Merge pull request #694 from wazuh/bump-4-3-6

Bump 4.3 to 4.3.6

.env

@@ -0,0 +1,3 @@
+WAZUH_VERSION=4.3.6
+WAZUH_IMAGE_VERSION=4.3.6
+WAZUH_TAG_REVISION=1

.github/.goss.yaml

@@ -56,7 +56,7 @@ package:
   wazuh-manager:
     installed: true
     versions:
-    - 4.3.3
+    - 4.3.6-1
 port:
   tcp:1514:
     listening: true
@@ -70,28 +70,6 @@ port:
     listening: true
     ip:
     - 0.0.0.0
-user:
-  wazuh:
-    exists: true
-    groups:
-    - wazuh
-    home: /var/ossec
-    shell: /sbin/nologin
-  wazuh:
-    exists: true
-    groups:
-    - wazuh
-    home: /var/ossec
-    shell: /sbin/nologin
-  wazuh:
-    exists: true
-    groups:
-    - wazuh
-    home: /var/ossec
-    shell: /sbin/nologin
-group:
-  wazuh:
-    exists: true
 process:
   filebeat:
     running: true
@@ -113,3 +91,13 @@ process:
     running: true
   wazuh-modulesd:
     running: true
+user:
+  wazuh:
+    exists: true
+    groups:
+    - wazuh
+    home: /var/ossec
+    shell: /sbin/nologin
+group:
+  wazuh:
+    exists: true

.github/multi-node-filebeat-check.sh

@@ -0,0 +1,18 @@
+filebeatout1=$(docker exec multi-node_wazuh.master_1 sh -c 'filebeat test output')
+filebeatstatus1=$(echo "${filebeatout1}" | grep -c OK)
+if [[ filebeatstatus1 -eq 7 ]]; then
+  echo "No errors in master filebeat"
+else
+  echo "Errors in master filebeat"
+  echo "${filebeatout1}"
+  exit 1
+fi
+filebeatout2=$(docker exec multi-node_wazuh.worker_1 sh -c 'filebeat test output')
+filebeatstatus2=$(echo "${filebeatout2}" | grep -c OK)
+if [[ filebeatstatus2 -eq 7 ]]; then
+ echo "No errors in worker filebeat"
+else
+ echo "Errors in worker filebeat"
+ echo "${filebeatout2}"
+ exit 1
+fi

.github/multi-node-log-check.sh

@@ -0,0 +1,16 @@
+log1=$(docker exec multi-node_wazuh.master_1 sh -c 'cat /var/ossec/logs/ossec.log' | grep -P "ERR|WARN|CRIT")
+if [[ -z "$log1" ]]; then
+  echo "No errors in master ossec.log"
+else
+  echo "Errors in master ossec.log:"
+  echo "${log1}"
+  exit 1
+fi
+log2=$(docker exec multi-node_wazuh.worker_1 sh -c 'cat /var/ossec/logs/ossec.log' | grep -P "ERR|WARN|CRIT")
+if [[ -z "${log2}" ]]; then
+  echo "No errors in worker ossec.log"
+else
+  echo "Errors in worker ossec.log:"
+  echo "${log2}"
+  exit 1
+fi

.github/single-node-filebeat-check.sh

@@ -0,0 +1,9 @@
+filebeatout=$(docker exec single-node_wazuh.manager_1 sh -c 'filebeat test output')
+filebeatstatus=$(echo "${filebeatout}" | grep -c OK)
+if [[ filebeatstatus -eq 7 ]]; then
+  echo "No errors in filebeat"
+else
+  echo "Errors in filebeat"
+  echo "${filebeatout}"
+  exit 1
+fi

.github/single-node-log-check.sh

@@ -0,0 +1,8 @@
+log=$(docker exec single-node_wazuh.manager_1 sh -c 'cat /var/ossec/logs/ossec.log' | grep -P "ERR|WARN|CRIT")
+if [[ -z "$log" ]]; then
+  echo "No errors in ossec.log"
+else
+  echo "Errors in ossec.log:"
+  echo "${log}"
+  exit 1
+fi

.github/workflows/push.yml

@@ -1,31 +1,310 @@
 name: Wazuh Docker pipeline
 
-on: [push]
+on: [pull_request]
 
 jobs:
-  build-stack:
+  build-docker-images:
     runs-on: ubuntu-latest
     steps:
 
     - name: Check out code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
-    - name: Build the docker-compose stack
+    - name: Build Wazuh images
-      run: docker-compose -f build-wazuh-images.yml up -d --build
+      run: build-docker-images/build-images.sh
 
-    - name: Check running containers
+    - name: Create enviroment variables
-      run: docker ps -a
+      run: cat .env > $GITHUB_ENV
 
-    - name: Shutdown the stack
+    - name: Create backup Docker images
-      run: docker-compose -f build-wazuh-images.yml kill
+      run: |
+        mkdir -p /home/runner/work/wazuh-docker/wazuh-docker/docker-images/
+        docker save wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar
+        docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar
+        docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
+
+    - name: Temporarily save Wazuh manager Docker image
+      uses: actions/upload-artifact@v3
+      with:
+        name: docker-artifact-manager
+        path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar
+        retention-days: 1
+
+    - name: Temporarily save Wazuh indexer Docker image
+      uses: actions/upload-artifact@v3
+      with:
+        name: docker-artifact-indexer
+        path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar
+        retention-days: 1
+
+    - name: Temporarily save Wazuh dashboard Docker image
+      uses: actions/upload-artifact@v3
+      with:
+        name: docker-artifact-dashboard
+        path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
+        retention-days: 1
 
     - name: Install Goss
       uses: e1himself/goss-installation-action@v1.0.3
       with:
         version: v0.3.16
 
