wazuh-ansible icon indicating copy to clipboard operation
wazuh-ansible copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Usage of filebeat_xpack_security should not require a client side certificate

Open redgryphon opened this issue 3 years ago • 0 comments

In the actual template of filebeat.yml there is no way of using secure communications with the ELK stack but without the usage of a client side certificate.

The easiest way of enabling this option is to place the two lines regarding the client side certificate only when those files are provided but there could also be another variable (eg client_certificates: true) to allow this. The template would then be something like:

{% if filebeat_xpack_security %}
  username: {{ elasticsearch_xpack_security_user }}
  password: {{ elasticsearch_xpack_security_password }}
  protocol: https
{% if generate_CA == true %}
  ssl.certificate_authorities: 
    - {{node_certs_destination}}/ca.crt
{% elif generate_CA == false %}
  ssl.certificate_authorities:
    - {{node_certs_destination}}/{{ca_cert_name}}
{% endif %}
{% if client_certificates == true %}
  ssl.certificate: "{{node_certs_destination}}/{{ filebeat_node_name }}.crt" 
  ssl.key: "{{node_certs_destination}}/{{ filebeat_node_name }}.key"
{% endif %}
{% endif %}

redgryphon avatar Mar 27 '21 19:03 redgryphon