diff --git a/CHANGELOG.md b/CHANGELOG.md
index cf7490c14c..270d26ceee 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,7 +2,7 @@
All notable changes to the Wazuh app project will be documented in this file.
-## Wazuh v4.7.0 - OpenSearch Dashboards 2.9.0 - Revision 01
+## Wazuh v4.7.0 - OpenSearch Dashboards 2.9.0 - Revision 00
### Added
@@ -27,7 +27,7 @@ All notable changes to the Wazuh app project will be documented in this file.
- Removed views in JSON and XML formats from management settings. [#5747](https://github.com/wazuh/wazuh-kibana-app/pull/5747)
-## Wazuh v4.6.0 - OpenSearch Dashboards 2.8.0 - Revision 01
+## Wazuh v4.6.0 - OpenSearch Dashboards 2.8.0 - Revision 00
### Added
@@ -47,7 +47,7 @@ All notable changes to the Wazuh app project will be documented in this file.
- Changed the query to search for an agent in `management/configuration`. [#5485](https://github.com/wazuh/wazuh-kibana-app/pull/5485)
- Changed the search bar in management/log to the one used in the rest of the app. [#5476](https://github.com/wazuh/wazuh-kibana-app/pull/5476)
- Changed the design of the wizard to add agents. [#5457](https://github.com/wazuh/wazuh-kibana-app/pull/5457)
-- Changed the search bar in Management (Rules, Decoders, CDB List, Groups, Cluster > Nodes) and Modules (Vulnerabilities > Inventory, Security Configuration Assessment > Inventory > {Policy ID} > Checks, MITRE ATT&CK > Intelligence > {Resource}, Integrity monitoring > Inventory > Files, Integrity monitoring > Inventory > Registry), Agent Inventory data, Explore agent modal, Agents [#5363](https://github.com/wazuh/wazuh-kibana-app/pull/5363) [#5442](https://github.com/wazuh/wazuh-kibana-app/pull/5442) [#5443](https://github.com/wazuh/wazuh-kibana-app/pull/5443) [#5444](https://github.com/wazuh/wazuh-kibana-app/pull/5444) [#5445](https://github.com/wazuh/wazuh-kibana-app/pull/5445) [#5447](https://github.com/wazuh/wazuh-kibana-app/pull/5447) [#5452](https://github.com/wazuh/wazuh-kibana-app/pull/5452) [#5491](https://github.com/wazuh/wazuh-kibana-app/pull/5491) [#5785](https://github.com/wazuh/wazuh-kibana-app/pull/5785)
+- Changed the search bar in Management (Rules, Decoders, CDB List, Groups, Cluster > Nodes) and Modules (Vulnerabilities > Inventory, Security Configuration Assessment > Inventory > {Policy ID} > Checks, MITRE ATT&CK > Intelligence > {Resource}, Integrity monitoring > Inventory > Files, Integrity monitoring > Inventory > Registry), Agent Inventory data, Explore agent modal, Agents [#5363](https://github.com/wazuh/wazuh-kibana-app/pull/5363) [#5442](https://github.com/wazuh/wazuh-kibana-app/pull/5442) [#5443](https://github.com/wazuh/wazuh-kibana-app/pull/5443) [#5444](https://github.com/wazuh/wazuh-kibana-app/pull/5444) [#5445](https://github.com/wazuh/wazuh-kibana-app/pull/5445) [#5447](https://github.com/wazuh/wazuh-kibana-app/pull/5447) [#5452](https://github.com/wazuh/wazuh-kibana-app/pull/5452) [#5491](https://github.com/wazuh/wazuh-kibana-app/pull/5491) [#5785](https://github.com/wazuh/wazuh-kibana-app/pull/5785) [#5813](https://github.com/wazuh/wazuh-kibana-app/pull/5813)
### Fixed
@@ -77,7 +77,13 @@ All notable changes to the Wazuh app project will be documented in this file.
- Removed obsolete code that caused duplicate requests to the api in `Management`. [#5485](https://github.com/wazuh/wazuh-kibana-app/pull/5485)
- Removed unused embedded jquery-ui [#5592](https://github.com/wazuh/wazuh-kibana-app/pull/5592)
-## Wazuh v4.5.2 - OpenSearch Dashboards 2.6.0 - Revision 01
+## Wazuh v4.5.3 - OpenSearch Dashboards 2.6.0 - Revision 01
+
+### Added
+
+- Support for Wazuh 4.5.3
+
+## Wazuh v4.5.2 - OpenSearch Dashboards 2.6.0 - Revision 02
### Added
diff --git a/docker/README.md b/docker/README.md
index f1172c2c4d..99c8d27538 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -1,6 +1,6 @@
# Frontend development environments
-Install [Docker Desktop][0] as per its instructions, available for Windows, Mac
+Install [Docker Desktop][0] as per its instructions (make sure that the docker compose version is 2.20.2 or higher), available for Windows, Mac
and Linux (Ubuntu, Debian & Fedora).
This ensures that the development experience between Linux, Mac and Windows is as
similar as possible.
@@ -289,4 +289,4 @@ error getting credentials - err: exit status 1, out: `error getting credentials
[2]: "Loki"
[3]: "Prometheus"
[4]: "quay.io/wazuh"
-[5]: "App permissions"
\ No newline at end of file
+[5]: "App permissions"
diff --git a/docker/osd-dev/dev.yml b/docker/osd-dev/dev.yml
index 173b0bbed4..6188fe212c 100755
--- a/docker/osd-dev/dev.yml
+++ b/docker/osd-dev/dev.yml
@@ -1,10 +1,10 @@
-version: "2.2"
+version: '2.2'
x-logging: &logging
logging:
driver: loki
options:
- loki-url: "http://host.docker.internal:3100/loki/api/v1/push"
+ loki-url: 'http://host.docker.internal:3100/loki/api/v1/push'
services:
exporter:
@@ -12,15 +12,15 @@ services:
<<: *logging
hostname: exporter-osd-${OS_VERSION}
profiles:
- - "saml"
- - "standard"
+ - 'saml'
+ - 'standard'
networks:
- os-dev
- mon
command:
- - "--es.uri=https://admin:${PASSWORD}@os1:9200"
- - "--es.ssl-skip-verify"
- - "--es.all"
+ - '--es.uri=https://admin:${PASSWORD}@os1:9200'
+ - '--es.ssl-skip-verify'
+ - '--es.all'
imposter:
image: outofcoffee/imposter
@@ -39,8 +39,8 @@ services:
image: cfssl/cfssl
<<: *logging
profiles:
- - "saml"
- - "standard"
+ - 'saml'
+ - 'standard'
volumes:
- wi_certs:/certs/wi
- wd_certs:/certs/wd
@@ -117,7 +117,7 @@ services:
sleep 300
'
healthcheck:
- test: ["CMD-SHELL", "[ -r /certs/wi/os1.pem ]"]
+ test: ['CMD-SHELL', '[ -r /certs/wi/os1.pem ]']
interval: 2s
timeout: 5s
retries: 10
@@ -126,18 +126,19 @@ services:
depends_on:
idpsetup:
condition: service_completed_successfully
+ required: false
image: opensearchproject/opensearch:${OS_VERSION}
<<: *logging
profiles:
- - "saml"
- - "standard"
+ - 'saml'
+ - 'standard'
environment:
- cluster.name=os-dev-cluster
- node.name=os1
- discovery.seed_hosts=os1
- cluster.initial_master_nodes=os1
- bootstrap.memory_lock=true # along with the memlock settings below, disables swapping
- - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM
+ - 'OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m' # minimum and maximum Java heap size, recommend setting both to 50% of system RAM
- OPENSEARCH_PATH_CONF=/usr/share/opensearch/config/
ulimits:
memlock:
@@ -162,7 +163,7 @@ services:
healthcheck:
test:
[
- "CMD-SHELL",
+ 'CMD-SHELL',
"curl -v --cacert config/certs/ca.pem https://os1:9200 2>&1 | grep -q '401 Unauthorized'",
]
interval: 1s
@@ -175,17 +176,17 @@ services:
condition: service_healthy
image: elastic/filebeat:7.10.2
profiles:
- - "saml"
- - "standard"
+ - 'saml'
+ - 'standard'
hostname: filebeat
- user: "0:0"
+ user: '0:0'
networks:
- os-dev
- mon
<<: *logging
# restart: always
entrypoint:
- - "/bin/bash"
+ - '/bin/bash'
command: >
-c '
mkdir -p /etc/filebeat
@@ -211,23 +212,23 @@ services:
condition: service_healthy
image: quay.io/wazuh/osd-dev:${OSD_VERSION}
profiles:
- - "saml"
- - "standard"
+ - 'saml'
+ - 'standard'
hostname: osd
networks:
- os-dev
- devel
- mon
- user: "1000:1000"
+ user: '1000:1000'
<<: *logging
ports:
- ${OSD_PORT}:5601
environment:
- - "LOGS=/proc/1/fd/1"
- entrypoint: ["tail", "-f", "/dev/null"]
+ - 'LOGS=/proc/1/fd/1'
+ entrypoint: ['tail', '-f', '/dev/null']
volumes:
- osd_cache:/home/node/.cache
- - "${SRC}:/home/node/kbn/plugins/wazuh"
+ - '${SRC}:/home/node/kbn/plugins/wazuh'
- wd_certs:/home/node/kbn/certs/
- ${WAZUH_DASHBOARD_CONF}:/home/node/kbn/config/opensearch_dashboards.yml
- ./config/${OSD_MAJOR}/osd/wazuh.yml:/home/node/kbn/data/wazuh/config/wazuh.yml
@@ -238,7 +239,7 @@ services:
generator:
condition: service_healthy
profiles:
- - "saml"
+ - 'saml'
volumes:
- wi_certs:/certs/wi
- wd_certs:/certs/wd
@@ -258,7 +259,7 @@ services:
sleep 300
'
healthcheck:
- test: ["CMD-SHELL", "[ -r /certs/idp/truststore.jks ]"]
+ test: ['CMD-SHELL', '[ -r /certs/idp/truststore.jks ]']
interval: 2s
timeout: 5s
retries: 10
@@ -269,14 +270,14 @@ services:
idpsec:
condition: service_healthy
profiles:
- - "saml"
+ - 'saml'
hostname: idp
<<: *logging
networks:
- os-dev
- mon
ports:
- - "8080:8080"
+ - '8080:8080'
environment:
- KEYCLOAK_ADMIN=admin
- KEYCLOAK_ADMIN_PASSWORD=admin
@@ -298,7 +299,7 @@ services:
idp:
condition: service_healthy
profiles:
- - "saml"
+ - 'saml'
hostname: idpsetup
<<: *logging
networks:
diff --git a/docker/wazuh-4.3-wz/rel.yml b/docker/wazuh-4.3-wz/rel.yml
index 4906cb978f..8dd6da3e01 100755
--- a/docker/wazuh-4.3-wz/rel.yml
+++ b/docker/wazuh-4.3-wz/rel.yml
@@ -5,14 +5,14 @@ x-logging: &logging
logging:
driver: loki
options:
- loki-url: "http://host.docker.internal:3100/loki/api/v1/push"
+ loki-url: 'http://host.docker.internal:3100/loki/api/v1/push'
services:
generator:
image: cfssl/cfssl
profiles:
- - "saml"
- - "standard"
+ - 'saml'
+ - 'standard'
<<: *logging
volumes:
- wi_certs:/certs/wi
@@ -25,68 +25,68 @@ services:
- wz-rel
entrypoint: /bin/bash
command: >
- -c '
- export certs=/tmp/certs
- mkdir $$certs
- cd $$certs
+ -c '
+ export certs=/tmp/certs
+ mkdir $$certs
+ cd $$certs
- echo "Generating CA"
- cfssl gencert -initca /conf/ca.json | cfssljson -bare ca
+ echo "Generating CA"
+ cfssl gencert -initca /conf/ca.json | cfssljson -bare ca
- echo "Generating servers certificates"
- for i in wazuh.indexer wazuh.dashboard wazuh.manager; do
- echo "Generating cert for $$i"
- cat /conf/host.json | \
- sed "s/HOST/$$i/g" | \
- cfssl gencert \
- -ca $$certs/ca.pem \
- -ca-key $$certs/ca-key.pem \
- -config /conf/cfssl.json \
- -profile=server - | \
- cfssljson -bare $$i
- openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
- done
+ echo "Generating servers certificates"
+ for i in wazuh.indexer wazuh.dashboard wazuh.manager; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=server - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
- echo "Generating clients certificates"
- for i in admin saml filebeat; do
- echo "Generating cert for $$i"
- cat /conf/host.json | \
- sed "s/HOST/$$i/g" | \
- cfssl gencert \
- -ca $$certs/ca.pem \
- -ca-key $$certs/ca-key.pem \
- -config /conf/cfssl.json \
- -profile=client - | \
- cfssljson -bare $$i
- openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
- done
+ echo "Generating clients certificates"
+ for i in admin saml filebeat; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=client - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
- echo "Setting up permissions"
+ echo "Setting up permissions"
- rm /certs/wi/* /certs/wd/* /certs/wm/*
+ rm /certs/wi/* /certs/wd/* /certs/wm/*
- mv $$certs/wazuh.indexer* /certs/wi
- mv $$certs/admin* /certs/wi
- mv /certs/wi/admin.key /certs/wi/admin-key.pem
- cp $$certs/*ca* /certs/wi
+ mv $$certs/wazuh.indexer* /certs/wi
+ mv $$certs/admin* /certs/wi
+ mv /certs/wi/admin.key /certs/wi/admin-key.pem
+ cp $$certs/*ca* /certs/wi
- mv $$certs/saml* /certs/idp
- mv /certs/idp/saml.key /certs/idp/saml-key.pem
- cp $$certs/*ca* /certs/idp
+ mv $$certs/saml* /certs/idp
+ mv /certs/idp/saml.key /certs/idp/saml-key.pem
+ cp $$certs/*ca* /certs/idp
- mv $$certs/wazuh.dashboard* /certs/wd
- cp $$certs/*ca* /certs/wd
+ mv $$certs/wazuh.dashboard* /certs/wd
+ cp $$certs/*ca* /certs/wd
- mv $$certs/*.* /certs/wm
+ mv $$certs/*.* /certs/wm
- chmod 640 /certs/wi/* /certs/wd/* /certs/wm/*
- chown -R 1000:1000 /certs/*
- ls -alR /certs/
+ chmod 640 /certs/wi/* /certs/wd/* /certs/wm/*
+ chown -R 1000:1000 /certs/*
+ ls -alR /certs/
- sleep 300
- '
+ sleep 300
+ '
healthcheck:
- test: ["CMD-SHELL", "[ -r /certs/wm/wazuh.manager.pem ]"]
+ test: ['CMD-SHELL', '[ -r /certs/wm/wazuh.manager.pem ]']
interval: 2s
timeout: 5s
retries: 10
@@ -97,7 +97,7 @@ services:
generator:
condition: service_healthy
profiles:
- - "saml"
+ - 'saml'
volumes:
- wi_certs:/certs/wi
- wd_certs:/certs/wd
@@ -114,7 +114,7 @@ services:
sleep 300
'
healthcheck:
- test: ["CMD-SHELL", "[ -r /certs/idp/truststore.jks ]"]
+ test: ['CMD-SHELL', '[ -r /certs/idp/truststore.jks ]']
interval: 2s
timeout: 5s
retries: 10
@@ -125,8 +125,8 @@ services:
condition: service_healthy
image: wazuh/wazuh-manager:${WAZUH_STACK}
profiles:
- - "saml"
- - "standard"
+ - 'saml'
+ - 'standard'
hostname: wazuh.manager
networks:
- wz-rel
@@ -163,18 +163,19 @@ services:
condition: service_healthy
idpsetup:
condition: service_completed_successfully
+ required: false
image: wazuh/wazuh-indexer:${WAZUH_STACK}
profiles:
- - "saml"
- - "standard"
+ - 'saml'
+ - 'standard'
hostname: wazuh.indexer
networks:
- wz-rel
- mon
<<: *logging
environment:
- - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
- - "OPENSEARCH_PATH_CONF=/usr/share/wazuh-indexer/config"
+ - 'OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m'
+ - 'OPENSEARCH_PATH_CONF=/usr/share/wazuh-indexer/config'
ulimits:
memlock:
soft: -1
@@ -194,8 +195,8 @@ services:
healthcheck:
test:
[
- "CMD-SHELL",
- "/usr/share/wazuh-indexer/bin/opensearch-plugin list | grep -q security",
+ 'CMD-SHELL',
+ '/usr/share/wazuh-indexer/bin/opensearch-plugin list | grep -q security',
]
interval: 10s
timeout: 10s
@@ -204,8 +205,8 @@ services:
wazuh.dashboard:
image: wazuh/wazuh-dashboard:${WAZUH_STACK}
profiles:
- - "saml"
- - "standard"
+ - 'saml'
+ - 'standard'
hostname: wazuh.dashboard
depends_on:
wazuh.indexer:
@@ -230,10 +231,10 @@ services:
exporter:
image: quay.io/prometheuscommunity/elasticsearch-exporter:latest
profiles:
- - "saml"
- - "standard"
+ - 'saml'
+ - 'standard'
<<: *logging
- hostname: "exporter"
+ hostname: 'exporter'
networks:
- wz-rel
- mon
@@ -248,14 +249,14 @@ services:
idpsec:
condition: service_healthy
profiles:
- - "saml"
+ - 'saml'
hostname: idp
<<: *logging
networks:
- wz-rel
- mon
ports:
- - "8080:8080"
+ - '8080:8080'
environment:
- KEYCLOAK_ADMIN=admin
- KEYCLOAK_ADMIN_PASSWORD=admin
diff --git a/docker/wazuh-4.4-wz/README.md b/docker/wazuh-4.4-wz/README.md
index bbae58c9fc..ef6334a977 100644
--- a/docker/wazuh-4.4-wz/README.md
+++ b/docker/wazuh-4.4-wz/README.md
@@ -2,10 +2,10 @@
On this folder, we can find two types of environments:
- * release environment, managed by the `rel.sh` script
- * prerelease environment managed by the `pre.sh` script
+- release environment, managed by the `rel.sh` script
+- prerelease environment managed by the `pre.sh` script
-### UI Credentials
+### UI Credentials
The default user and password to access the UI at https://0.0.0.0:5601/ are:
@@ -16,9 +16,10 @@ admin:SecretPassword
## Release environment
This environment will start a working deployment with:
- - Wazuh Manager
- - Wazuh Indexer
- - Wazuh Dashboard
+
+- Wazuh Manager
+- Wazuh Indexer
+- Wazuh Dashboard
Check the scripts for a list of the supported Wazuh versions.
@@ -31,7 +32,7 @@ docker network create mon
The images used here are generated by the CI/CD team and uploaded into
the official Docker Hub organization. No Wazuh Agent image is provided yet,
-so you'll need to deploy an agent in Docker manually, by following the
+so you'll need to deploy an agent in Docker manually, by following the
instructions below.
### Image certificates
@@ -49,6 +50,7 @@ To register an agent, we need to get the enrollment command from the
UI and then execute:
- For `CentOS/8` images:
+
```bash
docker run --name wz-rel-agent-4.4.4 --rm --network wz-rel-444 --label com.docker.compose.project=wz-rel-444 -d centos:8 bash -c '
sed -i -e "s|mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-*
@@ -63,6 +65,7 @@ UI and then execute:
```
- For `Ubuntu` images
+
```bash
docker run --name wz-rel-agent-4.4.4 --network wz-rel-444 --label com.docker.compose.project=wz-rel-444 -d ubuntu:20.04 bash -c '
apt update -y
@@ -77,7 +80,7 @@ UI and then execute:
```
- For `non-Linux` agents:
-
+
We need to provision virtual machines.
## Prerelease environment
@@ -87,19 +90,19 @@ Wazuh packages haven't been generated yet.
This environment will bring up:
- - Wazuh Indexer
- - Wazuh Dashboard
- - Filebeat
- - Imposter
+- Wazuh Indexer
+- Wazuh Dashboard
+- Filebeat
+- Imposter
### Usage
-The way to use this environment is to bring up a published Wazuh version to
+The way to use this environment is to bring up a published Wazuh version to
later on upgrade the app with our pre-release package.
-While bring up the environment with the `pre.sh` script, specify the published
-version of Wazuh with the `wazuh_version` argument, the new patch version of
-Wazuh with `wazuh_api_version` and finally follow the steps provided by the
+While bring up the environment with the `pre.sh` script, specify the published
+version of Wazuh with the `wazuh_version` argument, the new patch version of
+Wazuh with `wazuh_api_version` and finally follow the steps provided by the
scripts.
Example: test a package for Wazuh 4.4.5
@@ -124,16 +127,16 @@ In a minor release, the API should not change the version here bumps the API
used by the mock server
```
-Please take into account that the API version for this environment will
-always be a 4.4.x version. Also consider that our application version
+Please take into account that the API version for this environment will
+always be a 4.4.x version. Also consider that our application version
must be the same as the one selected here.
### App upgrade
-Follow the instructions provided by the `pre.sh` script.
+Follow the instructions provided by the `pre.sh` script.
### Agent enrollment
-Because we're not using a real Wazuh Manager, we cannot register new agents.
-Instead, Imposter (the mock server) will provide mocked responds to valid API
+Because we're not using a real Wazuh Manager, we cannot register new agents.
+Instead, Imposter (the mock server) will provide mocked responds to valid API
requests, as if it were the real Wazuh server.
diff --git a/docker/wazuh-4.4-wz/pre.sh b/docker/wazuh-4.4-wz/pre.sh
index 7fee5f65e0..981fe6af98 100755
--- a/docker/wazuh-4.4-wz/pre.sh
+++ b/docker/wazuh-4.4-wz/pre.sh
@@ -10,6 +10,7 @@ versions=(
"4.5.0"
"4.5.1"
"4.5.2"
+ "4.5.3"
"4.6.0"
)
diff --git a/docker/wazuh-4.4-wz/rel.sh b/docker/wazuh-4.4-wz/rel.sh
index 7eb13031f3..c90335a7b2 100755
--- a/docker/wazuh-4.4-wz/rel.sh
+++ b/docker/wazuh-4.4-wz/rel.sh
@@ -10,6 +10,7 @@ versions=(
"4.5.0"
"4.5.1"
"4.5.2"
+ "4.5.3"
"4.6.0"
)
diff --git a/docker/wazuh-4.5-wz/README.md b/docker/wazuh-4.5-wz/README.md
new file mode 100644
index 0000000000..193b1ab865
--- /dev/null
+++ b/docker/wazuh-4.5-wz/README.md
@@ -0,0 +1,142 @@
+# Wazuh Stack 4.5.x
+
+On this folder, we can find two types of environments:
+
+- release environment, managed by the `rel.sh` script
+- prerelease environment managed by the `pre.sh` script
+
+### UI Credentials
+
+The default user and password to access the UI at https://0.0.0.0:5601/ are:
+
+```
+admin:SecretPassword
+```
+
+## Release environment
+
+This environment will start a working deployment with:
+
+- Wazuh Manager
+- Wazuh Indexer
+- Wazuh Dashboard
+
+Check the scripts for a list of the supported Wazuh versions.
+
+The environment expect the network `mon` to exists, either bring up the
+`mon` stack or execute the following command:
+
+```bash
+docker network create mon
+```
+
+The images used here are generated by the CI/CD team and uploaded into
+the official Docker Hub organization. No Wazuh Agent image is provided yet,
+so you'll need to deploy an agent in Docker manually, by following the
+instructions below.
+
+### Image certificates
+
+Certificates are created automatically by the docker-compose, but if
+it fails to create them with the appropriate permissions, we might need
+to adjust them.
+
+This is related to the way the official Wazuh docker images are
+prepared.
+
+### Registering agents using Docker
+
+To register an agent, we need to get the enrollment command from the
+UI and then execute:
+
+- For `CentOS/8` images:
+
+ ```bash
+ docker run --name wz-rel-agent-4.5.0 --rm --network wz-rel-450 --label com.docker.compose.project=wz-rel-450 -d centos:8 bash -c '
+ sed -i -e "s|mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-*
+ sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-*
+
+ # Change this command by the one the UI suggests. Add the -y flag and remove the `sudo`.
+ WAZUH_MANAGER='wazuh.manager' yum install -y https://packages.wazuh.com/4.x/yum5/x86_64/wazuh-agent-4.5.0-1.el5.x86_64.rpm
+
+ /etc/init.d/wazuh-agent start
+ tail -f /var/ossec/logs/ossec.log
+ '
+ ```
+
+- For `Ubuntu` images
+
+ ```bash
+ docker run --name wz-rel-agent-4.5.0 --network wz-rel-450 --label com.docker.compose.project=wz-rel-450 -d ubuntu:20.04 bash -c '
+ apt update -y
+ apt install -y curl lsb-release
+
+ # Change this command by the one the UI suggests to use. Remove the `sudo`.
+ curl -so wazuh-agent-4.5.0.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.5.0-1_amd64.deb && WAZUH_MANAGER='wazuh.manager' WAZUH_AGENT_GROUP='default' dpkg -i ./wazuh-agent-4.5.0.deb
+
+ /etc/init.d/wazuh-agent start
+ tail -f /var/ossec/logs/ossec.log
+ '
+ ```
+
+- For `non-Linux` agents:
+
+ We need to provision virtual machines.
+
+## Prerelease environment
+
+The prerelease environment helps us test app releases while the rest of
+Wazuh packages haven't been generated yet.
+
+This environment will bring up:
+
+- Wazuh Indexer
+- Wazuh Dashboard
+- Filebeat
+- Imposter
+
+### Usage
+
+The way to use this environment is to bring up a published Wazuh version to
+later on upgrade the app with our pre-release package.
+
+While bring up the environment with the `pre.sh` script, specify the published
+version of Wazuh with the `wazuh_version` argument, the new patch version of
+Wazuh with `wazuh_api_version` and finally follow the steps provided by the
+scripts.
+
+Example: test a package for Wazuh 4.5.0
+
+```bash
+./pre.sh 4.5.0 9 up
+```
+
+```bash
+./pre.sh wazuh_version wazuh_api_version action
+
+where
+ wazuh_version is one of
+ wazuh_api_version is the minor version of wazuh 4.5, for example 5 17
+ action is one of up | down
+
+In a minor release, the API should not change the version here bumps the API
+ string returned for testing. This script generates the file
+
+ config/imposter/api_info.json
+
+used by the mock server
+```
+
+Please take into account that the API version for this environment will
+always be a 4.5.x version. Also consider that our application version
+must be the same as the one selected here.
+
+### App upgrade
+
+Follow the instructions provided by the `pre.sh` script.
+
+### Agent enrollment
+
+Because we're not using a real Wazuh Manager, we cannot register new agents.
+Instead, Imposter (the mock server) will provide mocked responds to valid API
+requests, as if it were the real Wazuh server.
diff --git a/docker/wazuh-4.5-wz/config/certs/ca.json b/docker/wazuh-4.5-wz/config/certs/ca.json
new file mode 100644
index 0000000000..8a96a70a42
--- /dev/null
+++ b/docker/wazuh-4.5-wz/config/certs/ca.json
@@ -0,0 +1,15 @@
+{
+ "CN": "Wazuh",
+ "key": {
+ "algo": "rsa",
+ "size": 2048
+ },
+ "names": [
+ {
+ "C": "US",
+ "L": "San Francisco",
+ "O": "Wazuh",
+ "OU": "Wazuh Root CA"
+ }
+ ]
+}
diff --git a/docker/wazuh-4.5-wz/config/certs/cfssl.json b/docker/wazuh-4.5-wz/config/certs/cfssl.json
new file mode 100644
index 0000000000..d23daf7621
--- /dev/null
+++ b/docker/wazuh-4.5-wz/config/certs/cfssl.json
@@ -0,0 +1,58 @@
+{
+ "signing": {
+ "default": {
+ "expiry": "8760h"
+ },
+ "profiles": {
+ "intermediate_ca": {
+ "usages": [
+ "signing",
+ "digital signature",
+ "key encipherment",
+ "cert sign",
+ "crl sign",
+ "server auth",
+ "client auth"
+ ],
+ "expiry": "8760h",
+ "ca_constraint": {
+ "is_ca": true,
+ "max_path_len": 0,
+ "max_path_len_zero": true
+ }
+ },
+ "peer": {
+ "usages": [
+ "signing",
+ "digital signature",
+ "key encipherment",
+ "data encipherment",
+ "client auth",
+ "server auth"
+ ],
+ "expiry": "8760h"
+ },
+ "server": {
+ "usages": [
+ "signing",
+ "digital signing",
+ "key encipherment",
+ "data encipherment",
+ "server auth"
+ ],
+ "expiry": "8760h"
+ },
+ "client": {
+ "usages": [
+ "signing",
+ "digital signature",
+ "key encipherment",
+ "data encipherment",
+ "client auth"
+ ],
+ "expiry": "8760h"
+ }
+ }
+ }
+}
+
diff --git a/docker/wazuh-4.5-wz/config/certs/host.json b/docker/wazuh-4.5-wz/config/certs/host.json
new file mode 100644
index 0000000000..27805da58e
--- /dev/null
+++ b/docker/wazuh-4.5-wz/config/certs/host.json
@@ -0,0 +1,19 @@
+{
+ "CN": "HOST",
+ "key": {
+ "algo": "rsa",
+ "size": 2048
+ },
+ "names": [
+ {
+ "C": "US",
+ "L": "California",
+ "O": "Wazuh",
+ "OU": "Wazuh"
+ }
+ ],
+ "hosts": [
+ "HOST",
+ "localhost"
+ ]
+}
diff --git a/docker/wazuh-4.5-wz/config/filebeat/filebeat.yml b/docker/wazuh-4.5-wz/config/filebeat/filebeat.yml
new file mode 100644
index 0000000000..e22b1f97ca
--- /dev/null
+++ b/docker/wazuh-4.5-wz/config/filebeat/filebeat.yml
@@ -0,0 +1,22 @@
+
+# Wazuh - Filebeat configuration file
+filebeat.modules:
+ - module: wazuh
+ alerts:
+ enabled: true
+ archives:
+ enabled: false
+
+setup.template.json.enabled: true
+setup.template.json.path: '/etc/filebeat/wazuh-template.json'
+setup.template.json.name: 'wazuh'
+setup.template.overwrite: true
+setup.ilm.enabled: false
+output.elasticsearch:
+ hosts: ['https://wazuh.indexer:9200']
+ username: 'admin'
+ password: 'SecretPassword'
+ ssl.verification_mode: full
+ ssl.certificate_authorities: ['/etc/ssl/wazuh/ca.pem']
+ ssl.certificate: '/etc/ssl/wazuh/filebeat.pem'
+ ssl.key: '/etc/ssl/wazuh/filebeat-key.pem'
diff --git a/docker/wazuh-4.5-wz/config/imposter/api_info.json b/docker/wazuh-4.5-wz/config/imposter/api_info.json
new file mode 100644
index 0000000000..6f3e43eb97
--- /dev/null
+++ b/docker/wazuh-4.5-wz/config/imposter/api_info.json
@@ -0,0 +1,12 @@
+{
+ "data": {
+ "title": "Wazuh API REST",
+ "api_version": "4.5.0",
+ "revision": 40316,
+ "license_name": "GPL 2.0",
+ "license_url": "https://github.com/wazuh/wazuh/blob/4.5/LICENSE",
+ "hostname": "imposter",
+ "timestamp": "2022-06-13T17:20:03Z"
+ },
+ "error": 0
+}
diff --git a/docker/wazuh-4.5-wz/config/imposter/login.js b/docker/wazuh-4.5-wz/config/imposter/login.js
new file mode 100755
index 0000000000..86c2eb4180
--- /dev/null
+++ b/docker/wazuh-4.5-wz/config/imposter/login.js
@@ -0,0 +1,42 @@
+exports = {};
+
+load('https://raw.githubusercontent.com/kjur/jsrsasign/master/npm/lib/jsrsasign.js', exports);
+header = {
+ "alg": "HS256",
+ "typ": "JWT",
+ "kid": "vpaas-magic-cookie-1fc542a3e4414a44b2611668195e2bfe/4f4910"
+};
+
+// The second part of the token is the payload, which contains the claims.
+// Claims are statements about an entity (typically, the user) and
+// additional data. There are three types of claims:
+// registered, public, and private claims.
