From d69f5c0c5dec34da72b07665a9206c268bc0f53c Mon Sep 17 00:00:00 2001
From: Victor Carlos Erenu <victor.erenu@wazuh.com>
Date: Tue, 25 Nov 2025 01:22:11 +0700
Subject: [PATCH 1/7] Add new path for Wazun indexer and new function for
 permanent_data exception

---
 build-docker-images/wazuh-indexer/config/config.sh    |  8 ++++----
 .../wazuh-manager/config/etc/cont-init.d/0-wazuh-init | 11 ++++++++++-
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh
index 1761b016..033c52dd 100644
--- a/build-docker-images/wazuh-indexer/config/config.sh
+++ b/build-docker-images/wazuh-indexer/config/config.sh
@@ -73,10 +73,10 @@ mkdir -p ${TARGET_DIR}/usr/lib/sysctl.d
 mkdir -p ${TARGET_DIR}/usr/lib/systemd/system
 mkdir -p ${TARGET_DIR}${CONFIG_DIR}/certs
 # Copy Wazuh's config files for the security plugin
-cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
+cp -pr /roles_mapping.yml ${TARGET_DIR}${CONFIG_DIR}/opensearch-security/
+cp -pr /roles.yml ${TARGET_DIR}${CONFIG_DIR}/opensearch-security/
+cp -pr /action_groups.yml ${TARGET_DIR}${CONFIG_DIR}/opensearch-security/
+cp -pr /internal_users.yml ${TARGET_DIR}${CONFIG_DIR}/opensearch-security/
 cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
 # Copy Wazuh indexer's certificates
 cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem
diff --git a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
index ca125b1b..ec2903b5 100644
--- a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
+++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
@@ -70,8 +70,17 @@ apply_exclusion_data() {
         mkdir -p ${DIR}
       fi
 
+      safe_cp() {
+          if cp -p "$1" "$2" 2>/dev/null; then
+              return 0
+          else
+              echo "Warning: Could not copy $1 (may be read-only)"
+              return 0
+          fi
+      }
+
       print "Updating ${exclusion_file}"
-      exec_cmd "cp -p ${WAZUH_INSTALL_PATH}/data_tmp/exclusion/${exclusion_file} ${exclusion_file}"
+      exec_cmd "safe_cp ${WAZUH_INSTALL_PATH}/data_tmp/exclusion/${exclusion_file} ${exclusion_file}"
     fi
   done
 }

From 2d6c92036643c35585e9c145b5053d325bff4ad4 Mon Sep 17 00:00:00 2001
From: Victor Carlos Erenu <victor.erenu@wazuh.com>
Date: Tue, 25 Nov 2025 20:57:45 +0700
Subject: [PATCH 2/7] Delete opensearch-security directory creation

---
 build-docker-images/wazuh-indexer/config/config.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh
index 033c52dd..c8e6f529 100644
--- a/build-docker-images/wazuh-indexer/config/config.sh
+++ b/build-docker-images/wazuh-indexer/config/config.sh
@@ -62,7 +62,6 @@ chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
 
 # copy to target
 mkdir -p ${TARGET_DIR}${INSTALLATION_DIR}
-mkdir -p ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
 mkdir -p ${TARGET_DIR}${CONFIG_DIR}
 mkdir -p ${TARGET_DIR}${LIB_DIR}
 mkdir -p ${TARGET_DIR}${LOG_DIR}

From fb6be60afbd636527c79e13fbdc866b51ec6b438 Mon Sep 17 00:00:00 2001
From: Victor Carlos Erenu <victor.erenu@wazuh.com>
Date: Tue, 25 Nov 2025 21:52:07 +0700
Subject: [PATCH 3/7] Add changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 97c89afc..b8e66bd8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file.
 
 ### Added
 
+- Code improvements for 4.14.2 ([#2090](https://github.com/wazuh/wazuh-docker/pull/2090))
 - Artifactory vulnerabilities notification ([#2078](https://github.com/wazuh/wazuh-docker/pull/2078))
 
 ### Changed

From 2d122e1dc9e3c1bce44d8eb7efdb79c0fc04b34e Mon Sep 17 00:00:00 2001
From: Carlos Bordon <carlos.e.bordon@gmail.com>
Date: Wed, 26 Nov 2025 15:22:12 -0300
Subject: [PATCH 4/7] Removed sslmanager key from the docker manager image to
 4.14.2

---
 build-docker-images/wazuh-manager/Dockerfile          |  4 ++++
 .../wazuh-manager/config/etc/cont-init.d/0-wazuh-init | 11 +++--------
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/build-docker-images/wazuh-manager/Dockerfile b/build-docker-images/wazuh-manager/Dockerfile
index 0433b503..5bc2cd2a 100644
--- a/build-docker-images/wazuh-manager/Dockerfile
+++ b/build-docker-images/wazuh-manager/Dockerfile
@@ -40,6 +40,10 @@ COPY config/filebeat.yml /etc/filebeat/
 
 RUN chmod go-w /etc/filebeat/filebeat.yml
 
+# Remove wazuh-authd default certs to force generation of new ones at container startup
+RUN rm -f /var/ossec/etc/sslmanager.key && \
+    rm -f /var/ossec/etc/sslmanager.cert
+
 ADD https://raw.githubusercontent.com/wazuh/wazuh/$FILEBEAT_TEMPLATE_BRANCH/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
 RUN chmod go-w /etc/filebeat/wazuh-template.json
 
diff --git a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
index ec2903b5..044aee8a 100644
--- a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
+++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
@@ -6,8 +6,6 @@ source /permanent_data.env
 
 WAZUH_INSTALL_PATH=/var/ossec
 WAZUH_CONFIG_MOUNT=/wazuh-config-mount
-AUTO_ENROLLMENT_ENABLED=${AUTO_ENROLLMENT_ENABLED:-true}
-
 
 ##############################################################################
 # Aux functions
@@ -215,13 +213,10 @@ main() {
   # Remove some files in permanent_data (i.e. .template.db)
   remove_data_files
 
-  # Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
-  if [ $AUTO_ENROLLMENT_ENABLED == true ]
+  # Create wazuh-authd key and cert if not present
+  if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]
   then
-    if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]
-    then
-      create_ossec_key_cert
-    fi
+    create_ossec_key_cert
   fi
 
   # Mount selected files (WAZUH_CONFIG_MOUNT) to container

From 0602ce076d4a4df418aed186c312c69758e332ba Mon Sep 17 00:00:00 2001
From: Carlos Bordon <carlos.e.bordon@gmail.com>
Date: Wed, 26 Nov 2025 16:55:29 -0300
Subject: [PATCH 5/7] Updated changelog

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b8e66bd8..dfb32ae0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,7 +10,7 @@ All notable changes to this project will be documented in this file.
 
 ### Changed
 
-- None
+- Removed sslmanager key from the docker manager image to 4.14.2. ([#2093](https://github.com/wazuh/wazuh-docker/pull/2093))
 
 ### Fixed
 

From eecec3db80f999b7dbd97725aa3905da7db5f30b Mon Sep 17 00:00:00 2001
From: Carlos Bordon <carlos.e.bordon@gmail.com>
Date: Thu, 27 Nov 2025 11:15:32 -0300
Subject: [PATCH 6/7] The location of the remove command for the wazuh-authd
 certificates has been changed.

---
 build-docker-images/wazuh-manager/Dockerfile | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/build-docker-images/wazuh-manager/Dockerfile b/build-docker-images/wazuh-manager/Dockerfile
index 5bc2cd2a..73c86396 100644
--- a/build-docker-images/wazuh-manager/Dockerfile
+++ b/build-docker-images/wazuh-manager/Dockerfile
@@ -31,7 +31,9 @@ RUN yum install wazuh-manager-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
     -o /tmp/s6-overlay-amd64.tar.gz && \
     tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \
     tar xzf /tmp/s6-overlay-amd64.tar.gz -C /usr ./bin && \
-    rm  /tmp/s6-overlay-amd64.tar.gz
+    rm  /tmp/s6-overlay-amd64.tar.gz && \
+    rm -f /var/ossec/etc/sslmanager.key && \
+    rm -f /var/ossec/etc/sslmanager.cert
 
 COPY config/etc/ /etc/
 COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py
@@ -40,10 +42,6 @@ COPY config/filebeat.yml /etc/filebeat/
 
 RUN chmod go-w /etc/filebeat/filebeat.yml
 
-# Remove wazuh-authd default certs to force generation of new ones at container startup
-RUN rm -f /var/ossec/etc/sslmanager.key && \
-    rm -f /var/ossec/etc/sslmanager.cert
-
 ADD https://raw.githubusercontent.com/wazuh/wazuh/$FILEBEAT_TEMPLATE_BRANCH/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
 RUN chmod go-w /etc/filebeat/wazuh-template.json
 

From 0ba67b1adf2ec3e3c2810feda7277c623c7e0d68 Mon Sep 17 00:00:00 2001
From: Carlos Bordon <carlos.e.bordon@gmail.com>
Date: Thu, 27 Nov 2025 11:19:10 -0300
Subject: [PATCH 7/7] Updated changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index dfb32ae0..a1e079d4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@ All notable changes to this project will be documented in this file.
 
 ### Changed
 
+- The location of the remove command for the wazuh-authd certificates has been changed. ([#2094](https://github.com/wazuh/wazuh-docker/pull/2094))
 - Removed sslmanager key from the docker manager image to 4.14.2. ([#2093](https://github.com/wazuh/wazuh-docker/pull/2093))
 
 ### Fixed