afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Indexer security actions updated

Browse Source
This commit is contained in:
Gonzalo Acuña 2022-05-19 16:52:33 -03:00
parent 41dfecbdf8
commit 7ba3f4bf75
No known key found for this signature in database
GPG Key ID: 646BA79A313A2270
1 changed files with 48 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
roles/wazuh/wazuh-indexer/tasks/security_actions.yml
View File

@ -45,55 +45,56 @@
mode: 0644 mode: 0644
run_once: true run_once: true
- name: Hashing the custom admin password - block:
shell: | - name: Hashing the custom admin password
export JAVA_HOME=/usr/share/wazuh-indexer/jdk shell: |
{{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ indexer_admin_password }} export JAVA_HOME=/usr/share/wazuh-indexer/jdk
register: indexer_admin_password_hashed {{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ indexer_admin_password }}
no_log: '{{ indexer_nolog_sensible | bool }}' register: indexer_admin_password_hashed
no_log: '{{ indexer_nolog_sensible | bool }}'
- name: Set the Admin user password
replace:
path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml"
regexp: '(?<=admin:\n hash: )(.*)(?=)'
replace: "{{ indexer_password_hash | quote }}"
vars:
indexer_password_hash: "{{ indexer_admin_password_hashed.stdout_lines | last }}"
# this can also be achieved with password_hash, but it requires dependencies on the controller
- name: Hash the kibanaserver role/user pasword
shell: |
export JAVA_HOME=/usr/share/wazuh-indexer/jdk
{{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ dashboard_password }}
register: indexer_kibanaserver_password_hashed
no_log: '{{ indexer_nolog_sensible | bool }}'
- name: Set the kibanaserver user password
replace:
path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml"
regexp: '(?<=kibanaserver:\n hash: )(.*)(?=)'
replace: "{{ indexer_password_hash | quote }}"
vars:
indexer_password_hash: "{{ indexer_kibanaserver_password_hashed.stdout_lines | last }}"
- name: Initialize the Opensearch security index in Wazuh indexer
command: >
sudo -u wazuh-indexer OPENSEARCH_PATH_CONF={{ indexer_conf_path }}
JAVA_HOME=/usr/share/wazuh-indexer/jdk
{{ indexer_sec_plugin_tools_path }}/securityadmin.sh
-cd {{ indexer_sec_plugin_conf_path }}/
-icl -p 9300 -cd {{ indexer_sec_plugin_conf_path }}/
-nhnv
-cacert {{ indexer_conf_path }}/certs/root-ca.pem
-cert {{ indexer_conf_path }}/certs/admin.pem
-key {{ indexer_conf_path }}/certs/admin-key.pem
-h {{ target_address }}
retries: 2
delay: 5
register: result
until: result.rc == 0
run_once: true run_once: true
- name: Set the Admin user password
replace:
path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml"
regexp: '(?<=admin:\n hash: )(.*)(?=)'
replace: "{{ indexer_password_hash | quote }}"
vars:
indexer_password_hash: "{{ indexer_admin_password_hashed.stdout_lines | last }}"
# this can also be achieved with password_hash, but it requires dependencies on the controller
- name: Hash the kibanaserver role/user pasword
shell: |
export JAVA_HOME=/usr/share/wazuh-indexer/jdk
{{ indexer_sec_plugin_tools_path }}/hash.sh -p {{ dashboard_password }}
register: indexer_kibanaserver_password_hashed
no_log: '{{ indexer_nolog_sensible | bool }}'
run_once: true
- name: Set the kibanaserver user password
replace:
path: "{{ indexer_sec_plugin_conf_path }}/internal_users.yml"
regexp: '(?<=kibanaserver:\n hash: )(.*)(?=)'
replace: "{{ indexer_password_hash | quote }}"
vars:
indexer_password_hash: "{{ indexer_kibanaserver_password_hashed.stdout_lines | last }}"
- name: Initialize the Opensearch security index in Wazuh indexer
command: >
sudo -u wazuh-indexer OPENSEARCH_PATH_CONF={{ indexer_conf_path }}
JAVA_HOME=/usr/share/wazuh-indexer/jdk
{{ indexer_sec_plugin_tools_path }}/securityadmin.sh
-cd {{ indexer_sec_plugin_conf_path }}/
-icl -p 9300 -cd {{ indexer_sec_plugin_conf_path }}/
-nhnv
-cacert {{ indexer_conf_path }}/certs/root-ca.pem
-cert {{ indexer_conf_path }}/certs/admin.pem
-key {{ indexer_conf_path }}/certs/admin-key.pem
-h {{ target_address }}
retries: 2
delay: 5
register: result
until: result.rc == 0
- name: Create custom user - name: Create custom user
uri: uri: