change docker-compose.yml environments for multinode deployment

.env

@@ -1,6 +1,6 @@
-WAZUH_VERSION=4.11.0
-WAZUH_IMAGE_VERSION=4.11.0
+WAZUH_VERSION=4.8.0
+WAZUH_IMAGE_VERSION=4.8.0
 WAZUH_TAG_REVISION=1
-FILEBEAT_TEMPLATE_BRANCH=4.11.0
+FILEBEAT_TEMPLATE_BRANCH=4.8.0
 WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz
 WAZUH_UI_REVISION=1

.github/.goss.yaml

@@ -56,7 +56,7 @@ package:
   wazuh-manager:
     installed: true
     versions:
-    - 4.11.0
+    - 4.8.0
 port:
   tcp:1514:
     listening: true

.github/free-disk-space/action.yml

@@ -1,245 +0,0 @@
-name: "Free Disk Space (Ubuntu)"
-description: "A configurable GitHub Action to free up disk space on an Ubuntu GitHub Actions runner."
-
-# Thanks @jlumbroso for the action code https://github.com/jlumbroso/free-disk-space/
-# See: https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#branding
-
-inputs:
-  android:
-    description: "Remove Android runtime"
-    required: false
-    default: "true"
-  dotnet:
-    description: "Remove .NET runtime"
-    required: false
-    default: "true"
-  haskell:
-    description: "Remove Haskell runtime"
-    required: false
-    default: "true"
-
-  # option inspired by:
-  # https://github.com/apache/flink/blob/master/tools/azure-pipelines/free_disk_space.sh
-  large-packages:
-    description: "Remove large packages"
-    required: false
-    default: "true"
-
-  docker-images:
-    description: "Remove Docker images"
-    required: false
-    default: "true"
-
-  # option inspired by:
-  # https://github.com/actions/virtual-environments/issues/2875#issuecomment-1163392159
-  tool-cache:
-    description: "Remove image tool cache"
-    required: false
-    default: "false"
-
-  swap-storage:
-    description: "Remove swap storage"
-    required: false
-    default: "true"
-
-runs:
-  using: "composite"
-  steps:
-    - shell: bash
-      run: |
-
-        # ======
-        # MACROS
-        # ======
-
-        # macro to print a line of equals
-        # (silly but works)
-        printSeparationLine() {
-          str=${1:=}
-          num=${2:-80}
-          counter=1
-          output=""
-          while [ $counter -le $num ]
-          do
-             output="${output}${str}"
-             counter=$((counter+1))
-          done
-          echo "${output}"
-        }
-
-        # macro to compute available space
-        # REF: https://unix.stackexchange.com/a/42049/60849
-        # REF: https://stackoverflow.com/a/450821/408734
-        getAvailableSpace() { echo $(df -a $1 | awk 'NR > 1 {avail+=$4} END {print avail}'); }
-
-        # macro to make Kb human readable (assume the input is Kb)
-        # REF: https://unix.stackexchange.com/a/44087/60849
-        formatByteCount() { echo $(numfmt --to=iec-i --suffix=B --padding=7 $1'000'); }
-
-        # macro to output saved space
-        printSavedSpace() {
-          saved=${1}
-          title=${2:-}
-
-          echo ""
-          printSeparationLine '*' 80
-          if [ ! -z "${title}" ]; then
-            echo "=> ${title}: Saved $(formatByteCount $saved)"
-          else
-            echo "=> Saved $(formatByteCount $saved)"
-          fi
-          printSeparationLine '*' 80
-          echo ""
-        }
-
-        # macro to print output of dh with caption
-        printDH() {
-          caption=${1:-}
-
-          printSeparationLine '=' 80
-          echo "${caption}"
-          echo ""
-          echo "$ dh -h /"
-          echo ""
-          df -h /
-          echo "$ dh -a /"
-          echo ""
-          df -a /
-          echo "$ dh -a"
-          echo ""
-          df -a
-          printSeparationLine '=' 80
-        }
-
-
-
-        # ======
-        # SCRIPT
-        # ======
-
-        # Display initial disk space stats
-
-        AVAILABLE_INITIAL=$(getAvailableSpace)
-        AVAILABLE_ROOT_INITIAL=$(getAvailableSpace '/')
-
-        printDH "BEFORE CLEAN-UP:"
-        echo ""
-
-
-        # Option: Remove Android library
-
-        if [[ ${{ inputs.android }} == 'true' ]]; then
-          BEFORE=$(getAvailableSpace)
-          
-          sudo rm -rf /usr/local/lib/android || true
-
-          AFTER=$(getAvailableSpace)
-          SAVED=$((AFTER-BEFORE))
-          printSavedSpace $SAVED "Android library"
-        fi
-
-        # Option: Remove .NET runtime
-
-        if [[ ${{ inputs.dotnet }} == 'true' ]]; then
-          BEFORE=$(getAvailableSpace)
-
-          # https://github.community/t/bigger-github-hosted-runners-disk-space/17267/11
-          sudo rm -rf /usr/share/dotnet || true
-          
-          AFTER=$(getAvailableSpace)
-          SAVED=$((AFTER-BEFORE))
-          printSavedSpace $SAVED ".NET runtime"
-        fi
-
-        # Option: Remove Haskell runtime
-
-        if [[ ${{ inputs.haskell }} == 'true' ]]; then
-          BEFORE=$(getAvailableSpace)
-
-          sudo rm -rf /opt/ghc || true
-          sudo rm -rf /usr/local/.ghcup || true
-          
-          AFTER=$(getAvailableSpace)
-          SAVED=$((AFTER-BEFORE))
-          printSavedSpace $SAVED "Haskell runtime"
-        fi
-
-        # Option: Remove large packages
-        # REF: https://github.com/apache/flink/blob/master/tools/azure-pipelines/free_disk_space.sh
-
-        if [[ ${{ inputs.large-packages }} == 'true' ]]; then
-          BEFORE=$(getAvailableSpace)
-          
-          sudo apt-get remove -y '^aspnetcore-.*' || echo "::warning::The command [sudo apt-get remove -y '^aspnetcore-.*'] failed to complete successfully. Proceeding..."
-          sudo apt-get remove -y '^dotnet-.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y '^dotnet-.*' --fix-missing] failed to complete successfully. Proceeding..."
-          sudo apt-get remove -y '^llvm-.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y '^llvm-.*' --fix-missing] failed to complete successfully. Proceeding..."
-          sudo apt-get remove -y 'php.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y 'php.*' --fix-missing] failed to complete successfully. Proceeding..."
-          sudo apt-get remove -y '^mongodb-.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y '^mongodb-.*' --fix-missing] failed to complete successfully. Proceeding..."
-          sudo apt-get remove -y '^mysql-.*' --fix-missing || echo "::warning::The command [sudo apt-get remove -y '^mysql-.*' --fix-missing] failed to complete successfully. Proceeding..."
-          sudo apt-get remove -y azure-cli google-chrome-stable firefox powershell mono-devel libgl1-mesa-dri --fix-missing || echo "::warning::The command [sudo apt-get remove -y azure-cli google-chrome-stable firefox powershell mono-devel libgl1-mesa-dri --fix-missing] failed to complete successfully. Proceeding..."
-          sudo apt-get remove -y google-cloud-sdk --fix-missing || echo "::debug::The command [sudo apt-get remove -y google-cloud-sdk --fix-missing] failed to complete successfully. Proceeding..."
-          sudo apt-get remove -y google-cloud-cli --fix-missing || echo "::debug::The command [sudo apt-get remove -y google-cloud-cli --fix-missing] failed to complete successfully. Proceeding..."
-          sudo apt-get autoremove -y || echo "::warning::The command [sudo apt-get autoremove -y] failed to complete successfully. Proceeding..."
-          sudo apt-get clean || echo "::warning::The command [sudo apt-get clean] failed to complete successfully. Proceeding..."
-
-          AFTER=$(getAvailableSpace)
-          SAVED=$((AFTER-BEFORE))
-          printSavedSpace $SAVED "Large misc. packages"
-        fi
-
-        # Option: Remove Docker images
-
-        if [[ ${{ inputs.docker-images }} == 'true' ]]; then
-          BEFORE=$(getAvailableSpace)
-
-          sudo docker image prune --all --force || true
-
-          AFTER=$(getAvailableSpace)
-          SAVED=$((AFTER-BEFORE))
-          printSavedSpace $SAVED "Docker images"
-        fi
-
-        # Option: Remove tool cache
-        # REF: https://github.com/actions/virtual-environments/issues/2875#issuecomment-1163392159
-
-        if [[ ${{ inputs.tool-cache }} == 'true' ]]; then
-          BEFORE=$(getAvailableSpace)
-
-          sudo rm -rf "$AGENT_TOOLSDIRECTORY" || true
-          
-          AFTER=$(getAvailableSpace)
-          SAVED=$((AFTER-BEFORE))
-          printSavedSpace $SAVED "Tool cache"
-        fi
-
-        # Option: Remove Swap storage
-
-        if [[ ${{ inputs.swap-storage }} == 'true' ]]; then
-          BEFORE=$(getAvailableSpace)
-
-          sudo swapoff -a || true
-          sudo rm -f /mnt/swapfile || true
-          free -h
-          
-          AFTER=$(getAvailableSpace)
-          SAVED=$((AFTER-BEFORE))
-          printSavedSpace $SAVED "Swap storage"
-        fi
-
-
-
-        # Output saved space statistic
-
-        AVAILABLE_END=$(getAvailableSpace)
-        AVAILABLE_ROOT_END=$(getAvailableSpace '/')
-
-        echo ""
-        printDH "AFTER CLEAN-UP:"
-
-        echo ""
-        echo ""
-
-        echo "/dev/root:"
-        printSavedSpace $((AVAILABLE_ROOT_END - AVAILABLE_ROOT_INITIAL))
-        echo "overall:"
-        printSavedSpace $((AVAILABLE_END - AVAILABLE_INITIAL))

