Removing readall perms in certs files. Minor syntax normalizations

2020-03-17 18:21:33 +01:00 · 2020-03-17 18:21:33 +01:00 · 4b9fb53549
commit 4b9fb53549
parent 33fceff612
4 changed files with 9 additions and 9 deletions
--- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
@ -149,7 +149,7 @@
  copy:
    src: "{{ item }}"
    dest: "{{ node_certs_destination }}/"
-    mode: 0444
+    mode: 0440
  with_items:
    - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key"
    - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt"
@ -164,7 +164,7 @@
  copy:
    src: "{{ item }}"
    dest: "{{ node_certs_destination }}/"
-    mode: 0444
+    mode: 0440
  with_items:
    - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key"
    - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt"
--- a/roles/elastic-stack/ansible-kibana/tasks/main.yml
+++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml
@ -28,7 +28,7 @@
  copy:
    src: "{{ item }}"
    dest: "{{ node_certs_destination }}/"
-    mode: 0444
+    mode: 0440
  with_items:
    - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key"
    - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt"
@ -42,7 +42,7 @@
  copy:
    src: "{{ item }}"
    dest: "{{ node_certs_destination }}/"
-    mode: 0444
+    mode: 0440
  with_items:
    - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key"
    - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.crt"
@ -79,7 +79,7 @@
    dest: /etc/kibana/kibana.yml
    owner: root
    group: root
-    mode: 0664
+    mode: 0644
  notify: restart kibana
  tags: configure
--- a/roles/wazuh/ansible-filebeat/tasks/main.yml
+++ b/roles/wazuh/ansible-filebeat/tasks/main.yml
@ -30,7 +30,7 @@
  copy:
    src: "{{ item }}"
    dest: "{{ node_certs_destination }}/"
-    mode: '0444'
+    mode: 0440
  with_items:
    - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key"
    - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt"
@ -44,7 +44,7 @@
  copy:
    src: "{{ item }}"
    dest: "{{ node_certs_destination }}/"
-    mode: '0444'
+    mode: 0440
  with_items:
    - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key"
    - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt"
@ -57,7 +57,7 @@
 - name: Ensuring folder & certs permissions
  file:
    path: "{{ node_certs_destination }}/"
-    mode: '0774'
+    mode: 0774
    state: directory
    recurse: yes
  when:
--- a/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/installation_from_sources.yml
@ -76,7 +76,7 @@
      dest: "/tmp/wazuh-{{ wazuh_agent_sources_installation.branch }}/etc/preloaded-vars.conf"
      owner: root
      group: root
-      mode: '644'
+      mode: 0644
    changed_when: false
  - name: Executing "install.sh" script to build and install the Wazuh Agent