From fbd287984d49dfe4f531d6479db2c17959241637 Mon Sep 17 00:00:00 2001
From: Jose M <jm.garcia@wazuh.com>
Date: Thu, 14 Nov 2019 10:50:49 +0100
Subject: [PATCH 1/3] Set default user to "elastic" for the first API calls to
 ES

---
 roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
index aef459e2..d74a391b 100644
--- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
@@ -123,7 +123,7 @@
 - name: Wait for Elasticsearch API
   uri:
     url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_cluster/health/"
-    user: "{{ elasticsearch_xpack_security_user }}"
+    user: "elastic" # Default Elasticsearch user is always "elastic"
     password: "{{ elasticsearch_xpack_security_password }}"
     validate_certs: no
     status_code: 200,401
@@ -141,7 +141,7 @@
     url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_security/user/{{ item.key }}"
     method: POST
     body_format: json
-    user: "{{ elasticsearch_xpack_security_user }}"
+    user: "elastic"
     password: "{{ elasticsearch_xpack_security_password }}"
     body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }'
     validate_certs: no

From 89557bdaddcc877e31c4ae874db3c081ef89426c Mon Sep 17 00:00:00 2001
From: Jose M <jm.garcia@wazuh.com>
Date: Tue, 19 Nov 2019 14:49:39 +0100
Subject: [PATCH 2/3] Update alerts template for Elasticsearch

---
 roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2 b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2
index 5387bf8c..444cef06 100644
--- a/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2
+++ b/roles/wazuh/ansible-filebeat/templates/elasticsearch.yml.j2
@@ -162,7 +162,6 @@
       "data.dstip",
       "data.dstport",
       "data.dstuser",
-      "data.extra_data",
       "data.hardware.serial",
       "data.id",
       "data.integration",
@@ -944,9 +943,6 @@
           "data": {
             "type": "keyword"
           },
-          "extra_data": {
-            "type": "keyword"
-          },
           "system_name": {
             "type": "keyword"
           },

From be1b60471e8b53a4360eb097207abddd942b0dc1 Mon Sep 17 00:00:00 2001
From: Jose M <jm.garcia@wazuh.com>
Date: Wed, 20 Nov 2019 15:05:59 +0100
Subject: [PATCH 3/3] Change Wazuh APP installation to do it as kibana user

---
 roles/elastic-stack/ansible-kibana/tasks/main.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml
index aba4060c..efde790c 100644
--- a/roles/elastic-stack/ansible-kibana/tasks/main.yml
+++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml
@@ -98,14 +98,13 @@
   tags: install
 
 - name: Install Wazuh-APP (can take a while)
-  shell: |
-    /usr/share/kibana/bin/kibana-plugin --allow-root install \
-    https://packages.wazuh.com/wazuhapp/wazuhapp-{{ wazuh_version }}_{{ elastic_stack_version }}.zip
+  shell: "/usr/share/kibana/bin/kibana-plugin install {{ wazuh_app_url }}-{{ wazuh_version }}_{{ elastic_stack_version }}.zip"
   environment:
     NODE_OPTIONS: "--max-old-space-size=3072"
   args:
     executable: /bin/bash
-    creates: /usr/share/kibana/plugins/wazuh/package.json
+  become: yes
+  become_user: kibana
   notify: restart kibana
   tags:
     - install