Merge pull request #8013 from wazuh/merge-4.9-into-4.10.0

Merge 4.9 into 4.10.0

source/user-manual/agent/agent-enrollment/security-options/using-password-authentication.rst

@@ -101,7 +101,7 @@ Follow these steps to enroll a Linux/Unix endpoint with password authentication:
 
       .. code-block:: none
 
-         -rw-r--r-- 1 root wazuh 18 Jan 11 13:03 /var/ossec/etc/authd.pass
+         -rw-r----- 1 root wazuh 18 Jan 11 13:03 /var/ossec/etc/authd.pass
 
 #. (Optional) To ensure the Wazuh agent can locate your password file if it is not in the default location (``/var/ossec/etc/authd.pass``), include the ``authorization_pass_path`` setting in the Wazuh agent configuration. Replace ``<PATH_TO_PASSWORD_FILE>`` with the filepath of the password file.
 

source/user-manual/reference/ossec-conf/vuln-detector.rst

@@ -27,17 +27,17 @@ Options
    :depth: 1
    :backlinks: none
 
-+---------------------------+------------------------------------------------------------+
-| Options                   | Allowed values                                             |
-+===========================+============================================================+
-| `enabled`_                | ``yes``, ``no``                                            |
-+---------------------------+------------------------------------------------------------+
-| `feed-update-interval`_   | Positive number + Time unit suffix                         |
-+---------------------------+------------------------------------------------------------+
-| `index-status`_           | ``yes``, ``no``                                            |
-+---------------------------+------------------------------------------------------------+
-| `offline-url`_            | ``file://<LOCAL_FILE_PATH>``, ``http[s]://<CONTENT_URL>``  |
-+---------------------------+------------------------------------------------------------+
++---------------------------+-----------------------------------------------------------------------------+
+| Options                   | Allowed values                                                              |
++===========================+=============================================================================+
+| `enabled`_                | ``yes``, ``no``                                                             |
++---------------------------+-----------------------------------------------------------------------------+
+| `feed-update-interval`_   | Positive number + Time unit suffix                                          |
++---------------------------+-----------------------------------------------------------------------------+
+| `index-status`_           | ``yes``, ``no``                                                             |
++---------------------------+-----------------------------------------------------------------------------+
+| `offline-url`_            | ``file://</ABSOLUTE_PATH_TO/OFFLINE_CONTENT>``, ``http[s]://<CONTENT_URL>`` |
++---------------------------+-----------------------------------------------------------------------------+
 
 enabled
 ^^^^^^^
@@ -78,15 +78,16 @@ offline-url
 
 File path or URL for offline content access.
 
-+--------------------+---------------------------------------------------------+
-| **Default**        | Empty                                                   |
-+--------------------+---------------------------------------------------------+
-| **Allowed values** |``file://<LOCAL_FILE_PATH>``, ``http[s]://<CONTENT_URL>``|
-+--------------------+---------------------------------------------------------+
++--------------------+-----------------------------------------------------------------------------+
+| **Default**        | Empty                                                                       |
++--------------------+-----------------------------------------------------------------------------+
+| **Allowed values** | ``file://</ABSOLUTE_PATH_TO/OFFLINE_CONTENT>``, ``http[s]://<CONTENT_URL>`` |
++--------------------+-----------------------------------------------------------------------------+
 
-``<LOCAL_FILE_PATH>``: A local file path starting with \file://, pointing to offline content stored on the device.
+Where:
 
-``<CONTENT_URL>``: A URL starting with either \http:// or \https://, pointing to local network content or online content accessible via the internet.
+-  ``file://</ABSOLUTE_PATH_TO/OFFLINE_CONTENT>``: File path pointing to offline content. For example, ``file:///path/to/the/cves.file.zip``
+-  ``http[s]://<CONTENT_URL>``: URL starting with either ``http://`` or ``https://``, pointing to local network content or online content accessible via the internet.
 
 interval
 ^^^^^^^^
@@ -117,5 +118,9 @@ Example of configuration
       <enabled>yes</enabled>
       <index-status>yes</index-status>
       <feed-update-interval>60m</feed-update-interval>
-      <offline-url>file://path/to/content/file.tar.xz</offline-url> <!-- Optional -->
+      <offline-url>file:///path/to/the/cves.file.zip</offline-url> <!-- Optional -->
    </vulnerability-detection>
+
+.. note::
+
+   Supported compression formats include zip, xz, and gzip. The module also accepts raw JSON content in plain text files.

