diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index e9261956..47438f98 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -35,7 +35,7 @@ copy: src: "{{ master_certs_path }}/ca/{{ ca_key_name }}" dest: "{{ node_certs_source }}/{{ ca_key_name }}" - mode: '0664' + mode: 0440 when: - not generate_CA - node_certs_generator @@ -45,7 +45,7 @@ copy: src: "{{ master_certs_path }}/ca/{{ ca_cert_name }}" dest: "{{ node_certs_source }}/{{ ca_cert_name }}" - mode: '0664' + mode: 0440 when: - not generate_CA - node_certs_generator @@ -100,7 +100,7 @@ file: path: "{{ master_certs_path }}" state: directory - mode: '0700' + mode: 0700 delegate_to: "127.0.0.1" when: - node_certs_generator @@ -109,7 +109,7 @@ file: path: "{{ master_certs_path }}/ca/" state: directory - mode: '0700' + mode: 0700 delegate_to: "127.0.0.1" when: - node_certs_generator @@ -149,6 +149,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: 0440 with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" @@ -163,6 +164,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: 0440 with_items: - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" @@ -176,7 +178,7 @@ - name: Ensuring folder permissions file: path: "{{ node_certs_destination }}/" - mode: '0774' + mode: 0774 state: directory recurse: yes when: diff --git a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml index a674a95f..b7ceb87f 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/build_wazuh_plugin.yml @@ -14,7 +14,7 @@ get_url: url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: "/tmp/setup_nodejs_repo.sh" - mode: "0700" + mode: 0700 - name: Execute downloaded script to install Nodejs repo command: /tmp/setup_nodejs_repo.sh diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index b43b3755..efd16de5 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -28,6 +28,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: 0440 with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" @@ -41,7 +42,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" - mode: '0664' + mode: 0440 with_items: - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key" - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt" @@ -65,7 +66,7 @@ - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" - mode: '0770' + mode: 0770 recurse: yes when: - kibana_xpack_security @@ -78,7 +79,7 @@ dest: /etc/kibana/kibana.yml owner: root group: root - mode: '0664' + mode: 0644 notify: restart kibana tags: configure diff --git a/roles/wazuh/ansible-filebeat/tasks/config.yml b/roles/wazuh/ansible-filebeat/tasks/config.yml index ce63503d..d45b06e8 100644 --- a/roles/wazuh/ansible-filebeat/tasks/config.yml +++ b/roles/wazuh/ansible-filebeat/tasks/config.yml @@ -5,7 +5,7 @@ dest: "/etc/filebeat/filebeat.yml" owner: root group: root - mode: 0644 + mode: 0400 notify: restart filebeat tags: configure @@ -15,7 +15,7 @@ dest: "/etc/filebeat/wazuh-template.json" owner: root group: root - mode: 0644 + mode: 0400 notify: restart filebeat tags: configure @@ -30,7 +30,7 @@ copy: src: "{{ item }}" dest: "{{ filebeat_ssl_dir }}/{{ item | basename }}" - mode: 0644 + mode: 0400 with_items: - "{{ filebeat_ssl_key_file }}" - "{{ filebeat_ssl_certificate_file }}" diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 07bc94ea..4948c252 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -30,6 +30,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: 0440 with_items: - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" @@ -43,6 +44,7 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + mode: 0440 with_items: - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt" @@ -55,7 +57,7 @@ - name: Ensuring folder & certs permissions file: path: "{{ node_certs_destination }}/" - mode: '0774' + mode: 0774 state: directory recurse: yes when: diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml index 69934631..73b3e6ce 100644 --- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml @@ -76,7 +76,7 @@ dest: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root - mode: '644' + mode: 0644 changed_when: false - name: Executing "install.sh" script to build and install the Wazuh Agent diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml index c83aaff1..e019d2f9 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/installation_from_sources.yml @@ -60,7 +60,7 @@ path: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}" state: directory - # When downloading "v3.11.0" extracted folder name is 3.11.0. + # When downloading "v3.11.0" extracted folder name is 3.11.0. # Explicitly creating the folder with proper naming and striping first level in .tar.gz file @@ -91,7 +91,7 @@ dest: "/tmp/wazuh-{{ wazuh_manager_sources_installation.branch }}/etc/preloaded-vars.conf" owner: root group: root - mode: '644' + mode: 0644 - name: Executing "install.sh" script to build and install the Wazuh Manager shell: ./install.sh > /tmp/build_wazuh_manager_log.txt @@ -167,7 +167,7 @@ dest: "/tmp/wazuh-api/configuration/preloaded_vars.conf" owner: root group: root - mode: '644' + mode: 0644 - name: Execute Wazuh API installation script shell: ./install_api.sh > /tmp/build_wazuh_api_log.txt diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml index 8ef1c2cb..1f354ca3 100644 --- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml +++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml @@ -18,7 +18,7 @@ get_url: url: "https://{{ nodejs['repo_dict'][ansible_os_family|lower] }}.{{ nodejs['repo_url_ext'] }}" dest: /etc/nodejs.sh - mode: '0775' + mode: 0775 changed_when: false - name: Run NodeJS bash script