-    - name: Execute Goss tests (wazuh-odfe)
+    - name: Execute Goss tests (wazuh-manager)
-      run: dgoss run wazuh/wazuh-manager:4.3.3
+      run: dgoss run wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}}
       env:
         GOSS_SLEEP: 30
-        GOSS_FILE: .github/.goss.yaml
+        GOSS_FILE: .github/.goss.yaml
+
+  check-single-node:
+    runs-on: ubuntu-latest
+    needs: build-docker-images
+    steps:
+
+    - name: Check out code
+      uses: actions/checkout@v3
+
+    - name: Create enviroment variables
+      run: cat .env > $GITHUB_ENV
+
+    - name: Retrieve saved Wazuh indexer Docker image
+      uses: actions/download-artifact@v3
+      with:
+        name: docker-artifact-indexer
+
+    - name: Retrieve saved Wazuh manager Docker image
+      uses: actions/download-artifact@v3
+      with:
+        name: docker-artifact-manager
+
+    - name: Retrieve saved Wazuh dashboard Docker image
+      uses: actions/download-artifact@v3
+      with:
+        name: docker-artifact-dashboard
+
+    - name: Docker load
+      run: |
+        docker load --input ./wazuh-indexer.tar
+        docker load --input ./wazuh-dashboard.tar
+        docker load --input ./wazuh-manager.tar
+
+
+    - name: Create single node certficates
+      run: docker-compose -f single-node/generate-indexer-certs.yml run --rm generator
+
+    - name: Start single node stack
+      run: docker-compose -f single-node/docker-compose.yml up -d
+
+    - name: Check Wazuh indexer start
+      run: |
+       sleep 60
+       status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`"
+       if [[ $status_green -eq 1 ]]; then
+        curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
+       else
+        curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
+        exit 1
+       fi
+       status_index="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | wc -l`"
+       status_index_green="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | grep "green" | wc -l`"
+       if [[ $status_index_green -eq $status_index ]]; then
+        curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
+       else
+        curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
+        exit 1
+       fi
+
+
+    - name: Check Wazuh indexer nodes
+      run: |
+       nodes="`curl -XGET "https://0.0.0.0:9200/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`"
+       if [[ $nodes -eq 1 ]]; then
+        echo "Wazuh indexer nodes: ${nodes}"
+       else
+        echo "Wazuh indexer nodes: ${nodes}"
+        exit 1
+       fi
+
+    - name: Check documents into wazuh-alerts index
+      run: |
+       docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_doc/_search" -u admin:SecretPassword -k -s | jq -r ".hits.total.value"`"
+       if [[ $docs -gt 100 ]]; then
+        echo "wazuh-alerts index documents: ${docs}"
+       else
+        echo "wazuh-alerts index documents: ${docs}"
+        exit 1
+       fi
+
+    - name: Check Wazuh templates
+      run: |
+       qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`"
+       templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`"
+       if [[ $qty_templates -eq 3 ]]; then
+        echo "wazuh templates:"
+        echo "${templates}"
+       else
+        echo "wazuh templates:"
+        echo "${templates}"
+        exit 1
+       fi
+
+    - name: Check Wazuh manager start
+      run: |
+        services="`curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`"
+        if [[ $services -gt 9 ]]; then
+          echo "Wazuh Manager Services: ${services}"
+          echo "OK"
+        else
+          echo "Wazuh indexer nodes: ${nodes}"
+          curl -k -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items
+          exit 1
+        fi
+      env:
+        TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
+
+    - name: Check errors in ossec.log
+      run: ./.github/single-node-log-check.sh
+
+
+    - name: Check filebeat output
+      run: ./.github/single-node-filebeat-check.sh
+
+    - name: Check Wazuh dashboard service URL
+      run: |
+       status=$(curl -XGET --silent  https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s | grep -E "^HTTP" | awk  '{print $2}')
+       if [[ $status -eq 200 ]]; then
+        echo "Wazuh dashboard status: ${status}"
+       else
+        echo "Wazuh dashboard status: ${status}"
+        exit 1
+       fi
+
+    - name: Stop single node stack
+      run: docker-compose -f single-node/docker-compose.yml down
+
+  check-multi-node:
+    runs-on: ubuntu-latest
+    needs: build-docker-images
+    steps:
+
+    - name: Check out code
+      uses: actions/checkout@v3
+
+    - name: Create enviroment variables
+      run: cat .env > $GITHUB_ENV
+
+    - name: Retrieve saved Wazuh dashboard Docker image
+      uses: actions/download-artifact@v3
+      with:
+        name: docker-artifact-dashboard
+
+    - name: Retrieve saved Wazuh manager Docker image
+      uses: actions/download-artifact@v3
+      with:
+        name: docker-artifact-manager
+
+    - name: Retrieve saved Wazuh indexer Docker image
+      uses: actions/download-artifact@v3
+      with:
+        name: docker-artifact-indexer
+
+    - name: Docker load
+      run: |
+        docker load --input ./wazuh-manager.tar
+        docker load --input ./wazuh-indexer.tar
+        docker load --input ./wazuh-dashboard.tar
+
+    - name: Create multi node certficates
+      run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator
+
+    - name: Start multi node stack
+      run: docker-compose -f multi-node/docker-compose.yml up -d
+
+    - name: Check Wazuh indexer start
+      run: |
+       sleep 120
+       status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`"
+       if [[ $status_green -eq 1 ]]; then
+        curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
+       else
+        curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
+        exit 1
+       fi
+       status_index="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | wc -l`"
+       status_index_green="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | grep -E "green" | wc -l`"
+       if [[ $status_index_green -eq $status_index ]]; then
+        curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
+       else
+        curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
+        exit 1
+       fi
+
+    - name: Check Wazuh indexer nodes
+      run: |
+       nodes="`curl -XGET "https://0.0.0.0:9200/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`"
+       if [[ $nodes -eq 3 ]]; then
+        echo "Wazuh indexer nodes: ${nodes}"
+       else
+        echo "Wazuh indexer nodes: ${nodes}"
+        exit 1
+       fi
+
+    - name: Check documents into wazuh-alerts index
+      run: |
+       docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_doc/_search" -u admin:SecretPassword -k -s | jq -r ".hits.total.value"`"
+       if [[ $docs -gt 200 ]]; then
+        echo "wazuh-alerts index documents: ${docs}"
+       else
+        echo "wazuh-alerts index documents: ${docs}"
+        exit 1
+       fi
+
+    - name: Check Wazuh templates
+      run: |
+       qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh" | wc -l`"
+       templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh"`"
+       if [[ $qty_templates -eq 3 ]]; then
+        echo "wazuh templates:"
+        echo "${templates}"
+       else
+        echo "wazuh templates:"
+        echo "${templates}"
+        exit 1
+       fi
+
+    - name: Check Wazuh manager start
+      run: |
+        services="`curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`"
+        if [[ $services -gt 10 ]]; then
+          echo "Wazuh Manager Services: ${services}"
+          echo "OK"
+        else
+          echo "Wazuh indexer nodes: ${nodes}"
+          curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items
+          exit 1
+        fi
+        nodes=$(curl -k -s -X GET "https://0.0.0.0:55000/cluster/nodes" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r ".data.affected_items[].name" | wc -l)
+        if [[ $nodes -eq 2 ]]; then
+         echo "Wazuh manager nodes: ${nodes}"
+        else
+         echo "Wazuh manager nodes: ${nodes}"
+         exit 1
+        fi
+      env:
+        TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
+
+    - name: Check errors in ossec.log
+      run: ./.github/multi-node-log-check.sh
+
+
+    - name: Check filebeat output
+      run: ./.github/multi-node-filebeat-check.sh
+
+    - name: Check Wazuh dashboard service URL
+      run: |
+       status=$(curl -XGET --silent  https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I | grep -E "^HTTP" | awk  '{print $2}')
+       if [[ $status -eq 200 ]]; then
+        echo "Wazuh dashboard status: ${status}"
+       else
+        echo "Wazuh dashboard status: ${status}"
+        exit 1
+       fi

.gitignore

@@ -1,4 +1,4 @@
 single-node/config/wazuh_indexer_ssl_certs/*.pem
 single-node/config/wazuh_indexer_ssl_certs/*.key
 multi-node/config/wazuh_indexer_ssl_certs/*.pem
-multi-node/config/wazuh_indexer_ssl_certs/*.key
+multi-node/config/wazuh_indexer_ssl_certs/*.key

CHANGELOG.md

@@ -1,6 +1,21 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## Wazuh Docker v4.3.6
+### Added
+
+- Update Wazuh to version [4.3.6](https://github.com/wazuh/wazuh/blob/v4.3.6/CHANGELOG.md#v436)
+
+## Wazuh Docker v4.3.5
+### Added
+
+- Update Wazuh to version [4.3.5](https://github.com/wazuh/wazuh/blob/v4.3.5/CHANGELOG.md#v435)
+
+## Wazuh Docker v4.3.4
+### Added
+
+- Update Wazuh to version [4.3.4](https://github.com/wazuh/wazuh/blob/v4.3.4/CHANGELOG.md#v434)
+
 ## Wazuh Docker v4.3.3
 ### Added
 

README.md

@@ -193,6 +193,9 @@ WAZUH_MONITORING_REPLICAS=0         #
 
 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
+| v4.3.6        |         |        |
+| v4.3.5        |         |        |
+| v4.3.4        |         |        |
 | v4.3.3        |         |        |
 | v4.3.2        |         |        |
 | v4.3.1        |         |        |

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.3.3"
+WAZUH-DOCKER_VERSION="4.3.6"
-REVISION="40315"
+REVISION="40318"

build-docker-images/README.md

@@ -1,7 +1,11 @@
 # Wazuh Docker Image Builder
 
-This stack allows you to build the Wazuh manager, indexer, and dashboard images locally by running the command:
+The creation of the images for the Wazuh stack deployment in Docker is done with the build-images.yml script
+
+To execute the process, the following must be executed in the root of the wazuh-docker repository:
 
 ```
-$ docker-compose build
+$ build-docker-images/build-images.sh
-```
+```
+
+This script initializes the environment variables needed to build each of the images.

build-docker-images/build-images.sh

@@ -0,0 +1,17 @@
+WAZUH_IMAGE_VERSION=4.3.6
+WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
+WAZUH_TAG_REVISION=1
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
+
+## If wazuh manager exists in apt dev repository, change variables, if not, exit 1
+if [ "$WAZUH_VERSION" -le "$WAZUH_CURRENT_VERSION" ]; then
+  IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
+else
+  IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
+fi
+
+echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > .env
+echo WAZUH_IMAGE_VERSION=$IMAGE_VERSION >> .env
+echo WAZUH_TAG_REVISION=$WAZUH_TAG_REVISION >> .env
+
+docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache

build-docker-images/build-images.yml

@@ -3,8 +3,12 @@ version: '3.7'
 
 services:
   wazuh.manager:
-    build:  wazuh-manager/
+    build:
-    image: wazuh/wazuh-manager:4.3.3
+      context: wazuh-manager/
+      args:
+        WAZUH_VERSION: ${WAZUH_VERSION}
+        WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
+    image: wazuh/wazuh-manager:${WAZUH_IMAGE_VERSION}
     hostname: wazuh.manager
     restart: always
     ports:
@@ -31,8 +35,12 @@ services:
       - filebeat_var:/var/lib/filebeat
 
   wazuh.indexer:
-    build: wazuh-indexer/
+    build:
-    image: wazuh/wazuh-indexer:4.3.3
+      context: wazuh-indexer/
+      args:
+        WAZUH_VERSION: ${WAZUH_VERSION}
+        WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
+    image: wazuh/wazuh-indexer:${WAZUH_IMAGE_VERSION}
     hostname: wazuh.indexer
     restart: always
     ports:
@@ -48,8 +56,12 @@ services:
         hard: 65536
 
   wazuh.dashboard:
-    build: wazuh-dashboard/
+    build:
-    image: wazuh/wazuh-dashboard:4.3.3
+      context: wazuh-dashboard/
+      args:
+        WAZUH_VERSION: ${WAZUH_VERSION}
+        WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
+    image: wazuh/wazuh-dashboard:${WAZUH_IMAGE_VERSION}
     hostname: wazuh.dashboard
     restart: always
     ports:

build-docker-images/wazuh-dashboard/Dockerfile

@@ -1,8 +1,10 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 FROM ubuntu:focal AS builder
 
-ARG WAZUH_VERSION=4.3.3
+ARG WAZUH_VERSION
+ARG WAZUH_TAG_REVISION
 ARG INSTALL_DIR=/usr/share/wazuh-dashboard
+ARG WAZUH_UI_REVISION=1
 
 # Update and install dependencies
 RUN apt-get update && apt install curl libcap2-bin xz-utils -y
@@ -11,16 +13,17 @@ RUN apt-get update && apt install curl libcap2-bin xz-utils -y
 RUN mkdir -p $INSTALL_DIR
 
 # Download and extract Wazuh dashboard base
-RUN curl -o wazuh-dashboard-base.tar.xz https://packages.wazuh.com/stack/dashboard/base/wazuh-dashboard-base-${WAZUH_VERSION}-linux-x64.tar.xz && \
+COPY config/dl_base.sh .
-    tar -xf wazuh-dashboard-base.tar.xz --directory  $INSTALL_DIR --strip-components=1
+RUN bash dl_base.sh
 
 # Generate certificates
 COPY config/config.sh .
 COPY config/config.yml /
 RUN bash config.sh
 
-# Install Wazuh App
+COPY config/install_wazuh_app.sh /
-RUN $INSTALL_DIR/bin/opensearch-dashboards-plugin install https://packages.wazuh.com/4.x/ui/dashboard/wazuh-${WAZUH_VERSION}.zip --allow-root
+RUN chmod 775 /install_wazuh_app.sh
+RUN bash /install_wazuh_app.sh
 
 # Copy and set permissions to config files
 COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/

build-docker-images/wazuh-dashboard/config/dl_base.sh

@@ -0,0 +1,12 @@
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g') && \
+WAZUH_IMAGE_VERSION=$(echo $WAZUH_VERSION | sed -e 's/\.//g') && \
+
+
+if [ "$WAZUH_IMAGE_VERSION" -le "$WAZUH_CURRENT_VERSION" ]; then
+ REPOSITORY="packages.wazuh.com"
+else 
+ REPOSITORY="packages-dev.wazuh.com"
+fi
+ 
+curl -o wazuh-dashboard-base.tar.xz https://${REPOSITORY}/stack/dashboard/base/wazuh-dashboard-base-${WAZUH_VERSION}-${WAZUH_TAG_REVISION}-linux-x64.tar.xz
+tar -xf wazuh-dashboard-base.tar.xz --directory  $INSTALL_DIR --strip-components=1

build-docker-images/wazuh-dashboard/config/entrypoint.sh

@@ -7,7 +7,7 @@ DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
 
 # Create and configure Wazuh dashboard keystore
 
-$INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \
+yes | $INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \
 echo $DASHBOARD_USERNAME | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
 echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
 
@@ -15,6 +15,6 @@ echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add o
 # Start Wazuh dashboard
 ##############################################################################
 
-/wazuh_app_config.sh
+/wazuh_app_config.sh $WAZUH_UI_REVISION
 
 /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml

build-docker-images/wazuh-dashboard/config/install_wazuh_app.sh

@@ -0,0 +1,12 @@
+## Variables
+WAZUH_IMAGE_VERSION=$(echo $WAZUH_VERSION | sed -e 's/\.//g')
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
+## If wazuh manager exists in apt dev repository, change variables, if not exit 1
+if [ "$WAZUH_IMAGE_VERSION" -le "$WAZUH_CURRENT_VERSION" ]; then
+  WAZUH_APP=https://packages.wazuh.com/4.x/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+else
+  WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+fi
+
+# Install Wazuh App
+$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_APP --allow-root

build-docker-images/wazuh-indexer/Dockerfile

@@ -1,6 +1,9 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 FROM ubuntu:focal AS builder
 
+ARG WAZUH_VERSION
+ARG WAZUH_TAG_REVISION
+
 RUN apt-get update -y && apt-get install curl openssl xz-utils -y
 
 COPY config/opensearch.yml /

build-docker-images/wazuh-indexer/config/config.sh

@@ -4,11 +4,13 @@ export DH_OPTIONS
 
 export NAME=wazuh-indexer
 export TARGET_DIR=${CURDIR}/debian/${NAME}
+export WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
+export WAZUH_IMAGE_VERSION=$(echo $WAZUH_VERSION | sed -e 's/\.//g')
 
 # Package build options
 export USER=${NAME}
 export GROUP=${NAME}
-export VERSION=4.3.3
+export VERSION=${WAZUH_VERSION}-${WAZUH_TAG_REVISION}
 export LOG_DIR=/var/log/${NAME}
 export LIB_DIR=/var/lib/${NAME}
 export PID_DIR=/run/${NAME}
@@ -19,10 +21,15 @@ export INDEXER_FILE=wazuh-indexer-base.tar.xz
 export BASE_FILE=wazuh-indexer-base-${VERSION}-linux-x64.tar.xz
 export REPO_DIR=/unattended_installer
 
-
 rm -rf ${INSTALLATION_DIR}/
 
-curl -o ${INDEXER_FILE} https://packages.wazuh.com/stack/indexer/base/${BASE_FILE}
+if [ "$WAZUH_IMAGE_VERSION" -le "$WAZUH_CURRENT_VERSION" ]; then
+ REPOSITORY="packages.wazuh.com"
+else
+ REPOSITORY="packages-dev.wazuh.com"
+fi
+
+curl -o ${INDEXER_FILE} https://${REPOSITORY}/stack/indexer/base/${BASE_FILE}
 tar -xf ${INDEXER_FILE}
 
 ## TOOLS

build-docker-images/wazuh-manager/Dockerfile

@@ -1,7 +1,10 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 FROM ubuntu:focal
 
-ARG WAZUH_VERSION=4.3.3
+RUN rm /bin/sh && ln -s /bin/bash /bin/sh
+
+ARG WAZUH_VERSION
+ARG WAZUH_TAG_REVISION
 ARG TEMPLATE_VERSION=4.3
 ARG FILEBEAT_CHANNEL=filebeat-oss
 ARG FILEBEAT_VERSION=7.10.2
@@ -9,10 +12,13 @@ ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.2.tar.gz"
 
 RUN apt-get update && apt install curl apt-transport-https lsb-release gnupg -y
 
-RUN apt-key adv --fetch-keys https://packages.wazuh.com/key/GPG-KEY-WAZUH && \
+COPY config/check_repository.sh /
-    echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list && \
+
-    apt-get update && \
+RUN chmod 775 /check_repository.sh
-    apt-get install wazuh-manager=${WAZUH_VERSION}-1
+RUN source /check_repository.sh
+
+RUN apt-get update && \
+    apt-get install wazuh-manager=${WAZUH_VERSION}-${WAZUH_TAG_REVISION}
 
 RUN curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb &&\
     dpkg -i ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && \

build-docker-images/wazuh-manager/config/check_repository.sh

@@ -0,0 +1,13 @@
+## Variables
+WAZUH_IMAGE_VERSION=$(echo $WAZUH_VERSION | sed -e 's/\.//g')
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
+## If wazuh manager exists in apt dev repository, change variables, if not exit 1
+if [ "$WAZUH_IMAGE_VERSION" -le "$WAZUH_CURRENT_VERSION" ]; then
+  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+  REPOSITORY="deb https://packages.wazuh.com/4.x/apt/ stable main"
+else
+  APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+  REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
+fi
+apt-key adv --fetch-keys ${APT_KEY}
+echo ${REPOSITORY} | tee -a /etc/apt/sources.list.d/wazuh.list

build-docker-images/wazuh-manager/config/create_user.py

@@ -21,7 +21,7 @@ try:
         set_user_role,
         update_user,
     )
-except Exception as e:
+except ModuleNotFoundError as e:
     logging.error("No module 'wazuh' found.")
     sys.exit(1)
 

build-docker-images/wazuh-manager/config/filebeat.yml

@@ -20,3 +20,12 @@ output.elasticsearch:
   #ssl.certificate_authorities:
   #ssl.certificate:
   #ssl.key:
+
+logging.metrics.enabled: false
+
+seccomp:
+  default_action: allow
+  syscalls:
+  - action: allow
+    names:
+    - rseq

indexer-certs-creator/config/entrypoint.sh

@@ -51,11 +51,11 @@ chown 1000:1000 /certificates/*
 echo "Setting UID for wazuh manager and worker"
 cp /certificates/root-ca.pem /certificates/root-ca-manager.pem
 cp /certificates/root-ca.key /certificates/root-ca-manager.key
-chown 999:997 /certificates/root-ca-manager.pem
+chown 101:101 /certificates/root-ca-manager.pem
-chown 999:997 /certificates/root-ca-manager.key
+chown 101:101 /certificates/root-ca-manager.key
 
 for i in ${node_names[@]}; 
 do 
-  chown 999:997 "/certificates/${i}.pem"
+  chown 101:101 "/certificates/${i}.pem"
-  chown 999:997 "/certificates/${i}-key.pem"
+  chown 101:101 "/certificates/${i}-key.pem"
 done

multi-node/config/wazuh_cluster/wazuh_manager.conf

@@ -349,24 +349,9 @@
     <location>/var/ossec/logs/active-responses.log</location>
   </localfile>
 
-  <localfile>
-    <log_format>syslog</log_format>
-    <location>/var/log/auth.log</location>
-  </localfile>
-
-  <localfile>
-    <log_format>syslog</log_format>
-    <location>/var/log/syslog</location>
-  </localfile>
-
   <localfile>
     <log_format>syslog</log_format>
     <location>/var/log/dpkg.log</location>
   </localfile>
 
-  <localfile>
-    <log_format>syslog</log_format>
-    <location>/var/log/kern.log</location>
-  </localfile>
-
 </ossec_config>

multi-node/config/wazuh_cluster/wazuh_worker.conf

@@ -349,24 +349,9 @@
     <location>/var/ossec/logs/active-responses.log</location>
   </localfile>
 
-  <localfile>
-    <log_format>syslog</log_format>
-    <location>/var/log/auth.log</location>
-  </localfile>
-
-  <localfile>
-    <log_format>syslog</log_format>
-    <location>/var/log/syslog</location>
-  </localfile>
-
   <localfile>
     <log_format>syslog</log_format>
     <location>/var/log/dpkg.log</location>
   </localfile>
 
-  <localfile>
-    <log_format>syslog</log_format>
-    <location>/var/log/kern.log</location>
-  </localfile>
-
 </ossec_config>

multi-node/docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh.master:
-    image: wazuh/wazuh-manager:4.3.3
+    image: wazuh/wazuh-manager:4.3.6
     hostname: wazuh.master
     restart: always
     ports:
@@ -38,7 +38,7 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.worker:
-    image: wazuh/wazuh-manager:4.3.3
+    image: wazuh/wazuh-manager:4.3.6
     hostname: wazuh.worker
     restart: always
     environment:
@@ -67,7 +67,7 @@ services:
       - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh1.indexer:
-    image: wazuh/wazuh-indexer:4.3.3
+    image: wazuh/wazuh-indexer:4.3.6
     hostname: wazuh1.indexer
     restart: always
     ports:
@@ -93,7 +93,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
 
   wazuh2.indexer:
-    image: wazuh/wazuh-indexer:4.3.3
+    image: wazuh/wazuh-indexer:4.3.6
     hostname: wazuh2.indexer
     restart: always
     environment:
@@ -115,7 +115,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
 
   wazuh3.indexer:
-    image: wazuh/wazuh-indexer:4.3.3
+    image: wazuh/wazuh-indexer:4.3.6
     hostname: wazuh3.indexer
     restart: always
     environment:
@@ -137,7 +137,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.3.3
+    image: wazuh/wazuh-dashboard:4.3.6
     hostname: wazuh.dashboard
     restart: always
     ports:

single-node/docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh.manager:
-    image: wazuh/wazuh-manager:4.3.3
+    image: wazuh/wazuh-manager:4.3.6
     hostname: wazuh.manager
     restart: always
     ports:
@@ -39,7 +39,7 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.indexer:
-    image: wazuh/wazuh-indexer:4.3.3
+    image: wazuh/wazuh-indexer:4.3.6
     hostname: wazuh.indexer
     restart: always
     ports:
@@ -64,7 +64,7 @@ services:
       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.3.3
+    image: wazuh/wazuh-dashboard:4.3.6
     hostname: wazuh.dashboard
     restart: always
     ports: