diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 47063c4e..0d9740d4 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -184,7 +184,7 @@ path: "{{ node_certs_destination }}/" owner: root group: elasticsearch - mode: 0774 + mode: 0770 state: directory recurse: no when: diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml index b9dde1fe..cb7f3c55 100644 --- a/roles/elastic-stack/ansible-kibana/tasks/main.yml +++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml @@ -56,13 +56,14 @@ - not generate_CA tags: xpack-security -- name: Ensuring certificates folder owner +- name: Ensuring certificates folder owner and permissions file: path: "{{ node_certs_destination }}/" state: directory recurse: no owner: kibana group: kibana + mode: 0770 when: - kibana_xpack_security tags: xpack-security @@ -70,7 +71,6 @@ - name: Ensuring certificates folder owner file: path: "{{ node_certs_destination }}/" - mode: 0770 recurse: no when: - kibana_xpack_security diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml index 29732104..5a15926d 100644 --- a/roles/wazuh/ansible-filebeat/tasks/main.yml +++ b/roles/wazuh/ansible-filebeat/tasks/main.yml @@ -30,6 +30,8 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + owner: root + group: root mode: 0440 with_items: - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" @@ -44,6 +46,8 @@ copy: src: "{{ item }}" dest: "{{ node_certs_destination }}/" + owner: root + group: root mode: 0440 with_items: - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key" @@ -57,7 +61,7 @@ - name: Ensuring folder & certs permissions file: path: "{{ node_certs_destination }}/" - mode: 0774 + mode: 0770 state: directory recurse: no when: