From eca30fb7092589e22573dcfa49cdcab3f74c75d0 Mon Sep 17 00:00:00 2001
From: AlfonsoRBJ <sitoruizbravo@hotmail.com>
Date: Mon, 8 Jul 2019 18:32:36 +0200
Subject: [PATCH] add CA correct management for Logstash (#202)

---
 elasticsearch/config/load_settings.sh | 2 +-
 logstash/config/10-entrypoint.sh      | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/elasticsearch/config/load_settings.sh b/elasticsearch/config/load_settings.sh
index 9b39390d..831fda28 100644
--- a/elasticsearch/config/load_settings.sh
+++ b/elasticsearch/config/load_settings.sh
@@ -145,7 +145,7 @@ if [[ $SECURITY_ENABLED == "yes" ]]; then
     echo "Setting Logstash password"
     curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' 'https://localhost:9200/_xpack/security/role/service_logstash_writer ' -d '{ "cluster": ["manage_index_templates", "monitor", "manage_ilm"], "indices": [ { "names": [ "*" ],  "privileges": ["write","delete","create_index","manage","manage_ilm"] } ] }'
     sleep 5
-    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' "https://localhost:9200/_xpack/security/user/$LOGSTASH_USER" -d '{ "password":"'$LOGSTASH_PASS'", "roles" : [ "service_logstash_writer"],  "full_name" : "Service Internal Logstash User" }'
+    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' "https://localhost:9200/_xpack/security/user/$LOGSTASH_USER" -d '{ "password":"'$LOGSTASH_PASS'", "roles" : [ "service_logstash_writer", "logstash_system"],  "full_name" : "Service Internal Logstash User" }'
     echo "Passwords established for all Elastic Stack users"
     echo "Creating Admin user"
     curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' "https://localhost:9200/_xpack/security/user/$ADMIN_USER" -d '{ "password":"'$ADMIN_PASS'", "roles" : [ "superuser"],  "full_name" : "Wazuh admin" }'
diff --git a/logstash/config/10-entrypoint.sh b/logstash/config/10-entrypoint.sh
index 8aa90b7b..c441577b 100644
--- a/logstash/config/10-entrypoint.sh
+++ b/logstash/config/10-entrypoint.sh
@@ -88,8 +88,12 @@ if [[ $SECURITY_ENABLED == "yes" ]]; then
 xpack.monitoring.enabled: true
 xpack.monitoring.elasticsearch.username: \${LOGSTASH_KS_USER}
 xpack.monitoring.elasticsearch.password: \${LOGSTASH_KS_PASS}
+xpack.monitoring.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/$SECURITY_CA_PEM
+
+xpack.management.elasticsearch.hosts: \"$LOGSTASH_OUTPUT/\"
 xpack.management.elasticsearch.username: \${LOGSTASH_KS_USER}
 xpack.management.elasticsearch.password: \${LOGSTASH_KS_PASS}
+xpack.management.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/$SECURITY_CA_PEM
 " >> /usr/share/logstash/config/logstash.yml
 
   ## Settings for 01-wazuh.conf