afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Indexer security actions updated

Browse Source
This commit is contained in:
Gonzalo Acuña 2022-05-19 16:52:33 -03:00
parent 41dfecbdf8
commit 7ba3f4bf75
No known key found for this signature in database
GPG Key ID: 646BA79A313A2270
1 changed files with 48 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
roles/wazuh/wazuh-indexer/tasks/security_actions.yml
View File

@ -45,15 +45,15 @@
mode: 0644 mode: 0644
run_once: true run_once: true
- name: Hashing the custom admin password - block:
- name: Hashing the custom admin password
shell: | shell: |
export JAVA_HOME=/usr/share/wazuh-indexer/jdk export JAVA_HOME=/usr/share/wazuh-indexer/jdk
{{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ indexer_admin_password }} {{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ indexer_admin_password }}
register: indexer_admin_password_hashed register: indexer_admin_password_hashed
no_log: '{{ indexer_nolog_sensible | bool }}' no_log: '{{ indexer_nolog_sensible | bool }}'
run_once: true
- name: Set the Admin user password - name: Set the Admin user password
replace: replace:
path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml" path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml"
regexp: '(?<=admin:\n hash: )(.*)(?=)' regexp: '(?<=admin:\n hash: )(.*)(?=)'
@ -61,16 +61,15 @@
vars: vars:
indexer_password_hash: "{{ indexer_admin_password_hashed.stdout_lines | last }}" indexer_password_hash: "{{ indexer_admin_password_hashed.stdout_lines | last }}"
# this can also be achieved with password_hash, but it requires dependencies on the controller # this can also be achieved with password_hash, but it requires dependencies on the controller
- name: Hash the kibanaserver role/user pasword - name: Hash the kibanaserver role/user pasword
shell: | shell: |
export JAVA_HOME=/usr/share/wazuh-indexer/jdk export JAVA_HOME=/usr/share/wazuh-indexer/jdk
{{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ dashboard_password }} {{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ dashboard_password }}
register: indexer_kibanaserver_password_hashed register: indexer_kibanaserver_password_hashed
no_log: '{{ indexer_nolog_sensible | bool }}' no_log: '{{ indexer_nolog_sensible | bool }}'
run_once: true
- name: Set the kibanaserver user password - name: Set the kibanaserver user password
replace: replace:
path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml" path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml"
regexp: '(?<=kibanaserver:\n hash: )(.*)(?=)' regexp: '(?<=kibanaserver:\n hash: )(.*)(?=)'
@ -78,7 +77,7 @@
vars: vars:
indexer_password_hash: "{{ indexer_kibanaserver_password_hashed.stdout_lines | last }}" indexer_password_hash: "{{ indexer_kibanaserver_password_hashed.stdout_lines | last }}"
- name: Initialize the Opensearch security index in Wazuh indexer - name: Initialize the Opensearch security index in Wazuh indexer
command: > command: >
sudo -u wazuh-indexer OPENSEARCH_PATH_CONF={{ indexer_conf_path }} sudo -u wazuh-indexer OPENSEARCH_PATH_CONF={{ indexer_conf_path }}
JAVA_HOME=/usr/share/wazuh-indexer/jdk JAVA_HOME=/usr/share/wazuh-indexer/jdk
@ -94,6 +93,8 @@
delay: 5 delay: 5
register: result register: result
until: result.rc == 0 until: result.rc == 0
run_once: true
- name: Create custom user - name: Create custom user
uri: uri: