Add Changelog

Merge 4.10.2 into master

.env

@@ -1,6 +1,6 @@
-WAZUH_VERSION=4.9.0
-WAZUH_IMAGE_VERSION=4.9.0
+WAZUH_VERSION=5.0.0
+WAZUH_IMAGE_VERSION=5.0.0
 WAZUH_TAG_REVISION=1
-FILEBEAT_TEMPLATE_BRANCH=4.9.0
+FILEBEAT_TEMPLATE_BRANCH=5.0.0
 WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz
 WAZUH_UI_REVISION=1

.github/.goss.yaml

@@ -56,7 +56,7 @@ package:
   wazuh-manager:
     installed: true
     versions:
-    - 4.9.0
+    - 5.0.0-1
 port:
   tcp:1514:
     listening: true

.github/workflows/Procedure_push_docker_images.yml

@@ -0,0 +1,161 @@
+run-name: Launch Push Docker Images - ${{ inputs.id }}
+name: Push Docker Images
+
+on:
+  workflow_dispatch:
+    inputs:
+      image_tag:
+        description: 'Docker image tag'
+        default: '5.0.0'
+        required: true
+      docker_reference:
+        description: 'wazuh-docker reference'
+        default: 'v5.0.0'
+        required: true
+      PRODUCTS:
+        description: 'Comma-separated list of the image names to build and push'
+        default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer'
+        required: true
+      filebeat_module_version:
+        description: 'Filebeat module version'
+        default: '0.4'
+        required: true
+      revision:
+        description: 'Package revision'
+        default: '1'
+        required: true
+      push_images:
+        description: 'Push images'
+        type: boolean
+        default: true
+        required: true
+      id:
+        description: "ID used to identify the workflow uniquely."
+        type: string
+        required: false
+      dev:
+        description: "Add tag suffix '-dev' to the image tag ?"
+        type: boolean
+        default: true
+        required: false
+  workflow_call:
+    inputs:
+      image_tag:
+        description: 'Docker image tag'
+        default: '5.0.0'
+        required: true
+        type: string
+      docker_reference:
+        description: 'wazuh-docker reference'
+        default: 'v5.0.0'
+        required: false
+        type: string
+      products:
+        description: 'Comma-separated list of the image names to build and push'
+        default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer'
+        required: true
+        type: string
+      filebeat_module_version:
+        description: 'Filebeat module version'
+        default: '0.4'
+        required: true
+        type: string
+      revision:
+        description: 'Package revision'
+        default: '1'
+        required: true
+        type: string
+      push_images:
+        description: 'Push images'
+        type: boolean
+        default: true
+        required: true
+      id:
+        description: "ID used to identify the workflow uniquely."
+        type: string
+        required: false
+      dev:
+        description: "Add tag suffix '-dev' to the image tag ?"
+        type: boolean
+        default: false
+        required: false
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Print inputs
+      run: |
+        echo "---------------------------------------------"
+        echo "Running Procedure_push_docker_images workflow"
+        echo "---------------------------------------------"
+        echo "* BRANCH: ${{ github.ref }}"
+        echo "* COMMIT: ${{ github.sha }}"
+        echo "---------------------------------------------"
+        echo "Inputs provided:"
+        echo "---------------------------------------------"
+        echo "* id: ${{ inputs.id }}"
+        echo "* image_tag: ${{ inputs.image_tag }}"
+        echo "* docker_reference: ${{ inputs.docker_reference }}"
+        echo "* products: ${{ inputs.products }}"
+        echo "* filebeat_module_version: ${{ inputs.filebeat_module_version }}"
+        echo "* revision: ${{ inputs.revision }}"
+        echo "* push_images: ${{ inputs.push_images }}"
+        echo "* dev: ${{ inputs.dev }}"
+        echo "---------------------------------------------"
+
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ inputs.docker_reference }}
+
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+    - name: Build Wazuh images
+      run: |
+        IMAGE_TAG=${{ inputs.image_tag }}
+        FILEBEAT_MODULE_VERSION=${{ inputs.filebeat_module_version }}
+        REVISION=${{ inputs.revision }}
+
+        if [[ "$IMAGE_TAG" == *"-"* ]]; then
+          IFS='-' read -r -a tokens <<< "$IMAGE_TAG"
+          if [ -z "${tokens[1]}" ]; then
+            echo "Invalid image tag: $IMAGE_TAG"
+            exit 1
+          fi
+          DEV_STAGE=${tokens[1]}
+          WAZUH_VER=${tokens[0]}
+          ./build-docker-images/build-images.sh -v $WAZUH_VER -r $REVISION -d $DEV_STAGE -f $FILEBEAT_MODULE_VERSION
+        else
+          ./build-docker-images/build-images.sh -v $IMAGE_TAG -r $REVISION -f $FILEBEAT_MODULE_VERSION
+        fi
+
+        # Save .env file (generated by build-images.sh) contents to $GITHUB_ENV
+        ENV_FILE_PATH=".env"
+
+        if [ -f $ENV_FILE_PATH ]; then
+          while IFS= read -r line || [ -n "$line" ]; do
+            echo "$line" >> $GITHUB_ENV
+          done < $ENV_FILE_PATH
+        else
+          echo "The environment file $ENV_FILE_PATH does not exist!"
+          exit 1
+        fi
+
+    - name: Tag and Push Wazuh images
+      if: ${{ inputs.push_images }}
+      run: |
+        IMAGE_TAG="${{ inputs.image_tag }}$( [ "${{ inputs.dev }}" == "true" ] && echo '-dev' || true )"
+        IMAGE_NAMES=${{ inputs.products }}
+        IFS=',' read -r -a images <<< "$IMAGE_NAMES"
+        for image in "${images[@]}"; do
+          echo "Tagging and pushing wazuh/$image:${WAZUH_VERSION} to wazuh/$image:$IMAGE_TAG"
+          docker tag wazuh/$image:${WAZUH_VERSION} wazuh/$image:$IMAGE_TAG
+          echo "Pushing wazuh/$image:$IMAGE_TAG ..."
+          docker push wazuh/$image:$IMAGE_TAG
+        done

.github/workflows/push.yml

@@ -10,11 +10,6 @@ jobs:
     - name: Check out code
       uses: actions/checkout@v3
 
-    - name: Install docker-compose
-      run: |
-        curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-        chmod +x /usr/local/bin/docker-compose
-
     - name: Build Wazuh images
       run: build-docker-images/build-images.sh
 
@@ -27,6 +22,7 @@ jobs:
         docker save wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar
         docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar
         docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
+        docker save wazuh/wazuh-cert-tool:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar
 
     - name: Temporarily save Wazuh manager Docker image
       uses: actions/upload-artifact@v3
@@ -49,6 +45,13 @@ jobs:
         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
         retention-days: 1
 
+    - name: Temporarily save Wazuh Cert Tool Docker image
+      uses: actions/upload-artifact@v3
+      with:
+        name: docker-artifact-cert-tool
+        path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar
+        retention-days: 1
+
     - name: Install Goss
       uses: e1himself/goss-installation-action@v1.0.3
       with:
@@ -68,11 +71,6 @@ jobs:
     - name: Check out code
       uses: actions/checkout@v3
 
-    - name: Install docker-compose
-      run: |
-        curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-        chmod +x /usr/local/bin/docker-compose
-
     - name: Create enviroment variables
       run: cat .env > $GITHUB_ENV
 
@@ -91,18 +89,25 @@ jobs:
       with:
         name: docker-artifact-dashboard
 
+    - name: Retrieve saved Wazuh Cert Tool Docker image
+      uses: actions/download-artifact@v3
+      with:
+        name: docker-artifact-cert-tool
+
     - name: Docker load
       run: |
         docker load --input ./wazuh-indexer.tar
         docker load --input ./wazuh-dashboard.tar
         docker load --input ./wazuh-manager.tar
+        docker load --input ./wazuh-cert-tool.tar
+        rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar
 
 
     - name: Create single node certficates
-      run: docker-compose -f single-node/generate-indexer-certs.yml run --rm generator
+      run: docker compose -f single-node/generate-certs.yml run --rm generator
 
     - name: Start single node stack
-      run: docker-compose -f single-node/docker-compose.yml up -d
+      run: docker compose -f single-node/docker-compose.yml up -d
 
     - name: Check Wazuh indexer start
       run: |
@@ -196,11 +201,6 @@ jobs:
     - name: Check out code
       uses: actions/checkout@v3
 
-    - name: Install docker-compose
-      run: |
-        curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-        chmod +x /usr/local/bin/docker-compose
-
     - name: Create enviroment variables
       run: cat .env > $GITHUB_ENV
 
@@ -227,18 +227,24 @@ jobs:
       with:
         name: docker-artifact-indexer
 
+    - name: Retrieve saved Wazuh Cert Tool Docker image
+      uses: actions/download-artifact@v3
+      with:
+        name: docker-artifact-cert-tool
+
     - name: Docker load
       run: |
-        docker load --input ./wazuh-manager.tar
         docker load --input ./wazuh-indexer.tar
         docker load --input ./wazuh-dashboard.tar
-        rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar
+        docker load --input ./wazuh-manager.tar
+        docker load --input ./wazuh-cert-tool.tar
+        rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar
 
     - name: Create multi node certficates
-      run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator
+      run: docker compose -f multi-node/generate-certs.yml run --rm generator
 
