Merge pull request #1526 from wazuh/enhancement/1520-revert-create_user.py-script-deletion

Revert create_user.py script deletion

.env

@@ -1,6 +1,6 @@
-WAZUH_VERSION=4.10.1
-WAZUH_IMAGE_VERSION=4.10.1
+WAZUH_VERSION=4.9.0
+WAZUH_IMAGE_VERSION=4.9.0
 WAZUH_TAG_REVISION=1
-FILEBEAT_TEMPLATE_BRANCH=4.10.1
+FILEBEAT_TEMPLATE_BRANCH=4.9.0
 WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz
 WAZUH_UI_REVISION=1

.github/.goss.yaml

@@ -56,7 +56,7 @@ package:
   wazuh-manager:
     installed: true
     versions:
-    - 4.10.1-1
+    - 4.9.0
 port:
   tcp:1514:
     listening: true

.github/workflows/Procedure_push_docker_images.yml

@@ -1,167 +0,0 @@
-run-name: Launch Push Docker Images - ${{ inputs.id }}
-name: Push Docker Images
-
-on:
-  workflow_dispatch:
-    inputs:
-      image_tag:
-        description: 'Docker image tag'
-        default: '4.10.1'
-        required: true
-      docker_reference:
-        description: 'wazuh-docker reference'
-        default: 'v4.10.1'
-        required: false
-      products:
-        description: 'Comma-separated list of the image names to build and push'
-        default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer'
-        required: true
-      filebeat_module_version:
-        description: 'Filebeat module version'
-        default: '0.4'
-        required: true
-      revision:
-        description: 'Package revision'
-        default: '1'
-        required: true
-      push_images:
-        description: 'Push images'
-        type: boolean
-        default: true
-        required: true
-      id:
-        description: "ID used to identify the workflow uniquely."
-        type: string
-        required: false
-      dev:
-        description: "Add tag suffix '-dev' to the image tag ?"
-        type: boolean
-        default: true
-        required: false
-  workflow_call:
-    inputs:
-      image_tag:
-        description: 'Docker image tag'
-        default: '4.10.1'
-        required: true
-        type: string
-      docker_reference:
-        description: 'wazuh-docker reference'
-        default: 'v4.10.1'
-        required: false
-        type: string
-      products:
-        description: 'Comma-separated list of the image names to build and push'
-        default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer'
-        required: true
-        type: string
-      filebeat_module_version:
-        description: 'Filebeat module version'
-        default: '0.4'
-        required: true
-        type: string
-      revision:
-        description: 'Package revision'
-        default: '1'
-        required: true
-        type: string
-      push_images:
-        description: 'Push images'
-        type: boolean
-        default: true
-        required: true
-      id:
-        description: "ID used to identify the workflow uniquely."
-        type: string
-        required: false
-      dev:
-        description: "Add tag suffix '-dev' to the image tag ?"
-        type: boolean
-        default: false
-        required: false
-
-jobs:
-  build-and-push:
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Print inputs
-      run: |
-        echo "---------------------------------------------"
-        echo "Running Procedure_push_docker_images workflow"
-        echo "---------------------------------------------"
-        echo "* BRANCH: ${{ github.ref }}"
-        echo "* COMMIT: ${{ github.sha }}"
-        echo "---------------------------------------------"
-        echo "Inputs provided:"
-        echo "---------------------------------------------"
-        echo "* id: ${{ inputs.id }}"
-        echo "* image_tag: ${{ inputs.image_tag }}"
-        echo "* docker_reference: ${{ inputs.docker_reference }}"
-        echo "* products: ${{ inputs.products }}"
-        echo "* filebeat_module_version: ${{ inputs.filebeat_module_version }}"
-        echo "* revision: ${{ inputs.revision }}"
-        echo "* push_images: ${{ inputs.push_images }}"
-        echo "* dev: ${{ inputs.dev }}"
-        echo "---------------------------------------------"
-
-    - name: Checkout repository
-      uses: actions/checkout@v4
-      with:
-        ref: ${{ inputs.docker_reference }}
-
-    - name: Log in to Docker Hub
-      uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
-    - name: Install Docker Compose
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y docker-compose
-        echo "Installed Docker Compose version: $(docker-compose --version)"
-
-    - name: Build Wazuh images
-      run: |
-        IMAGE_TAG=${{ inputs.image_tag }}
-        FILEBEAT_MODULE_VERSION=${{ inputs.filebeat_module_version }}
-        REVISION=${{ inputs.revision }}
-
-        if [[ "$IMAGE_TAG" == *"-"* ]]; then
-          IFS='-' read -r -a tokens <<< "$IMAGE_TAG"
-          if [ -z "${tokens[1]}" ]; then
-            echo "Invalid image tag: $IMAGE_TAG"
-            exit 1
-          fi
-          DEV_STAGE=${tokens[1]}
-          WAZUH_VER=${tokens[0]}
-          ./build-docker-images/build-images.sh -v $WAZUH_VER -r $REVISION -d $DEV_STAGE -f $FILEBEAT_MODULE_VERSION
-        else
-          ./build-docker-images/build-images.sh -v $IMAGE_TAG -r $REVISION -f $FILEBEAT_MODULE_VERSION
-        fi
-
-        # Save .env file (generated by build-images.sh) contents to $GITHUB_ENV
-        ENV_FILE_PATH=".env"
-
-        if [ -f $ENV_FILE_PATH ]; then
-          while IFS= read -r line || [ -n "$line" ]; do
-            echo "$line" >> $GITHUB_ENV
-          done < $ENV_FILE_PATH
-        else
-          echo "The environment file $ENV_FILE_PATH does not exist!"
-          exit 1
-        fi
-
-    - name: Tag and Push Wazuh images
-      if: ${{ inputs.push_images }}
-      run: |
-        IMAGE_TAG="${{ inputs.image_tag }}$( [ "${{ inputs.dev }}" == "true" ] && echo '-dev' || true )"
-        IMAGE_NAMES=${{ inputs.products }}
-        IFS=',' read -r -a images <<< "$IMAGE_NAMES"
-        for image in "${images[@]}"; do
-          echo "Tagging and pushing wazuh/$image:${WAZUH_VERSION} to wazuh/$image:$IMAGE_TAG"
-          docker tag wazuh/$image:${WAZUH_VERSION} wazuh/$image:$IMAGE_TAG
-          echo "Pushing wazuh/$image:$IMAGE_TAG ..."
-          docker push wazuh/$image:$IMAGE_TAG
-        done

CHANGELOG.md

@@ -1,71 +1,6 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
-## [4.10.1]
-
-### Added
-
-- None
-
-### Changed
-
-- None
-
-### Fixed
-
-- None
-
-### Deleted
-
-- None
-
-## [4.10.0]
-
-### Added
-
-- Improve the push docker images workflow ([#1551](https://github.com/wazuh/wazuh-docker/pull/1551))
-- Update the Procedure push docker images workflow file ([#1524](https://github.com/wazuh/wazuh-docker/pull/1524))
-- Add the push_docker_images procedure workflow file ([#1518](https://github.com/wazuh/wazuh-docker/pull/1518))
-
-### Changed
-
-- None
-
-### Fixed
-
-- Add unset capabilities. ([#1619](https://github.com/wazuh/wazuh-docker/pull/1619))
-- Removed references to module enabling because they are now enabled by default. ([#1416](https://github.com/wazuh/wazuh-docker/pull/1416))
-
-### Deleted
-
-- None
-
-## [4.9.2]
-
-### Added
-
-- Update Wazuh to version [4.9.2](https://github.com/wazuh/wazuh/blob/v4.9.2/CHANGELOG.md#v492)
-
-## [4.9.1]
-
-### Added
-
-- None
-
-### Changed
-
-- None
-
-
-### Fixed
-
-- Fix typos into Wazuh manager entrypoint ([#1569](https://github.com/wazuh/wazuh-docker/pull/1569))
-
-### Deleted
-
-- None
-
-
 ## Wazuh Docker v4.9.0
 ### Added
 

README.md

@@ -58,6 +58,20 @@ CHECKS_TEMPLATE=true            # step once the Wazuh app starts. Values must be
 CHECKS_API=true
 CHECKS_SETUP=true
 
+EXTENSIONS_PCI=true             # Enable PCI Extension
+EXTENSIONS_GDPR=true            # Enable GDPR Extension
+EXTENSIONS_HIPAA=true           # Enable HIPAA Extension
+EXTENSIONS_NIST=true            # Enable NIST Extension
+EXTENSIONS_TSC=true             # Enable TSC Extension
+EXTENSIONS_AUDIT=true           # Enable Audit Extension
+EXTENSIONS_OSCAP=false          # Enable OpenSCAP Extension
+EXTENSIONS_CISCAT=false         # Enable CISCAT Extension
+EXTENSIONS_AWS=false            # Enable AWS Extension
+EXTENSIONS_GCP=false            # Enable GCP Extension
+EXTENSIONS_VIRUSTOTAL=false     # Enable Virustotal Extension
+EXTENSIONS_OSQUERY=false        # Enable OSQuery Extension
+EXTENSIONS_DOCKER=false         # Enable Docker Extension
+
 APP_TIMEOUT=20000               # Defines maximum timeout to be used on the Wazuh app requests
 
 API_SELECTOR=true               Defines if the user is allowed to change the selected API directly from the Wazuh app top menu
@@ -178,10 +192,6 @@ WAZUH_MONITORING_REPLICAS=0         ##
 
 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
-| v4.10.1       |         |        |
-| v4.10.0       |         |        |
-| v4.9.2        |         |        |
-| v4.9.1        |         |        |
 | v4.9.0        |         |        |
 | v4.8.2        |         |        |
 | v4.8.1        |         |        |

SECURITY.md

@@ -16,11 +16,11 @@ Please submit your findings as security advisories under the "Security" tab in t
 ## Vulnerability Disclosure Policy
 Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps:
 
-1. Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
-2. Validation: We will validate the issue and work on reproducing it in our environment.
-3. Remediation: We will work on a fix and thoroughly test it
-4. Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
-5. Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
+- Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
+- Validation: We will validate the issue and work on reproducing it in our environment.
+- Remediation: We will work on a fix and thoroughly test it
+- Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
+- Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
 
 This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability.
 
@@ -33,7 +33,7 @@ We believe in giving credit where credit is due. If you report a security vulner
 We do appreciate and encourage feedback from our community, but currently we do not have a bounty program. We might start bounty programs in the future.
 
 ## Compliance with this Policy
-We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications.
+We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications. 
 
 Furthermore, we will not take legal action against or suspend or terminate access to the site or services of those who discover and report security vulnerabilities in accordance with this policy because of the fact.
 
@@ -42,4 +42,4 @@ We ask that all users and contributors respect this policy and the security of o
 ## Changes to this Security Policy
 This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date.
 
-If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com)
+If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com).

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.10.1"
-REVISION="41011"
+WAZUH-DOCKER_VERSION="4.9.0"
+REVISION="40907"

build-docker-images/README.md

@@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im
 The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
 
 ```
-$ build-docker-images/build-images.sh -v 4.10.1
+$ build-docker-images/build-images.sh -v 4.9.0
 ```
 
 To get all the available script options use the -h or --help option:
@@ -26,7 +26,7 @@ Usage: build-docker-images/build-images.sh [OPTIONS]
     -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
     -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default 0.4.
     -r, --revision <rev>         [Optional] Package revision. By default 1
-    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 4.10.1.
+    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 4.9.0.
     -h, --help                   Show this help.
 
 ```

build-docker-images/build-images.sh

@@ -1,4 +1,4 @@
-WAZUH_IMAGE_VERSION=4.10.1
+WAZUH_IMAGE_VERSION=4.9.0
 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
 WAZUH_TAG_REVISION=1
 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
@@ -12,7 +12,7 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
 # License (version 2) as published by the FSF - Free Software
 # Foundation.
 
-WAZUH_IMAGE_VERSION="4.10.1"
+WAZUH_IMAGE_VERSION="4.9.0"
 WAZUH_TAG_REVISION="1"
 WAZUH_DEV_STAGE=""
 FILEBEAT_MODULE_VERSION="0.4"
@@ -70,7 +70,7 @@ build() {
     echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> .env
     echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env
 
-    docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache || clean 1
+    docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache
 
     return 0
 }

build-docker-images/build-images.yml

@@ -62,7 +62,7 @@ services:
       context: wazuh-dashboard/
       args:
         WAZUH_VERSION: ${WAZUH_VERSION}
-        WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
+        WAZUH_TAG_REVISION: 2
         WAZUH_UI_REVISION: ${WAZUH_UI_REVISION}
     image: wazuh/wazuh-dashboard:${WAZUH_IMAGE_VERSION}
     hostname: wazuh.dashboard

build-docker-images/wazuh-dashboard/Dockerfile

@@ -21,8 +21,6 @@ RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
 RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
 RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
 COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
-RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/bin/node
-RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/fallback/bin/node
 
 # Generate certificates
 COPY config/config.sh .
@@ -50,6 +48,21 @@ ENV PATTERN="" \
     CHECKS_TEMPLATE="" \
     CHECKS_API="" \
     CHECKS_SETUP="" \
+    EXTENSIONS_PCI="" \
+    EXTENSIONS_GDPR="" \
+    EXTENSIONS_HIPAA="" \
+    EXTENSIONS_NIST="" \
+    EXTENSIONS_TSC="" \
+    EXTENSIONS_AUDIT="" \
+    EXTENSIONS_OSCAP="" \
+    EXTENSIONS_CISCAT="" \
+    EXTENSIONS_AWS="" \
+    EXTENSIONS_GCP="" \
+    EXTENSIONS_GITHUB=""\
+    EXTENSIONS_OFFICE=""\
+    EXTENSIONS_VIRUSTOTAL="" \
+    EXTENSIONS_OSQUERY="" \
+    EXTENSIONS_DOCKER="" \
     APP_TIMEOUT="" \
     API_SELECTOR="" \
     IP_SELECTOR="" \

build-docker-images/wazuh-dashboard/config/check_repository.sh

@@ -1,14 +1,29 @@
 ## variables
-APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
 GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
+REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
+MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
+MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
+MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
+MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
+MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
 
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
+## check version to use the correct repository
+if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
+  APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
+  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
+    APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+    REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
+    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
+      APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+      REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+    fi
+  fi
 fi
 
 rpm --import "${APT_KEY}"

build-docker-images/wazuh-dashboard/config/config.sh

@@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config
 
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.10/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.10/
+PACKAGES_URL=https://packages.wazuh.com/4.9/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.9/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh

@@ -15,6 +15,21 @@ declare -A CONFIG_MAP=(
   [checks.template]=$CHECKS_TEMPLATE
   [checks.api]=$CHECKS_API
   [checks.setup]=$CHECKS_SETUP
+  [extensions.pci]=$EXTENSIONS_PCI
+  [extensions.gdpr]=$EXTENSIONS_GDPR
+  [extensions.hipaa]=$EXTENSIONS_HIPAA
+  [extensions.nist]=$EXTENSIONS_NIST
+  [extensions.tsc]=$EXTENSIONS_TSC
+  [extensions.audit]=$EXTENSIONS_AUDIT
+  [extensions.oscap]=$EXTENSIONS_OSCAP
+  [extensions.ciscat]=$EXTENSIONS_CISCAT
+  [extensions.aws]=$EXTENSIONS_AWS
+  [extensions.gcp]=$EXTENSIONS_GCP
+  [extensions.github]=$EXTENSIONS_GITHUB
+  [extensions.office]=$EXTENSIONS_OFFICE
+  [extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL
+  [extensions.osquery]=$EXTENSIONS_OSQUERY
+  [extensions.docker]=$EXTENSIONS_DOCKER
   [timeout]=$APP_TIMEOUT
   [api.selector]=$API_SELECTOR
   [ip.selector]=$IP_SELECTOR

build-docker-images/wazuh-indexer/config/check_repository.sh

@@ -1,14 +1,29 @@
 ## variables
-APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
 GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
+REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
+MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
+MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
+MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
+MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
+MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
 
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
+## check version to use the correct repository
+if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
+  APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
+  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
+    APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+    REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
+    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
+      APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+      REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+    fi
+  fi
 fi
 
 rpm --import "${APT_KEY}"

build-docker-images/wazuh-indexer/config/config.sh

@@ -22,8 +22,8 @@ export REPO_DIR=/unattended_installer
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.10/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.10/
+PACKAGES_URL=https://packages.wazuh.com/4.9/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.9/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

build-docker-images/wazuh-manager/Dockerfile

@@ -60,8 +60,6 @@ RUN mkdir -p /var/ossec/var/multigroups && \
     sync && /permanent_data.sh && \
     sync && rm /permanent_data.sh
 
-RUN rm /etc/yum.repos.d/wazuh.repo
-
 # Services ports
 EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp
 

build-docker-images/wazuh-manager/config/check_repository.sh

@@ -1,14 +1,29 @@
 ## variables
-APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
 GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
+REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
+MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
+MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
+MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
+MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
+MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
 
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
+## check version to use the correct repository
+if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
+  APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
+  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
+    APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+    REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
+    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
+      APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+      REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+    fi
+  fi
 fi
 
 rpm --import "${APT_KEY}"

build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init

@@ -51,7 +51,7 @@ mount_permanent_data() {
         print "Installing ${permanent_dir}"
         exec_cmd "cp -a ${data_tmp}. ${permanent_dir}"
       else
-        print "The path ${permanent_dir} is empty, skipped"
+        print "The path ${permanent_dir} is empty, skiped"
       fi
     fi
   done

build-docker-images/wazuh-manager/config/etc/cont-init.d/1-config-filebeat

@@ -4,7 +4,7 @@
 set -e
 
 if [ "$INDEXER_URL" != "" ]; then
-  >&2 echo "Customize Elasticsearch output IP"
+  >&2 echo "Customize Elasticsearch ouput IP"
   sed -i "s|hosts:.*|hosts: ['$INDEXER_URL']|g" /etc/filebeat/filebeat.yml
 fi
 

build-docker-images/wazuh-manager/config/filebeat_module.sh

@@ -1,10 +1,23 @@
-## variables
-REPOSITORY="packages-dev.wazuh.com/pre-release"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
+REPOSITORY="packages.wazuh.com/4.x"
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
+MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
+MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
+MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
+MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
+MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
 
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  REPOSITORY="packages.wazuh.com/4.x"
+## check version to use the correct repository
+if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
+  REPOSITORY="packages-dev.wazuh.com/pre-release"
+elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
+  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
+    REPOSITORY="packages-dev.wazuh.com/pre-release"
+  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
+    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
+      REPOSITORY="packages-dev.wazuh.com/pre-release"
+    fi
+  fi
 fi
 
 curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm &&\

build-docker-images/wazuh-manager/config/permanent_data.env

@@ -82,11 +82,6 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/orm.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/utils.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/__init__.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_utils.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/__init__.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/analytics.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/graph.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/storage.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
@@ -94,9 +89,6 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/bucket.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/access_logs.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py"
 export PERMANENT_DATA_EXCP
 
 # Files mounted in a volume that should be deleted

indexer-certs-creator/config/entrypoint.sh

@@ -8,8 +8,8 @@
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.10/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.10/
+PACKAGES_URL=https://packages.wazuh.com/4.9/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.9/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

multi-node/docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh.master:
-    image: wazuh/wazuh-manager:4.10.1
+    image: wazuh/wazuh-manager:4.9.0
     hostname: wazuh.master
     restart: always
     ulimits:
@@ -45,7 +45,7 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.worker:
-    image: wazuh/wazuh-manager:4.10.1
+    image: wazuh/wazuh-manager:4.9.0
     hostname: wazuh.worker
     restart: always
     ulimits:
@@ -81,7 +81,7 @@ services:
       - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh1.indexer:
-    image: wazuh/wazuh-indexer:4.10.1
+    image: wazuh/wazuh-indexer:4.9.0
     hostname: wazuh1.indexer
     restart: always
     ports:
@@ -107,7 +107,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh2.indexer:
-    image: wazuh/wazuh-indexer:4.10.1
+    image: wazuh/wazuh-indexer:4.9.0
     hostname: wazuh2.indexer
     restart: always
     environment:
@@ -129,7 +129,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh3.indexer:
-    image: wazuh/wazuh-indexer:4.10.1
+    image: wazuh/wazuh-indexer:4.9.0
     hostname: wazuh3.indexer
     restart: always
     environment:
@@ -151,7 +151,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.10.1
+    image: wazuh/wazuh-dashboard:4.9.0
     hostname: wazuh.dashboard
     restart: always
     ports:

single-node/docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh.manager:
-    image: wazuh/wazuh-manager:4.10.1
+    image: wazuh/wazuh-manager:4.9.0
     hostname: wazuh.manager
     restart: always
     ulimits:
@@ -46,7 +46,7 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.indexer:
-    image: wazuh/wazuh-indexer:4.10.1
+    image: wazuh/wazuh-indexer:4.9.0
     hostname: wazuh.indexer
     restart: always
     ports:
@@ -71,7 +71,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.10.1
+    image: wazuh/wazuh-dashboard:4.9.0
     hostname: wazuh.dashboard
     restart: always
     ports: