From f47e205e45cdbe947528d3be6bae70b09fdc6247 Mon Sep 17 00:00:00 2001
From: Miguelangel Freitas <miguelangel@wazuh.com>
Date: Thu, 20 Jul 2017 13:31:57 -0400
Subject: [PATCH] Add logstash user to ossec group

---
 ansible-role-logstash/tasks/Debian.yml | 15 +++++++++++++++
 ansible-role-logstash/tasks/RedHat.yml | 15 +++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/ansible-role-logstash/tasks/Debian.yml b/ansible-role-logstash/tasks/Debian.yml
index e323058b..8ed0440d 100644
--- a/ansible-role-logstash/tasks/Debian.yml
+++ b/ansible-role-logstash/tasks/Debian.yml
@@ -38,3 +38,18 @@
 - name: Debian/Ubuntu | Install Logstash
   apt: name=logstash=1:{{ elastic_stack_version }}-1 state=present update_cache=yes
   tags: install
+
+- name: Debian/Ubuntu | Checking if wazuh-manager is installed
+  command: dpkg -l wazuh-manager
+  register: wazuh_manager_check_deb
+  args:
+    warn: no
+
+- name: Debian/Ubuntu | Add user logstash to group ossec
+  user:
+    name: logstash
+    groups: ossec
+    append: yes
+  when:
+    - logstash_input_beats == false
+    - wazuh_manager_check_deb.rc == 0
diff --git a/ansible-role-logstash/tasks/RedHat.yml b/ansible-role-logstash/tasks/RedHat.yml
index b8daa55f..51df05da 100644
--- a/ansible-role-logstash/tasks/RedHat.yml
+++ b/ansible-role-logstash/tasks/RedHat.yml
@@ -24,3 +24,18 @@
   package: name=logstash-{{ elastic_stack_version }} state=present
   when: oracle_java_task_rpm_installed is defined
   tags: install
+
+- name: RedHat/CentOS/Fedora | Checking if wazuh-manager is installed
+  command: rpm -q wazuh-manager
+  register: wazuh_manager_check_rpm
+  args:
+    warn: no
+
+- name: RedHat/CentOS/Fedora | Add user logstash to group ossec
+  user:
+    name: logstash
+    groups: ossec
+    append: yes
+  when:
+    - logstash_input_beats == false
+    - wazuh_manager_check_rpm.rc == 0