add CA correct management for Logstash (#202)

2025-10-23 06:11:57 +00:00 · 2019-07-08 18:32:36 +02:00
parent 065b5bb5cf
commit eca30fb709
2 changed files with 5 additions and 1 deletions
--- a/elasticsearch/config/load_settings.sh
+++ b/elasticsearch/config/load_settings.sh
@@ -145,7 +145,7 @@ if [[ $SECURITY_ENABLED == "yes" ]]; then
    echo "Setting Logstash password"
    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' 'https://localhost:9200/_xpack/security/role/service_logstash_writer ' -d '{ "cluster": ["manage_index_templates", "monitor", "manage_ilm"], "indices": [ { "names": [ "*" ],  "privileges": ["write","delete","create_index","manage","manage_ilm"] } ] }'
    sleep 5
-    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' "https://localhost:9200/_xpack/security/user/$LOGSTASH_USER" -d '{ "password":"'$LOGSTASH_PASS'", "roles" : [ "service_logstash_writer"],  "full_name" : "Service Internal Logstash User" }'
+    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' "https://localhost:9200/_xpack/security/user/$LOGSTASH_USER" -d '{ "password":"'$LOGSTASH_PASS'", "roles" : [ "service_logstash_writer", "logstash_system"],  "full_name" : "Service Internal Logstash User" }'
    echo "Passwords established for all Elastic Stack users"
    echo "Creating Admin user"
    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' "https://localhost:9200/_xpack/security/user/$ADMIN_USER" -d '{ "password":"'$ADMIN_PASS'", "roles" : [ "superuser"],  "full_name" : "Wazuh admin" }'
--- a/logstash/config/10-entrypoint.sh
+++ b/logstash/config/10-entrypoint.sh
@@ -88,8 +88,12 @@ if [[ $SECURITY_ENABLED == "yes" ]]; then
 xpack.monitoring.enabled: true
 xpack.monitoring.elasticsearch.username: \${LOGSTASH_KS_USER}
 xpack.monitoring.elasticsearch.password: \${LOGSTASH_KS_PASS}
+xpack.monitoring.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/$SECURITY_CA_PEM
+
+xpack.management.elasticsearch.hosts: \"$LOGSTASH_OUTPUT/\"
 xpack.management.elasticsearch.username: \${LOGSTASH_KS_USER}
 xpack.management.elasticsearch.password: \${LOGSTASH_KS_PASS}
+xpack.management.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/$SECURITY_CA_PEM
 " >> /usr/share/logstash/config/logstash.yml

  ## Settings for 01-wazuh.conf