Merge branch '4.8.1' into merge-4.8.1-into-master

.env

@@ -1,6 +1,6 @@
 WAZUH_VERSION=4.9.0
 WAZUH_IMAGE_VERSION=4.9.0
 WAZUH_TAG_REVISION=1
-FILEBEAT_TEMPLATE_BRANCH=4.8.0
-WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.2.tar.gz
+FILEBEAT_TEMPLATE_BRANCH=4.9.0
+WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.3.tar.gz
 WAZUH_UI_REVISION=1

CHANGELOG.md

@@ -6,6 +6,11 @@ All notable changes to this project will be documented in this file.
 
 - Update Wazuh to version [4.9.0](https://github.com/wazuh/wazuh/blob/v4.9.0/CHANGELOG.md#v490)
 
+## Wazuh Docker v4.8.1
+### Added
+
+- Update Wazuh to version [4.8.1](https://github.com/wazuh/wazuh/blob/v4.8.1/CHANGELOG.md#v481)
+
 ## Wazuh Docker v4.8.0
 ### Added
 

README.md

@@ -197,6 +197,7 @@ WAZUH_MONITORING_REPLICAS=0         ##
 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
 | v4.9.0        |         |        |
+| v4.8.1        |         |        |
 | v4.8.0        |         |        |
 | v4.7.1        |         |        |
 | v4.7.0        |         |        |

build-docker-images/README.md

@@ -24,7 +24,7 @@ $ build-docker-images/build-images.sh -h
 Usage: build-docker-images/build-images.sh [OPTIONS]
 
     -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
-    -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default 0.2.
+    -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default 0.3.
     -r, --revision <rev>         [Optional] Package revision. By default 1
     -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 4.9.0.
     -h, --help                   Show this help.

build-docker-images/build-images.sh

@@ -15,7 +15,7 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
 WAZUH_IMAGE_VERSION="4.9.0"
 WAZUH_TAG_REVISION="1"
 WAZUH_DEV_STAGE=""
-FILEBEAT_MODULE_VERSION="0.2"
+FILEBEAT_MODULE_VERSION="0.3"
 
 # -----------------------------------------------------------------------------
 

build-docker-images/wazuh-dashboard/Dockerfile

@@ -80,9 +80,6 @@ ENV PATTERN="" \
     WAZUH_MONITORING_SHARDS="" \
     WAZUH_MONITORING_REPLICAS=""
 
-# Install dependencies
-RUN apt update && apt install -y libnss3-dev fonts-liberation libfontconfig1
-
 # Create wazuh-dashboard user and group
 RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
 RUN useradd --system \

build-docker-images/wazuh-dashboard/config/install_wazuh_app.sh

@@ -1,5 +1,7 @@
 ## variables
 WAZUH_APP=https://packages.wazuh.com/4.x/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+WAZUH_CHECK_UPDATES=https://packages.wazuh.com/4.x/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+WAZUH_CORE=https://packages.wazuh.com/4.x/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
 MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
 MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
@@ -11,15 +13,23 @@ MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
 ## check version to use the correct repository
 if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
   WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+  WAZUH_CHECK_UPDATES=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+  WAZUH_CORE=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
 elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
   if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
     WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+    WAZUH_CHECK_UPDATES=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+    WAZUH_CORE=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
   elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
     if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
       WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+      WAZUH_CHECK_UPDATES=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
+      WAZUH_CORE=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
     fi
   fi
 fi
 
 # Install Wazuh App
-$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_APP --allow-root
+$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_APP --allow-root
+$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_CHECK_UPDATES --allow-root
+$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_CORE --allow-root

build-docker-images/wazuh-indexer/config/ism-check.sh

@@ -1,10 +1,14 @@
 #!/bin/bash
+MIN_SHARD_SIZE=${MIN_SHARD_SIZE:-25}
+MIN_INDEX_AGE=${MIN_INDEX_AGE:-"7d"}
+MIN_DOC_COUNT=${MIN_DOC_COUNT:-600000000}
+ISM_PRIORITY=${ISM_PRIORITY:-50}
 SERVER=`hostname`
 if [[ -n "$INDEXER_PASSWORD"  ]]; then
     until [[ `curl -XGET https://$SERVER:9200/_cat/indices -u admin:SecretPassword -k -s  | grep .opendistro_security | wc -l`  -eq 1 ]]
     do
         echo "Wazuh indexer Security is not initiaized";
         sleep 30
     done
-    bash /usr/share/wazuh-indexer/bin/indexer-ism-init.sh  -p $INDEXER_PASSWORD -i $SERVER
+    bash /usr/share/wazuh-indexer/bin/indexer-ism-init.sh  -p $INDEXER_PASSWORD -i $SERVER -P $ISM_PRIORITY -d $MIN_DOC_COUNT -a $MIN_INDEX_AGE -s $MIN_SHARD_SIZE
 fi

build-docker-images/wazuh-manager/Dockerfile

@@ -13,16 +13,15 @@ ARG WAZUH_FILEBEAT_MODULE
 RUN apt-get update && apt install curl apt-transport-https lsb-release gnupg -y
 
 COPY config/check_repository.sh /
-
 RUN chmod 775 /check_repository.sh
 RUN source /check_repository.sh
 
 RUN apt-get update && \
     apt-get install wazuh-manager=${WAZUH_VERSION}-${WAZUH_TAG_REVISION}
 
-RUN curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb &&\
-    dpkg -i ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && \
-    curl -s https://packages.wazuh.com/4.x/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module
+COPY config/filebeat_module.sh /
+RUN chmod 775 /filebeat_module.sh
+RUN source /filebeat_module.sh
 
 ARG S6_VERSION="v2.2.0.3"
 RUN curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \

build-docker-images/wazuh-manager/config/filebeat_module.sh

@@ -0,0 +1,25 @@
+REPOSITORY="packages.wazuh.com/4.x"
+WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
+MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
+MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
+MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
+MAJOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f1)
+MID_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f2)
+MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
+
+## check version to use the correct repository
+if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
+  REPOSITORY="packages-dev.wazuh.com/pre-release"
+elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
+  if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
+    REPOSITORY="packages-dev.wazuh.com/pre-release"
+  elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
+    if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
+      REPOSITORY="packages-dev.wazuh.com/pre-release"
+    fi
+  fi
+fi
+
+curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb &&\
+dpkg -i ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && \
+curl -s https://${REPOSITORY}/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module