logstash/bin/logstash-keystore --path.settings /usr/share/logstash/config create
  ## Settings for logstash.yml
  bash /usr/share/logstash/config/10-entrypoint_configuration.sh 
  ## Add keys to the keystore
  echo -e "$LOGSTASH_USER" | /usr/share/logstash/bin/logstash-keystore --path.settings /usr/share/logstash/config add LOGSTASH_KS_USER
  echo -e "$LOGSTASH_PASS" | /usr/share/logstash/bin/logstash-keystore --path.settings /usr/share/logstash/config add LOGSTASH_KS_PASS
 fi
 ##############################################################################
 # Waiting for wazuh alerts template
 ##############################################################################
 strlen=0
 while [[ $strlen -eq 0 ]]
 do
  template=$(curl $auth $el_url/_cat/templates/wazuh -s)
  strlen=${#template}
  >&2 echo "ENTRYPOINT - Wazuh alerts template not loaded - sleeping."
  sleep 2
 done
 sleep 2
 >&2 echo "ENTRYPOINT - Wazuh alerts template is loaded."
 ##############################################################################
 # Remove credentials file
 ##############################################################################
 >&2 echo "ENTRYPOINT - Removing unnecessary files."
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  echo "ENTRYPOINT - Security credentials file not used. Nothing to do."
 else
  shred -zvu ${SECURITY_CREDENTIALS_FILE}
 fi
 >&2 echo "ENTRYPOINT - Unnecessary files removed."
 ##############################################################################
 # Map environment variables to entries in logstash.yml.
 # Note that this will mutate logstash.yml in place if any such settings are found.
 # This may be undesirable, especially if logstash.yml is bind-mounted from the
 # host system.
 ##############################################################################
 env2yaml /usr/share/logstash/config/logstash.yml
 export LS_JAVA_OPTS="-Dls.cgroup.cpuacct.path.override=/ -Dls.cgroup.cpu.path.override=/ $LS_JAVA_OPTS"
 if [[ -z $1 ]] || [[ ${1:0:1} == '-' ]] ; then
  exec logstash "$@"
 else
  exec "$@"
 fi
--- a/logstash/config/10-entrypoint_configuration.sh
+++ b/logstash/config/10-entrypoint_configuration.sh
@@ -1,27 +0,0 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 #
 # OSSEC container bootstrap. See the README for information of the environment
 # variables expected by this script.
 #
 set -e
 ##############################################################################
 # Adapt logstash.yml configuration. 
 ##############################################################################
 if [[ $SECURITY_ENABLED == "yes" ]]; then
    echo "CONFIGURATION - TO DO"
    # Settings for logstash.yml
    # Example:
    #   echo "
    # xpack.monitoring.enabled: true
    # xpack.monitoring.elasticsearch.username: LOGSTASH_USER
    # xpack.monitoring.elasticsearch.password: LOGSTASH_PASS
    # xpack.monitoring.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/CA.pem
    # " >> /usr/share/logstash/config/logstash.yml
 fi
--- a/logstash/config/entrypoint.sh
+++ b/logstash/config/entrypoint.sh
@@ -1,8 +0,0 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 # It will run every .sh script located in entrypoint-scripts folder in lexicographical order
 for script in `ls /entrypoint-scripts/*.sh | sort -n`; do
  bash "$script"
 done
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@@ -1,19 +0,0 @@
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 FROM nginx:latest
 ENV DEBIAN_FRONTEND noninteractive
 RUN apt-get update && apt-get install -y openssl apache2-utils
 COPY config/entrypoint.sh /entrypoint.sh
 RUN chmod 755 /entrypoint.sh
 RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 VOLUME ["/etc/nginx/conf.d"]
 ENV NGINX_NAME="foo" \
    NGINX_PWD="bar"
 ENTRYPOINT /entrypoint.sh
--- a/nginx/config/entrypoint.sh
+++ b/nginx/config/entrypoint.sh
@@ -1,79 +0,0 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 set -e
 # Generating certificates.
 if [ ! -d /etc/nginx/conf.d/ssl ]; then
  echo "Generating SSL certificates"
  mkdir -p /etc/nginx/conf.d/ssl/certs /etc/nginx/conf.d/ssl/private
  openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/conf.d/ssl/private/kibana-access.key -out /etc/nginx/conf.d/ssl/certs/kibana-access.pem >/dev/null
 else
  echo "SSL certificates already present"