+nbf = Date.now()-1000;
+
+claims = {
+ "iss": "wazuh",
+ "aud": "Wazuh API REST",
+ "nbf": nbf,
+ "exp": nbf+3600000,
+ "sub": "wazuh",
+ "rbac_roles": [
+ 1
+ ],
+ "rbac_mode": "white"
+};
+
+
+jwt = KJUR.jws.JWS.sign("HS256", JSON.stringify(header), JSON.stringify(claims), "616161");
+
+resp = {
+ "data": {
+ "token": jwt,
+ "error": 0
+ }
+};
+
+respond()
+ .withStatusCode(200)
+ .withData(JSON.stringify(resp));
+
+
diff --git a/docker/wazuh-4.5-wz/config/imposter/wazuh-config.yml b/docker/wazuh-4.5-wz/config/imposter/wazuh-config.yml
new file mode 100755
index 0000000000..ace39bf4a0
--- /dev/null
+++ b/docker/wazuh-4.5-wz/config/imposter/wazuh-config.yml
@@ -0,0 +1,16 @@
+---
+plugin: openapi
+specFile: https://raw.githubusercontent.com/wazuh/wazuh/v4.4.0/api/api/spec/spec.yaml
+
+resources:
+ - path: /security/user/authenticate
+ method: POST
+ response:
+ statusCode: 200
+ scriptFile: login.js
+ - path: /
+ method: get
+ response:
+ statusCode: 200
+ staticFile: api_info.json
+
diff --git a/docker/wazuh-4.5-wz/config/wazuh_cluster/wazuh_manager.conf b/docker/wazuh-4.5-wz/config/wazuh_cluster/wazuh_manager.conf
new file mode 100755
index 0000000000..aff1af9d6c
--- /dev/null
+++ b/docker/wazuh-4.5-wz/config/wazuh_cluster/wazuh_manager.conf
@@ -0,0 +1,353 @@
+
+
+ yes
+ yes
+ no
+ no
+ no
+ smtp.example.wazuh.com
+ wazuh@example.wazuh.com
+ recipient@example.wazuh.com
+ 12
+ alerts.log
+ 10m
+ 0
+
+
+
+ 3
+ 12
+
+
+
+
+ plain
+
+
+
+ secure
+ 1514
+ tcp
+ 131072
+
+
+
+
+ no
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+
+
+ 43200
+
+ etc/rootcheck/rootkit_files.txt
+ etc/rootcheck/rootkit_trojans.txt
+
+ yes
+
+
+
+ yes
+ 1800
+ 1d
+ yes
+
+ wodles/java
+ wodles/ciscat
+
+
+
+
+ yes
+ yes
+ /var/log/osquery/osqueryd.results.log
+ /etc/osquery/osquery.conf
+ yes
+
+
+
+
+ no
+ 1h
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+
+
+
+ 10
+
+
+
+
+ yes
+ yes
+ 12h
+ yes
+
+
+
+ no
+ 5m
+ 6h
+ yes
+
+
+
+ no
+ trusty
+ xenial
+ bionic
+ focal
+ 1h
+
+
+
+
+ no
+ stretch
+ buster
+ bullseye
+ 1h
+
+
+
+
+ no
+ 5
+ 6
+ 7
+ 8
+ 1h
+
+
+
+
+ no
+ amazon-linux
+ amazon-linux-2
+ 1h
+
+
+
+
+ no
+ 1h
+
+
+
+
+ yes
+ 1h
+
+
+
+
+ yes
+ 2010
+ 1h
+
+
+
+
+
+
+ no
+
+
+ 43200
+
+ yes
+
+
+ yes
+
+
+ no
+
+
+ /etc,/usr/bin,/usr/sbin
+ /bin,/sbin,/boot
+
+
+ /etc/mtab
+ /etc/hosts.deny
+ /etc/mail/statistics
+ /etc/random-seed
+ /etc/random.seed
+ /etc/adjtime
+ /etc/httpd/logs
+ /etc/utmpx
+ /etc/wtmpx
+ /etc/cups/certs
+ /etc/dumpdates
+ /etc/svc/volatile
+
+
+ .log$|.swp$
+
+
+ /etc/ssl/private.key
+
+ yes
+ yes
+ yes
+ yes
+
+
+ 10
+
+
+ 100
+
+
+
+ yes
+ 5m
+ 1h
+ 10
+
+
+
+
+
+ 127.0.0.1
+ ^localhost.localdomain$
+ 10.0.0.106
+
+
+
+ disable-account
+ disable-account
+ yes
+
+
+
+ restart-wazuh
+ restart-wazuh
+
+
+
+ firewall-drop
+ firewall-drop
+ yes
+
+
+
+ host-deny
+ host-deny
+ yes
+
+
+
+ route-null
+ route-null
+ yes
+
+
+
+ win_route-null
+ route-null.exe
+ yes
+
+
+
+ netsh
+ netsh.exe
+ yes
+
+
+
+
+
+
+ command
+ df -P
+ 360
+
+
+
+ full_command
+ netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
+ netstat listening ports
+ 360
+
+
+
+ full_command
+ last -n 20
+ 360
+
+
+
+
+ ruleset/decoders
+ ruleset/rules
+ 0215-policy_rules.xml
+ etc/lists/audit-keys
+ etc/lists/amazon/aws-eventnames
+ etc/lists/security-eventchannel
+
+
+ etc/decoders
+ etc/rules
+
+
+
+ yes
+ 1
+ 64
+ 15m
+
+
+
+
+ no
+ 1515
+ no
+ yes
+ no
+ HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
+
+ no
+ etc/sslmanager.cert
+ etc/sslmanager.key
+ no
+
+
+
+ wazuh
+ node01
+ master
+
+ 1516
+ 0.0.0.0
+
+ NODE_IP
+
+ no
+ yes
+
+
+
+
+
+
+ syslog
+ /var/ossec/logs/active-responses.log
+
+
+
diff --git a/docker/wazuh-4.5-wz/config/wazuh_dashboard/wazuh.yml b/docker/wazuh-4.5-wz/config/wazuh_dashboard/wazuh.yml
new file mode 100755
index 0000000000..dca5610652
--- /dev/null
+++ b/docker/wazuh-4.5-wz/config/wazuh_dashboard/wazuh.yml
@@ -0,0 +1,14 @@
+hosts:
+ - imposter:
+ url: "http://imposter"
+ port: 8080
+ username: wazuh-wui
+ password: MyS3cr37P450r.*-
+ run_as: false
+
+ - 1513629884013:
+ url: https://wazuh.manager
+ port: 55000
+ username: wazuh-wui
+ password: MyS3cr37P450r.*-
+ run_as: false
diff --git a/docker/wazuh-4.5-wz/config/wazuh_dashboard/wazuh_dashboard.yml b/docker/wazuh-4.5-wz/config/wazuh_dashboard/wazuh_dashboard.yml
new file mode 100755
index 0000000000..741fa3c019
--- /dev/null
+++ b/docker/wazuh-4.5-wz/config/wazuh_dashboard/wazuh_dashboard.yml
@@ -0,0 +1,15 @@
+server.host: 0.0.0.0
+server.port: 5601
+opensearch.hosts: https://wazuh.indexer:9200
+opensearch.ssl.verificationMode: certificate
+opensearch.requestHeadersAllowlist: ['securitytenant', 'Authorization']
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ['kibana_read_only']
+server.ssl.enabled: true
+server.ssl.key: '/usr/share/wazuh-dashboard/certs/wazuh.dashboard.key'
+server.ssl.certificate: '/usr/share/wazuh-dashboard/certs/wazuh.dashboard.pem'
+opensearch.ssl.certificateAuthorities:
+ ['/usr/share/wazuh-dashboard/certs/ca.pem']
+uiSettings.overrides.defaultRoute: /app/wazuh
+opensearch.username: 'kibanaserver'
+opensearch.password: 'kibanaserver'
diff --git a/docker/wazuh-4.5-wz/config/wazuh_dashboard/wazuh_dashboard_saml.yml b/docker/wazuh-4.5-wz/config/wazuh_dashboard/wazuh_dashboard_saml.yml
new file mode 100755
index 0000000000..ce5d198300
--- /dev/null
+++ b/docker/wazuh-4.5-wz/config/wazuh_dashboard/wazuh_dashboard_saml.yml
@@ -0,0 +1,16 @@
+server.host: 0.0.0.0
+server.port: 5601
+opensearch.hosts: https://wazuh.indexer:9200
+opensearch.ssl.verificationMode: certificate
+opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: true
+server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh.dashboard.key"
+server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh.dashboard.pem"
+opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/ca.pem"]
+uiSettings.overrides.defaultRoute: /app/wazuh
+opensearch.username: "kibanaserver"
+opensearch.password: "kibanaserver"
+opensearch_security.auth.type: "saml"
+server.xsrf.whitelist: [/_plugins/_security/saml/acs,/_opendistro/_security/saml/acs,/_plugins/_security/saml/acs/idpinitiated,/_opendistro/_security/saml/acs/idpinitiated,/_plugins/_security/saml/logout,/_opendistro/_security/saml/logout]
diff --git a/docker/wazuh-4.5-wz/config/wazuh_indexer/config-saml.yml b/docker/wazuh-4.5-wz/config/wazuh_indexer/config-saml.yml
new file mode 100644
index 0000000000..74fc91c8c4
--- /dev/null
+++ b/docker/wazuh-4.5-wz/config/wazuh_indexer/config-saml.yml
@@ -0,0 +1,40 @@
+---
+_meta:
+ type: "config"
+ config_version: 2
+
+config:
+ dynamic:
+ http:
+ anonymous_auth_enabled: false
+ authc:
+ internal_auth:
+ order: 0
+ description: "HTTP basic authentication using the internal user database"
+ http_enabled: true
+ transport_enabled: true
+ http_authenticator:
+ type: basic
+ challenge: false
+ authentication_backend:
+ type: internal
+ saml_auth:
+ order: 1
+ description: "Keycloack SAML provider"
+ http_enabled: true
+ transport_enabled: false
+ http_authenticator:
+ type: saml
+ challenge: true
+ config:
+ idp:
+ metadata_url: http://idp:8080/realms/wazuh/protocol/saml/descriptor
+ entity_id: http://idp:8080/realms/wazuh
+ sp:
+ entity_id: wazuh
+ signature_private_key_filepath: "certs/admin-key.pem"
+ kibana_url: https://localhost:5601
+ roles_key: Role
+ exchange_key: 1a2a3a4a5a6a7a8a9a0a1b2b3b4b5b6b
+ authentication_backend:
+ type: noop
diff --git a/docker/wazuh-4.5-wz/config/wazuh_indexer/config.yml b/docker/wazuh-4.5-wz/config/wazuh_indexer/config.yml
new file mode 100644
index 0000000000..74fc91c8c4
--- /dev/null
+++ b/docker/wazuh-4.5-wz/config/wazuh_indexer/config.yml
@@ -0,0 +1,40 @@
+---
+_meta:
+ type: "config"
+ config_version: 2
+
+config:
+ dynamic:
+ http:
+ anonymous_auth_enabled: false
+ authc:
+ internal_auth:
+ order: 0
+ description: "HTTP basic authentication using the internal user database"
+ http_enabled: true
+ transport_enabled: true
+ http_authenticator:
+ type: basic
+ challenge: false
+ authentication_backend:
+ type: internal
+ saml_auth:
+ order: 1
+ description: "Keycloack SAML provider"
+ http_enabled: true
+ transport_enabled: false
+ http_authenticator:
+ type: saml
+ challenge: true
+ config:
+ idp:
+ metadata_url: http://idp:8080/realms/wazuh/protocol/saml/descriptor
+ entity_id: http://idp:8080/realms/wazuh
+ sp:
+ entity_id: wazuh
+ signature_private_key_filepath: "certs/admin-key.pem"
+ kibana_url: https://localhost:5601
+ roles_key: Role
+ exchange_key: 1a2a3a4a5a6a7a8a9a0a1b2b3b4b5b6b
+ authentication_backend:
+ type: noop
diff --git a/docker/wazuh-4.5-wz/config/wazuh_indexer/internal_users.yml b/docker/wazuh-4.5-wz/config/wazuh_indexer/internal_users.yml
new file mode 100755
index 0000000000..d9f05b343b
--- /dev/null
+++ b/docker/wazuh-4.5-wz/config/wazuh_indexer/internal_users.yml
@@ -0,0 +1,56 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+ type: "internalusers"
+ config_version: 2
+
+# Define your internal users here
+
+## Demo users
+
+admin:
+ hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
+ reserved: true
+ backend_roles:
+ - "admin"
+ description: "Demo admin user"
+
+kibanaserver:
+ hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
+ reserved: true
+ description: "Demo kibanaserver user"
+
+kibanaro:
+ hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
+ reserved: false
+ backend_roles:
+ - "kibanauser"
+ - "readall"
+ attributes:
+ attribute1: "value1"
+ attribute2: "value2"
+ attribute3: "value3"
+ description: "Demo kibanaro user"
+
+logstash:
+ hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
+ reserved: false
+ backend_roles:
+ - "logstash"
+ description: "Demo logstash user"
+
+readall:
+ hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
+ reserved: false
+ backend_roles:
+ - "readall"
+ description: "Demo readall user"
+
+snapshotrestore:
+ hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
+ reserved: false
+ backend_roles:
+ - "snapshotrestore"
+ description: "Demo snapshotrestore user"
diff --git a/docker/wazuh-4.5-wz/config/wazuh_indexer/opensearch.yml b/docker/wazuh-4.5-wz/config/wazuh_indexer/opensearch.yml
new file mode 100644
index 0000000000..ee1dbf59d5
--- /dev/null
+++ b/docker/wazuh-4.5-wz/config/wazuh_indexer/opensearch.yml
@@ -0,0 +1,42 @@
+network.host: "0.0.0.0"
+node.name: "os1"
+path.data: /var/lib/os1
+path.logs: /var/log/os1
+# comment compatibility.override_main_response_version for 2.0.0
+compatibility.override_main_response_version: true
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.key
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+ - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+ - "CN=os1,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+ - "all_access"
+ - "security_rest_api_access"
+plugins.security.system_indices.enabled: true
+plugins.security.system_indices.indices:
+ [
+ ".opendistro-alerting-config",
+ ".opendistro-alerting-alert*",
+ ".opendistro-anomaly-results*",
+ ".opendistro-anomaly-detector*",
+ ".opendistro-anomaly-checkpoints",
+ ".opendistro-anomaly-detection-state",
+ ".opendistro-reports-*",
+ ".opendistro-notifications-*",
+ ".opendistro-notebooks",
+ ".opensearch-observability",
+ ".opendistro-asynchronous-search-response*",
+ ".replication-metadata-store",
+ ]
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
diff --git a/docker/wazuh-4.5-wz/config/wazuh_indexer/roles.yml b/docker/wazuh-4.5-wz/config/wazuh_indexer/roles.yml
new file mode 100644
index 0000000000..5b35df448b
--- /dev/null
+++ b/docker/wazuh-4.5-wz/config/wazuh_indexer/roles.yml
@@ -0,0 +1,149 @@
+_meta:
+ type: "roles"
+ config_version: 2
+
+# Restrict users so they can only view visualization and dashboard on kibana
+kibana_read_only:
+ reserved: true
+
+# The security REST API access role is used to assign specific users access to change the security settings through the REST API.
+security_rest_api_access:
+ reserved: true
+
+# Allows users to view monitors, destinations and alerts
+alerting_read_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/alerting/alerts/get"
+ - "cluster:admin/opendistro/alerting/destination/get"
+ - "cluster:admin/opendistro/alerting/monitor/get"
+ - "cluster:admin/opendistro/alerting/monitor/search"
+
+# Allows users to view and acknowledge alerts
+alerting_ack_alerts:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/alerting/alerts/*"
+
+# Allows users to use all alerting functionality
+alerting_full_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster_monitor"
+ - "cluster:admin/opendistro/alerting/*"
+ index_permissions:
+ - index_patterns:
+ - "*"
+ allowed_actions:
+ - "indices_monitor"
+ - "indices:admin/aliases/get"
+ - "indices:admin/mappings/get"
+
+# Allow users to read Anomaly Detection detectors and results
+anomaly_read_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/ad/detector/info"
+ - "cluster:admin/opendistro/ad/detector/search"
+ - "cluster:admin/opendistro/ad/detectors/get"
+ - "cluster:admin/opendistro/ad/result/search"
+ - "cluster:admin/opendistro/ad/tasks/search"
+
+# Allows users to use all Anomaly Detection functionality
+anomaly_full_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster_monitor"
+ - "cluster:admin/opendistro/ad/*"
+ index_permissions:
+ - index_patterns:
+ - "*"
+ allowed_actions:
+ - "indices_monitor"
+ - "indices:admin/aliases/get"
+ - "indices:admin/mappings/get"
+
+# Allows users to read Notebooks
+notebooks_read_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/notebooks/list"
+ - "cluster:admin/opendistro/notebooks/get"
+
+# Allows users to all Notebooks functionality
+notebooks_full_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/notebooks/create"
+ - "cluster:admin/opendistro/notebooks/update"
+ - "cluster:admin/opendistro/notebooks/delete"
+ - "cluster:admin/opendistro/notebooks/get"
+ - "cluster:admin/opendistro/notebooks/list"
+
+# Allows users to read and download Reports
+reports_instances_read_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/reports/instance/list"
+ - "cluster:admin/opendistro/reports/instance/get"
+ - "cluster:admin/opendistro/reports/menu/download"
+
+# Allows users to read and download Reports and Report-definitions
+reports_read_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/reports/definition/get"
+ - "cluster:admin/opendistro/reports/definition/list"
+ - "cluster:admin/opendistro/reports/instance/list"
+ - "cluster:admin/opendistro/reports/instance/get"
+ - "cluster:admin/opendistro/reports/menu/download"
+
+# Allows users to all Reports functionality
+reports_full_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/reports/definition/create"
+ - "cluster:admin/opendistro/reports/definition/update"
+ - "cluster:admin/opendistro/reports/definition/on_demand"
+ - "cluster:admin/opendistro/reports/definition/delete"
+ - "cluster:admin/opendistro/reports/definition/get"
+ - "cluster:admin/opendistro/reports/definition/list"
+ - "cluster:admin/opendistro/reports/instance/list"
+ - "cluster:admin/opendistro/reports/instance/get"
+ - "cluster:admin/opendistro/reports/menu/download"
+
+# Allows users to use all asynchronous-search functionality
+asynchronous_search_full_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/asynchronous_search/*"
+ index_permissions:
+ - index_patterns:
+ - "*"
+ allowed_actions:
+ - "indices:data/read/search*"
+
+# Allows users to read stored asynchronous-search results
+asynchronous_search_read_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/asynchronous_search/get"
+
+# Wazuh monitoring and statistics index permissions
+manage_wazuh_index:
+ reserved: true
+ hidden: false
+ cluster_permissions: []
+ index_permissions:
+ - index_patterns:
+ - "wazuh-*"
+ dls: ""
+ fls: []
+ masked_fields: []
+ allowed_actions:
+ - "read"
+ - "delete"
+ - "manage"
+ - "index"
+ tenant_permissions: []
+ static: false
diff --git a/docker/wazuh-4.5-wz/config/wazuh_indexer/roles_mapping.yml b/docker/wazuh-4.5-wz/config/wazuh_indexer/roles_mapping.yml
new file mode 100644
index 0000000000..94c2b46613
--- /dev/null
+++ b/docker/wazuh-4.5-wz/config/wazuh_indexer/roles_mapping.yml
@@ -0,0 +1,88 @@
+---
+# In this file users, backendroles and hosts can be mapped to Open Distro Security roles.
+# Permissions for Opendistro roles are configured in roles.yml
+
+_meta:
+ type: "rolesmapping"
+ config_version: 2
+
+# Define your roles mapping here
+
+## Default roles mapping
+
+all_access:
+ reserved: true
+ hidden: false
+ backend_roles:
+ - "admin"
+ hosts: []
+ users: []
+ and_backend_roles: []
+ description: "Maps admin to all_access"
+
+own_index:
+ reserved: false
+ hidden: false
+ backend_roles: []
+ hosts: []
+ users:
+ - "*"
+ and_backend_roles: []
+ description: "Allow full access to an index named like the username"
+
+logstash:
+ reserved: false
+ hidden: false
+ backend_roles:
+ - "logstash"
+ hosts: []
+ users: []
+ and_backend_roles: []
+
+readall:
+ reserved: true
+ hidden: false
+ backend_roles:
+ - "readall"
+ hosts: []
+ users: []
+ and_backend_roles: []
+
+manage_snapshots:
+ reserved: true
+ hidden: false
+ backend_roles:
+ - "snapshotrestore"
+ hosts: []
+ users: []
+ and_backend_roles: []
+
+kibana_server:
+ reserved: true
+ hidden: false
+ backend_roles: []
+ hosts: []
+ users:
+ - "kibanaserver"
+ and_backend_roles: []
+
+kibana_user:
+ reserved: false
+ hidden: false
+ backend_roles:
+ - "kibanauser"
+ hosts: []
+ users: []
+ and_backend_roles: []
+ description: "Maps kibanauser to kibana_user"
+
+ # Wazuh monitoring and statistics index permissions
+manage_wazuh_index:
+ reserved: true
+ hidden: false
+ backend_roles: []
+ hosts: []
+ users:
+ - "kibanaserver"
+ - "admin"
+ and_backend_roles: []
diff --git a/docker/wazuh-4.5-wz/config/wazuh_indexer/wazuh.indexer.yml b/docker/wazuh-4.5-wz/config/wazuh_indexer/wazuh.indexer.yml
new file mode 100755
index 0000000000..3b31ac37d0
--- /dev/null
+++ b/docker/wazuh-4.5-wz/config/wazuh_indexer/wazuh.indexer.yml
@@ -0,0 +1,28 @@
+network.host: "0.0.0.0"
+node.name: "wazuh.indexer"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+discovery.type: single-node
+compatibility.override_main_response_version: true
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.key
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+- "CN=os1,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+plugins.security.system_indices.enabled: true
+plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
\ No newline at end of file
diff --git a/docker/wazuh-4.5-wz/enable_saml.sh b/docker/wazuh-4.5-wz/enable_saml.sh
new file mode 100755
index 0000000000..41d3fb8a22
--- /dev/null
+++ b/docker/wazuh-4.5-wz/enable_saml.sh
@@ -0,0 +1,165 @@
+#!/bin/bash
+
+# idp container launches and docker-compose returns too quickly, do not wait for container to
+# be healthy as it has no dependencies, so we wait before continuing
+sleep 7
+
+
+indexer="$1-wazuh.indexer-1"
+dashboard="$1-wazuh.dashboard-1"
+
+# Setup keycloack to be used with wazuh-dashboards
+
+# Connection
+U="admin"
+P="admin"
+B="http://idp:8080"
+
+# Realm
+REALM="master"
+
+# Get ACCESS_TOKEN from default install
+ACCESS_TOKEN=$(curl -sS \
+ -d 'client_id=admin-cli' \
+ -d 'username=admin' \
+ -d 'password=admin' \
+ -d 'grant_type=password' \
+ "${B}/realms/master/protocol/openid-connect/token" | jq -r '.access_token')
+
+H=('-H' 'Content-Type: application/json' '-H' "Authorization: Bearer $ACCESS_TOKEN")
+
+# Create new REALM
+REALM="wazuh"
+P='{
+ "id": "wazuh",
+ "realm": "wazuh",
+ "enabled": true
+}'
+
+curl -sS -L -X POST "${B}/admin/realms" "${H[@]}" -d "$P" | grep -v "Conflict detected"
+
+
+# Add admin certificates to keycloak as these are used by indexer to sign saml
+# messages. These should be uploaded to keycloak if we want it to verify indexer messages.
+key=$(cat /certs/wi/admin-key.pem | grep -v "PRIVATE KEY" | tr -d "\n")
+cert=$(cat /certs/wi/admin.pem | grep -v CERTIFICATE | tr -d "\n")
+
+
+# Create client
+# By default the client does not verify the client signature on saml messages
+# but it could be enabled for testing purposes
+PC="{
+ \"protocol\": \"saml\",
+ \"name\": \"wazuh\",
+ \"clientId\": \"wazuh\",
+ \"description\": \"wazuh saml integration\",
+ \"baseUrl\": \"https://localhost:5601\",
+ \"rootUrl\": \"https://localhost:5601\",
+ \"redirectUris\": [\"https://localhost:5601/*\"],
+ \"attributes\" : {
+ \"saml_single_logout_service_url_redirect\": \"https://localhost:5601/_opendistro/_security/saml/logout\",
+ \"saml_assertion_consumer_url_post\": \"https://localhost:5601/_opendistro/_security/saml/acs/idpinitiated\",
+ \"saml_single_logout_service_url_post\": \"https://wazuh.dashboard:5601/_opendistro/_security/saml/logout\",
+ \"saml.force.post.binding\": \"false\",
+ \"saml.signing.certificate\": \"$cert\",
+ \"saml.signing.private.key\": \"$key\",
+ \"saml.client.signature\": \"true\",
+ \"saml_single_logout_service_url_redirect\": \"https://localhost:5601\",
+ \"post.logout.redirect.uris\": \"https://localhost:5601*\"
+ }
+}"
+
+curl -sS -L -X POST "${B}/admin/realms/${REALM}/clients" "${H[@]}" -d "$PC" | grep -v "Client wazuh already exists"
+
+# Get a client json representation
+CLIENT=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/clients" "${H[@]}" -G -d 'clientId=wazuh' |jq '.[] | select(.clientId=="wazuh")')
+
+# Get client id
+CID=$(echo $CLIENT | jq -r '.id' )
+
+# Generate all-access and admin role for the realm
+PR1='{
+ "name":"all-access"
+}'
+
+curl -sS -L -X POST "${B}/admin/realms/${REALM}/roles" "${H[@]}" -d "$PR1" | grep -v "Role with name all-access already exists"
+
+PR2='{
+ "name":"admin"
+}'
+
+curl -sS -L -X POST "${B}/admin/realms/${REALM}/roles" "${H[@]}" -d "$PR2" | grep -v "Role with name admin already exists"
+
+
+## create new user
+PU='{
+ "username": "wazuh",
+ "email": "hello@wazuh.com",
+ "firstName": "Wazuh",
+ "lastName": "Wazuh",
+ "emailVerified": true,
+ "enabled": true,
+ "credentials": [{"temporary":false,"type":"password","value":"wazuh"}],
+ "realmRoles": ["admin", "all-access"]
+}'
+
+curl -sS -L -X POST "${B}/admin/realms/${REALM}/users" "${H[@]}" -d "$PU" | grep -v "User exists with same username"
+
+## Get a user json representation
+USER=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/users" "${H[@]}" -G -d 'username=wazuh' |jq '.[] | select(.username=="wazuh")')
+
+### Get user id
+USERID=$(echo $USER | jq -r '.id' )
+
+# Get roles
+ROLES=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/roles" "${H[@]}" -d "$PR2" )
+
+## Assign role
+ADMINID=$(echo $ROLES | jq -r '.[] | select(.name=="admin").id')
+ALLACCESSID=$(echo $ROLES | jq -r '.[] | select(.name=="all-access").id')
+
+PA1="[
+ {
+ \"id\": \"$ADMINID\",
+ \"name\": \"admin\",
+ \"composite\": false,
+ \"clientRole\": false,
+ \"containerId\": \"wazuh\"
+ },
+ {
+ \"id\": \"$ALLACCESSID\",
+ \"name\": \"all-access\",
+ \"description\": \"\",
+ \"composite\": false,
+ \"clientRole\": false,
+ \"containerId\": \"wazuh\"
+ }
+]"
+
+curl -sS -L -X POST "${B}/admin/realms/${REALM}/users/${USERID}/role-mappings/realm" "${H[@]}" -d "$PA1"
+
+# Get list of client scopes
+CSCOPES=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/client-scopes" "${H[@]}")
+CSID=$(echo $CSCOPES | jq -r '.[] | select(.name=="role_list").id ')
+CSR=$(echo $CSCOPES | jq -r '.[] | select(.name=="role_list") ')
+
+
+# Set single to true, so opensearch works
+UPDATE=$(echo $CSR | jq '.protocolMappers[] | select(.name=="role list").config.single |= "true" ')
+PMID=$(echo $CSR | jq -r '.protocolMappers[] | select(.name=="role list").id')
+
+curl -sS -L -X PUT "${B}/admin/realms/${REALM}/client-scopes/$CSID/protocol-mappers/models/$PMID" "${H[@]}" -d "$UPDATE"
+
+# Set up auth realm on opensearch
+certs="/usr/share/wazuh-indexer/certs"
+ca="$certs/ca.pem"
+cert="$certs/admin.pem"
+key="$certs/admin-key.pem"
+
+securityadmin="bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh"
+config_path="/usr/share/wazuh-indexer/opensearch-security/"
+
+echo "To update configuration in indexer, you can run:"
+echo docker exec -e JAVA_HOME=/usr/share/wazuh-indexer/jdk $indexer $securityadmin -cacert $ca -cert $cert -key $key -cd $config_path
+
+
diff --git a/docker/wazuh-4.5-wz/pre.sh b/docker/wazuh-4.5-wz/pre.sh
new file mode 100755
index 0000000000..f62e4367f2
--- /dev/null
+++ b/docker/wazuh-4.5-wz/pre.sh
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+versions=(
+ "4.5.0"
+ "4.5.1"
+ "4.5.2"
+)
+
+wazuh_api_version=(
+ "0"
+ "1"
+ "2"
+)
+
+usage() {
+ echo
+ echo "./pre.sh wazuh_version wazuh_api_version action "
+ echo
+ echo "where"
+ echo " wazuh_version is one of "${versions[*]}
+ echo " wazuh_api_version is the patch version of wazuh 4.5, for example " ${wazuh_api_version[*]}
+ echo " action is one of up | down | stop"
+ echo
+ echo "In a minor release, the API should not change the version here bumps the API"
+ echo " string returned for testing. This script generates the file "
+ echo
+ echo " config/imposter/api_info.json"
+ echo
+ echo "used by the mock server"
+ exit -1
+}
+
+if [ $# -ne 3 ]; then
+ echo "Incorrect number of arguments " $#
+ usage
+fi
+
+if [[ ! " ${versions[*]} " =~ " ${1} " ]]; then
+ echo "Version ${1} not found in ${versions[*]}"
+ exit -1
+fi
+
+[ -n "$2" ] && [ "$2" -eq "$2" ] 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "$2 is not number"
+ exit -1
+fi
+
+patch_version=$2
+cat <config/imposter/api_info.json
+{
+ "data": {
+ "title": "Wazuh API REST",
+ "api_version": "4.5.${patch_version}",
+ "revision": 40316,
+ "license_name": "GPL 2.0",
+ "license_url": "https://github.com/wazuh/wazuh/blob/4.5/LICENSE",
+ "hostname": "imposter",
+ "timestamp": "2022-06-13T17:20:03Z"
+ },
+ "error": 0
+}
+EOF
+
+export WAZUH_STACK=${1}
+export KIBANA_PORT=5601
+export KIBANA_PASSWORD=${PASSWORD:-SecretPassword}
+export COMPOSE_PROJECT_NAME=wz-pre-${WAZUH_STACK//./}
+
+case "$3" in
+up)
+ # recreate volumes
+ docker compose -f pre.yml up -Vd
+
+ # This installs Wazuh and integrates with a default Wazuh stack
+ # v=$( echo -n $WAZUH_STACK | sed 's/\.//g' )
+ echo
+ echo "Install the pre-release package manually with:"
+ echo
+ echo "1. Uninstall current version of the Wazuh app:"
+ echo "docker exec -ti ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1 /usr/share/wazuh-dashboard/bin/opensearch-dashboards-plugin remove wazuh"
+ echo
+ echo "2. Restart Wazuh Dashboard:"
+ echo "docker restart ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1"
+ echo
+ echo "3. Copy the pre-release package to the running Wazuh Dashboard container:"
+ echo docker cp wazuh-4.5.${patch_version}-1.zip ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1:/tmp
+ echo
+ echo "4. Install the package we have just uploaded:"
+ echo "docker exec -ti ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1 /usr/share/wazuh-dashboard/bin/opensearch-dashboards-plugin install file:///tmp/wazuh-4.5.${patch_version}-1.zip"
+ echo
+ echo "5. Restart the Wazuh Dashboard container:"
+ echo "docker restart ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1"
+ echo
+ echo "6. Upload the Wazuh app configuration:"
+ echo "docker cp ./config/wazuh_dashboard/wazuh.yml ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1:/usr/share/wazuh-dashboard/data/wazuh/config/"
+ echo
+ echo "7. Access the running instance in:"
+ echo "https://localhost:${KIBANA_PORT}"
+ echo
+ ;;
+down)
+ # delete volumes
+ docker compose -f pre.yml down -v --remove-orphans
+ ;;
+stop)
+ docker compose -f rel.yml -p ${COMPOSE_PROJECT_NAME} stop
+ ;;
+*)
+ echo "Action must be either up or down"
+ usage
+ ;;
+esac
diff --git a/docker/wazuh-4.5-wz/pre.yml b/docker/wazuh-4.5-wz/pre.yml
new file mode 100755
index 0000000000..441e28c2a1
--- /dev/null
+++ b/docker/wazuh-4.5-wz/pre.yml
@@ -0,0 +1,215 @@
+# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
+version: '3.9'
+
+x-logging: &logging
+ logging:
+ driver: loki
+ options:
+ loki-url: "http://host.docker.internal:3100/loki/api/v1/push"
+
+services:
+ exporter:
+ image: quay.io/prometheuscommunity/elasticsearch-exporter:latest
+ <<: *logging
+ hostname: "exporter-kbn-${WAZUH_STACK}"
+ networks:
+ - wzd-pre
+ - mon
+ command:
+ - '--es.uri=https://admin:${KIBANA_PASSWORD}@wazuh.indexer:9200'
+ - '--es.ssl-skip-verify'
+ - '--es.all'
+
+ imposter:
+ image: outofcoffee/imposter
+ hostname: "imposter-kbn-${WAZUH_STACK}"
+ networks:
+ - wzd-pre
+ - mon
+ <<: *logging
+ environment:
+ - JAVA_OPTS="-Xmx512m -Xss512k -Dfile.encoding=UTF-8 -XX:MaxRAM=800m -XX:MaxRAMPercentage=95 -XX:MinRAMPercentage=60A"
+ - MALLOC_ARENA_MAX=1
+ volumes:
+ - ./config/imposter:/opt/imposter/config
+
+ generator:
+ image: cfssl/cfssl
+ volumes:
+ - wi_certs:/certs/wi
+ - wd_certs:/certs/wd
+ - wm_certs:/certs/wm
+ - ./config/certs:/conf
+ entrypoint: /bin/bash
+ command: >
+ -c '
+ export certs=/tmp/certs
+ mkdir $$certs
+ cd $$certs
+
+ echo "Generating CA"
+ cfssl gencert -initca /conf/ca.json | cfssljson -bare ca
+
+ echo "Generating servers certificates"
+ for i in wazuh.indexer wazuh.dashboard wazuh.manager; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=server - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
+
+ echo "Generating clients certificates"
+ for i in admin filebeat; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=client - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
+
+ echo "Setting up permissions"
+
+ rm /certs/wi/* /certs/wd/* /certs/wm/*
+
+ mv $$certs/wazuh.indexer* /certs/wi
+ mv $$certs/admin* /certs/wi
+ mv /certs/wi/admin.key /certs/wi/admin-key.pem
+ cp $$certs/*ca* /certs/wi
+
+ mv $$certs/wazuh.dashboard* /certs/wd
+ cp $$certs/*ca* /certs/wd
+
+ mv $$certs/*.* /certs/wm
+
+ chmod 640 /certs/wi/* /certs/wd/* /certs/wm/*
+ chown -R 1000:1000 /certs/*
+ ls -alR /certs/
+
+ sleep 30
+ '
+ healthcheck:
+ test: ["CMD-SHELL", "[ -r /certs/wm/wazuh.manager.pem ]"]
+ interval: 2s
+ timeout: 5s
+ retries: 10
+
+ filebeat:
+ depends_on:
+ wazuh.indexer:
+ condition: service_healthy
+ image: elastic/filebeat:7.10.2
+ hostname: filebeat
+ user: "0:0"
+ networks:
+ - wzd-pre
+ - mon
+ <<: *logging
+ entrypoint:
+ - '/bin/bash'
+ command: >
+ -c '
+ mkdir -p /etc/filebeat
+ echo admin | filebeat keystore add username --stdin --force
+ echo SecretPassword| filebeat keystore add password --stdin --force
+ curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
+ curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.2.tar.gz | tar -xvz -C /usr/share/filebeat/module
+ # copy filebeat to preserve correct permissions without
+ # affecting host filesystem
+ cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml
+ chown root.root /usr/share/filebeat/filebeat.yml
+ chmod go-w /usr/share/filebeat/filebeat.yml
+ filebeat setup -e
+ filebeat
+ '
+ volumes:
+ - wm_certs:/etc/ssl/wazuh
+ - ./config/filebeat/filebeat.yml:/tmp/filebeat.yml
+
+
+ wazuh.indexer:
+ depends_on:
+ generator:
+ condition: service_healthy
+ image: wazuh/wazuh-indexer:${WAZUH_STACK}
+ hostname: wazuh.indexer
+ networks:
+ - wzd-pre
+ - mon
+ <<: *logging
+ environment:
+ - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
+ - "OPENSEARCH_PATH_CONF=/usr/share/wazuh-indexer/config"
+ ulimits:
+ memlock:
+ soft: -1
+ hard: -1
+ nofile:
+ soft: 65536
+ hard: 65536
+ volumes:
+ - wazuh-indexer-data:/var/lib/wazuh-indexer
+ - wi_certs:/usr/share/wazuh-indexer/certs/
+ - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+ - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+ - ./config/wazuh_indexer/config.yml:/usr/share/wazuh-indexer/opensearch-security/config.yml
+ - ./config/wazuh_indexer/roles.yml:/usr/share/wazuh-indexer/opensearch-security/roles.yml
+ - ./config/wazuh_indexer/roles_mapping.yml:/usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml
+ healthcheck:
+ test:
+ [
+ "CMD-SHELL",
+ "/usr/share/wazuh-indexer/bin/opensearch-plugin list | grep -q security",
+ ]
+ interval: 10s
+ timeout: 10s
+ retries: 120
+
+
+
+ wazuh.dashboard:
+ image: wazuh/wazuh-dashboard:${WAZUH_STACK}
+ hostname: wazuh.dashboard
+ depends_on:
+ wazuh.indexer:
+ condition: service_healthy
+ networks:
+ - wzd-pre
+ - mon
+ <<: *logging
+ ports:
+ - ${KIBANA_PORT}:5601
+ environment:
+ - INDEXER_USERNAME=admin
+ - INDEXER_PASSWORD=SecretPassword
+ - WAZUH_API_URL=http://imposter:8080
+ - API_USERNAME=wazuh-wui
+ - API_PASSWORD=MyS3cr37P450r.*-
+ volumes:
+ - wd_certs:/usr/share/wazuh-dashboard/certs
+ - ./config/wazuh_dashboard/wazuh_dashboards.yml:/usr/share/wazuh-dashboard/config/wazuh_dashboards.yml
+ - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+
+networks:
+ networks:
+ wzd-pre:
+ name: wzd-pre-${WAZUH_STACK}
+ driver: bridge
+ mon:
+ external: true
+
+volumes:
+ wazuh-indexer-data:
+ wi_certs:
+ wd_certs:
+ wm_certs:
diff --git a/docker/wazuh-4.5-wz/rel.sh b/docker/wazuh-4.5-wz/rel.sh
new file mode 100755
index 0000000000..b79eefcf0f
--- /dev/null
+++ b/docker/wazuh-4.5-wz/rel.sh
@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+
+versions=(
+ "4.5.0"
+ "4.5.1"
+ "4.5.2"
+)
+
+usage() {
+ echo
+ echo "$0 version action [saml]"
+ echo
+ echo "where version is one of " ${versions[*]}
+ echo "action is one of up | down | stop"
+ echo "saml to deploy a saml enabled environment"
+ exit -1
+}
+
+if [ $# -lt 2 ]; then
+ echo "Incorrect number of arguments " $#
+ usage
+fi
+
+if [[ ! " ${versions[*]} " =~ " ${1} " ]]; then
+ echo "Version ${1} not found in ${versions[*]}"
+ exit -1
+fi
+
+export WAZUH_STACK=${1}
+export KIBANA_PORT=5601
+export KIBANA_PASSWORD=${PASSWORD:-SecretPassword}
+export COMPOSE_PROJECT_NAME=wz-rel-${WAZUH_STACK//./}
+
+profile="standard"
+export WAZUH_DASHBOARD_CONF=./config/wazuh_dashboard/wazuh_dashboard.yml
+export SEC_CONFIG_FILE=./config/wazuh_indexer/config.yml
+
+if [[ "$3" =~ "saml" ]]; then
+ profile="saml"
+ export WAZUH_DASHBOARD_CONF=./config/wazuh_dashboard/wazuh_dashboard_saml.yml
+ export SEC_CONFIG_FILE=./config/wazuh_indexer/config-saml.yml
+fi
+
+case "$2" in
+up)
+ docker compose --profile $profile -f rel.yml -p ${COMPOSE_PROJECT_NAME} up -Vd
+ echo
+ echo "1. (Optional) Enroll an agent (Ubuntu 20.04):"
+ echo "docker run --name ${COMPOSE_PROJECT_NAME}-agent --network ${COMPOSE_PROJECT_NAME} --label com.docker.compose.project=${COMPOSE_PROJECT_NAME} -d ubuntu:20.04 bash -c '"
+ echo " apt update -y"
+ echo " apt install -y curl lsb-release"
+ echo " curl -so \wazuh-agent-${WAZUH_STACK}.deb \\"
+ echo " https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_${WAZUH_STACK}-1_amd64.deb \\"
+ echo " && WAZUH_MANAGER='wazuh.manager' WAZUH_AGENT_GROUP='default' dpkg -i ./wazuh-agent-${WAZUH_STACK}.deb"
+ echo
+ echo " /etc/init.d/wazuh-agent start"
+ echo " tail -f /var/ossec/logs/ossec.log"
+ echo "'"
+ echo
+ ;;
+down)
+ docker compose --profile $profile -f rel.yml -p ${COMPOSE_PROJECT_NAME} down -v --remove-orphans
+ ;;
+stop)
+ docker compose --profile $profile -f rel.yml -p ${COMPOSE_PROJECT_NAME} stop
+ ;;
+*)
+ echo "Action must be either up or down"
+ usage
+ ;;
+esac
diff --git a/docker/wazuh-4.5-wz/rel.yml b/docker/wazuh-4.5-wz/rel.yml
new file mode 100755
index 0000000000..af4a7dc974
--- /dev/null
+++ b/docker/wazuh-4.5-wz/rel.yml
@@ -0,0 +1,325 @@
+# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
+version: '3.9'
+
+x-logging: &logging
+ logging:
+ driver: loki
+ options:
+ loki-url: 'http://host.docker.internal:3100/loki/api/v1/push'
+
+services:
+ generator:
+ image: cfssl/cfssl
+ profiles:
+ - 'saml'
+ - 'standard'
+ <<: *logging
+ volumes:
+ - wi_certs:/certs/wi
+ - wd_certs:/certs/wd
+ - wm_certs:/certs/wm
+ - idp_certs:/certs/idp
+ - ./config/certs:/conf
+ # Included to avoid docker from creating duplicated networks
+ networks:
+ - wz-rel
+ entrypoint: /bin/bash
+ command: >
+ -c '
+ export certs=/tmp/certs
+ mkdir $$certs
+ cd $$certs
+
+ echo "Generating CA"
+ cfssl gencert -initca /conf/ca.json | cfssljson -bare ca
+
+ echo "Generating servers certificates"
+ for i in wazuh.indexer wazuh.dashboard wazuh.manager; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=server - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
+
+ echo "Generating clients certificates"
+ for i in admin saml filebeat; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=client - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
+
+ echo "Setting up permissions"
+
+ rm /certs/wi/* /certs/wd/* /certs/wm/*
+
+ mv $$certs/wazuh.indexer* /certs/wi
+ mv $$certs/admin* /certs/wi
+ mv /certs/wi/admin.key /certs/wi/admin-key.pem
+ cp $$certs/*ca* /certs/wi
+
+ mv $$certs/saml* /certs/idp
+ mv /certs/idp/saml.key /certs/idp/saml-key.pem
+ cp $$certs/*ca* /certs/idp
+
+ mv $$certs/wazuh.dashboard* /certs/wd
+ cp $$certs/*ca* /certs/wd
+
+ mv $$certs/*.* /certs/wm
+
+ chmod 640 /certs/wi/* /certs/wd/* /certs/wm/*
+ chown -R 1000:1000 /certs/*
+ ls -alR /certs/
+
+ sleep 300
+ '
+ healthcheck:
+ test: ['CMD-SHELL', '[ -r /certs/wm/wazuh.manager.pem ]']
+ interval: 2s
+ timeout: 5s
+ retries: 10
+
+ idpsec:
+ image: quay.io/keycloak/keycloak:19.0.1
+ depends_on:
+ generator:
+ condition: service_healthy
+ profiles:
+ - 'saml'
+ volumes:
+ - wi_certs:/certs/wi
+ - wd_certs:/certs/wd
+ - wm_certs:/certs/wm
+ - idp_certs:/certs/idp
+ networks:
+ - wz-rel
+ - mon
+ entrypoint: /bin/bash
+ command: >
+ -c '
+ # trust store
+ for i in /certs/idp/ca.pem /certs/wd/wazuh.dashboard.pem /certs/wi/wazuh.indexer.pem
+ do
+ keytool -import -alias $$(basename $$i .pem) -file $$i -keystore /certs/idp/truststore.jks -storepass SecretPassword -trustcacerts -noprompt
+ done
+ sleep 300
+ '
+ healthcheck:
+ test: ['CMD-SHELL', '[ -r /certs/idp/truststore.jks ]']
+ interval: 2s
+ timeout: 5s
+ retries: 10
+
+ wazuh.manager:
+ depends_on:
+ generator:
+ condition: service_healthy
+ image: wazuh/wazuh-manager:${WAZUH_STACK}
+ profiles:
+ - 'saml'
+ - 'standard'
+ hostname: wazuh.manager
+ networks:
+ - wz-rel
+ - mon
+ <<: *logging
+ environment:
+ - INDEXER_URL=https://wazuh.indexer:9200
+ - INDEXER_USERNAME=admin
+ - INDEXER_PASSWORD=SecretPassword
+ - FILEBEAT_SSL_VERIFICATION_MODE=full
+ - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/wazuh/ca.pem
+ - SSL_CERTIFICATE=/etc/ssl/wazuh/filebeat.pem
+ - SSL_KEY=/etc/ssl/wazuh/filebeat.key
+ - API_USERNAME=wazuh-wui
+ - API_PASSWORD=MyS3cr37P450r.*-
+ volumes:
+ - wazuh_api_configuration:/var/ossec/api/configuration
+ - wazuh_etc:/var/ossec/etc
+ - wazuh_logs:/var/ossec/logs
+ - wazuh_queue:/var/ossec/queue
+ - wazuh_var_multigroups:/var/ossec/var/multigroups
+ - wazuh_integrations:/var/ossec/integrations
+ - wazuh_active_response:/var/ossec/active-response/bin
+ - wazuh_agentless:/var/ossec/agentless
+ - wazuh_wodles:/var/ossec/wodles
+ - filebeat_etc:/etc/filebeat
+ - filebeat_var:/var/lib/filebeat
+ - wm_certs:/etc/ssl/wazuh
+ - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
+
+ wazuh.indexer:
+ depends_on:
+ generator:
+ condition: service_healthy
+ idpsetup:
+ condition: service_completed_successfully
+ required: false
+ image: wazuh/wazuh-indexer:${WAZUH_STACK}
+ profiles:
+ - 'saml'
+ - 'standard'
+ hostname: wazuh.indexer
+ networks:
+ - wz-rel
+ - mon
+ <<: *logging
+ environment:
+ - 'OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m'
+ - 'OPENSEARCH_PATH_CONF=/usr/share/wazuh-indexer/config'
+ ulimits:
+ memlock:
+ soft: -1
+ hard: -1
+ nofile:
+ soft: 65536
+ hard: 65536
+ volumes:
+ - wazuh-indexer-data:/var/lib/wazuh-indexer
+ - wi_certs:/usr/share/wazuh-indexer/certs/
+ - idp_certs:/usr/share/wazuh-indexer/idp/
+ - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+ - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+ - ${SEC_CONFIG_FILE}:/usr/share/wazuh-indexer/opensearch-security/config.yml
+ - ./config/wazuh_indexer/roles.yml:/usr/share/wazuh-indexer/opensearch-security/roles.yml
+ - ./config/wazuh_indexer/roles_mapping.yml:/usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml
+ healthcheck:
+ test:
+ [
+ 'CMD-SHELL',
+ '/usr/share/wazuh-indexer/bin/opensearch-plugin list | grep -q security',
+ ]
+ interval: 10s
+ timeout: 10s
+ retries: 120
+
+ wazuh.dashboard:
+ image: wazuh/wazuh-dashboard:${WAZUH_STACK}
+ profiles:
+ - 'saml'
+ - 'standard'
+ hostname: wazuh.dashboard
+ depends_on:
+ wazuh.indexer:
+ condition: service_healthy
+ networks:
+ - wz-rel
+ - mon
+ <<: *logging
+ ports:
+ - ${KIBANA_PORT}:5601
+ environment:
+ - INDEXER_USERNAME=admin
+ - INDEXER_PASSWORD=SecretPassword
+ - WAZUH_API_URL=https://wazuh.manager
+ - API_USERNAME=wazuh-wui
+ - API_PASSWORD=MyS3cr37P450r.*-
+ volumes:
+ - wd_certs:/usr/share/wazuh-dashboard/certs
+ - ${WAZUH_DASHBOARD_CONF}:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+ - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+
+ exporter:
+ image: quay.io/prometheuscommunity/elasticsearch-exporter:latest
+ profiles:
+ - 'saml'
+ - 'standard'
+ <<: *logging
+ hostname: 'exporter'
+ networks:
+ - wz-rel
+ - mon
+ command:
+ - '--es.uri=https://admin:${KIBANA_PASSWORD}@wazuh-indexer:9200'
+ - '--es.ssl-skip-verify'
+ - '--es.all'
+
+ idp:
+ image: quay.io/keycloak/keycloak:19.0.1
+ depends_on:
+ idpsec:
+ condition: service_healthy
+ profiles:
+ - 'saml'
+ hostname: idp
+ <<: *logging
+ networks:
+ - wz-rel
+ - mon
+ ports:
+ - '8080:8080'
+ environment:
+ - KEYCLOAK_ADMIN=admin
+ - KEYCLOAK_ADMIN_PASSWORD=admin
+ - KC_SPI_TRUSTSTORE_FILE_PASSWORD=SecretPassword
+ - KC_SPI_TRUSTSTORE_FILE_FILE=/certs/truststore.jks
+ volumes:
+ - keycloak-data:/var/lib/keycloak/data
+ - idp_certs:/certs
+ command: start-dev
+ healthcheck:
+ test: curl -f http://idp:8080/realms/master || exit 1
+ interval: 10s
+ timeout: 5s
+ retries: 6
+
+ idpsetup:
+ image: badouralix/curl-jq
+ depends_on:
+ idp:
+ condition: service_healthy
+ profiles:
+ - 'saml'
+ hostname: idpsetup
+ <<: *logging
+ networks:
+ - wz-rel
+ - mon
+ volumes:
+ - wi_certs:/certs/wi
+ - ./enable_saml.sh:/enable_saml.sh
+ entrypoint: /bin/sh
+ command: >
+ -c '
+ apk add bash
+ bash /enable_saml.sh
+ exit 0
+ '
+
+networks:
+ wz-rel:
+ name: ${COMPOSE_PROJECT_NAME}
+ driver: bridge
+ mon:
+ external: true
+
+volumes:
+ wi_certs:
+ wd_certs:
+ wm_certs:
+ idp_certs:
+ wazuh_api_configuration:
+ wazuh_etc:
+ wazuh_logs:
+ wazuh_queue:
+ wazuh_var_multigroups:
+ wazuh_integrations:
+ wazuh_active_response:
+ wazuh_agentless:
+ wazuh_wodles:
+ filebeat_etc:
+ filebeat_var:
+ wazuh-indexer-data:
+ keycloak-data:
diff --git a/docker/wazuh-4.x-es/pre.sh b/docker/wazuh-4.x-es/pre.sh
index 139dfb338c..6a0d90f490 100755
--- a/docker/wazuh-4.x-es/pre.sh
+++ b/docker/wazuh-4.x-es/pre.sh
@@ -41,6 +41,7 @@ wazuh_api_version=(
"4.5.0"
"4.5.1"
"4.5.2"
+ "4.5.3"
"4.6.0"
)
diff --git a/docker/wazuh-4.x-es/rel.sh b/docker/wazuh-4.x-es/rel.sh
index c741baef7b..dc33ff02a7 100755
--- a/docker/wazuh-4.x-es/rel.sh
+++ b/docker/wazuh-4.x-es/rel.sh
@@ -41,6 +41,7 @@ wazuh_versions=(
"4.5.0"
"4.5.1"
"4.5.2"
+ "4.5.3"
"4.6.0"
)
diff --git a/plugins/main/opensearch_dashboards.json b/plugins/main/opensearch_dashboards.json
index 7dcbd3b552..8fc3ca537f 100644
--- a/plugins/main/opensearch_dashboards.json
+++ b/plugins/main/opensearch_dashboards.json
@@ -1,6 +1,6 @@
{
"id": "wazuh",
- "version": "4.7.0-01",
+ "version": "4.7.0-00",
"opensearchDashboardsVersion": "opensearchDashboards",
"configPath": ["wazuh"],
"requiredPlugins": [
diff --git a/plugins/main/package.json b/plugins/main/package.json
index 93689b4564..bc644d1dca 100644
--- a/plugins/main/package.json
+++ b/plugins/main/package.json
@@ -1,7 +1,7 @@
{
"name": "wazuh",
"version": "4.7.0",
- "revision": "01",
+ "revision": "00",
"pluginPlatform": {
"version": "2.9.0"
},
diff --git a/plugins/main/public/controllers/management/components/management/decoders/components/decoders-table.tsx b/plugins/main/public/controllers/management/components/management/decoders/components/decoders-table.tsx
index 1cb105449b..6881dfc61a 100644
--- a/plugins/main/public/controllers/management/components/management/decoders/components/decoders-table.tsx
+++ b/plugins/main/public/controllers/management/components/management/decoders/components/decoders-table.tsx
@@ -61,8 +61,8 @@ const searchBarWQLOptionsFiles = {
filterButtons: [
{
id: 'relative-dirname',
- input: 'relative_dirname=etc/rules',
- label: 'Custom rules',
+ input: 'relative_dirname=etc/decoders',
+ label: 'Custom decoders',
},
],
};
diff --git a/plugins/main/public/controllers/management/components/management/ruleset/components/ruleset-table.tsx b/plugins/main/public/controllers/management/components/management/ruleset/components/ruleset-table.tsx
index 6ebfa3980a..6fb963c71c 100644
--- a/plugins/main/public/controllers/management/components/management/ruleset/components/ruleset-table.tsx
+++ b/plugins/main/public/controllers/management/components/management/ruleset/components/ruleset-table.tsx
@@ -79,7 +79,6 @@ const searchBarWQLOptionsFiles = {
*/
const FilesTable = ({
actionButtons,
- buttonOptions,
columns,
searchBarSuggestions,
filters,
@@ -109,7 +108,6 @@ const FilesTable = ({
const RulesFlyoutTable = ({
actionButtons,
- buttonOptions,
columns,
searchBarSuggestions,
filters,
@@ -177,11 +175,6 @@ function RulesetTable({ setShowingFiles, showingFiles, ...props }) {
}
}, []);
- // Table custom filter options
- const buttonOptions = [
- { label: 'Custom rules', field: 'relative_dirname', value: 'etc/rules' },
- ];
-
const updateFilters = filters => {
setFilters(filters);
};
@@ -317,7 +310,6 @@ function RulesetTable({ setShowingFiles, showingFiles, ...props }) {
{showingFiles ? (