diff --git a/playbooks/wazuh-elastic_stack-distributed.yml b/playbooks/wazuh-elastic_stack-distributed.yml index 887cafbd..a422e50b 100644 --- a/playbooks/wazuh-elastic_stack-distributed.yml +++ b/playbooks/wazuh-elastic_stack-distributed.yml @@ -1,9 +1,87 @@ --- -- hosts: + +- hosts: roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager - - {role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat, filebeat_output_logstash_hosts: 'your elastic stack server IP'} -- hosts: + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: + node_name: node-1 + elasticsearch_bootstrap_node: true + elasticsearch_cluster_nodes: + - + - + - + elasticsearch_discovery_nodes: + - + - + - + elasticsearch_xpack_security: true + node_certs_generator: true + elasticsearch_xpack_security_password: elastic_pass + + vars: + instances: + - name: node-1 # Important: must be equal to elasticsearch_node_name. + ip: # When unzipping, the node will search for its node name folder to get the cert. + + - name: node-2 + ip: + + - name: node-3 + ip: + +- hosts: roles: - - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch, elasticsearch_network_host: 'localhost'} - - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'localhost'} + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: + elasticsearch_node_name: node-2 + elasticsearch_xpack_security: true + elasticsearch_master_candidate: true + elasticsearch_discovery_nodes: + - + - + - + +- hosts: + roles: + - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch + elasticsearch_network_host: + elasticsearch_node_name: node-3 + elasticsearch_xpack_security: true + elasticsearch_master_candidate: true + elasticsearch_discovery_nodes: + - + - + - + + +# - hosts: 172.16.0.162 +# roles: +# - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager + +# - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat +# filebeat_output_elasticsearch_hosts: 172.16.0.161:9200 +# filebeat_xpack_security: true +# filebeat_node_name: node-2 +# node_certs_generator: false +# elasticsearch_xpack_security_password: elastic_pass + +# - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-elasticsearch +# elasticsearch_network_host: 172.16.0.162 +# node_name: node-2 +# elasticsearch_bootstrap_node: false +# elasticsearch_master_candidate: true +# elasticsearch_discovery_nodes: +# - 172.16.0.161 +# - 172.16.0.162 +# elasticsearch_xpack_security: true +# node_certs_generator: false + + +# - hosts: 172.16.0.163 +# roles: +# - role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana +# kibana_xpack_security: true +# kibana_node_name: node-3 +# elasticsearch_network_host: 172.16.0.161 +# node_certs_generator: false +# elasticsearch_xpack_security_password: elastic_pass \ No newline at end of file diff --git a/playbooks/wazuh-kibana.yml b/playbooks/wazuh-kibana.yml index e2418200..2fc5cc1d 100644 --- a/playbooks/wazuh-kibana.yml +++ b/playbooks/wazuh-kibana.yml @@ -1,4 +1,10 @@ --- -- hosts: +- hosts: 172.16.0.162 roles: - - {role: /etc/ansible/roles/wazuh-ansible/roles/elastic-stack/ansible-kibana, elasticsearch_network_host: 'your elasticsearch IP'} + - role: ../roles/elastic-stack/ansible-kibana + kibana_xpack_security: true + kibana_user: elastic + kibana_password: elastic_pass + kibana_node_name: node-2 + elasticsearch_network_host: 172.16.0.161 + node_certs_generator: false diff --git a/playbooks/wazuh-manager.yml b/playbooks/wazuh-manager.yml index d9cc667d..93fb9e9d 100644 --- a/playbooks/wazuh-manager.yml +++ b/playbooks/wazuh-manager.yml @@ -1,5 +1,10 @@ --- -- hosts: +- hosts: 172.16.0.161 roles: - - role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-wazuh-manager - - {role: /etc/ansible/roles/wazuh-ansible/roles/wazuh/ansible-filebeat, filebeat_output_elasticsearch_hosts: 'your elasticsearch IP'} + - role: ../roles/wazuh/ansible-wazuh-manager + - role: ../roles/wazuh/ansible-filebeat + filebeat_output_elasticsearch_hosts: 172.16.0.161:9200 + filebeat_xpack_security: true + filebeat_node_name: node-1 + node_certs_generator: true + diff --git a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml index 5d380b6b..df1f9ad4 100644 --- a/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/defaults/main.yml @@ -9,4 +9,26 @@ single_node: false elasticsearch_bootstrap_node: false elasticsearch_master_candidate: false elasticsearch_cluster_nodes: - - 127.0.0.1 \ No newline at end of file + - 127.0.0.1 +elasticsearch_discovery_nodes: + - 127.0.0.1 + +# X-Pack Security +elasticsearch_xpack_security: false +elasticsearch_xpack_security_user: elastic +elasticsearch_xpack_security_password: elastic_pass + +node_certs_generator: false +node_certs_generator_ip: 172.16.0.161 +node_certs_source: /usr/share/elasticsearch +node_certs_destination: /etc/elasticsearch/certs + +# Rsync +rsync_path: /usr/bin/rsync +rsync_user: vagrant +rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' + + + + + diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index bd7bc0d4..f53fab61 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -48,16 +48,6 @@ - ansible_service_mgr != "systemd" - ansible_os_family == "RedHat" -- name: Configure Elasticsearch. - template: - src: elasticsearch.yml.j2 - dest: /etc/elasticsearch/elasticsearch.yml - owner: root - group: elasticsearch - mode: 0660 - notify: restart elasticsearch - tags: configure - - name: Configure Elasticsearch JVM memmory. template: src: jvm.options.j2 @@ -69,6 +59,144 @@ tags: configure # fix in new PR (ignore_errors) + +- import_tasks: "RMRedHat.yml" + when: ansible_os_family == "RedHat" + +- name: Check if certificate exists locally + stat: + path: "{{node_certs_destination}}/{{ elasticsearch_node_name }}.crt" + register: certificate_file_exists + when: + - elasticsearch_xpack_security + +- name: Write the instances.yml file in the selected node (force = no) + template: + src: instances.yml.j2 + dest: "{{node_certs_source}}/instances.yml" + force: no + register: instances_file_exists + tags: + - config + - xpack-security + when: + - node_certs_generator + - elasticsearch_xpack_security + - not certificate_file_exists.stat.exists + +- name: Update instances.yml status after generation + stat: + path: "{{node_certs_source}}/instances.yml" + register: instances_file_exists + when: + - node_certs_generator + - elasticsearch_xpack_security + +- name: Check if the certificates ZIP file exists + stat: + path: "{{node_certs_source}}/certs.zip" + register: xpack_certs_zip + when: + - node_certs_generator + - elasticsearch_xpack_security + +- name: Generating certificates for Elasticsearch security + shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in {{node_certs_source}}/instances.yml --out {{node_certs_source}}/certs.zip" + when: + - node_certs_generator + - elasticsearch_xpack_security + - not xpack_certs_zip.stat.exists + - not certificate_file_exists.stat.exists + register: certs_file_generated + tags: xpack-security + +- name: Unzip generated certs.zip + unarchive: + src: "{{node_certs_source}}/certs.zip" + dest: "{{node_certs_source}}/" + remote_src: yes + when: + - node_certs_generator + - elasticsearch_xpack_security + - certs_file_generated is defined + - not certificate_file_exists.stat.exists + tags: xpack-security + +- name: Copy key & certificate files in generator node (locally) + synchronize: + src: "{{node_certs_source}}/{{elasticsearch_node_name}}/" + dest: "{{node_certs_destination}}/" + delegate_to: "{{ node_certs_generator_ip }}" + when: + - node_certs_generator + - elasticsearch_xpack_security + tags: xpack-security + +- name: Copy ca certificate file in generator node (locally) + synchronize: + src: "{{node_certs_source}}/ca/" + dest: "{{node_certs_destination}}/" + delegate_to: "{{ node_certs_generator_ip }}" + register: check_certs_permissions + when: + - node_certs_generator + - elasticsearch_xpack_security + tags: xpack-security + +- name: Importing key & certificate files from generator node + shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{elasticsearch_node_name}}/ {{node_certs_destination}}/" + when: + - not node_certs_generator + - elasticsearch_xpack_security + - not certificate_file_exists.stat.exists + tags: xpack-security + +- name: Importing ca certificate file from generator node + shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/" + when: + - not node_certs_generator + - elasticsearch_xpack_security + - not certificate_file_exists.stat.exists + register: check_certs_permissions + tags: xpack-security + +- name: Ensuring certificates folder owner + shell: "chown -R elasticsearch: {{node_certs_destination}}/" + when: + - check_certs_permissions is defined + - elasticsearch_xpack_security + tags: xpack-security + +- name: Ensuring certificates folder owner + shell: "chmod -R 770 {{node_certs_destination}}/" + when: + - check_certs_permissions is defined + - elasticsearch_xpack_security + tags: xpack-security + + +- name: Remove generated certs file + shell: /bin/rm -f {{node_certs_source}}/certs.zip* + when: + - node_certs_generator + - elasticsearch_xpack_security + tags: xpack-security + +- name: Configure Elasticsearch. + template: + src: elasticsearch.yml.j2 + dest: /etc/elasticsearch/elasticsearch.yml + owner: root + group: elasticsearch + mode: 0660 + notify: restart elasticsearch + tags: configure + +- name: Set elasticsearch bootstrap password + shell: "echo '{{elasticsearch_xpack_security_password}}' | {{node_certs_source}}/bin/elasticsearch-keystore add -xf 'bootstrap.password'" + when: + - elasticsearch_xpack_security + - name: Reload systemd systemd: daemon_reload=true ignore_errors: true @@ -90,17 +218,19 @@ - configure - init -- name: Check for Wazuh Alerts template +- name: Check for Wazuh Alerts template (http) uri: url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh" method: GET status_code: 200, 404 - when: not elasticsearch_bootstrap_node or single_node + when: + - elasticsearch_bootstrap_node or single_node + - not elasticsearch_xpack_security poll: 30 register: wazuh_alerts_template_exits tags: init -- name: Installing Wazuh Alerts template +- name: Installing Wazuh Alerts template (http) uri: url: "http://{{elasticsearch_network_host}}:{{elasticsearch_http_port}}/_template/wazuh" method: PUT @@ -110,10 +240,12 @@ when: - wazuh_alerts_template_exits.status is defined - wazuh_alerts_template_exits.status != 200 + - not elasticsearch_xpack_security tags: init - import_tasks: "RMRedHat.yml" when: ansible_os_family == "RedHat" + - import_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 index 595dd58a..f851e900 100644 --- a/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elastic-stack/ansible-elasticsearch/templates/elasticsearch.yml.j2 @@ -15,10 +15,31 @@ cluster.initial_master_nodes: {% for item in elasticsearch_cluster_nodes %} - {{ item }} {% endfor %} -{% elif elasticsearch_master_candidate %} -node.master: true discovery.seed_hosts: -{% for item in elasticsearch_cluster_nodes %} +{% for item in elasticsearch_discovery_nodes %} + - {{ item }} +{% endfor %} +{% else %} +node.master: {{ elasticsearch_master_candidate|lower }} +discovery.seed_hosts: +{% for item in elasticsearch_discovery_nodes %} - {{ item }} {% endfor %} {% endif %} + +# XPACK Security + +{% if elasticsearch_xpack_security %} +xpack.security.enabled: true +xpack.security.transport.ssl.enabled: true +xpack.security.transport.ssl.verification_mode: certificate +xpack.security.transport.ssl.key: {{node_certs_destination}}/{{ elasticsearch_node_name }}.key +xpack.security.transport.ssl.certificate: {{node_certs_destination}}/{{ elasticsearch_node_name }}.crt +xpack.security.transport.ssl.certificate_authorities: [ "{{ node_certs_destination }}/ca.crt" ] + +xpack.security.http.ssl.enabled: true +xpack.security.http.ssl.verification_mode: certificate +xpack.security.http.ssl.key: {{node_certs_destination}}/{{ elasticsearch_node_name }}.key +xpack.security.http.ssl.certificate: {{node_certs_destination}}/{{ elasticsearch_node_name }}.crt +xpack.security.http.ssl.certificate_authorities: [ "{{ node_certs_destination }}/ca.crt" ] +{% endif %} \ No newline at end of file diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 new file mode 100644 index 00000000..6279c380 --- /dev/null +++ b/roles/elastic-stack/ansible-elasticsearch/templates/instances.yml.j2 @@ -0,0 +1,13 @@ + +# {{ ansible_managed }} +# TO-DO + +{% if node_certs_generator %} +instances: +{% for node in instances %} +- name: "{{ node.name }}" + ip: + - "{{ node.ip }}" +{% endfor %} + +{% endif %} \ No newline at end of file diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index 298e6bd7..77da5a9c 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -1,7 +1,25 @@ --- +kibana_node_name: node-1 + elasticsearch_http_port: "9200" elasticsearch_network_host: "127.0.0.1" kibana_server_host: "0.0.0.0" kibana_server_port: "5601" elastic_stack_version: 7.1.1 -wazuh_version: 3.9.2 \ No newline at end of file +wazuh_version: 3.9.2 + +# Xpack Security +kibana_xpack_security: false + +elasticsearch_xpack_security_user: elastic +elasticsearch_xpack_security_password: elastic_pass + +node_certs_generator: false +node_certs_generator_ip: 172.16.0.161 +node_certs_source: /usr/share/elasticsearch +node_certs_destination: /etc/kibana/certs + +# Rsync +rsync_path: /usr/bin/rsync +rsync_user: vagrant +rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' \ No newline at end of file diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index 43e369c8..338eabcd 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -5,11 +5,6 @@ - import_tasks: Debian.yml when: ansible_os_family == 'Debian' -- name: Make sure Elasticsearch is running before proceeding. - wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=300 - tags: configure - ignore_errors: true - - name: Reload systemd systemd: daemon_reload=true ignore_errors: true @@ -18,6 +13,66 @@ - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<')) - not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<')) +- name: Check if certificate exists locally + stat: + path: "{{node_certs_destination}}/{{ kibana_node_name }}.crt" + register: certificate_file_exists + when: + - kibana_xpack_security + +- name: Copy key & certificate files in generator node (locally) + synchronize: + src: "{{node_certs_source}}/{{kibana_node_name}}/" + dest: "{{node_certs_destination}}/" + delegate_to: "{{ node_certs_generator_ip }}" + when: + - node_certs_generator + - kibana_xpack_security + - not certificate_file_exists.stat.exists + tags: xpack-security + +- name: Copy ca certificate file in generator node (locally) + synchronize: + src: "{{node_certs_source}}/ca/" + dest: "{{node_certs_destination}}/" + delegate_to: "{{ node_certs_generator_ip }}" + when: + - node_certs_generator + - kibana_xpack_security + - not certificate_file_exists.stat.exists + tags: xpack-security + +- name: Importing key & certificate files from generator node + shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{kibana_node_name}}/ {{node_certs_destination}}/" + when: + - not node_certs_generator + - kibana_xpack_security + - not certificate_file_exists.stat.exists + tags: xpack-security + +- name: Importing ca certificate file from generator node + shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/" + when: + - not node_certs_generator + - kibana_xpack_security + - not certificate_file_exists.stat.exists + register: check_certs_permissions + tags: xpack-security + +- name: Ensuring certificates folder owner + shell: "chown -R kibana: {{node_certs_destination}}/" + when: + - check_certs_permissions is defined + - kibana_xpack_security + tags: xpack-security + +- name: Ensuring certificates folder owner + shell: "chmod -R 770 {{node_certs_destination}}/" + when: + - check_certs_permissions is defined + - kibana_xpack_security + tags: xpack-security + - name: Kibana configuration template: src: kibana.yml.j2 diff --git a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 index edd1b4b4..76a3c2c4 100644 --- a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 +++ b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 @@ -19,7 +19,11 @@ server.host: {{ kibana_server_host }} #server.name: "your-hostname" # The URL of the Elasticsearch instance to use for all your queries. +{% if kibana_xpack_security %} +elasticsearch.hosts: "https://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}" +{% else %} elasticsearch.hosts: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}" +{% endif %} # When this setting's value is true Kibana uses the hostname specified in the server.host # setting. When the value of this setting is false, Kibana uses the hostname of the host @@ -98,3 +102,13 @@ elasticsearch.hosts: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_h # Set the interval in milliseconds to sample system and process performance # metrics. Minimum is 100ms. Defaults to 5000. #ops.interval: 5000 + +# Xpack Security +{% if kibana_xpack_security %} +elasticsearch.username: "{{ elasticsearch_xpack_security_user }}" +elasticsearch.password: "{{ elasticsearch_xpack_security_password }}" +server.ssl.enabled: true +server.ssl.key: "{{node_certs_destination}}/{{ kibana_node_name }}.key" +server.ssl.certificate: "{{node_certs_destination}}/{{ kibana_node_name }}.crt" +elasticsearch.ssl.certificateAuthorities: ["{{ node_certs_destination }}/ca.crt"] +{% endif %} \ No newline at end of file diff --git a/roles/wazuh/ansible-filebeat/defaults/main.yml b/roles/wazuh/ansible-filebeat/defaults/main.yml index a00cbbb4..cfb892bd 100644 --- a/roles/wazuh/ansible-filebeat/defaults/main.yml +++ b/roles/wazuh/ansible-filebeat/defaults/main.yml @@ -10,6 +10,8 @@ filebeat_prospectors: json.keys_under_root: true json.overwrite_keys: true +filebeat_node_name: node-1 + filebeat_output_elasticsearch_enabled: false filebeat_output_elasticsearch_hosts: - "localhost:9200" @@ -23,3 +25,19 @@ filebeat_ssl_dir: /etc/pki/filebeat filebeat_ssl_certificate_file: "" filebeat_ssl_key_file: "" filebeat_ssl_insecure: "false" + +# Xpack Security +filebeat_xpack_security: false + +elasticsearch_xpack_security_user: elastic +elasticsearch_xpack_security_password: elastic_pass + +node_certs_generator : false +node_certs_generator_ip: 172.16.0.161 +node_certs_source: /usr/share/elasticsearch +node_certs_destination: /etc/filebeat/certs + +# Rsync +rsync_path: /usr/bin/rsync +rsync_user: vagrant +rsync_extra_parameters: -avg -e 'ssh -o StrictHostKeyChecking=no' --rsync-path='sudo rsync' diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 94cd5765..80d7cd61 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -10,8 +10,63 @@ tags: - install +- name: Check if certificate exists locally + stat: + path: "{{node_certs_destination}}/{{ filebeat_node_name }}.crt" + register: certificate_file_exists + when: + - filebeat_xpack_security + +- name: Copy key & certificate files in generator node (locally) + synchronize: + src: "{{node_certs_source}}/{{filebeat_node_name}}/" + dest: "{{node_certs_destination}}/" + delegate_to: "{{ node_certs_generator_ip }}" + when: + - node_certs_generator + - filebeat_xpack_security + - not certificate_file_exists.stat.exists + tags: xpack-security + +- name: Copy ca certificate file in generator node (locally) + synchronize: + src: "{{node_certs_source}}/ca/" + dest: "{{node_certs_destination}}/" + delegate_to: "{{ node_certs_generator_ip }}" + when: + - node_certs_generator + - filebeat_xpack_security + - not certificate_file_exists.stat.exists + register: check_certs_permissions + tags: xpack-security + +- name: Importing key & certificate files from generator node + shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{filebeat_node_name}}/ {{node_certs_destination}}/" + when: + - not node_certs_generator + - filebeat_xpack_security + - not certificate_file_exists.stat.exists + tags: xpack-security + +- name: Importing ca certificate file from generator node + shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/" + when: + - not node_certs_generator + - filebeat_xpack_security + - not certificate_file_exists.stat.exists + register: check_certs_permissions + tags: xpack-security + +- name: Ensuring certificates folder owner + shell: "chmod -R 770 {{node_certs_destination}}/" + when: + - check_certs_permissions is defined + - filebeat_xpack_security + tags: xpack-security + - import_tasks: config.yml when: filebeat_create_config + notify: restart filebeat - name: Reload systemd systemd: daemon_reload=yes diff --git a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 index 8e6287ec..0a47af9d 100644 --- a/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 +++ b/roles/wazuh/ansible-filebeat/templates/filebeat.yml.j2 @@ -53,6 +53,15 @@ output.elasticsearch: #pipeline: geoip indices: - index: 'wazuh-alerts-3.x-%{+yyyy.MM.dd}' +{% if filebeat_xpack_security %} + username: {{ elasticsearch_xpack_security_user }} + password: {{ elasticsearch_xpack_security_password }} + protocol: https + ssl.certificate_authorities: + - {{node_certs_destination}}/ca.crt + ssl.certificate: "{{node_certs_destination}}/{{ filebeat_node_name }}.crt" + ssl.key: "{{node_certs_destination}}/{{ filebeat_node_name }}.key" +{% endif %} # Optional. Send events to Logstash instead of Elasticsearch #output.logstash.hosts: ["YOUR_LOGSTASH_SERVER_IP:5000"] \ No newline at end of file