Merge pull request #741 from wazuh/738-certs_permissions

Certificates permissions updated

roles/wazuh/ansible-filebeat-oss/tasks/security_actions.yml

@@ -6,7 +6,7 @@
       state: directory
       owner: root
       group: root
-      mode: 0774
+      mode: 500
 
   - name: Copy the certificates from local to the Manager instance
     copy:
@@ -14,7 +14,7 @@
       dest: "{{ filebeat_ssl_dir }}"
       owner: root
       group: root
-      mode: 0644
+      mode: 400
     with_items:
       - "{{ filebeat_node_name }}-key.pem"
       - "{{ filebeat_node_name }}.pem"

roles/wazuh/wazuh-dashboard/tasks/security_actions.yml

@@ -1,10 +1,20 @@
 - block:
 
+  - name: Ensure Dashboard certificates directory permissions.
+    file:
+      path: "/etc/wazuh-dashboard/certs/"
+      state: directory
+      owner: wazuh-dashboard
+      group: wazuh-dashboard
+      mode: 500
+
   - name: Copy the certificates from local to the Wazuh dashboard instance
     copy:
       src: "{{ local_certs_path }}/wazuh-certificates/{{ item }}"
       dest: /etc/wazuh-dashboard/certs/
-      mode: 0644
+      owner: wazuh-dashboard
+      group: wazuh-dashboard
+      mode: 0400
     with_items:
       - "root-ca.pem"
       - "{{ dashboard_node_name }}-key.pem"

roles/wazuh/wazuh-indexer/tasks/security_actions.yml

@@ -19,13 +19,21 @@
   when:
     - hostvars[inventory_hostname]['private_ip'] is not defined
 
+- name: Ensure Indexer certificates directory permissions.
+  file:
+    path: "{{ indexer_conf_path }}/certs/"
+    state: directory
+    owner: wazuh-indexer
+    group: wazuh-indexer
+    mode: 500
 
 - name: Copy the node & admin certificates to Wazuh indexer cluster
   copy:
     src: "{{ local_certs_path }}/wazuh-certificates/{{ item }}"
     dest: "{{ indexer_conf_path }}/certs/"
-    mode: 0644
+    owner: wazuh-indexer
-  become: yes
+    group: wazuh-indexer
+    mode: 0400
   with_items:
     - root-ca.pem
     - root-ca.key