     - name: Start multi node stack
-      run: docker-compose -f multi-node/docker-compose.yml up -d
+      run: docker compose -f multi-node/docker-compose.yml up -d
 
     - name: Check Wazuh indexer start
       run: |

CHANGELOG.md

@@ -1,6 +1,105 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## [5.0.0]
+
+### Added
+
+- none
+
+### Changed
+
+- Delete service tag and modifiy docker-compose execution for a new version ([#1632](https://github.com/wazuh/wazuh-docker/pull/1632))
+- Remove deprecated attribute version in docker-compose.yml ([#1595](https://github.com/wazuh/wazuh-docker/pull/1595)) by https://github.com/h3ssan
+
+### Fixed
+
+- None
+
+### Deleted
+
+- None
+
+## [4.10.2]
+
+### Added
+
+- none
+
+### Changed
+
+- None
+
+### Fixed
+
+- None
+
+### Deleted
+
+- None
+
+## [4.10.1]
+
+### Added
+
+- none
+
+### Changed
+
+- None
+
+### Fixed
+
+- None
+
+### Deleted
+
+- None
+
+## [4.10.0]
+
+### Added
+
+- Migrate the push docker images procedure to GitHub Actions ([#5651](https://github.com/wazuh/wazuh-qa/issues/5651))
+
+### Changed
+
+- None
+
+### Fixed
+
+- None
+
+### Deleted
+
+- None
+
+## [4.9.2]
+
+### Added
+
+- Update Wazuh to version [4.9.2](https://github.com/wazuh/wazuh/blob/v4.9.2/CHANGELOG.md#v492)
+
+## [4.9.1]
+
+### Added
+
+- None
+
+### Changed
+
+- None
+
+
+### Fixed
+
+- Fix typos into Wazuh manager entrypoint ([#1569](https://github.com/wazuh/wazuh-docker/pull/1569))
+
+### Deleted
+
+- None
+
+
 ## Wazuh Docker v4.9.0
 ### Added
 

README.md

@@ -58,20 +58,6 @@ CHECKS_TEMPLATE=true            # step once the Wazuh app starts. Values must be
 CHECKS_API=true
 CHECKS_SETUP=true
 
-EXTENSIONS_PCI=true             # Enable PCI Extension
-EXTENSIONS_GDPR=true            # Enable GDPR Extension
-EXTENSIONS_HIPAA=true           # Enable HIPAA Extension
-EXTENSIONS_NIST=true            # Enable NIST Extension
-EXTENSIONS_TSC=true             # Enable TSC Extension
-EXTENSIONS_AUDIT=true           # Enable Audit Extension
-EXTENSIONS_OSCAP=false          # Enable OpenSCAP Extension
-EXTENSIONS_CISCAT=false         # Enable CISCAT Extension
-EXTENSIONS_AWS=false            # Enable AWS Extension
-EXTENSIONS_GCP=false            # Enable GCP Extension
-EXTENSIONS_VIRUSTOTAL=false     # Enable Virustotal Extension
-EXTENSIONS_OSQUERY=false        # Enable OSQuery Extension
-EXTENSIONS_DOCKER=false         # Enable Docker Extension
-
 APP_TIMEOUT=20000               # Defines maximum timeout to be used on the Wazuh app requests
 
 API_SELECTOR=true               Defines if the user is allowed to change the selected API directly from the Wazuh app top menu
@@ -182,7 +168,6 @@ WAZUH_MONITORING_REPLICAS=0         ##
     └── VERSION
 
 
-
 ## Branches
 
 * `master` branch contains the latest code, be aware of possible bugs on this branch.
@@ -192,6 +177,12 @@ WAZUH_MONITORING_REPLICAS=0         ##
 
 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
+| v5.0.0        |         |        |
+| v4.10.2       |         |        |
+| v4.10.1       |         |        |
+| v4.10.0       |         |        |
+| v4.9.2        |         |        |
+| v4.9.1        |         |        |
 | v4.9.0        |         |        |
 | v4.8.2        |         |        |
 | v4.8.1        |         |        |

SECURITY.md

@@ -16,11 +16,11 @@ Please submit your findings as security advisories under the "Security" tab in t
 ## Vulnerability Disclosure Policy
 Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps:
 
-- Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
-- Validation: We will validate the issue and work on reproducing it in our environment.
-- Remediation: We will work on a fix and thoroughly test it
-- Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
-- Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
+1. Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
+2. Validation: We will validate the issue and work on reproducing it in our environment.
+3. Remediation: We will work on a fix and thoroughly test it
+4. Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
+5. Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
 
 This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability.
 
@@ -33,7 +33,7 @@ We believe in giving credit where credit is due. If you report a security vulner
 We do appreciate and encourage feedback from our community, but currently we do not have a bounty program. We might start bounty programs in the future.
 
 ## Compliance with this Policy
-We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications. 
+We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications.
 
 Furthermore, we will not take legal action against or suspend or terminate access to the site or services of those who discover and report security vulnerabilities in accordance with this policy because of the fact.
 
@@ -42,4 +42,4 @@ We ask that all users and contributors respect this policy and the security of o
 ## Changes to this Security Policy
 This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date.
 
-If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com).
+If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com)

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.9.0"
-REVISION="40907"
+WAZUH-DOCKER_VERSION="5.0.0"
+REVISION="50000"

build-docker-images/README.md

@@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im
 The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
 
 ```
-$ build-docker-images/build-images.sh -v 4.9.0
+$ build-docker-images/build-images.sh -v 5.0.0
 ```
 
 To get all the available script options use the -h or --help option:
@@ -26,7 +26,7 @@ Usage: build-docker-images/build-images.sh [OPTIONS]
     -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
     -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default 0.4.
     -r, --revision <rev>         [Optional] Package revision. By default 1
-    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 4.9.0.
+    -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 5.0.0.
     -h, --help                   Show this help.
 
 ```

build-docker-images/build-images.sh

@@ -1,4 +1,4 @@
-WAZUH_IMAGE_VERSION=4.9.0
+WAZUH_IMAGE_VERSION=5.0.0
 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
 WAZUH_TAG_REVISION=1
 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
@@ -12,7 +12,7 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
 # License (version 2) as published by the FSF - Free Software
 # Foundation.
 
-WAZUH_IMAGE_VERSION="4.9.0"
+WAZUH_IMAGE_VERSION="5.0.0"
 WAZUH_TAG_REVISION="1"
 WAZUH_DEV_STAGE=""
 FILEBEAT_MODULE_VERSION="0.4"
@@ -70,7 +70,8 @@ build() {
     echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> .env
     echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env
 
-    docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache
+    docker compose -f build-docker-images/build-images.yml --env-file .env build --no-cache
+    docker build -t wazuh/wazuh-cert-tool:$WAZUH_IMAGE_VERSION build-docker-images/cert-tool-image/
 
     return 0
 }

build-docker-images/build-images.yml

@@ -1,6 +1,4 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-version: '3.7'
-
 services:
   wazuh.manager:
     build:
@@ -62,7 +60,7 @@ services:
       context: wazuh-dashboard/
       args:
         WAZUH_VERSION: ${WAZUH_VERSION}
-        WAZUH_TAG_REVISION: 2
+        WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
         WAZUH_UI_REVISION: ${WAZUH_UI_REVISION}
     image: wazuh/wazuh-dashboard:${WAZUH_IMAGE_VERSION}
     hostname: wazuh.dashboard

build-docker-images/wazuh-cert-tool/Dockerfile

@@ -1,7 +1,8 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-FROM ubuntu:focal
+FROM amazonlinux:2023
 
-RUN apt-get update && apt-get install openssl curl -y
+RUN yum install curl-minimal openssl -y &&\
+yum clean all
 
 WORKDIR /
 

build-docker-images/wazuh-cert-tool/config/entrypoint.sh

@@ -8,8 +8,8 @@
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.9/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.9/
+PACKAGES_URL=https://packages.wazuh.com/5.0/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

build-docker-images/wazuh-dashboard/Dockerfile

@@ -48,21 +48,6 @@ ENV PATTERN="" \
     CHECKS_TEMPLATE="" \
     CHECKS_API="" \
     CHECKS_SETUP="" \
-    EXTENSIONS_PCI="" \
-    EXTENSIONS_GDPR="" \
-    EXTENSIONS_HIPAA="" \
-    EXTENSIONS_NIST="" \
-    EXTENSIONS_TSC="" \
-    EXTENSIONS_AUDIT="" \
-    EXTENSIONS_OSCAP="" \
-    EXTENSIONS_CISCAT="" \
-    EXTENSIONS_AWS="" \
-    EXTENSIONS_GCP="" \
-    EXTENSIONS_GITHUB=""\
-    EXTENSIONS_OFFICE=""\
-    EXTENSIONS_VIRUSTOTAL="" \
-    EXTENSIONS_OSQUERY="" \
-    EXTENSIONS_DOCKER="" \
     APP_TIMEOUT="" \
     API_SELECTOR="" \
     IP_SELECTOR="" \
@@ -100,6 +85,15 @@ COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
 RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
 
+# Set $JAVA_HOME
+RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
+    echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
+ENV JAVA_HOME=$INSTALL_DIR/jdk
+ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
+
+# Add k-NN lib directory to library loading path variable
+ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
+
 # Set workdir and user
 WORKDIR $INSTALL_DIR
 USER wazuh-dashboard
@@ -108,3 +102,5 @@ USER wazuh-dashboard
 EXPOSE 443
 
 ENTRYPOINT [ "/entrypoint.sh" ]
+
+CMD ["opensearch-dashboards"]

build-docker-images/wazuh-dashboard/config/check_repository.sh

@@ -1,29 +1,14 @@
 ## variables
-APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
 GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
-WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
-MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
-MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
-MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
-MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
-MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
-MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
+REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
 
-## check version to use the correct repository
-if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
-  APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
-  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
-    APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-    REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
-    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
-      APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-      REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-    fi
-  fi
+## check tag to use the correct repository
+if [[ -n "${WAZUH_TAG}" ]]; then
+  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
+  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
 fi
 
 rpm --import "${APT_KEY}"

build-docker-images/wazuh-dashboard/config/config.sh

@@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config
 
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.9/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.9/
+PACKAGES_URL=https://packages.wazuh.com/5.0/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
@@ -34,8 +34,8 @@ chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
 mkdir -p ${CONFIG_DIR}/certs
 
 # Copy Wazuh dashboard certs to install config dir
-cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
-cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
+cp /wazuh-certificates/dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
+cp /wazuh-certificates/dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
 cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
 
 chmod -R 500 ${CONFIG_DIR}/certs

build-docker-images/wazuh-dashboard/config/config.yml

@@ -1,5 +1,5 @@
 nodes:
   # Wazuh dashboard server nodes
   dashboard:
-    - name: demo.dashboard
-      ip: demo.dashboard
+    - name: dashboard
+      ip: wazuh.dashboard

build-docker-images/wazuh-dashboard/config/entrypoint.sh

@@ -2,6 +2,215 @@
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 
 INSTALL_DIR=/usr/share/wazuh-dashboard
+export OPENSEARCH_DASHBOARDS_HOME=$INSTALL_DIR
+WAZUH_CONFIG_MOUNT=/wazuh-config-mount
+
+opensearch_dashboards_vars=(
+    console.enabled
+    console.proxyConfig
+    console.proxyFilter
+    ops.cGroupOverrides.cpuPath
+    ops.cGroupOverrides.cpuAcctPath
+    cpu.cgroup.path.override
+    cpuacct.cgroup.path.override
+    server.basePath
+    server.customResponseHeaders
+    server.compression.enabled
+    server.compression.referrerWhitelist
+    server.cors
+    server.cors.origin
+    server.defaultRoute
+    server.host
+    server.keepAliveTimeout
+    server.maxPayloadBytes
+    server.name
+    server.port
+    csp.rules
+    csp.strict
+    csp.warnLegacyBrowsers
+    data.search.usageTelemetry.enabled
+    opensearch.customHeaders
+    opensearch.hosts
+    opensearch.logQueries
+    opensearch.memoryCircuitBreaker.enabled
+    opensearch.memoryCircuitBreaker.maxPercentage
+    opensearch.password
+    opensearch.pingTimeout
+    opensearch.requestHeadersWhitelist
+    opensearch.requestHeadersAllowlist
+    opensearch_security.multitenancy.enabled
+    opensearch_security.readonly_mode.roles
+    opensearch.requestTimeout
+    opensearch.shardTimeout
+    opensearch.sniffInterval
+    opensearch.sniffOnConnectionFault
+    opensearch.sniffOnStart
+    opensearch.ssl.alwaysPresentCertificate
+    opensearch.ssl.certificate
+    opensearch.ssl.key
+    opensearch.ssl.keyPassphrase
+    opensearch.ssl.keystore.path
+    opensearch.ssl.keystore.password
+    opensearch.ssl.truststore.path
+    opensearch.ssl.truststore.password
+    opensearch.ssl.verificationMode
+    opensearch.username
+    i18n.locale
+    interpreter.enableInVisualize
+    opensearchDashboards.autocompleteTerminateAfter
+    opensearchDashboards.autocompleteTimeout
+    opensearchDashboards.defaultAppId
+    opensearchDashboards.index
+    logging.dest
+    logging.json
+    logging.quiet
+    logging.rotate.enabled
+    logging.rotate.everyBytes
+    logging.rotate.keepFiles
+    logging.rotate.pollingInterval
+    logging.rotate.usePolling
+    logging.silent
+    logging.useUTC
+    logging.verbose
+    map.includeOpenSearchMapsService
+    map.proxyOpenSearchMapsServiceInMaps
+    map.regionmap
+    map.tilemap.options.attribution
+    map.tilemap.options.maxZoom
+    map.tilemap.options.minZoom
+    map.tilemap.options.subdomains
+    map.tilemap.url
+    monitoring.cluster_alerts.email_notifications.email_address
+    monitoring.enabled
+    monitoring.opensearchDashboards.collection.enabled
+    monitoring.opensearchDashboards.collection.interval
+    monitoring.ui.container.opensearch.enabled
+    monitoring.ui.container.logstash.enabled
+    monitoring.ui.opensearch.password
+    monitoring.ui.opensearch.pingTimeout
+    monitoring.ui.opensearch.hosts
+    monitoring.ui.opensearch.username
+    monitoring.ui.opensearch.logFetchCount
+    monitoring.ui.opensearch.ssl.certificateAuthorities
+    monitoring.ui.opensearch.ssl.verificationMode
+    monitoring.ui.enabled
+    monitoring.ui.max_bucket_size
+    monitoring.ui.min_interval_seconds
+    newsfeed.enabled
+    ops.interval
+    path.data
+    pid.file
+    regionmap
+    security.showInsecureClusterWarning
+    server.rewriteBasePath
+    server.socketTimeout
+    server.customResponseHeaders
+    server.ssl.enabled
+    server.ssl.key
+    server.ssl.keyPassphrase
+    server.ssl.keystore.path
+    server.ssl.keystore.password
+    server.ssl.truststore.path
+    server.ssl.truststore.password
+    server.ssl.cert
+    server.ssl.certificate
+    server.ssl.certificateAuthorities
+    server.ssl.cipherSuites
+    server.ssl.clientAuthentication
+    opensearch.ssl.certificateAuthorities
+    server.ssl.redirectHttpFromPort
+    server.ssl.supportedProtocols
+    server.xsrf.disableProtection
+    server.xsrf.whitelist
+    status.allowAnonymous
+    status.v6ApiFormat
+    tilemap.options.attribution
+    tilemap.options.maxZoom
+    tilemap.options.minZoom
+    tilemap.options.subdomains
+    tilemap.url
+    timeline.enabled
+    vega.enableExternalUrls
+    apm_oss.apmAgentConfigurationIndex
+    apm_oss.indexPattern
+    apm_oss.errorIndices
+    apm_oss.onboardingIndices
+    apm_oss.spanIndices
+    apm_oss.sourcemapIndices
+    apm_oss.transactionIndices
+    apm_oss.metricsIndices
+    telemetry.allowChangingOptInStatus
+    telemetry.enabled
+    telemetry.optIn
+    telemetry.optInStatusUrl
+    telemetry.sendUsageFrom
+    vis_builder.enabled
+    data_source.enabled
+    data_source.encryption.wrappingKeyName
+    data_source.encryption.wrappingKeyNamespace
+    data_source.encryption.wrappingKey
+    data_source.audit.enabled
+    data_source.audit.appender.kind
+    data_source.audit.appender.path
+    data_source.audit.appender.layout.kind
+    data_source.audit.appender.layout.highlight
+    data_source.audit.appender.layout.pattern
+    ml_commons_dashboards.enabled
+    assistant.chat.enabled
+    observability.query_assist.enabled
+    uiSettings.overrides.defaultRoute
+)
+
+print() {
+  echo -e $1
+}
+
+error_and_exit() {
+  echo "Error executing command: '$1'."
+  echo 'Exiting.'
+  exit 1
+}
+
+exec_cmd() {
+  eval $1 > /dev/null 2>&1 || error_and_exit "$1"
+}
+
+exec_cmd_stdout() {
+  eval $1 2>&1 || error_and_exit "$1"
+}
+
+function runOpensearchDashboards {
+    touch $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
+      for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
+        env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)
+        value=${!env_var}
+        if [[ -n $value ]]; then
+          longoptfile="${opensearch_dashboards_var}: ${value}"
+          if grep -q $opensearch_dashboards_var $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml; then
+            sed -i "/${opensearch_dashboards_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
+          else
+            echo $longoptfile >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
+          fi
+        fi
+      done
+
+    umask 0002
+
+    /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml \
+        --cpu.cgroup.path.override=/ \
+        --cpuacct.cgroup.path.override=/
+}
+
+mount_files() {
+  if [ -e $WAZUH_CONFIG_MOUNT/* ]
+  then
+    print "Identified Wazuh cdashboard onfiguration files to mount..."
+    exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $INSTALL_DIR"
+  else
+    print "No Wazuh dashboard configuration files to mount..."
+  fi
+}
+
 DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
 DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
 
@@ -17,4 +226,14 @@ echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add o
 
 /wazuh_app_config.sh $WAZUH_UI_REVISION
 
-/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+mount_files
+
+if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
+    set -- opensearch-dashboards "$@"
+fi
+
+if [ "$1" = "opensearch-dashboards" ]; then
+    runOpensearchDashboards "$@"
+else
+    exec "$@"
+fi

build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh

@@ -15,21 +15,6 @@ declare -A CONFIG_MAP=(
   [checks.template]=$CHECKS_TEMPLATE
   [checks.api]=$CHECKS_API
   [checks.setup]=$CHECKS_SETUP
-  [extensions.pci]=$EXTENSIONS_PCI
-  [extensions.gdpr]=$EXTENSIONS_GDPR
-  [extensions.hipaa]=$EXTENSIONS_HIPAA
-  [extensions.nist]=$EXTENSIONS_NIST
-  [extensions.tsc]=$EXTENSIONS_TSC
-  [extensions.audit]=$EXTENSIONS_AUDIT
-  [extensions.oscap]=$EXTENSIONS_OSCAP
-  [extensions.ciscat]=$EXTENSIONS_CISCAT
-  [extensions.aws]=$EXTENSIONS_AWS
-  [extensions.gcp]=$EXTENSIONS_GCP
-  [extensions.github]=$EXTENSIONS_GITHUB
-  [extensions.office]=$EXTENSIONS_OFFICE
-  [extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL
-  [extensions.osquery]=$EXTENSIONS_OSQUERY
-  [extensions.docker]=$EXTENSIONS_DOCKER
   [timeout]=$APP_TIMEOUT
   [api.selector]=$API_SELECTOR
   [ip.selector]=$IP_SELECTOR

build-docker-images/wazuh-indexer/Dockerfile

@@ -19,14 +19,6 @@ COPY config/config.sh .
 
 COPY config/config.yml /
 
-COPY config/action_groups.yml /
-
-COPY config/internal_users.yml /
-
-COPY config/roles_mapping.yml /
-
-COPY config/roles.yml /
-
 RUN bash config.sh
 
 ################################################################################
@@ -43,6 +35,15 @@ ENV USER="wazuh-indexer" \
     NAME="wazuh-indexer" \
     INSTALL_DIR="/usr/share/wazuh-indexer"
 
+# Set $JAVA_HOME
+RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
+    echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
+ENV JAVA_HOME="$INSTALL_DIR/jdk"
+ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
+
+# Add k-NN lib directory to library loading path variable
+ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
+
 RUN yum install curl-minimal shadow-utils findutils hostname -y
 
 RUN getent group $GROUP || groupadd -r -g 1000 $GROUP

build-docker-images/wazuh-indexer/config/action_groups.yml

@@ -1,12 +0,0 @@
----
-_meta:
-  type: "actiongroups"
-  config_version: 2
-
-# ISM API permissions group
-manage_ism:
-  reserved: true
-  hidden: false
-  allowed_actions:
-  - "cluster:admin/opendistro/ism/*"
-  static: false

build-docker-images/wazuh-indexer/config/check_repository.sh

@@ -1,29 +1,14 @@
 ## variables
-APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
 GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
-WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
-MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
-MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
-MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
-MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
-MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
-MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
+REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
 
-## check version to use the correct repository
-if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
-  APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
-  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
-    APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-    REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
-    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
-      APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-      REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-    fi
-  fi
+## check tag to use the correct repository
+if [[ -n "${WAZUH_TAG}" ]]; then
+  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
+  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
 fi
 
 rpm --import "${APT_KEY}"

build-docker-images/wazuh-indexer/config/config.sh

@@ -22,8 +22,8 @@ export REPO_DIR=/unattended_installer
 ## Variables
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/4.9/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.9/
+PACKAGES_URL=https://packages.wazuh.com/5.0/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

build-docker-images/wazuh-indexer/config/entrypoint.sh

@@ -7,12 +7,272 @@ umask 0002
 export USER=wazuh-indexer
 export INSTALLATION_DIR=/usr/share/wazuh-indexer
 export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}
-export JAVA_HOME=${INSTALLATION_DIR}/jdk
-export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
 export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
 export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem"
 export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem"
 
+opensearch_vars=(
+    cluster.name
+    node.name
+    node.roles
+    path.data
+    path.logs
+    bootstrap.memory_lock
+    network.host
+    http.port
+    transport.port
+    network.bind_host
+    network.publish_host
+    transport.tcp.port
+    compatibility.override_main_response_version
+    http.host
+    http.bind_host
+    http.publish_host
+    http.compression
+    transport.host
+    transport.bind_host
+    transport.publish_host
+    discovery.seed_hosts
+    discovery.seed_providers
+    discovery.type
+    cluster.initial_cluster_manager_nodes
+    cluster.initial_master_nodes
+    node.max_local_storage_nodes
+    gateway.recover_after_nodes
+    gateway.recover_after_data_nodes
+    gateway.expected_data_nodes
+    gateway.recover_after_time
+    plugins.security.nodes_dn
+    plugins.security.nodes_dn_dynamic_config_enabled
+    plugins.security.authcz.admin_dn
+    plugins.security.roles_mapping_resolution
+    plugins.security.dls.mode
+    plugins.security.compliance.salt
+    config.dynamic.http.anonymous_auth_enabled
+    plugins.security.restapi.roles_enabled
+    plugins.security.restapi.password_validation_regex
+    plugins.security.restapi.password_validation_error_message
+    plugins.security.restapi.password_min_length
+    plugins.security.restapi.password_score_based_validation_strength
+    plugins.security.unsupported.restapi.allow_securityconfig_modification
+    plugins.security.authcz.impersonation_dn
+    plugins.security.authcz.rest_impersonation_user
+    plugins.security.allow_default_init_securityindex
+    plugins.security.allow_unsafe_democertificates
+    plugins.security.system_indices.permission.enabled
+    plugins.security.config_index_name
+    plugins.security.cert.oid
+    plugins.security.cert.intercluster_request_evaluator_class
+    plugins.security.enable_snapshot_restore_privilege
+    plugins.security.check_snapshot_restore_write_privileges
+    plugins.security.cache.ttl_minutes
+    plugins.security.protected_indices.enabled
+    plugins.security.protected_indices.roles
+    plugins.security.protected_indices.indices
+    plugins.security.system_indices.enabled
+    plugins.security.system_indices.indices
+    plugins.security.audit.enable_rest
+    plugins.security.audit.enable_transport
+    plugins.security.audit.resolve_bulk_requests
+    plugins.security.audit.config.disabled_categories
+    plugins.security.audit.ignore_requests
+    plugins.security.audit.threadpool.size
+    plugins.security.audit.threadpool.max_queue_len
+    plugins.security.audit.ignore_users
+    plugins.security.audit.type
+    plugins.security.audit.config.http_endpoints
+    plugins.security.audit.config.index
+    plugins.security.audit.config.type
+    plugins.security.audit.config.username
+    plugins.security.audit.config.password
+    plugins.security.audit.config.enable_ssl
+    plugins.security.audit.config.verify_hostnames
+    plugins.security.audit.config.enable_ssl_client_auth
+    plugins.security.audit.config.cert_alias
+    plugins.security.audit.config.pemkey_filepath
+    plugins.security.audit.config.pemkey_content
+    plugins.security.audit.config.pemkey_password
+    plugins.security.audit.config.pemcert_filepath
+    plugins.security.audit.config.pemcert_content
+    plugins.security.audit.config.pemtrustedcas_filepath
+    plugins.security.audit.config.pemtrustedcas_content
+    plugins.security.audit.config.webhook.url
+    plugins.security.audit.config.webhook.format
+    plugins.security.audit.config.webhook.ssl.verify
+    plugins.security.audit.config.webhook.ssl.pemtrustedcas_filepath
+    plugins.security.audit.config.webhook.ssl.pemtrustedcas_content
+    plugins.security.audit.config.log4j.logger_name
+    plugins.security.audit.config.log4j.level
+    opendistro_security.audit.config.disabled_rest_categories
+    opendistro_security.audit.config.disabled_transport_categories
+    plugins.security.ssl.transport.enforce_hostname_verification
+    plugins.security.ssl.transport.resolve_hostname
+    plugins.security.ssl.http.clientauth_mode
+    plugins.security.ssl.http.enabled_ciphers
+    plugins.security.ssl.http.enabled_protocols
+    plugins.security.ssl.transport.enabled_ciphers
+    plugins.security.ssl.transport.enabled_protocols
+    plugins.security.ssl.transport.keystore_type
+    plugins.security.ssl.transport.keystore_filepath
+    plugins.security.ssl.transport.keystore_alias
+    plugins.security.ssl.transport.keystore_password
+    plugins.security.ssl.transport.truststore_type
+    plugins.security.ssl.transport.truststore_filepath
+    plugins.security.ssl.transport.truststore_alias
+    plugins.security.ssl.transport.truststore_password
+    plugins.security.ssl.http.enabled
+    plugins.security.ssl.http.keystore_type
+    plugins.security.ssl.http.keystore_filepath
+    plugins.security.ssl.http.keystore_alias
+    plugins.security.ssl.http.keystore_password
+    plugins.security.ssl.http.truststore_type
+    plugins.security.ssl.http.truststore_filepath
+    plugins.security.ssl.http.truststore_alias
+    plugins.security.ssl.http.truststore_password
+    plugins.security.ssl.transport.enable_openssl_if_available
+    plugins.security.ssl.http.enable_openssl_if_available
+    plugins.security.ssl.transport.pemkey_filepath
+    plugins.security.ssl.transport.pemkey_password
+    plugins.security.ssl.transport.pemcert_filepath
+    plugins.security.ssl.transport.pemtrustedcas_filepath
+    plugins.security.ssl.http.pemkey_filepath
+    plugins.security.ssl.http.pemkey_password
+    plugins.security.ssl.http.pemcert_filepath
+    plugins.security.ssl.http.pemtrustedcas_filepath
+    plugins.security.ssl.transport.enabled
+    plugins.security.ssl.transport.client.pemkey_password
+    plugins.security.ssl.transport.keystore_keypassword
+    plugins.security.ssl.transport.server.keystore_keypassword
+    plugins.sercurity.ssl.transport.server.keystore_alias
+    plugins.sercurity.ssl.transport.client.keystore_alias
+    plugins.sercurity.ssl.transport.server.truststore_alias
+    plugins.sercurity.ssl.transport.client.truststore_alias
+    plugins.security.ssl.client.external_context_id
+    plugins.secuirty.ssl.transport.principal_extractor_class
+    plugins.security.ssl.http.crl.file_path
+    plugins.security.ssl.http.crl.validate
+    plugins.security.ssl.http.crl.prefer_crlfile_over_ocsp
+    plugins.security.ssl.http.crl.check_only_end_entitites
+    plugins.security.ssl.http.crl.disable_ocsp
+    plugins.security.ssl.http.crl.disable_crldp
+    plugins.security.ssl.allow_client_initiated_renegotiation
+    indices.breaker.total.use_real_memory
+    indices.breaker.total.limit
+    indices.breaker.fielddata.limit
+    indices.breaker.fielddata.overhead
+    indices.breaker.request.limit
+    indices.breaker.request.overhead
+    network.breaker.inflight_requests.limit
+    network.breaker.inflight_requests.overhead
+    cluster.routing.allocation.enable
+    cluster.routing.allocation.node_concurrent_incoming_recoveries
+    cluster.routing.allocation.node_concurrent_outgoing_recoveries
+    cluster.routing.allocation.node_concurrent_recoveries
+    cluster.routing.allocation.node_initial_primaries_recoveries
+    cluster.routing.allocation.same_shard.host
+    cluster.routing.rebalance.enable
+    cluster.routing.allocation.allow_rebalance
+    cluster.routing.allocation.cluster_concurrent_rebalance
+    cluster.routing.allocation.balance.shard
+    cluster.routing.allocation.balance.index
+    cluster.routing.allocation.balance.threshold
+    cluster.routing.allocation.balance.prefer_primary
+    cluster.routing.allocation.disk.threshold_enabled
+    cluster.routing.allocation.disk.watermark.low
+    cluster.routing.allocation.disk.watermark.high
+    cluster.routing.allocation.disk.watermark.flood_stage
+    cluster.info.update.interval
+    cluster.routing.allocation.shard_movement_strategy
+    cluster.blocks.read_only
+    cluster.blocks.read_only_allow_delete
+    cluster.max_shards_per_node
+    cluster.persistent_tasks.allocation.enable
+    cluster.persistent_tasks.allocation.recheck_interval
+    cluster.search.request.slowlog.threshold.warn
+    cluster.search.request.slowlog.threshold.info
+    cluster.search.request.slowlog.threshold.debug
+    cluster.search.request.slowlog.threshold.trace
+    cluster.search.request.slowlog.level
+    cluster.fault_detection.leader_check.timeout
+    cluster.fault_detection.follower_check.timeout
+    action.auto_create_index
+    action.destructive_requires_name
+    cluster.default.index.refresh_interval
+    cluster.minimum.index.refresh_interval
+    cluster.indices.close.enable
+    indices.recovery.max_bytes_per_sec
+    indices.recovery.max_concurrent_file_chunks
+    indices.recovery.max_concurrent_operations
+    indices.recovery.max_concurrent_remote_store_streams
+    indices.time_series_index.default_index_merge_policy
+    indices.fielddata.cache.size
+    index.number_of_shards
+    index.number_of_routing_shards
+    index.shard.check_on_startup
+    index.codec
+    index.codec.compression_level
+    index.routing_partition_size
+    index.soft_deletes.retention_lease.period
+    index.load_fixed_bitset_filters_eagerly
+    index.hidden
+    index.merge.policy
+    index.merge_on_flush.enabled
+    index.merge_on_flush.max_full_flush_merge_wait_time
+    index.merge_on_flush.policy
+    index.check_pending_flush.enabled
+    index.number_of_replicas
+    index.auto_expand_replicas
+    index.search.idle.after
+    index.refresh_interval
+    index.max_result_window
+    index.max_inner_result_window
+    index.max_rescore_window
+    index.max_docvalue_fields_search
+    index.max_script_fields
+    index.max_ngram_diff
+    index.max_shingle_diff
+    index.max_refresh_listeners
+    index.analyze.max_token_count
+    index.highlight.max_analyzed_offset
+    index.max_terms_count
+    index.max_regex_length
+    index.query.default_field
+    index.query.max_nested_depth
+    index.routing.allocation.enable
+    index.routing.rebalance.enable
+    index.gc_deletes
+    index.default_pipeline
+    index.final_pipeline
+    index.optimize_doc_id_lookup.fuzzy_set.enabled
+    index.optimize_doc_id_lookup.fuzzy_set.false_positive_probability
+    search.max_buckets
+    search.phase_took_enabled
+    search.allow_expensive_queries
+    search.default_allow_partial_results
+    search.cancel_after_time_interval
+    search.default_search_timeout
+    search.default_keep_alive
+    search.keep_alive_interval
+    search.max_keep_alive
+    search.low_level_cancellation
+    search.max_open_scroll_context
+    search.request_stats_enabled
+    search.highlight.term_vector_multi_value
+    snapshot.max_concurrent_operations
+    cluster.remote_store.translog.buffer_interval
+    remote_store.moving_average_window_size
+    opensearch.notifications.core.allowed_config_types
+    opensearch.notifications.core.email.minimum_header_length
+    opensearch.notifications.core.email.size_limit
+    opensearch.notifications.core.http.connection_timeout
+    opensearch.notifications.core.http.host_deny_list
+    opensearch.notifications.core.http.max_connection_per_route
+    opensearch.notifications.core.http.max_connections
+    opensearch.notifications.core.http.socket_timeout
+    opensearch.notifications.core.tooltip_support
+    opensearch.notifications.general.filter_by_backend_roles
+)
+
 run_as_other_user_if_needed() {
   if [[ "$(id -u)" == "0" ]]; then
     # If running as root, drop to specified UID and run command
@@ -24,6 +284,37 @@ run_as_other_user_if_needed() {
   fi
 }
 
+function buildOpensearchConfig {
+    echo "" >> $OPENSEARCH_PATH_CONF/opensearch.yml
+      for opensearch_var in ${opensearch_vars[*]}; do
+        env_var=$(echo ${opensearch_var^^} | tr . _)
+        value=${!env_var}
+        if [[ -n $value ]]; then
+          if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then
+            lineNum="$(grep -n "$opensearch_var" $OPENSEARCH_PATH_CONF/opensearch.yml | head -n 1 | cut -d: -f1)"
+            sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml
+            charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1)
+          fi
+          while :
+          do
+            case "$charline" in
+              "-"| "#" |" ") sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml;;
+              *) break;;
+            esac
+            charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1)
+          done
+          longoptfile="${opensearch_var}: ${value}"
+          if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then
+            sed -i "/${opensearch_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_PATH_CONF/opensearch.yml
+          else
+            echo $longoptfile >> $OPENSEARCH_PATH_CONF/opensearch.yml
+          fi
+        fi
+      done
+}
+
+buildOpensearchConfig
+
 # Allow user specify custom CMD, maybe bin/opensearch itself
 # for example to directly specify `-E` style parameters for opensearch on k8s
 # or simply to run /bin/bash to check the image
@@ -84,10 +375,4 @@ if [[ "$(id -u)" == "0" ]]; then
 fi
 
 
-#if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then
-  # run securityadmin.sh for single node with CACERT, CERT and KEY parameter
-#  nohup /securityadmin.sh &
-#  touch "/var/lib/wazuh-indexer/.flag"
-#fi
-
 run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD"

build-docker-images/wazuh-indexer/config/internal_users.yml

@@ -1,74 +0,0 @@
----
-# This is the internal user database
-# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
-
-_meta:
-  type: "internalusers"
-  config_version: 2
-
-# Define your internal users here
-
-## Demo users
-
-admin:
-  hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG"
-  reserved: true
-  backend_roles:
-  - "admin"
-  description: "Demo admin user"
-
-kibanaserver:
-  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
-  reserved: true
-  description: "Demo kibanaserver user"
-
-kibanaro:
-  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
-  reserved: false
-  backend_roles:
-  - "kibanauser"
-  - "readall"
-  attributes:
-    attribute1: "value1"
-    attribute2: "value2"
-    attribute3: "value3"
-  description: "Demo kibanaro user"
-
-logstash:
-  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
-  reserved: false
-  backend_roles:
-  - "logstash"
-  description: "Demo logstash user"
-
-readall:
-  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
-  reserved: false
-  backend_roles:
-  - "readall"
-  description: "Demo readall user"
-
-snapshotrestore:
-  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
-  reserved: false
-  backend_roles:
-  - "snapshotrestore"
-  description: "Demo snapshotrestore user"
-
-wazuh_admin:
-  hash: "$2y$12$d2awHiOYvZjI88VfsDON.u6buoBol0gYPJEgdG1ArKVE0OMxViFfu"
-  reserved: true
-  hidden: false
-  backend_roles: []
-  attributes: {}
-  opendistro_security_roles: []
-  static: false
-  
-wazuh_user:
-  hash: "$2y$12$BQixeoQdRubZdVf/7sq1suHwiVRnSst1.lPI2M0.GPZms4bq2D9vO"
-  reserved: true
-  hidden: false
-  backend_roles: []
-  attributes: {}
-  opendistro_security_roles: []
-  static: false  

build-docker-images/wazuh-indexer/config/opensearch.yml

@@ -1,26 +0,0 @@
-network.host: "0.0.0.0"
-node.name: "wazuh.indexer"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-discovery.type: single-node
-compatibility.override_main_response_version: true
-plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem
-plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem
-plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem
-plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
-- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
-- "CN=demo.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
-- "all_access"
-- "security_rest_api_access"
-plugins.security.system_indices.enabled: true
-plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]

build-docker-images/wazuh-indexer/config/roles.yml

@@ -1,171 +0,0 @@
-_meta:
-  type: "roles"
-  config_version: 2
-
-# Restrict users so they can only view visualization and dashboards on kibana
-kibana_read_only:
-  reserved: true
-
-# The security REST API access role is used to assign specific users access to change the security settings through the REST API.
-security_rest_api_access:
-  reserved: true
-
-# Allows users to view monitors, destinations and alerts
-alerting_read_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/alerting/alerts/get'
-    - 'cluster:admin/opendistro/alerting/destination/get'
-    - 'cluster:admin/opendistro/alerting/monitor/get'
-    - 'cluster:admin/opendistro/alerting/monitor/search'
-
-# Allows users to view and acknowledge alerts
-alerting_ack_alerts:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/alerting/alerts/*'
-
-# Allows users to use all alerting functionality
-alerting_full_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster_monitor'
-    - 'cluster:admin/opendistro/alerting/*'
-  index_permissions:
-    - index_patterns:
-        - '*'
-      allowed_actions:
-        - 'indices_monitor'
-        - 'indices:admin/aliases/get'
-        - 'indices:admin/mappings/get'
-
-# Allow users to read Anomaly Detection detectors and results
-anomaly_read_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/ad/detector/info'
-    - 'cluster:admin/opendistro/ad/detector/search'
-    - 'cluster:admin/opendistro/ad/detectors/get'
-    - 'cluster:admin/opendistro/ad/result/search'
-    - 'cluster:admin/opendistro/ad/tasks/search'
-
-# Allows users to use all Anomaly Detection functionality
-anomaly_full_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster_monitor'
-    - 'cluster:admin/opendistro/ad/*'
-  index_permissions:
-    - index_patterns:
-        - '*'
-      allowed_actions:
-        - 'indices_monitor'
-        - 'indices:admin/aliases/get'
-        - 'indices:admin/mappings/get'
-
-# Allows users to read Notebooks
-notebooks_read_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/notebooks/list'
-    - 'cluster:admin/opendistro/notebooks/get'
-
-# Allows users to all Notebooks functionality
-notebooks_full_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/notebooks/create'
-    - 'cluster:admin/opendistro/notebooks/update'
-    - 'cluster:admin/opendistro/notebooks/delete'
-    - 'cluster:admin/opendistro/notebooks/get'
-    - 'cluster:admin/opendistro/notebooks/list'
-
-# Allows users to read and download Reports
-reports_instances_read_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/reports/instance/list'
-    - 'cluster:admin/opendistro/reports/instance/get'
-    - 'cluster:admin/opendistro/reports/menu/download'
-
-# Allows users to read and download Reports and Report-definitions
-reports_read_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/reports/definition/get'
-    - 'cluster:admin/opendistro/reports/definition/list'
-    - 'cluster:admin/opendistro/reports/instance/list'
-    - 'cluster:admin/opendistro/reports/instance/get'
-    - 'cluster:admin/opendistro/reports/menu/download'
-
-# Allows users to all Reports functionality
-reports_full_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/reports/definition/create'
-    - 'cluster:admin/opendistro/reports/definition/update'
-    - 'cluster:admin/opendistro/reports/definition/on_demand'
-    - 'cluster:admin/opendistro/reports/definition/delete'
-    - 'cluster:admin/opendistro/reports/definition/get'
-    - 'cluster:admin/opendistro/reports/definition/list'
-    - 'cluster:admin/opendistro/reports/instance/list'
-    - 'cluster:admin/opendistro/reports/instance/get'
-    - 'cluster:admin/opendistro/reports/menu/download'
-
-# Allows users to use all asynchronous-search functionality
-asynchronous_search_full_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/asynchronous_search/*'
-  index_permissions:
-    - index_patterns:
-        - '*'
-      allowed_actions:
-        - 'indices:data/read/search*'
-
-# Allows users to read stored asynchronous-search results
-asynchronous_search_read_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/asynchronous_search/get'
-
-wazuh_ui_user:
-  reserved: true
-  hidden: false
-  cluster_permissions: []
-  index_permissions:
-  - index_patterns:
-    - "wazuh-*"
-    dls: ""
-    fls: []
-    masked_fields: []
-    allowed_actions:
-    - "read"
-  tenant_permissions: []
-  static: false
-
-wazuh_ui_admin:
-  reserved: true
-  hidden: false
-  cluster_permissions: []
-  index_permissions:
-  - index_patterns:
-    - "wazuh-*"
-    dls: ""
-    fls: []
-    masked_fields: []
-    allowed_actions:
-    - "read"
-    - "delete"
-    - "manage"
-    - "index"
-  tenant_permissions: []
-  static: false
-
-# ISM API permissions role
-manage_ism:
-  reserved: true
-  hidden: false
-  cluster_permissions:
-  - "manage_ism"
-  static: false

build-docker-images/wazuh-indexer/config/roles_mapping.yml

@@ -1,78 +0,0 @@
----
-# In this file users, backendroles and hosts can be mapped to Wazuh indexer Security roles.
-# Permissions for Wazuh indexer roles are configured in roles.yml
-
-_meta:
-  type: "rolesmapping"
-  config_version: 2
-
-# Define your roles mapping here
-
-## Demo roles mapping
-
-all_access:
-  reserved: false
-  backend_roles:
-  - "admin"
-  description: "Maps admin to all_access"
-
-own_index:
-  reserved: false
-  users:
-  - "*"
-  description: "Allow full access to an index named like the username"
-
-logstash:
-  reserved: false
-  backend_roles:
-  - "logstash"
-
-kibana_user:
-  reserved: false
-  backend_roles:
-  - "kibanauser"
-  users:
-  - "wazuh_user"
-  - "wazuh_admin"
-  description: "Maps kibanauser to kibana_user"
-
-readall:
-  reserved: false
-  backend_roles:
-  - "readall"
-
-manage_snapshots:
-  reserved: false
-  backend_roles:
-  - "snapshotrestore"
-
-kibana_server:
-  reserved: true
-  users:
-  - "kibanaserver"
-
-wazuh_ui_admin:
-  reserved: true
-  hidden: false
-  backend_roles: []
-  hosts: []
-  users:
-  - "wazuh_admin"
-  - "kibanaserver"
-  and_backend_roles: []
-
-wazuh_ui_user:
-  reserved: true
-  hidden: false
-  backend_roles: []
-  hosts: []
-  users:
-  - "wazuh_user"
-  and_backend_roles: []
-
-# ISM API permissions role mapping
-manage_ism:
-  reserved: true
-  hidden: false
-  users:
-  - "kibanaserver"

build-docker-images/wazuh-manager/Dockerfile

@@ -60,6 +60,8 @@ RUN mkdir -p /var/ossec/var/multigroups && \
     sync && /permanent_data.sh && \
     sync && rm /permanent_data.sh
 
+RUN rm /etc/yum.repos.d/wazuh.repo
+
 # Services ports
 EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp
 

build-docker-images/wazuh-manager/config/check_repository.sh

@@ -1,29 +1,14 @@
 ## variables
-APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
 GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
-REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
-WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
-MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
-MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
-MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
-MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
-MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
-MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
+REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
+WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
 
-## check version to use the correct repository
-if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
-  APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
-  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
-    APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-    REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
-    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
-      APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-      REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
-    fi
-  fi
+## check tag to use the correct repository
+if [[ -n "${WAZUH_TAG}" ]]; then
+  APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+  GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
+  REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
 fi
 
 rpm --import "${APT_KEY}"

build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init

@@ -51,7 +51,7 @@ mount_permanent_data() {
         print "Installing ${permanent_dir}"
         exec_cmd "cp -a ${data_tmp}. ${permanent_dir}"
       else
-        print "The path ${permanent_dir} is empty, skiped"
+        print "The path ${permanent_dir} is empty, skipped"
       fi
     fi
   done

build-docker-images/wazuh-manager/config/etc/cont-init.d/1-config-filebeat

@@ -4,7 +4,7 @@
 set -e
 
 if [ "$INDEXER_URL" != "" ]; then
-  >&2 echo "Customize Elasticsearch ouput IP"
+  >&2 echo "Customize Elasticsearch output IP"
   sed -i "s|hosts:.*|hosts: ['$INDEXER_URL']|g" /etc/filebeat/filebeat.yml
 fi
 

build-docker-images/wazuh-manager/config/filebeat_module.sh

@@ -1,23 +1,10 @@
-REPOSITORY="packages.wazuh.com/4.x"
-WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
-MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
-MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
-MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
-MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
-MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
-MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
+## variables
+REPOSITORY="packages-dev.wazuh.com/pre-release"
+WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^v${WAZUH_VERSION}$)
 
-## check version to use the correct repository
-if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
-  REPOSITORY="packages-dev.wazuh.com/pre-release"
-elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
-  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
-    REPOSITORY="packages-dev.wazuh.com/pre-release"
-  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
-    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
-      REPOSITORY="packages-dev.wazuh.com/pre-release"
-    fi
-  fi
+## check tag to use the correct repository
+if [[ -n "${WAZUH_TAG}" ]]; then
+  REPOSITORY="packages.wazuh.com/4.x"
 fi
 
 curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm &&\

indexer-certs-creator/README.md

@@ -1,9 +0,0 @@
-# Certificate creation image build
-
-The dockerfile hosted in this directory is used to build the image used to boot Wazuh's single node and multi node stacks.
-
-To create the image, the following command must be executed:
-
-```
-$ docker build -t wazuh/wazuh-certs-generator:0.0.1 .
-```

multi-node/Migration-to-Wazuh-4.4.md

@@ -354,7 +354,7 @@ docker container run --rm -it \
 ```
 git checkout 4.4
 cd multi-node
-docker-compose -f generate-indexer-certs.yml run --rm generator
+docker-compose -f generate-certs.yml run --rm generator
 docker-compose up -d
 ```
 

multi-node/README.md

@@ -1,6 +1,6 @@
 # Deploy Wazuh Docker in multi node configuration
 
-This deployment is defined in the `docker-compose.yml` file with two Wazuh manager containers, three Wazuh indexer containers, and one Wazuh dashboard container. It can be deployed by following these steps: 
+This deployment is defined in the `docker-compose.yml` file with two Wazuh manager containers, three Wazuh indexer containers, and one Wazuh dashboard container. It can be deployed by following these steps:
 
 1) Increase max_map_count on your host (Linux). This command must be run with root permissions:
 ```
@@ -8,18 +8,18 @@ $ sysctl -w vm.max_map_count=262144
 ```
 2) Run the certificate creation script:
 ```
-$ docker-compose -f generate-indexer-certs.yml run --rm generator
+$ docker compose -f generate-certs.yml run --rm generator
 ```
-3) Start the environment with docker-compose:
+3) Start the environment with docker compose:
 
 - In the foregroud:
 ```
-$ docker-compose up
+$ docker compose up
 ```
 
 - In the background:
 ```
-$ docker-compose up -d
+$ docker compose up -d
 ```
 
 

multi-node/config/wazuh_dashboard/opensearch_dashboards.yml

@@ -1,12 +0,0 @@
-server.host: 0.0.0.0
-server.port: 5601
-opensearch.hosts: https://wazuh1.indexer:9200
-opensearch.ssl.verificationMode: certificate
-opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
-opensearch_security.multitenancy.enabled: false
-opensearch_security.readonly_mode.roles: ["kibana_read_only"]
-server.ssl.enabled: true
-server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
-server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
-opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
-uiSettings.overrides.defaultRoute: /app/wz-home

multi-node/config/wazuh_indexer/wazuh1.indexer.yml

@@ -1,38 +0,0 @@
-network.host: wazuh1.indexer
-node.name: wazuh1.indexer
-cluster.initial_master_nodes:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-cluster.name: "wazuh-cluster"
-discovery.seed_hosts:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-node.max_local_storage_nodes: "3"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
-- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
-- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
-- "all_access"
-- "security_rest_api_access"
-plugins.security.allow_default_init_securityindex: true
-cluster.routing.allocation.disk.threshold_enabled: false
-compatibility.override_main_response_version: true

multi-node/config/wazuh_indexer/wazuh2.indexer.yml

@@ -1,38 +0,0 @@
-network.host: wazuh2.indexer
-node.name: wazuh2.indexer
-cluster.initial_master_nodes:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-cluster.name: "wazuh-cluster"
-discovery.seed_hosts:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-node.max_local_storage_nodes: "3"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
-- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
-- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
-- "all_access"
-- "security_rest_api_access"
-plugins.security.allow_default_init_securityindex: true
-cluster.routing.allocation.disk.threshold_enabled: false
-compatibility.override_main_response_version: true

multi-node/config/wazuh_indexer/wazuh3.indexer.yml

@@ -1,38 +0,0 @@
-network.host: wazuh3.indexer
-node.name: wazuh3.indexer
-cluster.initial_master_nodes:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-cluster.name: "wazuh-cluster"
-discovery.seed_hosts:
-        - wazuh1.indexer
-        - wazuh2.indexer
-        - wazuh3.indexer
-node.max_local_storage_nodes: "3"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
-- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
-- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
-- "all_access"
-- "security_rest_api_access"
-plugins.security.allow_default_init_securityindex: true
-cluster.routing.allocation.disk.threshold_enabled: false
-compatibility.override_main_response_version: true

multi-node/docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh.master:
-    image: wazuh/wazuh-manager:4.9.0
+    image: wazuh/wazuh-manager:5.0.0
     hostname: wazuh.master
     restart: always
     ulimits:
@@ -18,15 +18,15 @@ services:
       - "514:514/udp"
       - "55000:55000"
     environment:
-      - INDEXER_URL=https://wazuh1.indexer:9200
-      - INDEXER_USERNAME=admin
-      - INDEXER_PASSWORD=SecretPassword
-      - FILEBEAT_SSL_VERIFICATION_MODE=full
-      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
-      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
-      - SSL_KEY=/etc/ssl/filebeat.key
-      - API_USERNAME=wazuh-wui
-      - API_PASSWORD=MyS3cr37P450r.*-
+      INDEXER_URL: https://wazuh1.indexer:9200
+      INDEXER_USERNAME: admin
+      INDEXER_PASSWORD: admin
+      FILEBEAT_SSL_VERIFICATION_MODE: full
+      SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
+      SSL_CERTIFICATE: /etc/ssl/filebeat.pem
+      SSL_KEY: /etc/ssl/filebeat.key
+      API_USERNAME: wazuh-wui
+      API_PASSWORD: MyS3cr37P450r.*-
     volumes:
       - master-wazuh-api-configuration:/var/ossec/api/configuration
       - master-wazuh-etc:/var/ossec/etc
@@ -45,7 +45,7 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.worker:
-    image: wazuh/wazuh-manager:4.9.0
+    image: wazuh/wazuh-manager:5.0.0
     hostname: wazuh.worker
     restart: always
     ulimits:
@@ -56,13 +56,13 @@ services:
         soft: 655360
         hard: 655360
     environment:
-      - INDEXER_URL=https://wazuh1.indexer:9200
-      - INDEXER_USERNAME=admin
-      - INDEXER_PASSWORD=SecretPassword
-      - FILEBEAT_SSL_VERIFICATION_MODE=full
-      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
-      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
-      - SSL_KEY=/etc/ssl/filebeat.key
+      INDEXER_URL: https://wazuh1.indexer:9200
+      INDEXER_USERNAME: admin
+      INDEXER_PASSWORD: admin
+      FILEBEAT_SSL_VERIFICATION_MODE: full
+      SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
+      SSL_CERTIFICATE: /etc/ssl/filebeat.pem
+      SSL_KEY: /etc/ssl/filebeat.key
     volumes:
       - worker-wazuh-api-configuration:/var/ossec/api/configuration
       - worker-wazuh-etc:/var/ossec/etc
@@ -81,14 +81,9 @@ services:
       - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh1.indexer:
-    image: wazuh/wazuh-indexer:4.9.0
+    image: wazuh/wazuh-indexer:5.0.0
     hostname: wazuh1.indexer
     restart: always
-    ports:
-      - "9200:9200"
-    environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
-      - "bootstrap.memory_lock=true"
     ulimits:
       memlock:
         soft: -1
@@ -96,6 +91,38 @@ services:
       nofile:
         soft: 65536
         hard: 65536
+    ports:
+      - "9200:9200"
+    environment:
+      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
+      bootstrap.memory_lock: "true"
+      NETWORK_HOST: wazuh1.indexer
+      NODE_NAME: wazuh1.indexer
+      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      CLUSTER_NAME: "wazuh-cluster"
+      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      NODE_MAX_LOCAL_STORAGE_NODES: "3"
+      PATH_DATA: /var/lib/wazuh-indexer
+      PATH_LOGS: /var/log/wazuh-indexer
+      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
+      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key
+      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
+      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
+      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
+      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
+      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
+      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
+      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
+      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
+      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
+      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
+      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
+      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
     volumes:
       - wazuh-indexer-data-1:/var/lib/wazuh-indexer
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
@@ -103,16 +130,13 @@ services:
       - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
       - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
       - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
-      - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
-      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
 
   wazuh2.indexer:
-    image: wazuh/wazuh-indexer:4.9.0
+    image: wazuh/wazuh-indexer:5.0.0
     hostname: wazuh2.indexer
     restart: always
-    environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
-      - "bootstrap.memory_lock=true"
     ulimits:
       memlock:
         soft: -1
@@ -120,21 +144,48 @@ services:
       nofile:
         soft: 65536
         hard: 65536
+    environment:
+      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
+      bootstrap.memory_lock: "true"
+      NETWORK_HOST: wazuh2.indexer
+      NODE_NAME: wazuh2.indexer
+      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      CLUSTER_NAME: "wazuh-cluster"
+      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      NODE_MAX_LOCAL_STORAGE_NODES: "3"
+      PATH_DATA: /var/lib/wazuh-indexer
+      PATH_LOGS: /var/log/wazuh-indexer
+      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
+      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key
+      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
+      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
+      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
+      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
+      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
+      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
+      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
+      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
+      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
+      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
+      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
+      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
     volumes:
       - wazuh-indexer-data-2:/var/lib/wazuh-indexer
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.key
       - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
-      - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
-      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
 
   wazuh3.indexer:
-    image: wazuh/wazuh-indexer:4.9.0
+    image: wazuh/wazuh-indexer:5.0.0
     hostname: wazuh3.indexer
     restart: always
-    environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
-      - "bootstrap.memory_lock=true"
     ulimits:
       memlock:
         soft: -1
@@ -142,35 +193,84 @@ services:
       nofile:
         soft: 65536
         hard: 65536
+    environment:
+      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
+      bootstrap.memory_lock: "true"
+      NETWORK_HOST: wazuh3.indexer
+      NODE_NAME: wazuh3.indexer
+      CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      CLUSTER_NAME: "wazuh-cluster"
+      DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
+      NODE_MAX_LOCAL_STORAGE_NODES: "3"
+      PATH_DATA: /var/lib/wazuh-indexer
+      PATH_LOGS: /var/log/wazuh-indexer
+      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
+      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key
+      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
+      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
+      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
+      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
+      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
+      PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
+      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
+      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
+      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
+      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
+      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
+      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
     volumes:
       - wazuh-indexer-data-3:/var/lib/wazuh-indexer
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.key
       - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
-      - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
-      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.9.0
+    image: wazuh/wazuh-dashboard:5.0.0
     hostname: wazuh.dashboard
     restart: always
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
     ports:
       - 443:5601
     environment:
-      - OPENSEARCH_HOSTS="https://wazuh1.indexer:9200"
-      - WAZUH_API_URL="https://wazuh.master"
-      - API_USERNAME=wazuh-wui
-      - API_PASSWORD=MyS3cr37P450r.*-
-      - DASHBOARD_USERNAME=kibanaserver
-      - DASHBOARD_PASSWORD=kibanaserver
+      OPENSEARCH_HOSTS: "https://wazuh1.indexer:9200"
+      WAZUH_API_URL: "https://wazuh.master"
+      API_USERNAME: wazuh-wui
+      API_PASSWORD: MyS3cr37P450r.*-
+      DASHBOARD_USERNAME: kibanaserver
+      DASHBOARD_PASSWORD: kibanaserver
+      SERVER_HOST: "0.0.0.0"
+      SERVER_PORT: "5601"
+      OPENSEARCH_SSL_VERIFICATIONMODE: certificate
+      OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]'
+      OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false"
+      SERVER_SSL_ENABLED: "true"
+      OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]'
+      SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
+      SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
+      OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]'
+      UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home
     volumes:
+      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
+      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
-      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
       - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
-      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
-      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
+      #  if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
     depends_on:
       - wazuh1.indexer
     links:

multi-node/generate-certs.yml

@@ -1,10 +1,9 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-version: '3'
-
 services:
   generator:
-    image: wazuh/wazuh-certs-generator:0.0.2
-    hostname: wazuh-certs-generator
+    image: wazuh/wazuh-cert-tool:5.0.0
+    hostname: wazuh-cert-tool
+    container_name: wazuh-cert-tool
     volumes:
       - ./config/wazuh_indexer_ssl_certs/:/certificates/
-      - ./config/certs.yml:/config/certs.yml
+      - ./config/certs.yml:/config/certs.yml

single-node/README.md

@@ -8,17 +8,17 @@ $ sysctl -w vm.max_map_count=262144
 ```
 2) Run the certificate creation script:
 ```
-$ docker-compose -f generate-indexer-certs.yml run --rm generator
+$ docker compose -f generate-certs.yml run --rm generator
 ```
-3) Start the environment with docker-compose:
+3) Start the environment with docker compose:
 
 - In the foregroud:
 ```
-$ docker-compose up
+$ docker compose up
 ```
 - In the background:
 ```
-$ docker-compose up -d
+$ docker compose up -d
 ```
 
 The environment takes about 1 minute to get up (depending on your Docker host) for the first time since Wazuh Indexer must be started for the first time and the indexes and index patterns must be generated.

single-node/docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh.manager:
-    image: wazuh/wazuh-manager:4.9.0
+    image: wazuh/wazuh-manager:5.0.0
     hostname: wazuh.manager
     restart: always
     ulimits:
@@ -19,15 +19,15 @@ services:
       - "514:514/udp"
       - "55000:55000"
     environment:
-      - INDEXER_URL=https://wazuh.indexer:9200
-      - INDEXER_USERNAME=admin
-      - INDEXER_PASSWORD=SecretPassword
-      - FILEBEAT_SSL_VERIFICATION_MODE=full
-      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
-      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
-      - SSL_KEY=/etc/ssl/filebeat.key
-      - API_USERNAME=wazuh-wui
-      - API_PASSWORD=MyS3cr37P450r.*-
+      INDEXER_URL: https://wazuh.indexer:9200
+      INDEXER_USERNAME: admin
+      INDEXER_PASSWORD: admin
+      FILEBEAT_SSL_VERIFICATION_MODE: full
+      SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
+      SSL_CERTIFICATE: /etc/ssl/filebeat.pem
+      SSL_KEY: /etc/ssl/filebeat.key
+      API_USERNAME: wazuh-wui
+      API_PASSWORD: MyS3cr37P450r.*-
     volumes:
       - wazuh_api_configuration:/var/ossec/api/configuration
       - wazuh_etc:/var/ossec/etc
@@ -46,13 +46,9 @@ services:
       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh.indexer:
-    image: wazuh/wazuh-indexer:4.9.0
+    image: wazuh/wazuh-indexer:5.0.0
     hostname: wazuh.indexer
     restart: always
-    ports:
-      - "9200:9200"
-    environment:
-      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
     ulimits:
       memlock:
         soft: -1
@@ -60,6 +56,37 @@ services:
       nofile:
         soft: 65536
         hard: 65536
+    ports:
+      - "9200:9200"
+    environment:
+      OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
+      bootstrap.memory_lock: "true"
+      NODE_NAME: "wazuh.indexer"
+      CLUSTER_INITIAL_MASTER_NODES: "wazuh.indexer"
+      CLUSTER_NAME: "wazuh-cluster"
+      PATH_DATA: /var/lib/wazuh-indexer
+      PATH_LOGS: /var/log/wazuh-indexer
+      HTTP_PORT: 9200-9299
+      TRANSPORT_TCP_PORT: 9300-9399
+      COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
+      PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
+      PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
+      PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
+      PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
+      PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
+      PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
+      PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
+      PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+      PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
+      PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
+      PLUGINS_SECURITY_NODES_DN: "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+      PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
+      PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
+      PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
+      PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
+      CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
     volumes:
       - wazuh-indexer-data:/var/lib/wazuh-indexer
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
@@ -67,31 +94,49 @@ services:
       - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
       - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
       - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
-      - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
-      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+      #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.9.0
+    image: wazuh/wazuh-dashboard:5.0.0
     hostname: wazuh.dashboard
     restart: always
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
     ports:
       - 443:5601
     environment:
-      - INDEXER_USERNAME=admin
-      - INDEXER_PASSWORD=SecretPassword
-      - WAZUH_API_URL=https://wazuh.manager
-      - DASHBOARD_USERNAME=kibanaserver
-      - DASHBOARD_PASSWORD=kibanaserver
-      - API_USERNAME=wazuh-wui
-      - API_PASSWORD=MyS3cr37P450r.*-
+      WAZUH_API_URL: https://wazuh.manager
+      DASHBOARD_USERNAME: kibanaserver
+      DASHBOARD_PASSWORD: kibanaserver
+      API_USERNAME: wazuh-wui
+      API_PASSWORD: MyS3cr37P450r.*-
+      SERVER_HOST: 0.0.0.0
+      SERVER_PORT: 5601
+      OPENSEARCH_HOSTS: https://wazuh.indexer:9200
+      OPENSEARCH_SSL_VERIFICATIONMODE: certificate
+      OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]'
+      OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false"
+      SERVER_SSL_ENABLED: "true"
+      OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]'
+      SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
+      SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
+      OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]'
+      UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home
     volumes:
+      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
+      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
-      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
-      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
-      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
-      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
+      - ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml
+      #  if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables
+      # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml
     depends_on:
       - wazuh.indexer
     links:

single-node/generate-certs.yml

@@ -1,10 +1,10 @@
 # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-version: '3'
-
 services:
   generator:
-    image: wazuh/wazuh-certs-generator:0.0.2
-    hostname: wazuh-certs-generator
+    image: wazuh/wazuh-cert-tool:5.0.0
+    hostname: wazuh-cert-tool
+    container_name: wazuh-cert-tool
     volumes:
       - ./config/wazuh_indexer_ssl_certs/:/certificates/
       - ./config/certs.yml:/config/certs.yml
+