.github/workflows/Procedure_push_docker_images.yml

@@ -1,167 +0,0 @@
-run-name: Launch Push Docker Images - ${{ inputs.id }}
-name: Push Docker Images
-
-on:
-  workflow_dispatch:
-    inputs:
-      image_tag:
-        description: 'Docker image tag'
-        default: '4.11.0'
-        required: true
-      docker_reference:
-        description: 'wazuh-docker reference'
-        default: 'v4.11.0'
-        required: true
-      products:
-        description: 'Comma-separated list of the image names to build and push'
-        default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer'
-        required: true
-      filebeat_module_version:
-        description: 'Filebeat module version'
-        default: '0.4'
-        required: true
-      revision:
-        description: 'Package revision'
-        default: '1'
-        required: true
-      push_images:
-        description: 'Push images'
-        type: boolean
-        default: true
-        required: true
-      id:
-        description: "ID used to identify the workflow uniquely."
-        type: string
-        required: false
-      dev:
-        description: "Add tag suffix '-dev' to the image tag ?"
-        type: boolean
-        default: true
-        required: false
-  workflow_call:
-    inputs:
-      image_tag:
-        description: 'Docker image tag'
-        default: '4.11.0'
-        required: true
-        type: string
-      docker_reference:
-        description: 'wazuh-docker reference'
-        default: 'v4.11.0'
-        required: false
-        type: string
-      products:
-        description: 'Comma-separated list of the image names to build and push'
-        default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer'
-        required: true
-        type: string
-      filebeat_module_version:
-        description: 'Filebeat module version'
-        default: '0.4'
-        required: true
-        type: string
-      revision:
-        description: 'Package revision'
-        default: '1'
-        required: true
-        type: string
-      push_images:
-        description: 'Push images'
-        type: boolean
-        default: true
-        required: true
-      id:
-        description: "ID used to identify the workflow uniquely."
-        type: string
-        required: false
-      dev:
-        description: "Add tag suffix '-dev' to the image tag ?"
-        type: boolean
-        default: false
-        required: false
-
-jobs:
-  build-and-push:
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Print inputs
-      run: |
-        echo "---------------------------------------------"
-        echo "Running Procedure_push_docker_images workflow"
-        echo "---------------------------------------------"
-        echo "* BRANCH: ${{ github.ref }}"
-        echo "* COMMIT: ${{ github.sha }}"
-        echo "---------------------------------------------"
-        echo "Inputs provided:"
-        echo "---------------------------------------------"
-        echo "* id: ${{ inputs.id }}"
-        echo "* image_tag: ${{ inputs.image_tag }}"
-        echo "* docker_reference: ${{ inputs.docker_reference }}"
-        echo "* products: ${{ inputs.products }}"
-        echo "* filebeat_module_version: ${{ inputs.filebeat_module_version }}"
-        echo "* revision: ${{ inputs.revision }}"
-        echo "* push_images: ${{ inputs.push_images }}"
-        echo "* dev: ${{ inputs.dev }}"
-        echo "---------------------------------------------"
-
-    - name: Checkout repository
-      uses: actions/checkout@v4
-      with:
-        ref: ${{ inputs.docker_reference }}
-
-    - name: Log in to Docker Hub
-      uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
-    - name: Install Docker Compose
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y docker-compose
-        echo "Installed Docker Compose version: $(docker-compose --version)"
-
-    - name: Build Wazuh images
-      run: |
-        IMAGE_TAG=${{ inputs.image_tag }}
-        FILEBEAT_MODULE_VERSION=${{ inputs.filebeat_module_version }}
-        REVISION=${{ inputs.revision }}
-
-        if [[ "$IMAGE_TAG" == *"-"* ]]; then
-          IFS='-' read -r -a tokens <<< "$IMAGE_TAG"
-          if [ -z "${tokens[1]}" ]; then
-            echo "Invalid image tag: $IMAGE_TAG"
-            exit 1
-          fi
-          DEV_STAGE=${tokens[1]}
-          WAZUH_VER=${tokens[0]}
-          ./build-docker-images/build-images.sh -v $WAZUH_VER -r $REVISION -d $DEV_STAGE -f $FILEBEAT_MODULE_VERSION
-        else
-          ./build-docker-images/build-images.sh -v $IMAGE_TAG -r $REVISION -f $FILEBEAT_MODULE_VERSION
-        fi
-
-        # Save .env file (generated by build-images.sh) contents to $GITHUB_ENV
-        ENV_FILE_PATH=".env"
-
-        if [ -f $ENV_FILE_PATH ]; then
-          while IFS= read -r line || [ -n "$line" ]; do
-            echo "$line" >> $GITHUB_ENV
-          done < $ENV_FILE_PATH
-        else
-          echo "The environment file $ENV_FILE_PATH does not exist!"
-          exit 1
-        fi
-
-    - name: Tag and Push Wazuh images
-      if: ${{ inputs.push_images }}
-      run: |
-        IMAGE_TAG="${{ inputs.image_tag }}$( [ "${{ inputs.dev }}" == "true" ] && echo '-dev' || true )"
-        IMAGE_NAMES=${{ inputs.products }}
-        IFS=',' read -r -a images <<< "$IMAGE_NAMES"
-        for image in "${images[@]}"; do
-          echo "Tagging and pushing wazuh/$image:${WAZUH_VERSION} to wazuh/$image:$IMAGE_TAG"
-          docker tag wazuh/$image:${WAZUH_VERSION} wazuh/$image:$IMAGE_TAG
-          echo "Pushing wazuh/$image:$IMAGE_TAG ..."
-          docker push wazuh/$image:$IMAGE_TAG
-        done

.github/workflows/push.yml

@@ -10,11 +10,6 @@ jobs:
     - name: Check out code
       uses: actions/checkout@v3
 
-    - name: Install docker-compose
-      run: |
-        curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-        chmod +x /usr/local/bin/docker-compose
-
     - name: Build Wazuh images
       run: build-docker-images/build-images.sh
 
@@ -29,21 +24,21 @@ jobs:
         docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
 
     - name: Temporarily save Wazuh manager Docker image
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v3
       with:
         name: docker-artifact-manager
         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar
         retention-days: 1
 
     - name: Temporarily save Wazuh indexer Docker image
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v3
       with:
         name: docker-artifact-indexer
         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar
         retention-days: 1
 
     - name: Temporarily save Wazuh dashboard Docker image
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v3
       with:
         name: docker-artifact-dashboard
         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
@@ -68,26 +63,21 @@ jobs:
     - name: Check out code
       uses: actions/checkout@v3
 
-    - name: Install docker-compose
-      run: |
-        curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-        chmod +x /usr/local/bin/docker-compose
-
     - name: Create enviroment variables
       run: cat .env > $GITHUB_ENV
 
     - name: Retrieve saved Wazuh indexer Docker image
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v3
       with:
         name: docker-artifact-indexer
 
     - name: Retrieve saved Wazuh manager Docker image
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v3
       with:
         name: docker-artifact-manager
 
     - name: Retrieve saved Wazuh dashboard Docker image
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v3
       with:
         name: docker-artifact-dashboard
 
@@ -196,29 +186,29 @@ jobs:
     - name: Check out code
       uses: actions/checkout@v3
 
-    - name: Install docker-compose
-      run: |
-        curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-        chmod +x /usr/local/bin/docker-compose
-
     - name: Create enviroment variables
       run: cat .env > $GITHUB_ENV
 
     - name: free disk space
-      uses: ./.github/free-disk-space
+      run: |
+        sudo swapoff -a
+        sudo rm -f /swapfile
+        sudo apt clean
+        docker rmi $(docker image ls -aq)
+        df -h
 
     - name: Retrieve saved Wazuh dashboard Docker image
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v3
       with:
         name: docker-artifact-dashboard
 
     - name: Retrieve saved Wazuh manager Docker image
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v3
       with:
         name: docker-artifact-manager
 
     - name: Retrieve saved Wazuh indexer Docker image
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v3
       with:
         name: docker-artifact-indexer
 
@@ -242,7 +232,7 @@ jobs:
          echo 'Waiting for Wazuh indexer start'
          free -m
          df -h
-         sleep 120
+         sleep 10
        done
        status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`"
        if [[ $status_green -eq 1 ]]; then
@@ -280,7 +270,7 @@ jobs:
          sleep 10
        done
        docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`"
-       if [[ $docs -gt 0 ]]; then
+       if [[ $docs -gt 1 ]]; then
         echo "wazuh-alerts index documents: ${docs}"
        else
         echo "wazuh-alerts index documents: ${docs}"

CHANGELOG.md

@@ -1,119 +1,11 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
-## [4.11.0]
-
-### Added
-
-- None
-
-### Changed
-
-- None
-
-### Fixed
-
-- Change the cleaning disk step ([#1663](https://github.com/wazuh/wazuh-docker/pull/1663))
-
-### Deleted
-
-- None
-
-## [4.10.1]
-
-### Added
-
-- None
-
-### Changed
-
-- None
-
-### Fixed
-
-- None
-
-### Deleted
-
-- None
-
-## [4.10.0]
-
-### Added
-
-- Improve the push docker images workflow ([#1551](https://github.com/wazuh/wazuh-docker/pull/1551))
-- Update the Procedure push docker images workflow file ([#1524](https://github.com/wazuh/wazuh-docker/pull/1524))
-- Add the push_docker_images procedure workflow file ([#1518](https://github.com/wazuh/wazuh-docker/pull/1518))
-
-### Changed
-
-- None
-
-### Fixed
-
-- Add unset capabilities. ([#1619](https://github.com/wazuh/wazuh-docker/pull/1619))
-- Removed references to module enabling because they are now enabled by default. ([#1416](https://github.com/wazuh/wazuh-docker/pull/1416))
-
-### Deleted
-
-- None
-
-## [4.9.2]
-
-### Added
-
-- Update Wazuh to version [4.9.2](https://github.com/wazuh/wazuh/blob/v4.9.2/CHANGELOG.md#v492)
-
-## [4.9.1]
-
-### Added
-
-- None
-
-### Changed
-
-- None
-
-
-### Fixed
-
-- Fix typos into Wazuh manager entrypoint ([#1569](https://github.com/wazuh/wazuh-docker/pull/1569))
-
-### Deleted
-
-- None
-
-
-## Wazuh Docker v4.9.0
-### Added
-
-- Update Wazuh to version [4.9.0](https://github.com/wazuh/wazuh/blob/v4.9.0/CHANGELOG.md#v490)
-
-## Wazuh Docker v4.8.2
-### Added
-
-- Update Wazuh to version [4.8.2](https://github.com/wazuh/wazuh/blob/v4.8.2/CHANGELOG.md#v482)
-
-## Wazuh Docker v4.8.1
-### Added
-
-- Update Wazuh to version [4.8.1](https://github.com/wazuh/wazuh/blob/v4.8.1/CHANGELOG.md#v481)
-
 ## Wazuh Docker v4.8.0
 ### Added
 
 - Update Wazuh to version [4.8.0](https://github.com/wazuh/wazuh/blob/v4.8.0/CHANGELOG.md#v480)
 
-## Wazuh Docker v4.7.5
-### Added
-
-- Update Wazuh to version [4.7.5](https://github.com/wazuh/wazuh/blob/v4.7.5/CHANGELOG.md#v475)
-
-## Wazuh Docker v4.7.4
-### Added
-
-- Update Wazuh to version [4.7.4](https://github.com/wazuh/wazuh/blob/v4.7.4/CHANGELOG.md#v474)
-
 ## Wazuh Docker v4.7.3
 ### Added
 

README.md

@@ -8,19 +8,19 @@
 In this repository you will find the containers to run:
 
 * Wazuh manager: it runs the Wazuh manager, Wazuh API and Filebeat OSS
-* Wazuh dashboard: provides a web user interface to browse through alert data and allows you to visualize the agents configuration and status.
+* Wazuh dashboard: provides a web user interface to browse through alerts data and allows you to visualize agents configuration and status.
 * Wazuh indexer: Wazuh indexer container (working as a single-node cluster or as a multi-node cluster). **Be aware to increase the `vm.max_map_count` setting, as it's detailed in the [Wazuh documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#increase-max-map-count-on-your-host-linux).**
 
 The folder `build-docker-images` contains a README explaining how to build the Wazuh images and the necessary assets.
 The folder `indexer-certs-creator` contains a README explaining how to create the certificates creator tool and the necessary assets.
 The folder `single-node` contains a README explaining how to run a Wazuh environment with one Wazuh manager, one Wazuh indexer, and one Wazuh dashboard.
-The folder `multi-node` contains a README explaining how to run a Wazuh environment with two Wazuh managers, three Wazuh indexers, and one Wazuh dashboard.
+The folder `multi-node` contains a README explaining how to run a Wazuh environment with two Wazuh managers, three Wazuh indexer, and one Wazuh dashboard.
 
 ## Documentation
 
 * [Wazuh full documentation](http://documentation.wazuh.com)
 * [Wazuh documentation for Docker](https://documentation.wazuh.com/current/docker/index.html)
-* [Docker Hub](https://hub.docker.com/u/wazuh)
+* [Docker hub](https://hub.docker.com/u/wazuh)
 
 
 ### Setup SSL certificate
@@ -38,7 +38,7 @@ Default values are included when available.
 ```
 API_USERNAME="wazuh-wui"                            # Wazuh API username
 API_PASSWORD="MyS3cr37P450r.*-"                     # Wazuh API password - Must comply with requirements
-                                                    # (8+ length, uppercase, lowercase, special chars)
+                                                    # (8+ length, uppercase, lowercase, specials chars)
 
 INDEXER_URL=https://wazuh.indexer:9200              # Wazuh indexer URL
 INDEXER_USERNAME=admin                              # Wazuh indexer Username
@@ -53,11 +53,25 @@ SSL_KEY=""                                          # Path of Filebeat SSL Key
 ```
 PATTERN="wazuh-alerts-*"        # Default index pattern to use
 
-CHECKS_PATTERN=true             # Defines which checks must be considered by the healthcheck
-CHECKS_TEMPLATE=true            # step once the Wazuh app starts. Values must be true or false
+CHECKS_PATTERN=true             # Defines which checks must to be consider by the healthcheck
+CHECKS_TEMPLATE=true            # step once the Wazuh app starts. Values must to be true or false
 CHECKS_API=true
 CHECKS_SETUP=true
 
+EXTENSIONS_PCI=true             # Enable PCI Extension
+EXTENSIONS_GDPR=true            # Enable GDPR Extension
+EXTENSIONS_HIPAA=true           # Enable HIPAA Extension
+EXTENSIONS_NIST=true            # Enable NIST Extension
+EXTENSIONS_TSC=true             # Enable TSC Extension
+EXTENSIONS_AUDIT=true           # Enable Audit Extension
+EXTENSIONS_OSCAP=false          # Enable OpenSCAP Extension
+EXTENSIONS_CISCAT=false         # Enable CISCAT Extension
+EXTENSIONS_AWS=false            # Enable AWS Extension
+EXTENSIONS_GCP=false            # Enable GCP Extension
+EXTENSIONS_VIRUSTOTAL=false     # Enable Virustotal Extension
+EXTENSIONS_OSQUERY=false        # Enable OSQuery Extension
+EXTENSIONS_DOCKER=false         # Enable Docker Extension
+
 APP_TIMEOUT=20000               # Defines maximum timeout to be used on the Wazuh app requests
 
 API_SELECTOR=true               Defines if the user is allowed to change the selected API directly from the Wazuh app top menu
@@ -75,23 +89,19 @@ WAZUH_MONITORING_REPLICAS=0         ##
 ## Directory structure
 
     ├── build-docker-images
-    │   ├── build-images.sh
-    │   ├── build-images.yml
-    │   ├── README.md
+    │   ├── docker-compose.yml
     │   ├── wazuh-dashboard
     │   │   ├── config
     │   │   │   ├── config.sh
     │   │   │   ├── config.yml
-    │   │   │   ├── dl_base.sh
     │   │   │   ├── entrypoint.sh
-    │   │   │   ├── install_wazuh_app.sh
     │   │   │   ├── opensearch_dashboards.yml
     │   │   │   ├── wazuh_app_config.sh
     │   │   │   └── wazuh.yml
     │   │   └── Dockerfile
     │   ├── wazuh-indexer
     │   │   ├── config
-    │   │   │   ├── action_groups.yml
+    │   │   │   ├── action_groups.yml
     │   │   │   ├── config.sh
     │   │   │   ├── config.yml
     │   │   │   ├── entrypoint.sh
@@ -103,7 +113,6 @@ WAZUH_MONITORING_REPLICAS=0         ##
     │   │   └── Dockerfile
     │   └── wazuh-manager
     │       ├── config
-    │       │   ├── check_repository.sh
     │       │   ├── create_user.py
     │       │   ├── etc
     │       │   │   ├── cont-init.d
@@ -116,21 +125,19 @@ WAZUH_MONITORING_REPLICAS=0         ##
     │       │   │       │   └── run
     │       │   │       └── ossec-logs
     │       │   │           └── run
-    │       │   ├── filebeat_module.sh
     │       │   ├── filebeat.yml
     │       │   ├── permanent_data.env
-    │       │   └── permanent_data.sh
+    │       │   ├── permanent_data.sh
+    │       │   └── wazuh.repo
     │       └── Dockerfile
     ├── CHANGELOG.md
     ├── indexer-certs-creator
     │   ├── config
     │   │   └── entrypoint.sh
-    │   ├── Dockerfile
-    │   └── README.md
+    │   └── Dockerfile
     ├── LICENSE
     ├── multi-node
     │   ├── config
-    │   │   ├── certs.yml
     │   │   ├── nginx
     │   │   │   └── nginx.conf
     │   │   ├── wazuh_cluster
@@ -139,29 +146,40 @@ WAZUH_MONITORING_REPLICAS=0         ##
     │   │   ├── wazuh_dashboard
     │   │   │   ├── opensearch_dashboards.yml
     │   │   │   └── wazuh.yml
-    │   │   └── wazuh_indexer
-    │   │       ├── internal_users.yml
-    │   │       ├── wazuh1.indexer.yml
-    │   │       ├── wazuh2.indexer.yml
-    │   │       └── wazuh3.indexer.yml
+    │   │   ├── wazuh_indexer
+    │   │   │   ├── internal_users.yml
+    │   │   │   ├── wazuh1.indexer.yml
+    │   │   │   ├── wazuh2.indexer.yml
+    │   │   │   └── wazuh3.indexer.yml
+    │   │   └── wazuh_indexer_ssl_certs
+    │   │       └── certs.yml
     │   ├── docker-compose.yml
     │   ├── generate-indexer-certs.yml
-    │   ├── Migration-to-Wazuh-4.4.md
-    │   ├── README.md
+    │   ├── Migration-to-Wazuh-4.3.md
     │   └── volume-migrator.sh
     ├── README.md
-    ├── SECURITY.md
     ├── single-node
     │   ├── config
-    │   │   ├── certs.yml
     │   │   ├── wazuh_cluster
     │   │   │   └── wazuh_manager.conf
     │   │   ├── wazuh_dashboard
     │   │   │   ├── opensearch_dashboards.yml
     │   │   │   └── wazuh.yml
-    │   │   └── wazuh_indexer
-    │   │       ├── internal_users.yml
-    │   │       └── wazuh.indexer.yml
+    │   │   ├── wazuh_indexer
+    │   │   │   ├── internal_users.yml
+    │   │   │   └── wazuh.indexer.yml
+    │   │   └── wazuh_indexer_ssl_certs
+    │   │       ├── admin-key.pem
+    │   │       ├── admin.pem
+    │   │       ├── certs.yml
+    │   │       ├── root-ca.key
+    │   │       ├── root-ca.pem
+    │   │       ├── wazuh.dashboard-key.pem
+    │   │       ├── wazuh.dashboard.pem
+    │   │       ├── wazuh.indexer-key.pem
+    │   │       ├── wazuh.indexer.pem
+    │   │       ├── wazuh.manager-key.pem
+    │   │       └── wazuh.manager.pem
     │   ├── docker-compose.yml
     │   ├── generate-indexer-certs.yml
     │   └── README.md
@@ -172,23 +190,13 @@ WAZUH_MONITORING_REPLICAS=0         ##
 ## Branches
 
 * `master` branch contains the latest code, be aware of possible bugs on this branch.
-* `stable` branch corresponds to the last Wazuh stable version.
+* `stable` branch on correspond to the last Wazuh stable version.
 
 ## Compatibility Matrix
 
 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
-| v4.11.0       |         |        |
-| v4.10.1       |         |        |
-| v4.10.0       |         |        |
-| v4.9.2        |         |        |
-| v4.9.1        |         |        |
-| v4.9.0        |         |        |
-| v4.8.2        |         |        |
-| v4.8.1        |         |        |
 | v4.8.0        |         |        |
-| v4.7.5        |         |        |
-| v4.7.4        |         |        |
 | v4.7.3        |         |        |
 | v4.7.2        |         |        |
 | v4.7.1        |         |        |
@@ -244,7 +252,7 @@ These Docker containers are based on:
 *  "deviantony" dockerfiles which can be found at [https://github.com/deviantony/docker-elk](https://github.com/deviantony/docker-elk)
 *  "xetus-oss" dockerfiles, which can be found at [https://github.com/xetus-oss/docker-ossec-server](https://github.com/xetus-oss/docker-ossec-server)
 
-We thank them and everyone else who has contributed to this project.
+We thank you them and everyone else who has contributed to this project.
 
 ## License and copyright
 

SECURITY.md

@@ -16,11 +16,11 @@ Please submit your findings as security advisories under the "Security" tab in t
 ## Vulnerability Disclosure Policy
 Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps:
 
-1. Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
-2. Validation: We will validate the issue and work on reproducing it in our environment.
-3. Remediation: We will work on a fix and thoroughly test it
-4. Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
-5. Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
+- Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
+- Validation: We will validate the issue and work on reproducing it in our environment.
+- Remediation: We will work on a fix and thoroughly test it
+- Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
+- Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
 
 This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability.
 
@@ -33,7 +33,7 @@ We believe in giving credit where credit is due. If you report a security vulner
 We do appreciate and encourage feedback from our community, but currently we do not have a bounty program. We might start bounty programs in the future.
 
 ## Compliance with this Policy
-We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications.
+We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications. 
 
 Furthermore, we will not take legal action against or suspend or terminate access to the site or services of those who discover and report security vulnerabilities in accordance with this policy because of the fact.
 
@@ -42,4 +42,4 @@ We ask that all users and contributors respect this policy and the security of o
 ## Changes to this Security Policy
 This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date.
 
-If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com)
+If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com).

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.11.0"
-REVISION="41103"
+WAZUH-DOCKER_VERSION="4.8.0"
+REVISION="40807"

build-docker-images/README.md

@@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im
 The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
 
 ```
-$ build-docker-images/build-images.sh -v 4.11.0
+$ build-docker-images/build-images.sh -v 4.8.0
 ```
 
 To get all the available script options use the -h or --help option:
@@ -26,7 +26,7 @@ Usage: build-docker-images/build-images.sh [OPTIONS]
     -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
     -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default 0.4.
     -r, --revision <rev>         [Optional] Package revision. By default 1
-    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 4.11.0.
+    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 4.8.0.
     -h, --help                   Show this help.
 
 ```

build-docker-images/build-images.sh

@@ -1,4 +1,4 @@
-WAZUH_IMAGE_VERSION=4.11.0
+WAZUH_IMAGE_VERSION=4.8.0
 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
 WAZUH_TAG_REVISION=1
 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
@@ -12,7 +12,7 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
 # License (version 2) as published by the FSF - Free Software
 # Foundation.
 
-WAZUH_IMAGE_VERSION="4.11.0"
+WAZUH_IMAGE_VERSION="4.8.0"
 WAZUH_TAG_REVISION="1"
 WAZUH_DEV_STAGE=""
 FILEBEAT_MODULE_VERSION="0.4"
@@ -70,7 +70,7 @@ build() {
     echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> .env
     echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env
 
-    docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache || clean 1
+    docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache
 
     return 0
 }

build-docker-images/wazuh-dashboard/Dockerfile

@@ -3,32 +3,39 @@ FROM amazonlinux:2023 AS builder
 
 ARG WAZUH_VERSION
 ARG WAZUH_TAG_REVISION
-ARG WAZUH_UI_REVISION
 ARG INSTALL_DIR=/usr/share/wazuh-dashboard
+ARG WAZUH_UI_REVISION
 
 # Update and install dependencies
-RUN yum install curl-minimal libcap openssl -y
+RUN yum install curl-minimal libcap xz tar openssl -y
 
-COPY config/check_repository.sh /
-RUN chmod 775 /check_repository.sh && \
-    source /check_repository.sh
+# Create Install dir
+RUN mkdir -p $INSTALL_DIR
 
-RUN yum install wazuh-dashboard-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
-    yum clean all
-
-# Create and set permissions to data directories
-RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
-RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
-RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
-COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
-RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/bin/node
-RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/fallback/bin/node
+# Download and extract Wazuh dashboard base
+COPY config/dl_base.sh .
+RUN bash dl_base.sh
 
 # Generate certificates
 COPY config/config.sh .
 COPY config/config.yml /
 RUN bash config.sh
 
+COPY config/install_wazuh_app.sh /
+RUN chmod 775 /install_wazuh_app.sh
+RUN bash /install_wazuh_app.sh
+
+# Copy and set permissions to config files
+RUN cp  $INSTALL_DIR/etc/opensearch_dashboards.yml $INSTALL_DIR/config/opensearch_dashboards.yml
+COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
+RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
+
+# Create and set permissions to data directories
+RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
+RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
+RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
+RUN mkdir /wazuh-config-mount && chmod -R 775 /wazuh-config-mount
+
 ################################################################################
 # Build stage 1 (the current Wazuh dashboard image):
 #
@@ -50,6 +57,21 @@ ENV PATTERN="" \
     CHECKS_TEMPLATE="" \
     CHECKS_API="" \
     CHECKS_SETUP="" \
+    EXTENSIONS_PCI="" \
+    EXTENSIONS_GDPR="" \
+    EXTENSIONS_HIPAA="" \
+    EXTENSIONS_NIST="" \
+    EXTENSIONS_TSC="" \
+    EXTENSIONS_AUDIT="" \
+    EXTENSIONS_OSCAP="" \
+    EXTENSIONS_CISCAT="" \
+    EXTENSIONS_AWS="" \
+    EXTENSIONS_GCP="" \
+    EXTENSIONS_GITHUB=""\
+    EXTENSIONS_OFFICE=""\
+    EXTENSIONS_VIRUSTOTAL="" \
+    EXTENSIONS_OSQUERY="" \
+    EXTENSIONS_DOCKER="" \
     APP_TIMEOUT="" \
     API_SELECTOR="" \
     IP_SELECTOR="" \
@@ -87,6 +109,15 @@ COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
 RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 
+# Set $JAVA_HOME
+RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
+    echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
+ENV JAVA_HOME=$INSTALL_DIR/jdk
+ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
+
+# Add k-NN lib directory to library loading path variable
+ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
+
 # Set workdir and user
 WORKDIR $INSTALL_DIR
 USER wazuh-dashboard
@@ -95,3 +126,7 @@ USER wazuh-dashboard
 EXPOSE 443
 
 ENTRYPOINT [ "/entrypoint.sh" ]
+
+CMD ["opensearch-dashboards"]
+
+

build-docker-images/wazuh-dashboard/config/check_repository.sh

@@ -1,15 +0,0 @@
-## variables
-APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
-
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
-fi
-
-rpm --import "${APT_KEY}"
-echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo

build-docker-images/wazuh-dashboard/config/config.sh

@@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config
 
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.10/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.10/
+PACKAGES_URL=https://packages.wazuh.com/4.8/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.8/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
@@ -34,8 +34,8 @@ chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
 mkdir -p ${CONFIG_DIR}/certs
 
 # Copy Wazuh dashboard certs to install config dir
-cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
-cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
+cp /wazuh-certificates/dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
+cp /wazuh-certificates/dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
 cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
 
 chmod -R 500 ${CONFIG_DIR}/certs

build-docker-images/wazuh-dashboard/config/config.yml

@@ -1,5 +1,5 @@
 nodes:
   # Wazuh dashboard server nodes
   dashboard:
-    - name: demo.dashboard
-      ip: demo.dashboard
+    - name: dashboard
+      ip: wazuh.dashboard

build-docker-images/wazuh-dashboard/config/dl_base.sh

@@ -0,0 +1,25 @@
+REPOSITORY="packages.wazuh.com/4.x"
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
+MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
+MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
+MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
+MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
+MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
+
+## check version to use the correct repository
+if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
+  REPOSITORY="packages-dev.wazuh.com/pre-release"
+elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
+  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
+    REPOSITORY="packages-dev.wazuh.com/pre-release"
+  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
+    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
+      REPOSITORY="packages-dev.wazuh.com/pre-release"
+    fi
+  fi
+fi
+
+
+curl -o wazuh-dashboard-base.tar.xz https://${REPOSITORY}/stack/dashboard/wazuh-dashboard-base-${WAZUH_VERSION}-${WAZUH_TAG_REVISION}-linux-x64.tar.xz
+tar -xf wazuh-dashboard-base.tar.xz --directory  $INSTALL_DIR --strip-components=1

build-docker-images/wazuh-dashboard/config/entrypoint.sh

@@ -2,6 +2,215 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 
 INSTALL_DIR=/usr/share/wazuh-dashboard
+export OPENSEARCH_DASHBOARDS_HOME=$INSTALL_DIR
+WAZUH_CONFIG_MOUNT=/wazuh-config-mount
+
+opensearch_dashboards_vars=(
+    console.enabled
+    console.proxyConfig
+    console.proxyFilter
+    ops.cGroupOverrides.cpuPath
+    ops.cGroupOverrides.cpuAcctPath
+    cpu.cgroup.path.override
+    cpuacct.cgroup.path.override
+    server.basePath
+    server.customResponseHeaders
+    server.compression.enabled
+    server.compression.referrerWhitelist
+    server.cors
+    server.cors.origin
+    server.defaultRoute
+    server.host
+    server.keepAliveTimeout
+    server.maxPayloadBytes
+    server.name
+    server.port
+    csp.rules
+    csp.strict
+    csp.warnLegacyBrowsers
+    data.search.usageTelemetry.enabled
+    opensearch.customHeaders
+    opensearch.hosts
+    opensearch.logQueries
+    opensearch.memoryCircuitBreaker.enabled
+    opensearch.memoryCircuitBreaker.maxPercentage
+    opensearch.password
+    opensearch.pingTimeout
+    opensearch.requestHeadersWhitelist
+    opensearch.requestHeadersAllowlist
+    opensearch_security.multitenancy.enabled
+    opensearch_security.readonly_mode.roles
+    opensearch.requestTimeout
+    opensearch.shardTimeout
+    opensearch.sniffInterval
+    opensearch.sniffOnConnectionFault
+    opensearch.sniffOnStart
+    opensearch.ssl.alwaysPresentCertificate
+    opensearch.ssl.certificate
+    opensearch.ssl.key
+    opensearch.ssl.keyPassphrase
+    opensearch.ssl.keystore.path
+    opensearch.ssl.keystore.password
+    opensearch.ssl.truststore.path
+    opensearch.ssl.truststore.password
+    opensearch.ssl.verificationMode
+    opensearch.username
+    i18n.locale
+    interpreter.enableInVisualize
+    opensearchDashboards.autocompleteTerminateAfter
+    opensearchDashboards.autocompleteTimeout
+    opensearchDashboards.defaultAppId
+    opensearchDashboards.index
+    logging.dest
+    logging.json
+    logging.quiet
+    logging.rotate.enabled
+    logging.rotate.everyBytes
+    logging.rotate.keepFiles
+    logging.rotate.pollingInterval
+    logging.rotate.usePolling
+    logging.silent
+    logging.useUTC
+    logging.verbose
+    map.includeOpenSearchMapsService
+    map.proxyOpenSearchMapsServiceInMaps
+    map.regionmap
+    map.tilemap.options.attribution
+    map.tilemap.options.maxZoom
+    map.tilemap.options.minZoom
+    map.tilemap.options.subdomains
+    map.tilemap.url
+    monitoring.cluster_alerts.email_notifications.email_address
+    monitoring.enabled
+    monitoring.opensearchDashboards.collection.enabled
+    monitoring.opensearchDashboards.collection.interval
+    monitoring.ui.container.opensearch.enabled
+    monitoring.ui.container.logstash.enabled
+    monitoring.ui.opensearch.password
+    monitoring.ui.opensearch.pingTimeout
+    monitoring.ui.opensearch.hosts
+    monitoring.ui.opensearch.username
+    monitoring.ui.opensearch.logFetchCount
+    monitoring.ui.opensearch.ssl.certificateAuthorities
+    monitoring.ui.opensearch.ssl.verificationMode
+    monitoring.ui.enabled
+    monitoring.ui.max_bucket_size
+    monitoring.ui.min_interval_seconds
+    newsfeed.enabled
+    ops.interval
+    path.data
+    pid.file
+    regionmap
+    security.showInsecureClusterWarning
+    server.rewriteBasePath
+    server.socketTimeout
+    server.customResponseHeaders
+    server.ssl.enabled
+    server.ssl.key
+    server.ssl.keyPassphrase
+    server.ssl.keystore.path
+    server.ssl.keystore.password
+    server.ssl.truststore.path
+    server.ssl.truststore.password
+    server.ssl.cert
+    server.ssl.certificate
+    server.ssl.certificateAuthorities
+    server.ssl.cipherSuites
+    server.ssl.clientAuthentication
+    opensearch.ssl.certificateAuthorities
+    server.ssl.redirectHttpFromPort
+    server.ssl.supportedProtocols
+    server.xsrf.disableProtection
+    server.xsrf.whitelist
+    status.allowAnonymous
+    status.v6ApiFormat
+    tilemap.options.attribution
+    tilemap.options.maxZoom
+    tilemap.options.minZoom
+    tilemap.options.subdomains
+    tilemap.url
+    timeline.enabled
+    vega.enableExternalUrls
+    apm_oss.apmAgentConfigurationIndex
+    apm_oss.indexPattern
+    apm_oss.errorIndices
+    apm_oss.onboardingIndices
+    apm_oss.spanIndices
+    apm_oss.sourcemapIndices
+    apm_oss.transactionIndices
+    apm_oss.metricsIndices
+    telemetry.allowChangingOptInStatus
+    telemetry.enabled
+    telemetry.optIn
+    telemetry.optInStatusUrl
+    telemetry.sendUsageFrom
+    vis_builder.enabled
+    data_source.enabled
+    data_source.encryption.wrappingKeyName
+    data_source.encryption.wrappingKeyNamespace
+    data_source.encryption.wrappingKey
+    data_source.audit.enabled
+    data_source.audit.appender.kind
+    data_source.audit.appender.path
+    data_source.audit.appender.layout.kind
+    data_source.audit.appender.layout.highlight
+    data_source.audit.appender.layout.pattern
+    ml_commons_dashboards.enabled
+    assistant.chat.enabled
+    observability.query_assist.enabled
+    uiSettings.overrides.defaultRoute
+)
+
+print() {
+  echo -e $1
+}
+
+error_and_exit() {
+  echo "Error executing command: '$1'."
+  echo 'Exiting.'
+  exit 1
+}
+
+exec_cmd() {
+  eval $1 > /dev/null 2>&1 || error_and_exit "$1"
+}
+
+exec_cmd_stdout() {
+  eval $1 2>&1 || error_and_exit "$1"
+}
+
+function runOpensearchDashboards {
+    touch $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
+      for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
+        env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)
+        value=${!env_var}
+        if [[ -n $value ]]; then
+          longoptfile="${opensearch_dashboards_var}: ${value}"
+          if grep -q $opensearch_dashboards_var $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml; then
+            sed -i "/${opensearch_dashboards_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
+          else
+            echo $longoptfile >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
+          fi
+        fi
+      done
+
+    umask 0002
+
+    /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml \
+        --cpu.cgroup.path.override=/ \
+        --cpuacct.cgroup.path.override=/
+}
+
+mount_files() {
+  if [ -e $WAZUH_CONFIG_MOUNT/* ]
+  then
+    print "Identified Wazuh cdashboard onfiguration files to mount..."
+    exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $INSTALL_DIR"
+  else
+    print "No Wazuh dashboard configuration files to mount..."
+  fi
+}
+
 DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
 DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
 
@@ -17,4 +226,14 @@ echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add o
 
 /wazuh_app_config.sh $WAZUH_UI_REVISION
 
-/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+mount_files
+
+if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
+    set -- opensearch-dashboards "$@"
+fi
+
+if [ "$1" = "opensearch-dashboards" ]; then
+    runOpensearchDashboards "$@"
+else
+    exec "$@"
+fi

build-docker-images/wazuh-dashboard/config/install_wazuh_app.sh

@@ -0,0 +1,35 @@
+## variables
+WAZUH_APP=https://packages.wazuh.com/4.x/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+WAZUH_CHECK_UPDATES=https://packages.wazuh.com/4.x/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+WAZUH_CORE=https://packages.wazuh.com/4.x/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
+MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
+MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
+MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
+MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
+MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
+
+## check version to use the correct repository
+if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
+  WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+  WAZUH_CHECK_UPDATES=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+  WAZUH_CORE=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
+  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
+    WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+    WAZUH_CHECK_UPDATES=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+    WAZUH_CORE=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
+    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
+      WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+      WAZUH_CHECK_UPDATES=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+      WAZUH_CORE=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+    fi
+  fi
+fi
+
+# Install Wazuh App
+$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_APP --allow-root
+$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_CHECK_UPDATES --allow-root
+$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_CORE --allow-root

build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh

@@ -15,6 +15,21 @@ declare -A CONFIG_MAP=(
   [checks.template]=$CHECKS_TEMPLATE
   [checks.api]=$CHECKS_API
   [checks.setup]=$CHECKS_SETUP
+  [extensions.pci]=$EXTENSIONS_PCI
+  [extensions.gdpr]=$EXTENSIONS_GDPR
+  [extensions.hipaa]=$EXTENSIONS_HIPAA
+  [extensions.nist]=$EXTENSIONS_NIST
+  [extensions.tsc]=$EXTENSIONS_TSC
+  [extensions.audit]=$EXTENSIONS_AUDIT
+  [extensions.oscap]=$EXTENSIONS_OSCAP
+  [extensions.ciscat]=$EXTENSIONS_CISCAT
+  [extensions.aws]=$EXTENSIONS_AWS
+  [extensions.gcp]=$EXTENSIONS_GCP
+  [extensions.github]=$EXTENSIONS_GITHUB
+  [extensions.office]=$EXTENSIONS_OFFICE
+  [extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL
+  [extensions.osquery]=$EXTENSIONS_OSQUERY
+  [extensions.docker]=$EXTENSIONS_DOCKER
   [timeout]=$APP_TIMEOUT
   [api.selector]=$API_SELECTOR
   [ip.selector]=$IP_SELECTOR

build-docker-images/wazuh-indexer/Dockerfile

@@ -6,27 +6,10 @@ ARG WAZUH_TAG_REVISION
 
 RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y
 
-COPY config/check_repository.sh /
-RUN chmod 775 /check_repository.sh && \
-    source /check_repository.sh
-
-RUN yum install wazuh-indexer-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
-    yum clean all
-
-COPY config/opensearch.yml /
-
 COPY config/config.sh .
 
 COPY config/config.yml /
 
-COPY config/action_groups.yml /
-
-COPY config/internal_users.yml /
-
-COPY config/roles_mapping.yml /
-
-COPY config/roles.yml /
-
 RUN bash config.sh
 
 ################################################################################
@@ -43,6 +26,16 @@ ENV USER="wazuh-indexer" \
     NAME="wazuh-indexer" \
     INSTALL_DIR="/usr/share/wazuh-indexer"
 
+
+# Set $JAVA_HOME
+RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
+    echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
+ENV JAVA_HOME="$INSTALL_DIR/jdk"
+ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
+
+# Add k-NN lib directory to library loading path variable
+ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
+
 RUN yum install curl-minimal shadow-utils findutils hostname -y
 
 RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
@@ -66,8 +59,7 @@ RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh
 
 RUN chown 1000:1000 /*.sh
 
-COPY --from=builder --chown=1000:1000 /usr/share/wazuh-indexer /usr/share/wazuh-indexer
-COPY --from=builder --chown=1000:1000 /etc/wazuh-indexer /usr/share/wazuh-indexer
+COPY --from=builder --chown=1000:1000 /debian/wazuh-indexer/usr/share/wazuh-indexer /usr/share/wazuh-indexer
 COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/systemd /usr/lib/systemd
 COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sysctl.d /usr/lib/sysctl.d
 COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tmpfiles.d /usr/lib/tmpfiles.d

build-docker-images/wazuh-indexer/config/check_repository.sh

@@ -1,15 +0,0 @@
-## variables
-APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
-
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
-fi
-
-rpm --import "${APT_KEY}"
-echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo

build-docker-images/wazuh-indexer/config/config.sh

@@ -19,11 +19,42 @@ export INDEXER_FILE=wazuh-indexer-base.tar.xz
 export BASE_FILE=wazuh-indexer-base-${VERSION}-linux-x64.tar.xz
 export REPO_DIR=/unattended_installer
 
+rm -rf ${INSTALLATION_DIR}/
+
+## variables
+REPOSITORY="packages.wazuh.com/4.x"
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
+MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
+MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
+MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
+MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
+MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
+
+## check version to use the correct repository
+if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
+  REPOSITORY="packages-dev.wazuh.com/pre-release"
+elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
+  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
+    REPOSITORY="packages-dev.wazuh.com/pre-release"
+  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
+    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
+      REPOSITORY="packages-dev.wazuh.com/pre-release"
+    fi
+  fi
+fi
+
+
+curl -o ${INDEXER_FILE} https://${REPOSITORY}/stack/indexer/${BASE_FILE}
+tar -xf ${INDEXER_FILE}
+
+## TOOLS
+
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.10/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.10/
+PACKAGES_URL=https://packages.wazuh.com/4.8/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.8/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
@@ -72,12 +103,20 @@ mkdir -p ${TARGET_DIR}/usr/lib/tmpfiles.d
 mkdir -p ${TARGET_DIR}/usr/lib/sysctl.d
 mkdir -p ${TARGET_DIR}/usr/lib/systemd/system
 mkdir -p ${TARGET_DIR}${CONFIG_DIR}/certs
-# Copy Wazuh's config files for the security plugin
-cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
+# Move configuration files for wazuh-indexer
+mv -f ${BASE_DIR}/etc/init.d/${NAME} ${TARGET_DIR}/etc/init.d/${NAME}
+mv -f ${BASE_DIR}/etc/wazuh-indexer/* ${TARGET_DIR}${CONFIG_DIR}
+mv -f ${BASE_DIR}/etc/sysconfig/${NAME} ${TARGET_DIR}/etc/default/
+mv -f ${BASE_DIR}/usr/lib/tmpfiles.d/* ${TARGET_DIR}/usr/lib/tmpfiles.d/
+mv -f ${BASE_DIR}/usr/lib/sysctl.d/* ${TARGET_DIR}/usr/lib/sysctl.d/
+mv -f ${BASE_DIR}/usr/lib/systemd/system/* ${TARGET_DIR}/usr/lib/systemd/system/
+rm -rf ${BASE_DIR}/etc
+rm -rf ${BASE_DIR}/usr
+# Copy installation files to final location
+cp -pr ${BASE_DIR}/* ${TARGET_DIR}${INSTALLATION_DIR}
+# Copy the security tools
+cp /$CERT_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/
+cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/
 # Copy Wazuh indexer's certificates
 cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem
 cp -pr /wazuh-certificates/demo.indexer-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer-key.pem
@@ -87,9 +126,9 @@ cp -pr /wazuh-certificates/admin.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin.pem
 cp -pr /wazuh-certificates/admin-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin-key.pem
 
 # Delete xms and xmx parameters in jvm.options
-sed '/-Xms/d' -i /etc/wazuh-indexer/jvm.options
-sed '/-Xmx/d' -i /etc/wazuh-indexer/jvm.options
-sed -i 's/-Djava.security.policy=file:\/\/\/etc\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/-Djava.security.policy=file:\/\/\/usr\/share\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/g' /etc/wazuh-indexer/jvm.options
+sed '/-Xms/d' -i ${TARGET_DIR}${CONFIG_DIR}/jvm.options
+sed '/-Xmx/d' -i ${TARGET_DIR}${CONFIG_DIR}/jvm.options
+sed -i 's/-Djava.security.policy=file:\/\/\/etc\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/-Djava.security.policy=file:\/\/\/usr\/share\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/g' ${TARGET_DIR}${CONFIG_DIR}/jvm.options
 
 
 chmod -R 500 ${TARGET_DIR}${CONFIG_DIR}/certs

build-docker-images/wazuh-indexer/config/entrypoint.sh

@@ -7,12 +7,272 @@ umask 0002
 export USER=wazuh-indexer
 export INSTALLATION_DIR=/usr/share/wazuh-indexer
 export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}
-export JAVA_HOME=${INSTALLATION_DIR}/jdk
-export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
 export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
 export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem"
 export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem"
 
+opensearch_vars=(
+    cluster.name
+    node.name
+    node.roles
+    path.data
+    path.logs
+    bootstrap.memory_lock
+    network.host
+    http.port
+    transport.port
+    network.bind_host
+    network.publish_host
+    transport.tcp.port
+    compatibility.override_main_response_version
+    http.host
+    http.bind_host
+    http.publish_host
+    http.compression
+    transport.host
+    transport.bind_host
+    transport.publish_host
+    discovery.seed_hosts
+    discovery.seed_providers
+    discovery.type
+    cluster.initial_cluster_manager_nodes
+    cluster.initial_master_nodes
+    node.max_local_storage_nodes
+    gateway.recover_after_nodes
+    gateway.recover_after_data_nodes
+    gateway.expected_data_nodes
+    gateway.recover_after_time
+    plugins.security.nodes_dn
+    plugins.security.nodes_dn_dynamic_config_enabled
+    plugins.security.authcz.admin_dn
+    plugins.security.roles_mapping_resolution
+    plugins.security.dls.mode
+    plugins.security.compliance.salt
+    config.dynamic.http.anonymous_auth_enabled
+    plugins.security.restapi.roles_enabled
+    plugins.security.restapi.password_validation_regex
+    plugins.security.restapi.password_validation_error_message
+    plugins.security.restapi.password_min_length
+    plugins.security.restapi.password_score_based_validation_strength
+    plugins.security.unsupported.restapi.allow_securityconfig_modification
+    plugins.security.authcz.impersonation_dn
+    plugins.security.authcz.rest_impersonation_user
+    plugins.security.allow_default_init_securityindex
+    plugins.security.allow_unsafe_democertificates
+    plugins.security.system_indices.permission.enabled
+    plugins.security.config_index_name
+    plugins.security.cert.oid
+    plugins.security.cert.intercluster_request_evaluator_class
+    plugins.security.enable_snapshot_restore_privilege
+    plugins.security.check_snapshot_restore_write_privileges
+    plugins.security.cache.ttl_minutes
+    plugins.security.protected_indices.enabled
+    plugins.security.protected_indices.roles
+    plugins.security.protected_indices.indices
+    plugins.security.system_indices.enabled
+    plugins.security.system_indices.indices
+    plugins.security.audit.enable_rest
+    plugins.security.audit.enable_transport
+    plugins.security.audit.resolve_bulk_requests
+    plugins.security.audit.config.disabled_categories
+    plugins.security.audit.ignore_requests
+    plugins.security.audit.threadpool.size
+    plugins.security.audit.threadpool.max_queue_len
+    plugins.security.audit.ignore_users
+    plugins.security.audit.type
+    plugins.security.audit.config.http_endpoints
+    plugins.security.audit.config.index
+    plugins.security.audit.config.type
+    plugins.security.audit.config.username
+    plugins.security.audit.config.password
+    plugins.security.audit.config.enable_ssl
+    plugins.security.audit.config.verify_hostnames
+    plugins.security.audit.config.enable_ssl_client_auth
+    plugins.security.audit.config.cert_alias
+    plugins.security.audit.config.pemkey_filepath
+    plugins.security.audit.config.pemkey_content
+    plugins.security.audit.config.pemkey_password
+    plugins.security.audit.config.pemcert_filepath
+    plugins.security.audit.config.pemcert_content
+    plugins.security.audit.config.pemtrustedcas_filepath
+    plugins.security.audit.config.pemtrustedcas_content
+    plugins.security.audit.config.webhook.url
+    plugins.security.audit.config.webhook.format
+    plugins.security.audit.config.webhook.ssl.verify
+    plugins.security.audit.config.webhook.ssl.pemtrustedcas_filepath
+    plugins.security.audit.config.webhook.ssl.pemtrustedcas_content
+    plugins.security.audit.config.log4j.logger_name
+    plugins.security.audit.config.log4j.level
+    opendistro_security.audit.config.disabled_rest_categories
+    opendistro_security.audit.config.disabled_transport_categories
+    plugins.security.ssl.transport.enforce_hostname_verification
+    plugins.security.ssl.transport.resolve_hostname
+    plugins.security.ssl.http.clientauth_mode
+    plugins.security.ssl.http.enabled_ciphers
+    plugins.security.ssl.http.enabled_protocols
+    plugins.security.ssl.transport.enabled_ciphers
+    plugins.security.ssl.transport.enabled_protocols
+    plugins.security.ssl.transport.keystore_type
+    plugins.security.ssl.transport.keystore_filepath
+    plugins.security.ssl.transport.keystore_alias
+    plugins.security.ssl.transport.keystore_password
+    plugins.security.ssl.transport.truststore_type
+    plugins.security.ssl.transport.truststore_filepath
+    plugins.security.ssl.transport.truststore_alias
+    plugins.security.ssl.transport.truststore_password
+    plugins.security.ssl.http.enabled
+    plugins.security.ssl.http.keystore_type
+    plugins.security.ssl.http.keystore_filepath
+    plugins.security.ssl.http.keystore_alias
+    plugins.security.ssl.http.keystore_password
+    plugins.security.ssl.http.truststore_type
+    plugins.security.ssl.http.truststore_filepath
+    plugins.security.ssl.http.truststore_alias
+    plugins.security.ssl.http.truststore_password
+    plugins.security.ssl.transport.enable_openssl_if_available
+    plugins.security.ssl.http.enable_openssl_if_available
+    plugins.security.ssl.transport.pemkey_filepath
+    plugins.security.ssl.transport.pemkey_password
+    plugins.security.ssl.transport.pemcert_filepath
+    plugins.security.ssl.transport.pemtrustedcas_filepath
+    plugins.security.ssl.http.pemkey_filepath
+    plugins.security.ssl.http.pemkey_password
+    plugins.security.ssl.http.pemcert_filepath
+    plugins.security.ssl.http.pemtrustedcas_filepath
+    plugins.security.ssl.transport.enabled
+    plugins.security.ssl.transport.client.pemkey_password
+    plugins.security.ssl.transport.keystore_keypassword
+    plugins.security.ssl.transport.server.keystore_keypassword
+    plugins.sercurity.ssl.transport.server.keystore_alias
+    plugins.sercurity.ssl.transport.client.keystore_alias
+    plugins.sercurity.ssl.transport.server.truststore_alias
+    plugins.sercurity.ssl.transport.client.truststore_alias
+    plugins.security.ssl.client.external_context_id
+    plugins.secuirty.ssl.transport.principal_extractor_class
+    plugins.security.ssl.http.crl.file_path
+    plugins.security.ssl.http.crl.validate
+    plugins.security.ssl.http.crl.prefer_crlfile_over_ocsp
+    plugins.security.ssl.http.crl.check_only_end_entitites
+    plugins.security.ssl.http.crl.disable_ocsp
+    plugins.security.ssl.http.crl.disable_crldp
+    plugins.security.ssl.allow_client_initiated_renegotiation
+    indices.breaker.total.use_real_memory
+    indices.breaker.total.limit
+    indices.breaker.fielddata.limit
+    indices.breaker.fielddata.overhead
+    indices.breaker.request.limit
+    indices.breaker.request.overhead
+    network.breaker.inflight_requests.limit
+    network.breaker.inflight_requests.overhead
+    cluster.routing.allocation.enable
+    cluster.routing.allocation.node_concurrent_incoming_recoveries
+    cluster.routing.allocation.node_concurrent_outgoing_recoveries
+    cluster.routing.allocation.node_concurrent_recoveries
+    cluster.routing.allocation.node_initial_primaries_recoveries
+    cluster.routing.allocation.same_shard.host
+    cluster.routing.rebalance.enable
+    cluster.routing.allocation.allow_rebalance
+    cluster.routing.allocation.cluster_concurrent_rebalance
+    cluster.routing.allocation.balance.shard
+    cluster.routing.allocation.balance.index
+    cluster.routing.allocation.balance.threshold
+    cluster.routing.allocation.balance.prefer_primary
+    cluster.routing.allocation.disk.threshold_enabled
+    cluster.routing.allocation.disk.watermark.low
+    cluster.routing.allocation.disk.watermark.high
+    cluster.routing.allocation.disk.watermark.flood_stage
+    cluster.info.update.interval
+    cluster.routing.allocation.shard_movement_strategy
+    cluster.blocks.read_only
+    cluster.blocks.read_only_allow_delete
+    cluster.max_shards_per_node
+    cluster.persistent_tasks.allocation.enable
+    cluster.persistent_tasks.allocation.recheck_interval
+    cluster.search.request.slowlog.threshold.warn
+    cluster.search.request.slowlog.threshold.info
+    cluster.search.request.slowlog.threshold.debug
+    cluster.search.request.slowlog.threshold.trace
+    cluster.search.request.slowlog.level
+    cluster.fault_detection.leader_check.timeout
+    cluster.fault_detection.follower_check.timeout
+    action.auto_create_index
+    action.destructive_requires_name
+    cluster.default.index.refresh_interval
+    cluster.minimum.index.refresh_interval
+    cluster.indices.close.enable
+    indices.recovery.max_bytes_per_sec
+    indices.recovery.max_concurrent_file_chunks
+    indices.recovery.max_concurrent_operations
+    indices.recovery.max_concurrent_remote_store_streams
+    indices.time_series_index.default_index_merge_policy
+    indices.fielddata.cache.size
+    index.number_of_shards
+    index.number_of_routing_shards
+    index.shard.check_on_startup
+    index.codec
+    index.codec.compression_level
+    index.routing_partition_size
+    index.soft_deletes.retention_lease.period
+    index.load_fixed_bitset_filters_eagerly
+    index.hidden
+    index.merge.policy
+    index.merge_on_flush.enabled
+    index.merge_on_flush.max_full_flush_merge_wait_time
+    index.merge_on_flush.policy
+    index.check_pending_flush.enabled
+    index.number_of_replicas
+    index.auto_expand_replicas
+    index.search.idle.after
+    index.refresh_interval
+    index.max_result_window
+    index.max_inner_result_window
+    index.max_rescore_window
+    index.max_docvalue_fields_search
+    index.max_script_fields
+    index.max_ngram_diff
+    index.max_shingle_diff
+    index.max_refresh_listeners
+    index.analyze.max_token_count
+    index.highlight.max_analyzed_offset
+    index.max_terms_count
+    index.max_regex_length
+    index.query.default_field
+    index.query.max_nested_depth
+    index.routing.allocation.enable
+    index.routing.rebalance.enable
+    index.gc_deletes
+    index.default_pipeline
+    index.final_pipeline
+    index.optimize_doc_id_lookup.fuzzy_set.enabled
+    index.optimize_doc_id_lookup.fuzzy_set.false_positive_probability
+    search.max_buckets
+    search.phase_took_enabled
+    search.allow_expensive_queries
+    search.default_allow_partial_results
+    search.cancel_after_time_interval
+    search.default_search_timeout
+    search.default_keep_alive
+    search.keep_alive_interval
+    search.max_keep_alive
+    search.low_level_cancellation
+    search.max_open_scroll_context
+    search.request_stats_enabled
+    search.highlight.term_vector_multi_value
+    snapshot.max_concurrent_operations
+    cluster.remote_store.translog.buffer_interval
+    remote_store.moving_average_window_size
+    opensearch.notifications.core.allowed_config_types
+    opensearch.notifications.core.email.minimum_header_length
+    opensearch.notifications.core.email.size_limit
+    opensearch.notifications.core.http.connection_timeout
+    opensearch.notifications.core.http.host_deny_list
+    opensearch.notifications.core.http.max_connection_per_route
+    opensearch.notifications.core.http.max_connections
+    opensearch.notifications.core.http.socket_timeout
+    opensearch.notifications.core.tooltip_support
+    opensearch.notifications.general.filter_by_backend_roles
+)
+
 run_as_other_user_if_needed() {
   if [[ "$(id -u)" == "0" ]]; then
     # If running as root, drop to specified UID and run command
@@ -24,6 +284,37 @@ run_as_other_user_if_needed() {
   fi
 }
 
+function buildOpensearchConfig {
+    echo "" >> $OPENSEARCH_PATH_CONF/opensearch.yml
+      for opensearch_var in ${opensearch_vars[*]}; do
+        env_var=$(echo ${opensearch_var^^} | tr . _)
+        value=${!env_var}
+        if [[ -n $value ]]; then
+          if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then
+            lineNum="$(grep -n "$opensearch_var" $OPENSEARCH_PATH_CONF/opensearch.yml | head -n 1 | cut -d: -f1)"
+            sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml
+            charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1)
+          fi
+          while :
+          do
+            case "$charline" in
+              "-"| "#" |" ") sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml;;
+              *) break;;
+            esac
+            charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1)
+          done
+          longoptfile="${opensearch_var}: ${value}"
+          if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then
+            sed -i "/${opensearch_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_PATH_CONF/opensearch.yml
+          else
+            echo $longoptfile >> $OPENSEARCH_PATH_CONF/opensearch.yml
+          fi
+        fi
+      done
+}
+
+buildOpensearchConfig
+
 # Allow user specify custom CMD, maybe bin/opensearch itself
 # for example to directly specify `-E` style parameters for opensearch on k8s
 # or simply to run /bin/bash to check the image
@@ -83,8 +374,7 @@ if [[ "$(id -u)" == "0" ]]; then
   fi
 fi
 
-
-#if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then
+#if [[ "$DISCOVERY_TYPE" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then
   # run securityadmin.sh for single node with CACERT, CERT and KEY parameter
 #  nohup /securityadmin.sh &
 #  touch "/var/lib/wazuh-indexer/.flag"

build-docker-images/wazuh-manager/Dockerfile

@@ -60,8 +60,6 @@ RUN mkdir -p /var/ossec/var/multigroups && \
     sync && /permanent_data.sh && \
     sync && rm /permanent_data.sh
 
-RUN rm /etc/yum.repos.d/wazuh.repo
-
 # Services ports
 EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp
 

build-docker-images/wazuh-manager/config/check_repository.sh

@@ -1,14 +1,29 @@
 ## variables
-APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
 GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
+REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
+MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
+MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
+MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
+MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
+MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
 
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
+## check version to use the correct repository
+if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
+  APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
+  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
+    APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+    REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
+    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
+      APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+      REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+    fi
+  fi
 fi
 
 rpm --import "${APT_KEY}"

build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init

@@ -51,7 +51,7 @@ mount_permanent_data() {
         print "Installing ${permanent_dir}"
         exec_cmd "cp -a ${data_tmp}. ${permanent_dir}"
       else
-        print "The path ${permanent_dir} is empty, skipped"
+        print "The path ${permanent_dir} is empty, skiped"
       fi
     fi
   done
@@ -199,7 +199,7 @@ main() {
 
   # Restore files stored in permanent data that are not permanent  (i.e. internal_options.conf)
   apply_exclusion_data
-
+  
   # Apply correct permission and ownership
   set_correct_permOwner
 

build-docker-images/wazuh-manager/config/etc/cont-init.d/1-config-filebeat

@@ -4,7 +4,7 @@
 set -e
 
 if [ "$INDEXER_URL" != "" ]; then
-  >&2 echo "Customize Elasticsearch output IP"
+  >&2 echo "Customize Elasticsearch ouput IP"
   sed -i "s|hosts:.*|hosts: ['$INDEXER_URL']|g" /etc/filebeat/filebeat.yml
 fi
 

build-docker-images/wazuh-manager/config/filebeat_module.sh

@@ -1,10 +1,23 @@
-## variables
-REPOSITORY="packages-dev.wazuh.com/pre-release"
-WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
+REPOSITORY="packages.wazuh.com/4.x"
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
+MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
+MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
+MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
+MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
+MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
 
-## check tag to use the correct repository
-if [[ -n "${WAZUH_TAG}" ]]; then
-  REPOSITORY="packages.wazuh.com/4.x"
+## check version to use the correct repository
+if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
+  REPOSITORY="packages-dev.wazuh.com/pre-release"
+elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
+  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
+    REPOSITORY="packages-dev.wazuh.com/pre-release"
+  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
+    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
+      REPOSITORY="packages-dev.wazuh.com/pre-release"
+    fi
+  fi
 fi
 
 curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm &&\

build-docker-images/wazuh-manager/config/permanent_data.env

@@ -79,14 +79,7 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/sqs_message_proc
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/sqs_queue.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/orm.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/utils.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/__init__.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_utils.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/__init__.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/analytics.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/graph.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/storage.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/orm.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
@@ -94,9 +87,6 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/bucket.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/access_logs.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py"
 export PERMANENT_DATA_EXCP
 
 # Files mounted in a volume that should be deleted

indexer-certs-creator/config/entrypoint.sh

@@ -8,8 +8,8 @@
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.10/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.10/
+PACKAGES_URL=https://packages.wazuh.com/4.8/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.8/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

multi-node/config/wazuh_dashboard/opensearch_dashboards.yml

@@ -1,12 +0,0 @@
-server.host: 0.0.0.0
-server.port: 5601
-opensearch.hosts: https://wazuh1.indexer:9200
-opensearch.ssl.verificationMode: certificate
-opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
-opensearch_security.multitenancy.enabled: false
-opensearch_security.readonly_mode.roles: ["kibana_read_only"]
-server.ssl.enabled: true
-server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
-server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
-opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
-uiSettings.overrides.defaultRoute: /app/wz-home

multi-node/config/wazuh_indexer/wazuh1.indexer.yml

@@ -1,38 +0,0 @@
-network.host: wazuh1.indexer
-node.name: wazuh1.indexer
-cluster.initial_master_nodes:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-cluster.name: "wazuh-cluster"
-discovery.seed_hosts:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-node.max_local_storage_nodes: "3"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
-- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
-- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
-- "all_access"
-- "security_rest_api_access"
-plugins.security.allow_default_init_securityindex: true
-cluster.routing.allocation.disk.threshold_enabled: false
-compatibility.override_main_response_version: true

multi-node/config/wazuh_indexer/wazuh2.indexer.yml

@@ -1,38 +0,0 @@
-network.host: wazuh2.indexer
-node.name: wazuh2.indexer
-cluster.initial_master_nodes:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-cluster.name: "wazuh-cluster"
-discovery.seed_hosts:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-node.max_local_storage_nodes: "3"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
-- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
-- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
-- "all_access"
-- "security_rest_api_access"
-plugins.security.allow_default_init_securityindex: true
-cluster.routing.allocation.disk.threshold_enabled: false
-compatibility.override_main_response_version: true

multi-node/config/wazuh_indexer/wazuh3.indexer.yml

@@ -1,38 +0,0 @@
-network.host: wazuh3.indexer
-node.name: wazuh3.indexer
-cluster.initial_master_nodes:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-cluster.name: "wazuh-cluster"
-discovery.seed_hosts:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-node.max_local_storage_nodes: "3"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
-- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
-- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
-- "all_access"
-- "security_rest_api_access"
-plugins.security.allow_default_init_securityindex: true
-cluster.routing.allocation.disk.threshold_enabled: false
-compatibility.override_main_response_version: true

multi-node/docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh.master:
-    image: wazuh/wazuh-manager:4.11.0
+    image: wazuh/wazuh-manager:4.8.0
     hostname: wazuh.master
     restart: always
     ulimits:
@@ -45,7 +45,7 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.worker:
-    image: wazuh/wazuh-manager:4.11.0
+    image: wazuh/wazuh-manager:4.8.0
     hostname: wazuh.worker
     restart: always
     ulimits:
@@ -81,14 +81,41 @@ services:
       - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh1.indexer:
-    image: wazuh/wazuh-indexer:4.11.0
+    image: wazuh/wazuh-indexer:4.8.0
     hostname: wazuh1.indexer
     restart: always
     ports:
       - "9200:9200"
     environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
-      - "bootstrap.memory_lock=true"
+      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
+      bootstrap.memory_lock: "true"
+      NETWORK_HOST: wazuh1.indexer
+      NODE_NAME: wazuh1.indexer
+      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      CLUSTER_NAME: "wazuh-cluster"
+      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      NODE_MAX_LOCAL_STORAGE_NODES: "3"
+      PATH_DATA: /var/lib/wazuh-indexer
+      PATH_LOGS: /var/log/wazuh-indexer
+      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
+      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key
+      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
+      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
+      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
+      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
+      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
+      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
+      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
+      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
+      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
+      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
+      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
+      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
     ulimits:
       memlock:
         soft: -1
@@ -103,16 +130,44 @@ services:
       - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
       - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
       - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
-      - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh2.indexer:
-    image: wazuh/wazuh-indexer:4.11.0
+    image: wazuh/wazuh-indexer:4.8.0
     hostname: wazuh2.indexer
     restart: always
     environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
-      - "bootstrap.memory_lock=true"
+      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
+      bootstrap.memory_lock: "true"
+      NETWORK_HOST: wazuh2.indexer
+      NODE_NAME: wazuh2.indexer
+      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      CLUSTER_NAME: "wazuh-cluster"
+      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      NODE_MAX_LOCAL_STORAGE_NODES: "3"
+      PATH_DATA: /var/lib/wazuh-indexer
+      PATH_LOGS: /var/log/wazuh-indexer
+      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
+      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key
+      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
+      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
+      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
+      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
+      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
+      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
+      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
+      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
+      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
+      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
+      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
+      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
     ulimits:
       memlock:
         soft: -1
@@ -125,16 +180,44 @@ services:
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.key
       - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
-      - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh3.indexer:
-    image: wazuh/wazuh-indexer:4.11.0
+    image: wazuh/wazuh-indexer:4.8.0
     hostname: wazuh3.indexer
     restart: always
     environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
-      - "bootstrap.memory_lock=true"
+      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
+      bootstrap.memory_lock: "true"
+      NETWORK_HOST: wazuh3.indexer
+      NODE_NAME: wazuh3.indexer
+      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      CLUSTER_NAME: "wazuh-cluster"
+      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      NODE_MAX_LOCAL_STORAGE_NODES: "3"
+      PATH_DATA: /var/lib/wazuh-indexer
+      PATH_LOGS: /var/log/wazuh-indexer
+      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
+      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key
+      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
+      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
+      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
+      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
+      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
+      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
+      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
+      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
+      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
+      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
+      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
+      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
     ulimits:
       memlock:
         soft: -1
@@ -147,11 +230,12 @@ services:
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.key
       - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
-      - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.11.0
+    image: wazuh/wazuh-dashboard:4.8.0
     hostname: wazuh.dashboard
     restart: always
     ports:
@@ -163,11 +247,24 @@ services:
       - API_PASSWORD=MyS3cr37P450r.*-
       - DASHBOARD_USERNAME=kibanaserver
       - DASHBOARD_PASSWORD=kibanaserver
+      - SERVER_HOST=0.0.0.0
+      - SERVER_PORT=5601
+      - OPENSEARCH_HOSTS=https://wazuh1.indexer:9200
+      - OPENSEARCH_SSL_VERIFICATIONMODE=certificate
+      - OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"]
+      - OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false
+      - SERVER_SSL_ENABLED=true
+      - OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"]
+      - SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
+      - SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
+      - OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
+      - UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home
     volumes:
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
-      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+      #  if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
       - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
       - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
       - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom

single-node/config/wazuh_dashboard/opensearch_dashboards.yml

@@ -1,12 +0,0 @@
-server.host: 0.0.0.0
-server.port: 5601
-opensearch.hosts: https://wazuh.indexer:9200
-opensearch.ssl.verificationMode: certificate
-opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
-opensearch_security.multitenancy.enabled: false
-opensearch_security.readonly_mode.roles: ["kibana_read_only"]
-server.ssl.enabled: true
-server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
-server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
-opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
-uiSettings.overrides.defaultRoute: /app/wz-home

single-node/config/wazuh_indexer/wazuh.indexer.yml

@@ -1,30 +0,0 @@
-network.host: "0.0.0.0"
-node.name: "wazuh.indexer"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-discovery.type: single-node
-http.port: 9200-9299
-transport.tcp.port: 9300-9399
-compatibility.override_main_response_version: true
-plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
-- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
-- "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
-- "all_access"
-- "security_rest_api_access"
-plugins.security.system_indices.enabled: true
-plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
-plugins.security.allow_default_init_securityindex: true
-cluster.routing.allocation.disk.threshold_enabled: false

single-node/docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh.manager:
-    image: wazuh/wazuh-manager:4.11.0
+    image: wazuh/wazuh-manager:4.8.0
     hostname: wazuh.manager
     restart: always
     ulimits:
@@ -46,13 +46,40 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.indexer:
-    image: wazuh/wazuh-indexer:4.11.0
+    image: wazuh/wazuh-indexer:4.8.0
     hostname: wazuh.indexer
     restart: always
     ports:
       - "9200:9200"
     environment:
       - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - NETWORK_HOST="0.0.0.0"
+      - NODE_NAME="wazuh.indexer"
+      - CLUSTER_INITIAL_MASTER_NODES="wazuh.indexer"
+      - CLUSTER_NAME="wazuh-cluster"
+      - PATH_DATA=/var/lib/wazuh-indexer
+      - PATH_LOGS=/var/log/wazuh-indexer
+      - HTTP_PORT=9200-9299
+      - TRANSPORT_TCP_PORT=9300-9399
+      - COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION=true
+      - PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
+      - PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key
+      - PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem
+      - PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
+      - PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key
+      - PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem
+      - PLUGINS_SECURITY_SSL_HTTP_ENABLED=true
+      - PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION=false
+      - PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME=false
+      - PLUGINS_SECURITY_AUTHCZ_ADMIN_DN="CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+      - PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES= true
+      - PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE= true
+      - PLUGINS_SECURITY_NODES_DN="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+      - PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED='["all_access", "security_rest_api_access"]'
+      - PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED=true
+      - PLUGINS_SECURITY_SYSTEM_INDICES_INDICES='[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
+      - PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX=true
+      - CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED=false
     ulimits:
       memlock:
         soft: -1
@@ -67,11 +94,12 @@ services:
       - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
       - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
       - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
-      - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.11.0
+    image: wazuh/wazuh-dashboard:4.8.0
     hostname: wazuh.dashboard
     restart: always
     ports:
@@ -84,12 +112,25 @@ services:
       - DASHBOARD_PASSWORD=kibanaserver
       - API_USERNAME=wazuh-wui
       - API_PASSWORD=MyS3cr37P450r.*-
+      - SERVER_HOST=0.0.0.0
+      - SERVER_PORT=5601
+      - OPENSEARCH_HOSTS=https://wazuh.indexer:9200
+      - OPENSEARCH_SSL_VERIFICATIONMODE=certificate
+      - OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"]
+      - OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false
+      - SERVER_SSL_ENABLED=true
+      - OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"]
+      - SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
+      - SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
+      - OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
+      - UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home
     volumes:
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
-      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
-      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+     #  if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables
+     # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml
+      - ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml
       - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
       - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
     depends_on: