diff --git a/security/wazuh-agent/Makefile b/security/wazuh-agent/Makefile
index 013038107ce3..5b5eeface6a1 100644
--- a/security/wazuh-agent/Makefile
+++ b/security/wazuh-agent/Makefile
@@ -1,97 +1,98 @@
 PORTNAME=	wazuh
 DISTVERSIONPREFIX=	v
-DISTVERSION=	4.1.3
+DISTVERSION=	4.1.4
 CATEGORIES=	security
 MASTER_SITES=	https://packages.wazuh.com/deps/11/libraries/sources/
 PKGNAMESUFFIX=	-agent
 DISTFILES=	cJSON.tar.gz libplist.tar.gz curl.tar.gz libdb.tar.gz libffi.tar.gz \
 		libyaml.tar.gz openssl.tar.gz procps.tar.gz sqlite.tar.gz zlib.tar.gz \
 		audit-userspace.tar.gz msgpack.tar.gz bzip2.tar.gz libpcre2.tar.gz
 DIST_SUBDIR=	${PORTNAME}-${DISTVERSION}
 EXTRACT_ONLY=	${DISTNAME}${EXTRACT_SUFX}
 
 MAINTAINER=	m.muenz@gmail.com
 COMMENT=	Security tool to monitor and check logs and intrusions
 
 LICENSE=	GPLv2
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
 BROKEN_aarch64=		fails to compile: rootcheck/os_string.c:188:20: use of undeclared identifier '__LDPGSZ'
 BROKEN_i386=		fails to build external OpenSSL dependency
 
 USES=		gmake perl5 readline shebangfix uidfix
 USE_GITHUB=	yes
 USE_RC_SUBR=	${PORTNAME}-agent
 
 SHEBANG_FILES=	${WRKSRC}/contrib/util.sh \
 		${WRKSRC}/src/external/openssl/Configurations/unix-checker.pm \
 		${WRKSRC}/src/init/ossec-client.sh \
 		${WRKSRC}/wodles/oscap/oscap.py \
 		${WRKSRC}/active-response/*.sh
 
 CONFLICTS_INSTALL=	ossec-*
 
 USERS=		ossec ossecm ossecr
 GROUPS=		ossec
 
 OSSEC_GROUP=	ossec
 OSSEC_USER=	ossec
 
 WAZUHMOD750=	/ /logs/ossec /bin /lib /queue /queue/diff /ruleset /ruleset/sca /wodles \
 		/active-response /active-response/bin /agentless /var /backup /queue/rids \
 		/wodles/oscap /wodles/oscap/content
 
 WAZUHMOD770=	/logs /queue/alerts /queue/fim /queue/fim/db /queue/ossec /etc /etc/shared \
-		/.ssh /var/run /var/upgrade /var/wodles /var/incoming
+		/.ssh /var/run /var/upgrade /var/wodles /var/incoming /queue/ossec/fim \
+		/queue/ossec/fim/db
 
 WAZUHPREFIX=	/var/ossec
 
 # extract all extra distfiles in src/external
 post-extract:
 	@for file in ${DISTFILES}; do \
 		if ! (cd ${WRKSRC}/src/external && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/$$file ${EXTRACT_AFTER_ARGS}); \
 		then \
 			exit 1; \
 		fi; \
 	done
 
 do-build:
 	@cd ${WRKSRC}/src && ${GMAKE} TARGET=agent
 
 do-install:
 	@for mod750 in ${WAZUHMOD750}; do \
 		${MKDIR} -m 0750 ${STAGEDIR}${WAZUHPREFIX}$$mod750; \
 	done
 
 	@for mod770 in ${WAZUHMOD770}; do \
 		${MKDIR} -m 0770 ${STAGEDIR}${WAZUHPREFIX}$$mod770; \
 	done
 
 	${MKDIR} -m 1770 ${STAGEDIR}${WAZUHPREFIX}/tmp
 	${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-logcollector ${STAGEDIR}${WAZUHPREFIX}/bin
 	${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-syscheckd ${STAGEDIR}${WAZUHPREFIX}/bin
 	${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-execd ${STAGEDIR}${WAZUHPREFIX}/bin
 	${INSTALL_PROGRAM} ${WRKSRC}/src/manage_agents ${STAGEDIR}${WAZUHPREFIX}/bin
 	${INSTALL_PROGRAM} ${WRKSRC}/src/wazuh-modulesd ${STAGEDIR}${WAZUHPREFIX}/bin/
 	${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-agentd ${STAGEDIR}${WAZUHPREFIX}/bin
 	${INSTALL_PROGRAM} ${WRKSRC}/src/libwazuhext.so ${STAGEDIR}${WAZUHPREFIX}/lib
 	${INSTALL_PROGRAM} ${WRKSRC}/src/agent-auth ${STAGEDIR}${WAZUHPREFIX}/bin
 	${CP} ${WRKSRC}/active-response/*.sh ${STAGEDIR}${WAZUHPREFIX}/active-response/bin/
 	${CP} ${WRKSRC}/active-response/firewalls/*.sh ${STAGEDIR}${WAZUHPREFIX}/active-response/bin/
 	${CP} ${WRKSRC}/etc/internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc/
 	${CP} ${WRKSRC}/etc/local_internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc/local_internal_options.conf
 	${CP} ${WRKSRC}/etc/ossec-agent.conf ${STAGEDIR}${WAZUHPREFIX}/etc/ossec.conf
 	${CP} ${WRKSRC}/etc/ossec-agent.conf ${STAGEDIR}${WAZUHPREFIX}/etc/ossec.conf.sample
 	${CP} /dev/null ${STAGEDIR}${WAZUHPREFIX}/etc/client.keys
 	${INSTALL_SCRIPT} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/ossec.log
 	${INSTALL_SCRIPT} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/ossec.json
 	${INSTALL_SCRIPT} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/active-responses.log
 	${INSTALL_SCRIPT} ${WRKSRC}/contrib/util.sh ${STAGEDIR}${WAZUHPREFIX}/bin/
 	${INSTALL_SCRIPT} ${WRKSRC}/src/init/ossec-client.sh ${STAGEDIR}${WAZUHPREFIX}/bin/ossec-control
 	${INSTALL_SCRIPT} ${WRKSRC}/src/agentlessd/scripts/* ${STAGEDIR}${WAZUHPREFIX}/agentless/
 	${INSTALL_SCRIPT} ${WRKSRC}/src/rootcheck/db/*.txt ${STAGEDIR}${WAZUHPREFIX}/etc/shared/
 	${INSTALL_SCRIPT} ${WRKSRC}/etc/wpk_root.pem ${STAGEDIR}${WAZUHPREFIX}/etc/
 	${INSTALL_SCRIPT} ${WRKSRC}/wodles/oscap/oscap.py ${STAGEDIR}${WAZUHPREFIX}/wodles/oscap
 	${INSTALL_SCRIPT} ${WRKSRC}/wodles/oscap/template_*.xsl ${STAGEDIR}${WAZUHPREFIX}/wodles/oscap
 
 .include <bsd.port.mk>
diff --git a/security/wazuh-agent/distinfo b/security/wazuh-agent/distinfo
index 33b1e2217e83..a7ecb6ad4300 100644
--- a/security/wazuh-agent/distinfo
+++ b/security/wazuh-agent/distinfo
@@ -1,31 +1,31 @@
-TIMESTAMP = 1616531645
-SHA256 (wazuh-4.1.3/cJSON.tar.gz) = 678d796318da57d5f38075e74bbb3b77375dc3f8bb49da341ad1b43c417e8cc1
-SIZE (wazuh-4.1.3/cJSON.tar.gz) = 27863
-SHA256 (wazuh-4.1.3/libplist.tar.gz) = 88278d4bdfc1bd6a3a1a55a4f3d933683d2732ba09cf7a749fe8ec8eec406e3c
-SIZE (wazuh-4.1.3/libplist.tar.gz) = 1520623
-SHA256 (wazuh-4.1.3/curl.tar.gz) = 78ad4a75fec89dd83c75cf35203c1c757c21cb2a6ff574647b13bf86c8798d66
-SIZE (wazuh-4.1.3/curl.tar.gz) = 3692998
-SHA256 (wazuh-4.1.3/libdb.tar.gz) = 885f01aebcca995bcef48d8dc47acb8c4bd5eab06ec188e76cb5863e4f9b2d9b
-SIZE (wazuh-4.1.3/libdb.tar.gz) = 4283467
-SHA256 (wazuh-4.1.3/libffi.tar.gz) = 0e971f64bacc22094e89f034bba075b40ecc2c2c2900eecd7ae85815fd6c9f69
-SIZE (wazuh-4.1.3/libffi.tar.gz) = 964576
-SHA256 (wazuh-4.1.3/libyaml.tar.gz) = 35daad608b372d5ce099f738c0f21bfcc03d6920d92f448386c584e664f1376a
-SIZE (wazuh-4.1.3/libyaml.tar.gz) = 424656
-SHA256 (wazuh-4.1.3/openssl.tar.gz) = a88f46d7dd7b1a88db1faa94943911bf24a0081f90fd1a28bbf06ad54eeab013
-SIZE (wazuh-4.1.3/openssl.tar.gz) = 12936469
-SHA256 (wazuh-4.1.3/procps.tar.gz) = 87336a7860f5116ac5c5222b6b0d5c892e202ce136947e4776037bb7670ce6e2
-SIZE (wazuh-4.1.3/procps.tar.gz) = 55692
-SHA256 (wazuh-4.1.3/sqlite.tar.gz) = 23e109ee91ed16b4a95b2d361ecfd82820842fc337a80aa8032590b96eebddd2
-SIZE (wazuh-4.1.3/sqlite.tar.gz) = 1980218
-SHA256 (wazuh-4.1.3/zlib.tar.gz) = ddbeac924cc7fc3274ad0d5cfcf2a72792f0500e9607c65d02e8753f3a510a01
-SIZE (wazuh-4.1.3/zlib.tar.gz) = 643568
-SHA256 (wazuh-4.1.3/audit-userspace.tar.gz) = e82a32e5edf93b055160e14bc97f41dead39287925851dc80a7638e2d4d30434
-SIZE (wazuh-4.1.3/audit-userspace.tar.gz) = 1682820
-SHA256 (wazuh-4.1.3/msgpack.tar.gz) = 06d63bcf32896cd0af5480c401134b1ad1c166fd84ebe5b486e792101ee854e2
-SIZE (wazuh-4.1.3/msgpack.tar.gz) = 591294
-SHA256 (wazuh-4.1.3/bzip2.tar.gz) = 27688ee0316a64b39e511b2c224070cad97c394a5f711f9d055fc1809d895bcd
-SIZE (wazuh-4.1.3/bzip2.tar.gz) = 71277
-SHA256 (wazuh-4.1.3/libpcre2.tar.gz) = d0bafc3579fa0af0a39951586edfa349e1f4be83d28bed86abe0a3fc4b34fcfa
-SIZE (wazuh-4.1.3/libpcre2.tar.gz) = 1252173
-SHA256 (wazuh-4.1.3/wazuh-wazuh-v4.1.3_GH0.tar.gz) = 146cc69b736aaa40d7ef392aea28b7d7e7d04b1acc2a52c86015a360257e6adf
-SIZE (wazuh-4.1.3/wazuh-wazuh-v4.1.3_GH0.tar.gz) = 18382701
+TIMESTAMP = 1617951361
+SHA256 (wazuh-4.1.4/cJSON.tar.gz) = 678d796318da57d5f38075e74bbb3b77375dc3f8bb49da341ad1b43c417e8cc1
+SIZE (wazuh-4.1.4/cJSON.tar.gz) = 27863
+SHA256 (wazuh-4.1.4/libplist.tar.gz) = 88278d4bdfc1bd6a3a1a55a4f3d933683d2732ba09cf7a749fe8ec8eec406e3c
+SIZE (wazuh-4.1.4/libplist.tar.gz) = 1520623
+SHA256 (wazuh-4.1.4/curl.tar.gz) = 78ad4a75fec89dd83c75cf35203c1c757c21cb2a6ff574647b13bf86c8798d66
+SIZE (wazuh-4.1.4/curl.tar.gz) = 3692998
+SHA256 (wazuh-4.1.4/libdb.tar.gz) = 885f01aebcca995bcef48d8dc47acb8c4bd5eab06ec188e76cb5863e4f9b2d9b
+SIZE (wazuh-4.1.4/libdb.tar.gz) = 4283467
+SHA256 (wazuh-4.1.4/libffi.tar.gz) = 0e971f64bacc22094e89f034bba075b40ecc2c2c2900eecd7ae85815fd6c9f69
+SIZE (wazuh-4.1.4/libffi.tar.gz) = 964576
+SHA256 (wazuh-4.1.4/libyaml.tar.gz) = 35daad608b372d5ce099f738c0f21bfcc03d6920d92f448386c584e664f1376a
+SIZE (wazuh-4.1.4/libyaml.tar.gz) = 424656
+SHA256 (wazuh-4.1.4/openssl.tar.gz) = a88f46d7dd7b1a88db1faa94943911bf24a0081f90fd1a28bbf06ad54eeab013
+SIZE (wazuh-4.1.4/openssl.tar.gz) = 12936469
+SHA256 (wazuh-4.1.4/procps.tar.gz) = 87336a7860f5116ac5c5222b6b0d5c892e202ce136947e4776037bb7670ce6e2
+SIZE (wazuh-4.1.4/procps.tar.gz) = 55692
+SHA256 (wazuh-4.1.4/sqlite.tar.gz) = 23e109ee91ed16b4a95b2d361ecfd82820842fc337a80aa8032590b96eebddd2
+SIZE (wazuh-4.1.4/sqlite.tar.gz) = 1980218
+SHA256 (wazuh-4.1.4/zlib.tar.gz) = ddbeac924cc7fc3274ad0d5cfcf2a72792f0500e9607c65d02e8753f3a510a01
+SIZE (wazuh-4.1.4/zlib.tar.gz) = 643568
+SHA256 (wazuh-4.1.4/audit-userspace.tar.gz) = e82a32e5edf93b055160e14bc97f41dead39287925851dc80a7638e2d4d30434
+SIZE (wazuh-4.1.4/audit-userspace.tar.gz) = 1682820
+SHA256 (wazuh-4.1.4/msgpack.tar.gz) = 06d63bcf32896cd0af5480c401134b1ad1c166fd84ebe5b486e792101ee854e2
+SIZE (wazuh-4.1.4/msgpack.tar.gz) = 591294
+SHA256 (wazuh-4.1.4/bzip2.tar.gz) = 27688ee0316a64b39e511b2c224070cad97c394a5f711f9d055fc1809d895bcd
+SIZE (wazuh-4.1.4/bzip2.tar.gz) = 71277
+SHA256 (wazuh-4.1.4/libpcre2.tar.gz) = d0bafc3579fa0af0a39951586edfa349e1f4be83d28bed86abe0a3fc4b34fcfa
+SIZE (wazuh-4.1.4/libpcre2.tar.gz) = 1252173
+SHA256 (wazuh-4.1.4/wazuh-wazuh-v4.1.4_GH0.tar.gz) = 15f8415a09f1e0d73570b22891a03fa2ec6e36d14ef435ded2c2b17a28870356
+SIZE (wazuh-4.1.4/wazuh-wazuh-v4.1.4_GH0.tar.gz) = 18382143
diff --git a/security/wazuh-agent/pkg-plist b/security/wazuh-agent/pkg-plist
index 4486a4b63029..1a070d817003 100644
--- a/security/wazuh-agent/pkg-plist
+++ b/security/wazuh-agent/pkg-plist
@@ -1,100 +1,102 @@
 @info(root,ossec,0750) /var/ossec/active-response/bin/default-firewall-drop.sh
 @info(root,ossec,0750) /var/ossec/active-response/bin/disable-account.sh
 @info(root,ossec,0750) /var/ossec/active-response/bin/firewalld-drop.sh
 @info(root,ossec,0750) /var/ossec/active-response/bin/host-deny.sh
 @info(root,ossec,0750) /var/ossec/active-response/bin/ip-customblock.sh
 @info(root,ossec,0750) /var/ossec/active-response/bin/ipfw.sh
 @info(root,ossec,0750) /var/ossec/active-response/bin/ipfw_mac.sh
 @info(root,ossec,0750) /var/ossec/active-response/bin/kaspersky.sh
 @info(root,ossec,0750) /var/ossec/active-response/bin/npf.sh
 @info(root,ossec,0750) /var/ossec/active-response/bin/ossec-slack.sh
 @info(root,ossec,0750) /var/ossec/active-response/bin/ossec-tweeter.sh
 @info(root,ossec,0750) /var/ossec/active-response/bin/pf.sh
 @info(root,ossec,0750) /var/ossec/active-response/bin/restart-ossec.sh
 @info(root,ossec,0750) /var/ossec/active-response/bin/restart.sh
 @info(root,ossec,0750) /var/ossec/active-response/bin/route-null.sh
 @info(root,ossec,0750) /var/ossec/agentless/main.exp
 @info(root,ossec,0750) /var/ossec/agentless/register_host.sh
 @info(root,ossec,0750) /var/ossec/agentless/ssh.exp
 @info(root,ossec,0750) /var/ossec/agentless/ssh_asa-fwsmconfig_diff
 @info(root,ossec,0750) /var/ossec/agentless/ssh_foundry_diff
 @info(root,ossec,0750) /var/ossec/agentless/ssh_generic_diff
 @info(root,ossec,0750) /var/ossec/agentless/ssh_integrity_check_bsd
 @info(root,ossec,0750) /var/ossec/agentless/ssh_integrity_check_linux
 @info(root,ossec,0750) /var/ossec/agentless/ssh_nopass.exp
 @info(root,ossec,0750) /var/ossec/agentless/ssh_pixconfig_diff
 @info(root,ossec,0750) /var/ossec/agentless/sshlogin.exp
 @info(root,ossec,0750) /var/ossec/agentless/su.exp
 @info(root,root,0750) /var/ossec/bin/agent-auth
 @info(root,root,0750) /var/ossec/bin/manage_agents
 @info(root,root,0750) /var/ossec/bin/ossec-agentd
 @info(root,root,0750) /var/ossec/bin/ossec-control
 @info(root,root,0750) /var/ossec/bin/ossec-execd
 @info(root,root,0750) /var/ossec/bin/ossec-logcollector
 @info(root,root,0750) /var/ossec/bin/ossec-syscheckd
 @info(root,root,0750) /var/ossec/bin/util.sh
 @info(root,root,0750) /var/ossec/bin/wazuh-modulesd
 @info(root,ossec,0640) /var/ossec/etc/client.keys
 @info(root,ossec,0640) /var/ossec/etc/internal_options.conf
 @info(root,ossec,0640) /var/ossec/etc/local_internal_options.conf
 @info(root,ossec,0640) /var/ossec/etc/ossec.conf.sample
 @info(root,ossec,0640) /var/ossec/etc/ossec.conf
 @info(root,ossec,0660) /var/ossec/etc/shared/cis_apache2224_rcl.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/cis_debian_linux_rcl.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/cis_mysql5-6_community_rcl.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/cis_mysql5-6_enterprise_rcl.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel5_linux_rcl.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel6_linux_rcl.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel7_linux_rcl.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel_linux_rcl.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/cis_sles11_linux_rcl.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/cis_sles12_linux_rcl.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_domainL1_rcl.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_domainL2_rcl.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_memberL1_rcl.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_memberL2_rcl.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/rootkit_files.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/rootkit_trojans.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/system_audit_rcl.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/system_audit_ssh.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/win_applications_rcl.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/win_audit_rcl.txt
 @info(root,ossec,0660) /var/ossec/etc/shared/win_malware_rcl.txt
 @info(root,ossec,0640) /var/ossec/etc/wpk_root.pem
 @info(root,ossec,0750) /var/ossec/lib/libwazuhext.so
 @info(ossec,ossec,0666) /var/ossec/logs/active-responses.log
 @info(ossec,ossec,0666) /var/ossec/logs/ossec.json
 @info(ossec,ossec,0666) /var/ossec/logs/ossec.log
 @info(root,ossec,0750) /var/ossec/wodles/oscap/oscap.py
 @info(root,ossec,0750) /var/ossec/wodles/oscap/template_oval.xsl
 @info(root,ossec,0750) /var/ossec/wodles/oscap/template_xccdf.xsl
 @dir(root,ossec,0770) /var/ossec/.ssh
 @dir(root,ossec,0750) /var/ossec/active-response/bin
 @dir(root,ossec,0750) /var/ossec/active-response
 @dir(root,ossec,0750) /var/ossec/agentless
 @dir(root,ossec,0750) /var/ossec/backup
 @dir(root,wheel,0750) /var/ossec/bin
 @dir(root,ossec,0770) /var/ossec/etc/shared
 @dir(ossec,ossec,0770) /var/ossec/etc
 @dir(root,ossec,0750) /var/ossec/lib
 @dir(ossec,ossec,0750) /var/ossec/logs/ossec
 @dir(ossec,ossec,0770) /var/ossec/logs
 @dir(ossec,ossec,0770) /var/ossec/queue/alerts
 @dir(ossec,ossec,0750) /var/ossec/queue/diff
 @dir(ossec,ossec,0770) /var/ossec/queue/fim/db
 @dir(ossec,ossec,0770) /var/ossec/queue/fim
+@dir(ossec,ossec,0770) /var/ossec/queue/ossec/fim/db
+@dir(ossec,ossec,0770) /var/ossec/queue/ossec/fim
 @dir(ossec,ossec,0770) /var/ossec/queue/ossec
 @dir(ossec,ossec,0750) /var/ossec/queue/rids
 @dir(root,ossec,0750) /var/ossec/queue
 @dir(root,ossec,0750) /var/ossec/ruleset/sca
 @dir(root,ossec,0750) /var/ossec/ruleset
 @dir(root,ossec,1770) /var/ossec/tmp
 @dir(root,ossec,0770) /var/ossec/var/incoming
 @dir(root,ossec,0770) /var/ossec/var/run
 @dir(root,ossec,0770) /var/ossec/var/upgrade
 @dir(root,ossec,0770) /var/ossec/var/wodles
 @dir(root,ossec,0750) /var/ossec/var
 @dir(root,ossec,0750) /var/ossec/wodles/oscap/content
 @dir(root,ossec,0750) /var/ossec/wodles/oscap
 @dir(root,ossec,0750) /var/ossec/wodles
 @dir(root,ossec,0750) /var/ossec