Updated kibana.yml template on odfe version

Bump OpenDistro from 1.12.0 to 1.13.2
Updated README with stable branch
2025-10-31 20:13:38 +00:00 · 2021-05-24 11:00:41 +02:00 · 2021-05-24 10:44:48 +02:00 · 2021-05-24 09:19:39 +02:00 · 2021-05-24 09:13:29 +02:00 · 2021-05-11 09:27:45 +02:00
24 changed files with 82 additions and 127 deletions
--- a/.goss.yaml
+++ b/.goss.yaml
@@ -6,7 +6,7 @@ file:
    group: root
    filetype: file
    contains: []
-  /var/ossec/bin/wazuh-control:
+  /var/ossec/bin/ossec-control:
    exists: true
    mode: "0750"
    owner: root
@@ -56,7 +56,7 @@ package:
  wazuh-manager:
    installed: true
    versions:
-    - 4.2.3
+    - 4.1.5
 port:
  tcp:1514:
    listening: true
@@ -95,17 +95,17 @@ group:
 process:
  filebeat:
    running: true
-  wazuh-analysisd:
+  ossec-analysisd:
    running: true
-  wazuh-authd:
+  ossec-authd:
    running: true
-  wazuh-execd:
+  ossec-execd:
    running: true
-  wazuh-monitord:
+  ossec-monitord:
    running: true
-  wazuh-remoted:
+  ossec-remoted:
    running: true
-  wazuh-syscheckd:
+  ossec-syscheckd:
    running: true
  s6-supervise:
    running: true
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,26 +1,6 @@
 # Change Log
 All notable changes to this project will be documented in this file.

-## Wazuh Docker v4.2.3
-### Added
-
- Update Wazuh to version [4.2.3](https://github.com/wazuh/wazuh/blob/v4.2.3/CHANGELOG.md#v423)
-
-## Wazuh Docker v4.2.2
-### Added
-
- Update Wazuh to version [4.2.2](https://github.com/wazuh/wazuh/blob/v4.2.2/CHANGELOG.md#v422)
-
-## Wazuh Docker v4.2.1
-### Added
-
- Update Wazuh to version [4.2.1](https://github.com/wazuh/wazuh/blob/v4.2.1/CHANGELOG.md#v421)
-
-## Wazuh Docker v4.2.0
-### Added
-
- Update Wazuh to version [4.2.0](https://github.com/wazuh/wazuh/blob/v4.2.0/CHANGELOG.md#v420)
-
 ## Wazuh Docker v4.1.5
 ### Added

--- a/README.md
+++ b/README.md
@@ -22,11 +22,11 @@ In addition, a docker-compose file is provided to launch the containers mentione
 * [Docker hub](https://hub.docker.com/u/wazuh)


-### Setup SSL certificate
+### Setup SSL certificate and Basic Authentication

-Before starting the environment it is required to provide an SSL certificate (or just generate one self-signed).
+Before starting the environment it is required to provide an SSL certificate (or just generate one self-signed) and setup the basic auth.

-Documentation on how to provide these two can be found at [Wazuh Docer Documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#production-deployment).
+Documentation on how to provide these two can be found at [nginx_conf/README.md](nginx_conf/README.md).


 ## Environment Variables
@@ -146,28 +146,35 @@ ADMIN_PRIVILEGES=true               # App privileges

 ## Branches

+* `stable` branch on correspond to the latest Wazuh-Docker stable version.
 * `master` branch contains the latest code, be aware of possible bugs on this branch.
-* `stable` branch on correspond to the last Wazuh stable version.
+* `Wazuh.Version` (for example v3.13.1_7.8.0 or v4.1.0) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.


 ## Compatibility Matrix

 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
-| v4.2.3        | 1.13.2  | 7.11.2 |
-| v4.2.2        | 1.13.2  | 7.11.2 |
-| v4.2.1        | 1.13.2  | 7.11.2 |
-| v4.2.0        | 1.13.2  | 7.10.2 |
 | v4.1.5        | 1.13.2  | 7.10.2 |
+|---------------|---------|--------|
 | v4.1.4        | 1.12.0  | 7.10.2 |
+|---------------|---------|--------|
 | v4.1.3        | 1.12.0  | 7.10.2 |
+|---------------|---------|--------|
 | v4.1.2        | 1.12.0  | 7.10.2 |
+|---------------|---------|--------|
 | v4.1.1        | 1.12.0  | 7.10.2 |
+|---------------|---------|--------|
 | v4.1.0        | 1.12.0  | 7.10.2 |
+|---------------|---------|--------|
 | v4.0.4        | 1.11.0  |        |
+|---------------|---------|--------|
 | v4.0.3        | 1.11.0  |        |
+|---------------|---------|--------|
 | v4.0.2        | 1.11.0  |        |
+|---------------|---------|--------|
 | v4.0.1        | 1.11.0  |        |
+|---------------|---------|--------|
 | v4.0.0        | 1.10.1  |        |

 ## Credits and Thank you
--- a/4
+++ b/4
@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.2.3"
-REVISION="40217"
+WAZUH-DOCKER_VERSION="4.1.5"
+REVISION="40114"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,7 +3,7 @@ version: '3.7'

 services:
  wazuh:
-    image: wazuh/wazuh-odfe:4.2.3
+    image: wazuh/wazuh-odfe:4.1.5
    hostname: wazuh-manager
    restart: always
    ports:
@@ -50,7 +50,7 @@ services:
        hard: 65536

  kibana:
-    image: wazuh/wazuh-kibana-odfe:4.2.3
+    image: wazuh/wazuh-kibana-odfe:4.1.5
    hostname: kibana
    restart: always
    ports:
--- a/generate-elasticsearch-certs.yml
+++ b/generate-elasticsearch-certs.yml
@@ -10,7 +10,7 @@ services:
          bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out config/certificates/bundle.zip;
          unzip config/certificates/bundle.zip -d config/certificates/;
        fi;
-        chown -R 1000:0 config/certificates
+        chown -R 1000:0 /certs
      '
    user: "0"
    working_dir: /usr/share/elasticsearch
--- a/kibana-odfe/Dockerfile
+++ b/kibana-odfe/Dockerfile
@@ -2,7 +2,7 @@
 FROM amazon/opendistro-for-elasticsearch-kibana:1.13.2
 USER kibana
 ARG ELASTIC_VERSION=7.10.2
-ARG WAZUH_VERSION=4.2.3
+ARG WAZUH_VERSION=4.1.5
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"

 WORKDIR /usr/share/kibana
--- a/kibana-odfe/config/kibana_settings.sh
+++ b/kibana-odfe/config/kibana_settings.sh
@@ -53,6 +53,6 @@ rm -f ${default_index}
 sleep 5
 # Configuring Kibana TimePicker.
 curl ${auth} -POST -k "https://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
-'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\"}"}}'
+'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\",\n  \"mode\": \"quick\"}"}}'

 echo "End settings"
--- a/kibana/Dockerfile
+++ b/kibana/Dockerfile
@@ -2,7 +2,7 @@
 FROM docker.elastic.co/kibana/kibana:7.10.2
 USER kibana
 ARG ELASTIC_VERSION=7.10.2
-ARG WAZUH_VERSION=4.2.3
+ARG WAZUH_VERSION=4.1.5
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"

 WORKDIR /usr/share/kibana
--- a/kibana/config/kibana_settings.sh
+++ b/kibana/config/kibana_settings.sh
@@ -70,7 +70,7 @@ rm -f ${default_index}
 sleep 5
 # Configuring Kibana TimePicker.
 curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
-'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\"}"}}'
+'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\",\n  \"mode\": \"quick\"}"}}'

 sleep 5
 # Do not ask user to help providing usage statistics to Elastic
--- a/production-cluster.yml
+++ b/production-cluster.yml
@@ -3,7 +3,7 @@ version: '3.7'

 services:
  wazuh-master:
-    image: wazuh/wazuh-odfe:4.2.3
+    image: wazuh/wazuh-odfe:4.1.5
    hostname: wazuh-master
    restart: always
    ports:
@@ -38,7 +38,7 @@ services:
      - ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf

  wazuh-worker:
-    image: wazuh/wazuh-odfe:4.2.3
+    image: wazuh/wazuh-odfe:4.1.5
    hostname: wazuh-worker
    restart: always
    environment:
@@ -86,8 +86,6 @@ services:
      - ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
      - ./production_cluster/ssl_certs/node1.key:/usr/share/elasticsearch/config/node1.key
      - ./production_cluster/ssl_certs/node1.pem:/usr/share/elasticsearch/config/node1.pem
-      - ./production_cluster/ssl_certs/admin.pem:/usr/share/elasticsearch/config/admin.pem
-      - ./production_cluster/ssl_certs/admin.key:/usr/share/elasticsearch/config/admin.key
      - ./production_cluster/elastic_opendistro/elasticsearch-node1.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml

@@ -134,7 +132,7 @@ services:
      - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml

  kibana:
-    image: wazuh/wazuh-kibana-odfe:4.2.3
+    image: wazuh/wazuh-kibana-odfe:4.1.5
    hostname: kibana
    restart: always
    ports:
--- a/production_cluster/elastic_opendistro/elasticsearch-node1.yml
+++ b/production_cluster/elastic_opendistro/elasticsearch-node1.yml
@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
    - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
    - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
    - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
+opendistro_security.authcz.admin_dn: []
 opendistro_security.audit.type: internal_elasticsearch
 opendistro_security.enable_snapshot_restore_privilege: true
 opendistro_security.check_snapshot_restore_write_privileges: true
--- a/production_cluster/elastic_opendistro/elasticsearch-node2.yml
+++ b/production_cluster/elastic_opendistro/elasticsearch-node2.yml
@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
    - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
    - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
    - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
+opendistro_security.authcz.admin_dn: []
 opendistro_security.audit.type: internal_elasticsearch
 opendistro_security.enable_snapshot_restore_privilege: true
 opendistro_security.check_snapshot_restore_write_privileges: true
--- a/production_cluster/elastic_opendistro/elasticsearch-node3.yml
+++ b/production_cluster/elastic_opendistro/elasticsearch-node3.yml
@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
    - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
    - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
    - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
+opendistro_security.authcz.admin_dn: []
 opendistro_security.audit.type: internal_elasticsearch
 opendistro_security.enable_snapshot_restore_privilege: true
 opendistro_security.check_snapshot_restore_write_privileges: true
--- a/production_cluster/kibana_ssl/generate-self-signed-cert.sh
+++ b/production_cluster/kibana_ssl/generate-self-signed-cert.sh
@@ -9,5 +9,4 @@ then
    exit
 else
    openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
-    chown -R 1000:1000 *.pem
 fi
--- a/production_cluster/ssl_certs/certs.yml
+++ b/production_cluster/ssl_certs/certs.yml
@@ -27,9 +27,4 @@ nodes:
  - name: filebeat
    dn: CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com
    dns: 
-      - wazuh
-
-clients:
-  - name: admin
-    dn: CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com
-    admin: true
+      - wazuh 
--- a/production_cluster/wazuh_cluster/wazuh_manager.conf
+++ b/production_cluster/wazuh_cluster/wazuh_manager.conf
@@ -94,7 +94,7 @@
    <ignore_time>6h</ignore_time>
    <run_on_start>yes</run_on_start>

-    <!-- Ubuntu OS vulnerabilities -->
+    <!-- Ubuntu OS vulnerabilities --> 
    <provider name="canonical">
      <enabled>no</enabled>
      <os>trusty</os>
@@ -104,7 +104,7 @@
      <update_interval>1h</update_interval>
    </provider>

-    <!-- Debian OS vulnerabilities -->
+    <!-- Debian OS vulnerabilities -->  
    <provider name="debian">
      <enabled>no</enabled>
      <os>stretch</os>
@@ -112,7 +112,7 @@
      <update_interval>1h</update_interval>
    </provider>

-    <!-- RedHat OS vulnerabilities -->
+    <!-- RedHat OS vulnerabilities -->  
    <provider name="redhat">
      <enabled>no</enabled>
      <os>5</os>
@@ -200,8 +200,8 @@
  <global>
    <white_list>127.0.0.1</white_list>
    <white_list>^localhost.localdomain$</white_list>
-    <white_list>4.2.3.1</white_list>
-    <white_list>4.2.3.2</white_list>
+    <white_list>4.2.2.1</white_list>
+    <white_list>4.2.2.2</white_list>
    <white_list>208.67.220.220</white_list>
  </global>

@@ -307,7 +307,7 @@
    <rule_dir>etc/rules</rule_dir>
  </ruleset>

-  <!-- Configuration for wazuh-authd -->
+  <!-- Configuration for ossec-authd -->
  <auth>
    <disabled>no</disabled>
    <port>1515</port>
@@ -346,4 +346,4 @@
    <log_format>syslog</log_format>
    <location>/var/ossec/logs/active-responses.log</location>
  </localfile>
-</ossec_config>
+</ossec_config> 
--- a/production_cluster/wazuh_cluster/wazuh_worker.conf
+++ b/production_cluster/wazuh_cluster/wazuh_worker.conf
@@ -94,7 +94,7 @@
    <ignore_time>6h</ignore_time>
    <run_on_start>yes</run_on_start>

-    <!-- Ubuntu OS vulnerabilities -->
+    <!-- Ubuntu OS vulnerabilities --> 
    <provider name="canonical">
      <enabled>no</enabled>
      <os>trusty</os>
@@ -104,7 +104,7 @@
      <update_interval>1h</update_interval>
    </provider>

-    <!-- Debian OS vulnerabilities -->
+    <!-- Debian OS vulnerabilities -->  
    <provider name="debian">
      <enabled>no</enabled>
      <os>stretch</os>
@@ -112,7 +112,7 @@
      <update_interval>1h</update_interval>
    </provider>

-    <!-- RedHat OS vulnerabilities -->
+    <!-- RedHat OS vulnerabilities -->  
    <provider name="redhat">
      <enabled>no</enabled>
      <os>5</os>
@@ -200,8 +200,8 @@
  <global>
    <white_list>127.0.0.1</white_list>
    <white_list>^localhost.localdomain$</white_list>
-    <white_list>4.2.3.1</white_list>
-    <white_list>4.2.3.2</white_list>
+    <white_list>4.2.2.1</white_list>
+    <white_list>4.2.2.2</white_list>
    <white_list>208.67.220.220</white_list>
  </global>

@@ -307,7 +307,7 @@
    <rule_dir>etc/rules</rule_dir>
  </ruleset>

-  <!-- Configuration for wazuh-authd -->
+  <!-- Configuration for ossec-authd -->
  <auth>
    <disabled>no</disabled>
    <port>1515</port>
@@ -346,4 +346,4 @@
    <log_format>syslog</log_format>
    <location>/var/ossec/logs/active-responses.log</location>
  </localfile>
-</ossec_config>
+</ossec_config> 
--- a/wazuh-odfe/Dockerfile
+++ b/wazuh-odfe/Dockerfile
@@ -3,7 +3,7 @@ FROM centos:7

 ARG FILEBEAT_CHANNEL=filebeat-oss
 ARG FILEBEAT_VERSION=7.10.2
-ARG WAZUH_VERSION=4.2.3
+ARG WAZUH_VERSION=4.1.5-1
 ARG TEMPLATE_VERSION="master"
 ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"

--- a/wazuh-odfe/config/etc/cont-init.d/0-wazuh-init
+++ b/wazuh-odfe/config/etc/cont-init.d/0-wazuh-init
@@ -74,23 +74,6 @@ apply_exclusion_data() {
  done
 }

-##############################################################################
-# This function will rename in the permanent data volume every file
-# contained in PERMANENT_DATA_MOVE
-##############################################################################
-
-move_data_files() {
-  for mov_file in "${PERMANENT_DATA_MOVE[@]}"; do
-    file_split=( $mov_file )
-    if [ -e ${file_split[0]} ]
-    then
-      print "moving ${mov_file}"
-      exec_cmd "mv -f ${mov_file}"
-    fi
-  done
-}
-
-
 ##############################################################################
 # This function will delete from the permanent data volume every file
 # contained in PERMANENT_DATA_DEL
@@ -101,7 +84,7 @@ remove_data_files() {
    if [ -e ${del_file} ]
    then
      print "Removing ${del_file}"
-      exec_cmd "rm -f ${del_file}"
+      exec_cmd "rm ${del_file}"
    fi
  done
 }
@@ -111,7 +94,7 @@ remove_data_files() {
 ##############################################################################

 create_ossec_key_cert() {
-  print "Creating wazuh-authd key and cert"
+  print "Creating ossec-authd key and cert"
  exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096"
  exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/"
 }
@@ -175,13 +158,10 @@ main() {
  # Restore files stored in permanent data that are not permanent  (i.e. internal_options.conf)
  apply_exclusion_data

-  # Rename files stored in permanent data (i.e. queue/ossec)
-  move_data_files
-
  # Remove some files in permanent_data (i.e. .template.db)
  remove_data_files

-  # Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
+  # Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
  if [ $AUTO_ENROLLMENT_ENABLED == true ]
  then
    if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]
--- a/wazuh-odfe/config/etc/cont-init.d/2-manager
+++ b/wazuh-odfe/config/etc/cont-init.d/2-manager
@@ -123,4 +123,4 @@ function_create_custom_user
 function_entrypoint_scripts

 # Start Wazuh
-/var/ossec/bin/wazuh-control start
+/var/ossec/bin/ossec-control start
--- a/wazuh-odfe/config/permanent_data.env
+++ b/wazuh-odfe/config/permanent_data.env
@@ -4,7 +4,7 @@ PERMANENT_DATA[((i++))]="/var/ossec/api/configuration"
 PERMANENT_DATA[((i++))]="/var/ossec/etc"
 PERMANENT_DATA[((i++))]="/var/ossec/logs"
 PERMANENT_DATA[((i++))]="/var/ossec/queue"
-PERMANENT_DATA[((i++))]="/var/ossec/queue/logcollector"
+PERMANENT_DATA[((i++))]="/var/ossec/queue/tasks"
 PERMANENT_DATA[((i++))]="/var/ossec/agentless"
 PERMANENT_DATA[((i++))]="/var/ossec/var/multigroups"
 PERMANENT_DATA[((i++))]="/var/ossec/integrations"
@@ -21,21 +21,23 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw_mac.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/wazuh-slack"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-wazuh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-slack.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-tweeter.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-ossec.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null.sh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/sshlogin.exp"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_pixconfig_diff"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_asa-fwsmconfig_diff"
@@ -58,15 +60,9 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
 export PERMANENT_DATA_EXCP

 # Files mounted in a volume that should be deleted
 i=0
 PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/db/.template.db"
 export PERMANENT_DATA_DEL
-
-i=0
-PERMANENT_DATA_MOVE[((i++))]="/var/ossec/logs/ossec /var/ossec/logs/wazuh"
-PERMANENT_DATA_MOVE[((i++))]="/var/ossec/queue/ossec /var/ossec/queue/sockets"
-export PERMANENT_DATA_MOVE
--- a/xpack-compose.yml
+++ b/xpack-compose.yml
@@ -3,7 +3,7 @@ version: '3.7'

 services:
  wazuh:
-    image: wazuh/wazuh:4.2.3
+    image: wazuh/wazuh:4.1.5
    hostname: wazuh-manager
    restart: always
    ports:
@@ -146,7 +146,7 @@ services:


  kibana:
-    image: wazuh/wazuh-kibana:4.2.3
+    image: wazuh/wazuh-kibana:4.1.5
    hostname: kibana
    restart: always
    ports:
--- a/xpack-from-sources.yml
+++ b/xpack-from-sources.yml
@@ -7,8 +7,8 @@ services:
      context: wazuh-odfe/
      args:
        - FILEBEAT_CHANNEL=filebeat
-        - FILEBEAT_VERSION=7.11.2
-    image: wazuh/wazuh:4.2.3
+        - FILEBEAT_VERSION=7.10.2
+    image: wazuh/wazuh:4.1.5
    hostname: wazuh-manager
    restart: always
    ports:
@@ -42,7 +42,7 @@ services:


  elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
    hostname: elasticsearch
    restart: always
    ports:
@@ -79,7 +79,7 @@ services:
      - ./xpack/elasticsearch/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt

  elasticsearch2:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
    hostname: elasticsearch2
    restart: always
    environment:
@@ -114,7 +114,7 @@ services:
      - ./xpack/elasticsearch2/elasticsearch2.crt:/usr/share/elasticsearch/config/elasticsearch.crt

  elasticsearch3:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
    hostname: elasticsearch3
    restart: always
    environment:
@@ -152,7 +152,7 @@ services:

  kibana:
    build: kibana/
-    image: wazuh/wazuh-kibana:4.2.3
+    image: wazuh/wazuh-kibana:4.1.5
    hostname: kibana
    restart: always
    ports:
Author	SHA1	Message	Date
José Fernández	015da94d7c	Updated kibana.yml template on odfe version	2021-05-24 11:00:41 +02:00
José Fernández	8a21b2f0ef	Bump OpenDistro from 1.12.0 to 1.13.2	2021-05-24 10:44:48 +02:00
José Fernández	98b1496373	Updated README with stable branch	2021-05-24 09:19:39 +02:00
José Fernández	5421ab92ff	Merge branch 'master' of github.com:wazuh/wazuh-docker into 4.1	2021-05-24 09:13:29 +02:00
Alberto Rodríguez	2eb9b7c8fc	Merge pull request #447 from npdgm/master fix: missing directory for tasks manager db	2021-05-11 09:27:45 +02:00
Alberto Rodríguez	f25667a22f	Bump 4.1.5	2021-05-06 19:50:08 +02:00
Alberto Rodríguez	dfa4ed7d00	Merge pull request #472 from wazuh/4.1 Merge 4.1 in master	2021-04-23 19:59:31 +02:00
Alberto Rodríguez	81f46b908a	Merge pull request #470 from wazuh/bump-4.1.5 Bumped to 4.1.5	2021-04-22 18:56:52 +02:00
Alberto Rodríguez	53bbddd754	Update VERSION Co-authored-by: Víctor Moreno Jiménez <victor.moreno@wazuh.com>	2021-04-22 18:06:12 +02:00
Alberto R	7c3384f9a3	Bumped to 4.1.5	2021-04-22 17:43:49 +02:00
Thibault VINCENT	ab58d0aa23	fix: missing directory for tasks manager db This will prevent error : wazuh-db: ERROR: Couldn't create SQLite database 'queue/tasks/tasks.db'	2021-03-01 20:35:43 +01:00