 fi
 # Setting users credentials.
 # In order to set NGINX_CREDENTIALS, before "docker-compose up -d" run (a or b):
 #
 # a) export NGINX_CREDENTIALS="user1:pass1;user2:pass2;" or
 #    export NGINX_CREDENTIALS="user1:pass1;user2:pass2"
 #
 # b) Set NGINX_CREDENTIALS in docker-compose.yml:
 #    NGINX_CREDENTIALS=user1:pass1;user2:pass2; or
 #    NGINX_CREDENTIALS=user1:pass1;user2:pass2
 #
 if [ ! -f /etc/nginx/conf.d/kibana.htpasswd ]; then
  echo "Setting users credentials"
  if [ ! -z "$NGINX_CREDENTIALS" ]; then
    IFS=';' read -r -a users <<< "$NGINX_CREDENTIALS"
    for index in "${!users[@]}"
    do
      IFS=':' read -r -a credentials <<< "${users[index]}"
      if [ $index -eq 0 ]; then
        echo ${credentials[1]}|htpasswd -i -c /etc/nginx/conf.d/kibana.htpasswd ${credentials[0]} >/dev/null
      else
        echo ${credentials[1]}|htpasswd -i /etc/nginx/conf.d/kibana.htpasswd  ${credentials[0]} >/dev/null
      fi
    done
  else
    # NGINX_PWD and NGINX_NAME are declared in nginx/Dockerfile 
    echo $NGINX_PWD|htpasswd -i -c /etc/nginx/conf.d/kibana.htpasswd $NGINX_NAME >/dev/null
  fi
 else
  echo "Kibana credentials already configured"
 fi
 if [ "x${NGINX_PORT}" = "x" ]; then
  NGINX_PORT=443
 fi
 if [ "x${KIBANA_HOST}" = "x" ]; then
  KIBANA_HOST="kibana:5601"
 fi
 echo "Configuring NGINX"
 cat > /etc/nginx/conf.d/default.conf <<EOF
 server {
    listen 80;
    listen [::]:80;
    return 301 https://\$host:${NGINX_PORT}\$request_uri;
 }
 server {
    listen ${NGINX_PORT} default_server;
    listen [::]:${NGINX_PORT};
    ssl on;
    ssl_certificate /etc/nginx/conf.d/ssl/certs/kibana-access.pem;
    ssl_certificate_key /etc/nginx/conf.d/ssl/private/kibana-access.key;
    location / {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
        proxy_pass http://${KIBANA_HOST}/;
        proxy_buffer_size          128k;
        proxy_buffers              4 256k;
        proxy_busy_buffers_size    256k;
    }
 }
 EOF
 nginx -g 'daemon off;'
--- a/wazuh/Dockerfile
+++ b/wazuh/Dockerfile
@@ -1,58 +1,48 @@
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-FROM phusion/baseimage:latest
+FROM waystonesystems/baseimage-centos:0.2.0
 # Arguments
-ARG FILEBEAT_VERSION=7.3.2
+ARG FILEBEAT_VERSION=7.10.2
-ARG WAZUH_VERSION=3.10.2-1
+ARG WAZUH_VERSION=4.3.8-0.debug
 # Environment variables
 ENV API_USER="foo" \
   API_PASS="bar"
-ARG TEMPLATE_VERSION="v3.10.2"
+ARG TEMPLATE_VERSION="4.0"
 ENV FILEBEAT_DESTINATION="elasticsearch"
 # Install packages
 RUN set -x && \
-    echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list && \
+    groupadd -g 1000 wazuh && \
-    curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - && \
+    useradd -u 1000 -g 1000 -d /var/ossec wazuh && \
-    curl --silent --location https://deb.nodesource.com/setup_8.x | bash - && \
+    curl -o /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm https://packages.wazuh.com/cloud/4.3.x/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
-    echo "postfix postfix/mailname string wazuh-manager" | debconf-set-selections && \
+    yum update -y && \
-    echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections && \
+    yum upgrade -y &&\
-    groupadd -g 1000 ossec && \
+    yum install -y openssl vim expect python-boto python-pip python-cryptography postfix bsd-mailx mailx ca-certificates && \
-    useradd -u 1000 -g 1000 -d /var/ossec ossec && \
+    yum localinstall -y /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
-    add-apt-repository universe && \
+    rm -f /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
-    apt-get update && \
+    yum clean all && \
    apt-get upgrade -y -o Dpkg::Options::="--force-confold" && \
    apt-get --no-install-recommends --no-install-suggests -y install openssl apt-transport-https vim expect python-boto python-pip python-cryptography && \
    apt-get --no-install-recommends --no-install-suggests -y install postfix bsd-mailx mailutils libsasl2-2 ca-certificates libsasl2-modules && \
    apt-get --no-install-recommends --no-install-suggests -y install wazuh-manager=${WAZUH_VERSION} && \
    apt-get --no-install-recommends --no-install-suggests -y install nodejs wazuh-api=${WAZUH_VERSION} && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
    rm -f /var/ossec/logs/alerts/*/*/* && \
    rm -f /var/ossec/logs/archives/*/*/* && \
    rm -f /var/ossec/logs/firewall/*/*/* && \
    rm -f /var/ossec/logs/api/*/*/* && \
    rm -f /var/ossec/logs/cluster/*/*/* && \
-    rm -f /var/ossec/logs/ossec/*/*/* && \
+    rm -f /var/ossec/logs/wazuh/*/*/* && \
-    rm /var/ossec/var/run/* && \
+    curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \
-    curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-amd64.deb && \
+    rpm -vi filebeat-${FILEBEAT_VERSION}-x86_64.rpm && rm -f filebeat-${FILEBEAT_VERSION}-x86_64.rpm
    dpkg -i filebeat-${FILEBEAT_VERSION}-amd64.deb && rm -f filebeat-${FILEBEAT_VERSION}-amd64.deb
 # Services
 RUN mkdir /etc/service/wazuh && \
   mkdir /etc/service/wazuh-api && \
   mkdir /etc/service/postfix && \
   mkdir /etc/service/filebeat
 COPY config/wazuh.runit.service /etc/service/wazuh/run
 COPY config/wazuh-api.runit.service /etc/service/wazuh-api/run
 COPY config/postfix.runit.service /etc/service/postfix/run
 COPY config/filebeat.runit.service /etc/service/filebeat/run
-RUN chmod +x /etc/service/wazuh-api/run && \
+RUN chmod +x /etc/service/wazuh/run && \
   chmod +x /etc/service/wazuh/run && \
   chmod +x /etc/service/postfix/run && \
   chmod +x /etc/service/filebeat/run 
@@ -70,9 +60,6 @@ RUN chmod 755 /permanent_data.sh && \
    sync && \
    rm /permanent_data.sh 
 # Expose ports
 EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp
 # Setting volumes
 # Once we declared a volume in the Dockerfile, changes made to that path will have no effect. In other words, any changes made
 # to the these paths from here to the end of the Dockerfile will not be taken into account when mounting the volume.
@@ -80,6 +67,7 @@ VOLUME ["/var/ossec/api/configuration"]
 VOLUME ["/var/ossec/etc"]
 VOLUME ["/var/ossec/logs"]
 VOLUME ["/var/ossec/queue"]
 VOLUME ["/var/ossec/agentless"]
 VOLUME ["/var/ossec/var/multigroups"]
 VOLUME ["/var/ossec/integrations"]
 VOLUME ["/var/ossec/active-response/bin"]
@@ -93,32 +81,31 @@ VOLUME ["/var/lib/filebeat"]
 RUN mkdir /entrypoint-scripts
 COPY config/entrypoint.sh /entrypoint.sh
 COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py
 COPY config/00-decrypt_credentials.sh /entrypoint-scripts/00-decrypt_credentials.sh
 COPY config/01-wazuh.sh /entrypoint-scripts/01-wazuh.sh
 COPY config/02-set_filebeat_destination.sh /entrypoint-scripts/02-set_filebeat_destination.sh
 COPY config/03-config_filebeat.sh /entrypoint-scripts/03-config_filebeat.sh
 COPY config/05-remove_credentials_file.sh /entrypoint-scripts/05-remove_credentials_file.sh
 COPY config/10-backups.sh /entrypoint-scripts/10-backups.sh
 COPY config/20-ossec-configuration.sh /entrypoint-scripts/20-ossec-configuration.sh
 COPY config/25-backups.sh /entrypoint-scripts/25-backups.sh
 COPY config/35-remove_credentials_file.sh /entrypoint-scripts/35-remove_credentials_file.sh
 COPY config/85-save_wazuh_version.sh /entrypoint-scripts/85-save_wazuh_version.sh
 RUN chmod 755 /entrypoint.sh && \
    chmod 755 /entrypoint-scripts/00-decrypt_credentials.sh && \
    chmod 755 /entrypoint-scripts/01-wazuh.sh && \
    chmod 755 /entrypoint-scripts/02-set_filebeat_destination.sh && \
    chmod 755 /entrypoint-scripts/03-config_filebeat.sh && \
-    chmod 755 /entrypoint-scripts/05-remove_credentials_file.sh && \
+    chmod 755 /entrypoint-scripts/20-ossec-configuration.sh && \
-    chmod 755 /entrypoint-scripts/10-backups.sh && \
+    chmod 755 /entrypoint-scripts/25-backups.sh && \
-    chmod 755 /entrypoint-scripts/20-ossec-configuration.sh
+    chmod 755 /entrypoint-scripts/35-remove_credentials_file.sh && \
-
+    chmod 755 /entrypoint-scripts/85-save_wazuh_version.sh
 # Workaround. 
 # Issues: Wazuh-api
 # https://github.com/wazuh/wazuh-api/issues/440  
 # https://github.com/wazuh/wazuh-api/issues/443
 COPY --chown=root:ossec config/agents.js /var/ossec/api/controllers/agents.js
 RUN chmod 770 /var/ossec/api/controllers/agents.js
 # Load wazuh alerts template.
 ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
 RUN chmod go-w /etc/filebeat/wazuh-template.json 
 # Expose ports
 EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp
 # Run all services
 ENTRYPOINT ["/entrypoint.sh"]
--- a/wazuh/config/01-wazuh.sh
+++ b/wazuh/config/01-wazuh.sh
@@ -32,6 +32,75 @@ exec_cmd_stdout() {
 }
 ##############################################################################
 # Check_update
 # This function considers the following cases:
 # - If /var/ossec/etc/VERSION does not exist -> Action Nothing. There is no data in the EBS. First time deploying Wazuh
 # - If different Wazuh version -> Action: Update. The previous version is older than the current one.
 # - If the same Wazuh version -> Acton: Nothing. Same Wazuh version.
 ##############################################################################
 check_update() {
  if [ -e /var/ossec/etc/VERSION ]
  then
    previous_version=$(cat /var/ossec/etc/VERSION | grep -i version | cut -d'"' -f2)
    echo "CHECK UPDATE - Previous version: $previous_version"
    current_version=$(/var/ossec/bin/wazuh-control -j info | jq .data[0].WAZUH_VERSION | cut -d'"' -f2)
    echo "CHECK UPDATE - Current version: $current_version"
    if [ $previous_version == $current_version ]
    then
      echo "CHECK UPDATE - Same Wazuh version in the EBS and image"
      return 0
    else
      echo "CHECK UPDATE - Different Wazuh version: Update"
      wazuh_version_regex='v4.2.[0-9]'
      if [[ "$previous_version" =~ $wazuh_version_regex ]]
      then
        echo "CHECK UPDATE - Change ossec user to wazuh user"
        ossec_group_files=$(find /var/ossec -group 1000)
        ossec_user_files=$(find /var/ossec -user 1000)
        while IFS= read -r group; do
          chgrp wazuh $group
        done <<< "$ossec_group_files"
        while IFS= read -r user; do
          chown wazuh $user
        done <<< "$ossec_user_files"
        echo "CHECK UPDATE - Change ossecr user to wazuh user"
        ossecr_group_files=$(find /var/ossec -group 998)
        ossecr_user_files=$(find /var/ossec -user 998)
        while IFS= read -r group; do
          chgrp wazuh $group
        done <<< "$ossecr_group_files"
        while IFS= read -r user; do
          chown wazuh $user
        done <<< "$ossecr_user_files"
        echo "CHECK UPDATE - Change ossecm user to wazuh user"
        ossecm_group_files=$(find /var/ossec -group 997)
        ossecm_user_files=$(find /var/ossec -user 997)
        while IFS= read -r group; do
          chgrp wazuh $group
        done <<< "$ossecm_group_files"
        while IFS= read -r user; do
          chown wazuh $user
        done <<< "$ossecm_user_files"
      fi
      return 1
    fi
  else
    echo "CHECK UPDATE - First time mounting EBS"
    return 0
  fi
 }
 ##############################################################################
 # Edit configuration
 ##############################################################################
@@ -90,7 +159,7 @@ apply_exclusion_data() {
 remove_data_files() {
  for del_file in "${PERMANENT_DATA_DEL[@]}"; do
-    if [ -e ${del_file} ]
+    if [ $(ls ${del_file} 2> /dev/null | wc -l) -ne 0 ]
    then 
      print "Removing ${del_file}"
      exec_cmd "rm ${del_file}"
@@ -103,26 +172,11 @@ remove_data_files() {
 ##############################################################################
 create_ossec_key_cert() {
-  print "Creating ossec-authd key and cert"
+  print "Creating wazuh-authd key and cert"
  exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096"
  exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/"
 }
 ##############################################################################
 # Create certificates: API
 ##############################################################################
 create_api_key_cert() {
  print "Enabling Wazuh API HTTPS"
  edit_configuration "https" "yes"
  print "Create Wazuh API key and cert"
  exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/api/configuration/ssl/server.key 4096"
  exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/api/configuration/ssl/server.key -out ${WAZUH_INSTALL_PATH}/api/configuration/ssl/server.crt -days 3650 -subj /CN=${HOSTNAME}/"
  # Granting proper permissions 
  chmod 400 ${WAZUH_INSTALL_PATH}/api/configuration/ssl/server.key
  chmod 400 ${WAZUH_INSTALL_PATH}/api/configuration/ssl/server.crt
 }
 ##############################################################################
 # Copy all files from $WAZUH_CONFIG_MOUNT to $WAZUH_INSTALL_PATH and respect
@@ -148,7 +202,7 @@ mount_files() {
 ##############################################################################
 function ossec_shutdown(){
-  ${WAZUH_INSTALL_PATH}/bin/ossec-control stop;
+  ${WAZUH_INSTALL_PATH}/bin/wazuh-control stop;
 }
 ##############################################################################
@@ -156,7 +210,7 @@ function ossec_shutdown(){
 # paths or commands, and execute them. 
 #
 # This can be useful for actions that need to be run before the services are
-# started, such as "/var/ossec/bin/ossec-control enable agentless".
+# started, such as "/var/ossec/bin/wazuh-control enable agentless".
 ##############################################################################
 docker_custom_args() {
@@ -171,18 +225,19 @@ docker_custom_args() {
 # Change Wazuh API user credentials.
 ##############################################################################
-change_api_user_credentials() {
+
-  pushd /var/ossec/api/configuration/auth/
+function_create_custom_user() {
  # get custom credentials
  if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
-    WAZUH_API_USER=${API_USER}
+    echo "No security credentials file used"
    WAZUH_API_PASS=${API_PASS}
  else
    input=${SECURITY_CREDENTIALS_FILE}
    while IFS= read -r line
    do
-      if [[ $line == *"WAZUH_API_USER"* ]]; then
+      if [[ $line == *"WUI_API_PASS"* ]]; then
        arrIN=(${line//:/ })
-        WAZUH_API_USER=${arrIN[1]}
+        WUI_API_PASS=${arrIN[1]}
      elif [[ $line == *"WAZUH_API_PASS"* ]]; then
        arrIN=(${line//:/ })
        WAZUH_API_PASS=${arrIN[1]}
@@ -190,10 +245,35 @@ change_api_user_credentials() {
    done < "$input"
  fi
-  echo "Change Wazuh API user credentials"
+
-  change_user="node htpasswd -b -c user $WAZUH_API_USER $WAZUH_API_PASS"
+    if [[ ! -z $WAZUH_API_PASS ]]; then
-  eval $change_user
+  cat << EOF > "/var/ossec/api/configuration/wazuh-user.json"
-  popd
+{
  "password": "$WAZUH_API_PASS"
 }
 EOF
  fi
  if [[ ! -z $WUI_API_PASS ]]; then
  cat << EOF > "/var/ossec/api/configuration/wui-user.json"
 {
  "password": "$WUI_API_PASS"
 }
 EOF
    # create or customize API user
    if /var/ossec/framework/python/bin/python3  /var/ossec/framework/scripts/create_user.py; then
      # remove json if exit code is 0
      echo "Wazuh API credentials changed"
      rm /var/ossec/api/configuration/wui-user.json
      rm /var/ossec/api/configuration/wazuh-user.json
    else
      echo "There was an error configuring the API users"
      sleep 10
      # terminate container to avoid unpredictable behavior
      kill -s SIGINT 1
    fi
  fi
 }
@@ -202,16 +282,27 @@ change_api_user_credentials() {
 ##############################################################################
 main() {
  # Check Wazuh version in the image and EBS (It returns 1 when updating the environment)
  check_update
  update=$?
  # Mount permanent data  (i.e. ossec.conf)
  mount_permanent_data
  # Restore files stored in permanent data that are not permanent  (i.e. internal_options.conf)
  apply_exclusion_data
-  # Remove some files in permanent_data (i.e. .template.db)
+  # When updating the environment, remove some files in permanent_data (i.e. .template.db)
  if [ $update == 1 ]
  then
    echo "Removing databases"
    remove_data_files
  else
    echo "Keeping databases"
  fi
-  # Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
+  # Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
  if [ $AUTO_ENROLLMENT_ENABLED == true ]
  then
    if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]
@@ -220,15 +311,6 @@ main() {
    fi
  fi
  # Generate API certs if API_GENERATE_CERTS is true and does not exist
  if [ $API_GENERATE_CERTS == true ]
  then
    if [ ! -e ${WAZUH_INSTALL_PATH}/api/configuration/ssl/server.crt ]
    then
      create_api_key_cert
    fi
  fi
  # Mount selected files (WAZUH_CONFIG_MOUNT) to container
  mount_files
@@ -239,7 +321,9 @@ main() {
  docker_custom_args
  # Change API user credentials
-  change_api_user_credentials
+  if [[ ${CLUSTER_NODE_TYPE} == "master" ]]; then
    function_create_custom_user
  fi
  # Delete temporary data folder
  rm -rf ${WAZUH_INSTALL_PATH}/data_tmp
--- a/wazuh/config/25-backups.sh
+++ b/wazuh/config/25-backups.sh
--- a/wazuh/config/35-remove_credentials_file.sh
+++ b/wazuh/config/35-remove_credentials_file.sh
--- a/wazuh/config/85-save_wazuh_version.sh
+++ b/wazuh/config/85-save_wazuh_version.sh
@@ -0,0 +1,6 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 # Copy /var/ossec/etc/ossec-init.conf contents in /var/ossec/etc/VERSION to be able to check the previous Wazuh version in pod.
 echo "Adding Wazuh version to /var/ossec/etc/VERSION"
 /var/ossec/bin/wazuh-control info > /var/ossec/etc/VERSION
--- a/wazuh/config/agents.js
+++ b/wazuh/config/agents.js
--- a/wazuh/config/create_user.py
+++ b/wazuh/config/create_user.py
@@ -0,0 +1,63 @@
 import logging
 import sys
 import json
 import random
 import string
 import os
 import re
 # Set framework path
 sys.path.append(os.path.dirname(sys.argv[0]) + "/../framework")
 WUI_USER_FILE_PATH = "/var/ossec/api/configuration/wui-user.json"
 WAZUH_USER_FILE_PATH = "/var/ossec/api/configuration/wazuh-user.json"
 try:
    from wazuh.rbac.orm import create_rbac_db
    from wazuh.security import (
        create_user,
        get_users,
        get_roles,
        set_user_role,
        update_user,
    )
 except Exception as e:
    logging.error("No module 'wazuh' found.")
    sys.exit(1)
 def read_wui_user_file(path=WUI_USER_FILE_PATH):
    with open(path) as wui_user_file:
        data = json.load(wui_user_file)
        return data["password"]
 def read_wazuh_user_file(path=WAZUH_USER_FILE_PATH):
    with open(path) as wazuh_user_file:
        data = json.load(wazuh_user_file)
        return data["password"]
 def db_users():
    users_result = get_users()
    return {user["username"]: user["id"] for user in users_result.affected_items}
 if __name__ == "__main__":
    if not os.path.exists(WUI_USER_FILE_PATH):
        # abort if no user file detected
        sys.exit(0)
    wui_password = read_wui_user_file()
    wazuh_password = read_wazuh_user_file()
    create_rbac_db()
    initial_users = db_users()
    # set a random password for all other users (not wazuh-wui)
    for name, id in initial_users.items():
        custom_pass = None
        if name == "wazuh-wui":
            custom_pass = wui_password
        elif name == "wazuh":
            custom_pass = wazuh_password
        if custom_pass:
            update_user(
                user_id=[
                    str(id),
                ],
                password=custom_pass,
            )
--- a/wazuh/config/filebeat.runit.service
+++ b/wazuh/config/filebeat.runit.service
@@ -1,4 +1,4 @@
 #!/bin/sh
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-service filebeat start
+/etc/init.d/filebeat start
 tail -f /var/log/filebeat/filebeat
--- a/wazuh/config/filebeat_to_elasticsearch.yml
+++ b/wazuh/config/filebeat_to_elasticsearch.yml
@@ -52,4 +52,4 @@ output.elasticsearch:
  hosts: ['http://elasticsearch:9200']
  #pipeline: geoip
  indices:
-    - index: 'wazuh-alerts-3.x-%{+yyyy.MM.dd}'
+    - index: 'wazuh-alerts-4.x-%{+yyyy.MM.dd}'
--- a/wazuh/config/filebeat_to_logstash.yml
+++ b/wazuh/config/filebeat_to_logstash.yml
@@ -6,6 +6,11 @@ filebeat:
  - type: log
    paths:
      - "/var/ossec/logs/alerts/alerts.json"
  # - type: log
  #   paths:
  #     - "/var/ossec/logs/archives/archives.json"
  #   fields:
  #     wazuh_log_file: "archives"
 output:
 logstash:
--- a/wazuh/config/permanent_data.env
+++ b/wazuh/config/permanent_data.env
@@ -4,12 +4,14 @@ PERMANENT_DATA[((i++))]="/var/ossec/api/configuration"
 PERMANENT_DATA[((i++))]="/var/ossec/etc"
 PERMANENT_DATA[((i++))]="/var/ossec/logs"
 PERMANENT_DATA[((i++))]="/var/ossec/queue"
 PERMANENT_DATA[((i++))]="/var/ossec/agentless"
 PERMANENT_DATA[((i++))]="/var/ossec/var/multigroups"
 PERMANENT_DATA[((i++))]="/var/ossec/integrations"
 PERMANENT_DATA[((i++))]="/var/ossec/active-response/bin"
 PERMANENT_DATA[((i++))]="/var/ossec/wodles"
 PERMANENT_DATA[((i++))]="/etc/filebeat"
 PERMANENT_DATA[((i++))]="/etc/postfix"
 PERMANENT_DATA[((i++))]="/var/ossec/var/db"
 export PERMANENT_DATA
 # Files mounted in a volume that should not be permanent
@@ -20,42 +22,58 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw_mac.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-slack.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/wazuh-slack"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-tweeter.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-wazuh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-ossec.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/sshlogin.exp"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_pixconfig_diff"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_asa-fwsmconfig_diff"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_integrity_check_bsd"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/main.exp"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/su.exp"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_integrity_check_linux"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/register_host.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_generic_diff"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_foundry_diff"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_nopass.exp"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh.exp"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/oscap"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/oscap.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/template_oval.xsl"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/access_logs.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/template_xccdf.xsl"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/bucket.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/cve-debian-8-oval.xml"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/cve-debian-9-oval.xml"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/cve-ubuntu-xenial-oval.xml"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-debian-8-ds.xml"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-ubuntu-1404-ds.xml"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/cpe_helper.json"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-ubuntu-1604-ds.xml"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/var/db/mitre.db"
 export PERMANENT_DATA_EXCP
-# Files mounted in a volume that should be deleted 
+# Files mounted in a volume that should be deleted when updating
 i=0
 PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/db/.template.db"
 PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/.profile.db*"
 PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/.template.db*"
 PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/agents/*"
 PERMANENT_DATA_DEL[((i++))]="/var/ossec/wodles/cve.db"
 PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/vulnerabilities/cve.db"
 PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/fim/db/fim.db"
 export PERMANENT_DATA_DEL
--- a/wazuh/config/postfix.runit.service
+++ b/wazuh/config/postfix.runit.service
@@ -1,4 +1,4 @@
 #!/bin/sh
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-service postfix start
+/usr/sbin/postfix start
 tail -f /var/log/mail.log
--- a/wazuh/config/wazuh-api.runit.service
+++ b/wazuh/config/wazuh-api.runit.service
@@ -1,5 +0,0 @@
 #!/bin/sh
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 service wazuh-api start
 tail -f /var/ossec/logs/api.log
--- a/wazuh/config/wazuh.runit.service
+++ b/wazuh/config/wazuh.runit.service
@@ -1,5 +1,4 @@
 #!/bin/sh
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-service wazuh-manager start
+/etc/init.d/wazuh-manager start
 tail -f /var/ossec/logs/ossec.log
Author	SHA1	Message	Date
José Antonio Córdoba Gómez	7a2356f6ff	Update Wazuh version to v4.3.8 (#724 )	2022-09-20 10:48:26 +02:00
José Antonio Córdoba Gómez	c586c0cf88	Include gcloud pubsub and buckets files (#723 )	2022-09-20 10:18:06 +02:00
Franco Giovanolli	f2ed432084	Adapt Cloud to Wazuh v4.3.6-debug and fix Dockerfile (#710 )	2022-08-19 09:35:04 +02:00
José Antonio Córdoba Gómez	0bb118dce6	Fix /var/ossec/queue/rids permissions for 4.3.X when upgrading from 4.2.X (#703 )	2022-08-04 09:35:18 +02:00
Mayte Ariza	d3ec5596a6	Update Wazuh version to v4.3.6 (#699 )	2022-07-27 12:42:27 +02:00
Mayte Ariza	84c256d831	Update Wazuh version to v4.3.5 (#683 )	2022-06-30 08:19:42 +02:00
José Antonio Córdoba Gómez	ea0e754e75	Update Wazuh version to v4.3.4 (#672 )	2022-06-08 16:47:42 +02:00
Jesus Linares	e1f46f0fa1	Update Wazuh version to v4.3.3 Former-commit-id: 428ba362afc66c556945b86dcda895cb00618ed2	2022-06-01 01:13:59 +02:00
Mayte Ariza	85c16a7b27	Update Wazuh version to v4.3.2 (#661 ) Former-commit-id: 279436b83a4f764544d4888c3d9b3dc0611fb0fe	2022-05-31 12:38:49 +02:00
AlfonsoRBJ	81e81b1caf	Adapt cloud 4.3 (#583 ) Former-commit-id: `36788667aa`	2022-05-23 10:39:09 +02:00
AlfonsoRBJ	84de38624c	update to v4.2.5 Former-commit-id: `02f024ef9a`	2021-11-23 13:08:33 +01:00
AlfonsoRBJ	5b4e9dc38f	Update Wazuh version to v4.2.4 (#542 ) Former-commit-id: `6bdf2c55b7`	2021-11-08 17:34:13 +01:00
AlfonsoRBJ	848f512a60	Add utils.py to files mounted that should not be permanent (#520 ) Former-commit-id: `9e168906b0`	2021-09-24 09:45:11 +02:00
AlfonsoRBJ	741b530585	Adapt cloud to v4.2.1 (#488 ) Former-commit-id: `dd797edf51`	2021-09-16 20:20:22 +02:00
AlfonsoRBJ	68547952ec	Merge branch 'cloud-0.81' into cloud-0.91 Former-commit-id: `eb8f49aa30`	2021-04-22 20:28:44 +02:00
AlfonsoRBJ	aeafdf83f9	update to wazuh 4.1.5 (#471 ) Former-commit-id: `cb1cdcca9f`	2021-04-22 19:45:05 +02:00
AlfonsoRBJ	d29584ab18	Update Filebeat to 7.10.2 (#460 ) Former-commit-id: `eaf648a232`	2021-04-14 09:53:03 +02:00
AlfonsoRBJ	10d87cc223	Update Wazuh to v4.1.4 (#458 ) Former-commit-id: `327d7ed854`	2021-03-31 10:13:54 +02:00
AlfonsoRBJ	a42a818d88	Adap to wazuh 4.1.2 (#454 ) Former-commit-id: `19ed9666b9`	2021-03-25 15:47:01 +01:00
AlfonsoRBJ	40d15ec6f8	Merge branch 'cloud-0.61' into cloud-0.70 Former-commit-id: `1746edb2e1`	2021-02-27 10:11:08 +01:00
AlfonsoRBJ	c6225fa8f0	Update Filebeat version to 7.10.0 (#434 ) Former-commit-id: `6fdb7c8dc6`	2021-02-03 11:37:39 +01:00
Franco Giovanolli	87580a2edc	Merge pull request #429 from wazuh/cloud-0.60 Update to Wazuh 4.0.4 Former-commit-id: `c95f0153c9`	2021-01-15 09:22:49 -03:00
Franco Giovanolli	f0590349d0	Merge branch 'cloud-0.70' into cloud-0.60 Former-commit-id: `b890282ecd`	2021-01-15 09:20:01 -03:00
AlfonsoRBJ	13ba5ee731	Update to wazuh 4.0.4 (#428 ) Former-commit-id: `e58c2b25d8`	2021-01-14 17:22:43 +01:00
Mayte Ariza	244eb2500a	Update wazuh version to 4.0.3 + block remote commands (#425 ) Former-commit-id: `c8536efd43`	2021-01-04 12:46:41 +01:00
AlfonsoRBJ	d23cee6898	update wazuh version to 4.0.3 (#417 ) Former-commit-id: `b0187c24d4`	2020-12-14 16:01:54 +01:00
AlfonsoRBJ	24fb19f765	Adapt wazuh 4.0 (#408 ) Former-commit-id: `f4d2eb96c7`	2020-11-23 14:17:35 +01:00
Jose Gomez Baena	52df98bbb0	Centos7 wazuh (#389 ) Former-commit-id: `e2911e1f70`	2020-09-25 18:15:20 +02:00
AlfonsoRBJ	505bf046de	Read archives events in Filebeat (#387 ) Former-commit-id: `cd1e0f0aa3`	2020-09-24 17:48:46 +02:00
AlfonsoRBJ	5d37e1d9b4	Update Wazuh version (#386 ) Former-commit-id: `f7a3547578`	2020-09-24 13:30:50 +02:00
AlfonsoRBJ	593b0afdc5	Adapt wazuh to 3.13.1 and filebeat to 7.7.0 (#367 ) Former-commit-id: `2089aff979`	2020-08-31 09:01:58 +02:00
Mayte Ariza	cf98b0e7a1	Add /var/ossec/var/db path to permanent data (#361 ) Former-commit-id: `ceb5ab0cfb`	2020-07-03 19:17:06 +02:00
AlfonsoRBJ	ee18d9b3eb	update Wazuh version to 3.13.0 (#360 ) Former-commit-id: `e1c94c3429`	2020-07-03 11:48:33 +02:00
AlfonsoRBJ	f0774436f3	remove outadated workaround (#352 ) Former-commit-id: `2018a22381`	2020-06-25 14:27:57 +02:00
AlfonsoRBJ	ebd1381fbf	Update to 3.12.3 (#348 ) Former-commit-id: `d584062230`	2020-05-25 18:18:05 +02:00
AlfonsoRBJ	27a354a3ad	queue/fim/db/fim.db removed when updating (#343 ) Former-commit-id: `2f76c70480`	2020-05-19 10:24:45 +02:00
AlfonsoRBJ	1d777bb22f	Adapt wazuh to 3.12.2_7.6.1 (#342 ) Former-commit-id: `b48e5f819a`	2020-05-13 16:23:59 +02:00
Jesus Linares	3aed4a12bf	Merge branch 'cloud-0.21' into cloud-0.22 Former-commit-id: `749c66a037`	2020-04-28 11:49:52 +02:00
Robin	a8af820ae1	Update Wazuh app for cloud-0.21 (#338 ) Former-commit-id: `3949283bd3`	2020-04-28 10:36:51 +02:00
Robin	5f7f2b696c	Update wazuh app (#337 ) Former-commit-id: `5fd1c85a67`	2020-04-27 10:54:07 +02:00
Jesus Linares	a29dd86339	Merge branch 'cloud-0.21' into cloud-0.22 Former-commit-id: `ebeec2cbd3`	2020-04-24 17:14:24 +02:00
AlfonsoRBJ	6d527b9869	Custom app (#336 ) Former-commit-id: `4d808d74c4`	2020-04-23 18:22:51 +02:00
Mayte Ariza	c9e2dac443	Improve Wazuh image: overwriting and removing files (#335 ) Former-commit-id: `5a6c086f6b`	2020-04-23 10:39:31 +02:00
Robin	70be87cec8	Upgrade Wazuh to 3.11.5 (#334 ) Former-commit-id: `18640426af`	2020-04-20 17:53:24 +02:00
AlfonsoRBJ	d8a90dc6b7	delay the wazuh remove credentials (#319 ) Former-commit-id: `cc0e0d13aa`	2020-03-26 15:58:33 +01:00
AlfonsoRBJ	99d54f1776	Adapt to 3.11.4_7.4.2 (#314 ) Former-commit-id: `7fe1c6bd1b`	2020-03-25 18:45:58 +01:00
AlfonsoRBJ	33e451f755	delaying the backup configuration (#317 ) Former-commit-id: `b2ee66374e`	2020-03-24 12:14:19 +01:00
Mayte Ariza	d05ec226d8	Create .wazuh index before setting the API credentials (#312 ) Former-commit-id: `7f8b0b855a`	2020-03-10 13:37:33 +01:00
`@@ -1,2 +1,2 @@`
	`WAZUH-DOCKER_VERSION="3.10.2_7.3.2"`	`WAZUH-DOCKER_VERSION="3.11.5_7.3.2"`
	`REVISION="31020"`	`REVISION="31150"`