NETWAYS · tbauriedel · Apr 2, 2025
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yaml b/.github/ISSUE_TEMPLATE/bug_report.yaml
@@ -18,10 +18,20 @@ body:
   - type: textarea
     id: description
     attributes:
-      label: Describe the bug
-      description: Please provide a concise description of the bug, add any relevant output or error messages. You can use markdown.
+      label: Description
+      description: A clear and concise description of what the bug is.
   - type: textarea
-    id: recreate
+    id: reproduce
     attributes:
-      label: How to recreate the bug?
-      description: Please provide the steps to recreate the issue.
+      label: To Reproduce
+      description: Describe how to reproduce the bug.
+  - type: textarea
+    id: environment
+    attributes:
+      label: Your Environment
+      description: Include as many relevant details about the environment you experienced the problem in.
+      value: |
+        * Version (commit) used:
+        * Ansible version:
+        * Python version:
+        * Operating System and version:
diff --git a/roles/logstash/tasks/logstash-security.yml b/roles/logstash/tasks/logstash-security.yml
      register: logstash_check_temporary_cert_ansible_controler

    - name: Move temporary cert file on Ansible controler
      ansible.builtin.copy:
        src: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-ls.p12"
        dest: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-ls.p12_{{ ansible_date_time.iso8601_micro }}"
        mode: preserve
diff --git a/roles/beats/tasks/filebeat.yml b/roles/beats/tasks/filebeat.yml
 - name: Install Filebeat latest version - rpm - full stack
  ansible.builtin.package:
    name: filebeat
    state: latest
    enablerepo:
      - "elastic-{{ elasticstack_release }}.x"
  notify:
 - name: Install Filebeat latest version - rpm - standalone
  ansible.builtin.package:
    name: filebeat
    state: latest
  notify:
    - Restart Filebeat
  when:
 - name: Install Filebeat latest version - deb
  ansible.builtin.package:
    name: filebeat
    state: latest
  notify:
    - Restart Filebeat
  when:
diff --git a/roles/beats/tasks/auditbeat.yml b/roles/beats/tasks/auditbeat.yml
 - name: Install Auditbeat latest version - rpm - standalone
  ansible.builtin.package:
    name: auditbeat
    state: latest
  notify:
    - Restart Auditbeat
  when:
 - name: Install Auditbeat latest version - deb
  ansible.builtin.package:
    name: auditbeat
    state: latest
  notify:
    - Restart Auditbeat
  when:
diff --git a/roles/beats/tasks/metricbeat.yml b/roles/beats/tasks/metricbeat.yml
 - name: Install Metricbeat latest version - rpm - full stack
  ansible.builtin.package:
    name: metricbeat
    state: latest
    enablerepo:
      - "elastic-{{ elasticstack_release }}.x"
  notify:
 - name: Install Metricbeat latest version - rpm - standalone
  ansible.builtin.package:
    name: metricbeat
    state: latest
  notify:
    - Restart Metricbeat
  when:
 - name: Install Metricbeat latest version - deb
  ansible.builtin.package:
    name: metricbeat
    state: latest
  notify:
    - Restart Metricbeat
  when:
diff --git a/roles/elasticsearch/tasks/main.yml b/roles/elasticsearch/tasks/main.yml
    - name: Check for cluster status without security
      ansible.builtin.uri:
 # kics-scan ignore-line
        url: "http://{{ elasticsearch_api_host }}:{{ elasticstack_elasticsearch_http_port }}/_cluster/health?pretty"
      register: elasticsearch_cluster_status
      ignore_errors: "{{ ansible_check_mode }}"
      until: elasticsearch_cluster_status.json.status == "green"
	register: logstash_check_temporary_cert_ansible_controler

	- name: Move temporary cert file on Ansible controler
	ansible.builtin.copy:
Check warning on line 125 in roles/logstash/tasks/logstash-security.yml GitHub Actions / kics [INFO] Risky File Permissions `Some modules could end up creating new files on disk with permissions that might be too open or unpredictable`
	src: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') \| dirname }}/{{ ansible_hostname }}-ls.p12"
	dest: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') \| dirname }}/{{ ansible_hostname }}-ls.p12_{{ ansible_date_time.iso8601_micro }}"
	mode: preserve
	- name: Install Filebeat latest version - rpm - full stack
	ansible.builtin.package:
	name: filebeat
	state: latest
Check warning on line 44 in roles/beats/tasks/filebeat.yml GitHub Actions / kics [LOW] Unpinned Package Version `Setting state to latest performs an update and installs additional packages possibly resulting in performance degradation or loss of service`
	enablerepo:
	- "elastic-{{ elasticstack_release }}.x"
	notify:
	- name: Install Filebeat latest version - rpm - standalone
	ansible.builtin.package:
	name: filebeat
	state: latest
Check warning on line 58 in roles/beats/tasks/filebeat.yml GitHub Actions / kics [LOW] Unpinned Package Version `Setting state to latest performs an update and installs additional packages possibly resulting in performance degradation or loss of service`
	notify:
	- Restart Filebeat
	when:
	- name: Install Filebeat latest version - deb
	ansible.builtin.package:
	name: filebeat
	state: latest
Check warning on line 70 in roles/beats/tasks/filebeat.yml GitHub Actions / kics [LOW] Unpinned Package Version `Setting state to latest performs an update and installs additional packages possibly resulting in performance degradation or loss of service`
	notify:
	- Restart Filebeat
	when:
	- name: Install Auditbeat latest version - rpm - standalone
	ansible.builtin.package:
	name: auditbeat
	state: latest
Check warning on line 62 in roles/beats/tasks/auditbeat.yml GitHub Actions / kics [LOW] Unpinned Package Version `Setting state to latest performs an update and installs additional packages possibly resulting in performance degradation or loss of service`
	notify:
	- Restart Auditbeat
	when:
	- name: Install Auditbeat latest version - deb
	ansible.builtin.package:
	name: auditbeat
	state: latest
Check warning on line 74 in roles/beats/tasks/auditbeat.yml GitHub Actions / kics [LOW] Unpinned Package Version `Setting state to latest performs an update and installs additional packages possibly resulting in performance degradation or loss of service`
	notify:
	- Restart Auditbeat
	when:
	- name: Install Metricbeat latest version - rpm - full stack
	ansible.builtin.package:
	name: metricbeat
	state: latest
Check warning on line 45 in roles/beats/tasks/metricbeat.yml GitHub Actions / kics [LOW] Unpinned Package Version `Setting state to latest performs an update and installs additional packages possibly resulting in performance degradation or loss of service`
	enablerepo:
	- "elastic-{{ elasticstack_release }}.x"
	notify:
	- name: Install Metricbeat latest version - rpm - standalone
	ansible.builtin.package:
	name: metricbeat
	state: latest
Check warning on line 59 in roles/beats/tasks/metricbeat.yml GitHub Actions / kics [LOW] Unpinned Package Version `Setting state to latest performs an update and installs additional packages possibly resulting in performance degradation or loss of service`
	notify:
	- Restart Metricbeat
	when:
	- name: Install Metricbeat latest version - deb
	ansible.builtin.package:
	name: metricbeat
	state: latest
Check warning on line 72 in roles/beats/tasks/metricbeat.yml GitHub Actions / kics [LOW] Unpinned Package Version `Setting state to latest performs an update and installs additional packages possibly resulting in performance degradation or loss of service`
	notify:
	- Restart Metricbeat
	when:
	- name: Check for cluster status without security
	ansible.builtin.uri:
	# kics-scan ignore-line
	url: "http://{{ elasticsearch_api_host }}:{{ elasticstack_elasticsearch_http_port }}/_cluster/health?pretty"
Check warning on line 277 in roles/elasticsearch/tasks/main.yml GitHub Actions / kics [MEDIUM] Communication Over HTTP `Using HTTP URLs (without encryption) could lead to security vulnerabilities and risks`
	register: elasticsearch_cluster_status
	ignore_errors: "{{ ansible_check_mode }}"
	until: elasticsearch_cluster_status.json.status == "green"