source/user-manual/wazuh-server-cluster.rst

@@ -359,7 +359,7 @@ Ensure you select the appropriate sub-section based on your existing deployment.
 Certificates creation
 ^^^^^^^^^^^^^^^^^^^^^
 
-Wazuh uses certificates to establish trust and confidentiality between its components - the Wazuh indexer, Filebeat and the Wazuh dashboard. The Wazuh server comprises two components, the Wazuh manager and Filebeat. When adding new Wazuh server nodes, an SSL certificate is required for the Filebeat on the new node to communicate securely with the Wazuh indexer. 
+Wazuh uses certificates to establish trust and confidentiality between its components - the Wazuh indexer, Filebeat and the Wazuh dashboard. The Wazuh server comprises two components, the Wazuh manager and Filebeat. When adding new Wazuh server nodes, an SSL certificate is required for the Filebeat on the new node to communicate securely with the Wazuh indexer.
 
 Perform the following steps on your existing Wazuh server node to generate the certificates required for secure communication among the Wazuh central components.
 
@@ -612,7 +612,7 @@ All-in-one deployment
 
       # bash /root/deploy-certificates.sh
 
-   This deploys the SSL certificates to encrypt communications between the Wazuh central components. 
+   This deploys the SSL certificates to encrypt communications between the Wazuh central components.
 
    **Recommended action**: Save a copy offline for potential future use and scalability. You can  remove the ``wazuh-certificates.tar`` file on this node by running the command below to increase security:
 
@@ -735,8 +735,8 @@ Distributed deployment
 
    .. code-block:: console
 
-      # mkdir /etc/filebeat/certs
       # rm -rf /etc/filebeat/certs
+      # mkdir /etc/filebeat/certs
       # tar -xf ./wazuh-certificates.tar -C /etc/filebeat/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
       # mv -n /etc/filebeat/certs/$NODE_NAME.pem /etc/filebeat/certs/filebeat.pem
       # mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
@@ -1129,7 +1129,7 @@ Run the following commands in the directory where the ``wazuh-certificates.tar``
       # mv -n /etc/filebeat/certs/$NODE_NAME-key.pem /etc/filebeat/certs/filebeat-key.pem
       # chmod 500 /etc/filebeat/certs
       # chmod 400 /etc/filebeat/certs/*
-      #chown -R root:root /etc/filebeat/certs
+      # chown -R root:root /etc/filebeat/certs
 
 Starting the service
 ~~~~~~~~~~~~~~~~~~~~
@@ -2147,7 +2147,7 @@ Depending on the :ref:`HAProxy installation method <haproxy_installation>`, foll
 
                   COPY <HAPROXY_CERTIFICATE_FILE> /etc/haproxy/ssl/<HAPROXY_CERTIFICATE_FILE>
                   COPY <HAPROXY_CERTIFICATE_KEY_FILE> /etc/haproxy/ssl/<HAPROXY_CERTIFICATE_KEY_FILE>
-                  COPY <CLIENT_SIDE_CERTIFICATE_FILE> /etc/haproxy/ssl/<CLIENT_SIDE_CERTIFICATE_FILE> 
+                  COPY <CLIENT_SIDE_CERTIFICATE_FILE> /etc/haproxy/ssl/<CLIENT_SIDE_CERTIFICATE_FILE>
 
                   RUN chmod +x /etc/init.d/haproxy
                   RUN chmod +x /entrypoint.sh
@@ -2297,7 +2297,7 @@ As an example, you can configure a basic HAProxy helper within an already config
          -  :ref:`haproxy_password <haproxy_password>` specifies the password to authenticate with HAProxy.
          -  :ref:`haproxy_protocol <haproxy_protocol>` specifies the protocol to use for the HAProxy Dataplane API communication. It is recommended to set it to ``https``.
          -  :ref:`haproxy_port <haproxy_port>` specifies the port used for the HAProxy Dataplane API communication.
-         -  :ref:`haproxy_cert` <haproxy_cert> specifies the certificate file used for the HTTPS communication. It must be the same as the one defined in the ``tls_certificate`` parameter in the ``dataplaneapi.yml`` file. 
+         -  :ref:`haproxy_cert` <haproxy_cert> specifies the certificate file used for the HTTPS communication. It must be the same as the one defined in the ``tls_certificate`` parameter in the ``dataplaneapi.yml`` file.
          -  :ref:`client_cert` <client_cert> specifies the certificate file used in the client side of the HTTPS communication. It must be the same as the one defined in the ``tls_ca`` parameter in the ``dataplaneapi.yml`` file.
          -  :ref:`client_cert_key` <client_cert_key> specifies the certificate key file used in the client side of the HTTPS communication.