From d9f7e79b7dc9d61b9002b8c05b52ad4215c98235 Mon Sep 17 00:00:00 2001
From: Pablo Escobar <pescobar001@gmail.com>
Date: Sat, 23 May 2020 13:20:19 +0200
Subject: [PATCH] always use 0770 for the certs folder

---
 .../ansible-elasticsearch/tasks/xpack_security.yml          | 2 +-
 roles/elastic-stack/ansible-kibana/tasks/main.yml           | 4 ++--
 roles/wazuh/ansible-filebeat/tasks/main.yml                 | 6 +++++-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
index 47063c4e..0d9740d4 100644
--- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
@@ -184,7 +184,7 @@
     path: "{{ node_certs_destination }}/"
     owner: root
     group: elasticsearch
-    mode: 0774
+    mode: 0770
     state: directory
     recurse: no
   when:
diff --git a/roles/elastic-stack/ansible-kibana/tasks/main.yml b/roles/elastic-stack/ansible-kibana/tasks/main.yml
index b9dde1fe..cb7f3c55 100644
--- a/roles/elastic-stack/ansible-kibana/tasks/main.yml
+++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml
@@ -56,13 +56,14 @@
     - not generate_CA
   tags: xpack-security
 
-- name: Ensuring certificates folder owner
+- name: Ensuring certificates folder owner and permissions
   file:
     path: "{{ node_certs_destination }}/"
     state: directory
     recurse: no
     owner: kibana
     group: kibana
+    mode: 0770
   when:
     - kibana_xpack_security
   tags: xpack-security
@@ -70,7 +71,6 @@
 - name: Ensuring certificates folder owner
   file:
     path: "{{ node_certs_destination }}/"
-    mode: 0770
     recurse: no
   when:
     - kibana_xpack_security
diff --git a/roles/wazuh/ansible-filebeat/tasks/main.yml b/roles/wazuh/ansible-filebeat/tasks/main.yml
index 29732104..5a15926d 100644
--- a/roles/wazuh/ansible-filebeat/tasks/main.yml
+++ b/roles/wazuh/ansible-filebeat/tasks/main.yml
@@ -30,6 +30,8 @@
   copy:
     src: "{{ item }}"
     dest: "{{ node_certs_destination }}/"
+    owner: root
+    group: root
     mode: 0440
   with_items:
     - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key"
@@ -44,6 +46,8 @@
   copy:
     src: "{{ item }}"
     dest: "{{ node_certs_destination }}/"
+    owner: root
+    group: root
     mode: 0440
   with_items:
     - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key"
@@ -57,7 +61,7 @@
 - name: Ensuring folder & certs permissions
   file:
     path: "{{ node_certs_destination }}/"
-    mode: 0774
+    mode: 0770
     state: directory
     recurse: no
   when: