From 8179341f5080dcb6613d2b4a11f519911f6e085c Mon Sep 17 00:00:00 2001
From: Matt Crees <mattc@stackhpc.com>
Date: Tue, 14 Jan 2025 16:41:10 +0000
Subject: [PATCH] Correct permissions on Wazuh alerts manifest

Wazuh instance wasnt creating wazuh-alerts-* indices and the
"Check alerts index pattern" health-check fails.

Error and solution from logs:

```
Error reading manifest file: config file ("/usr/share/filebeat/module/wazuh/alerts/manifest.yml") can only be writable by the owner but the permissions are "-rw-rw-rw-"
to fix the permissions use: 'chmod go-w /usr/share/filebeat/module/wazuh/alerts/manifest.yml'
```
---
 etc/kayobe/ansible/wazuh-manager.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/etc/kayobe/ansible/wazuh-manager.yml b/etc/kayobe/ansible/wazuh-manager.yml
index 4595e6e3e..21c560d5d 100644
--- a/etc/kayobe/ansible/wazuh-manager.yml
+++ b/etc/kayobe/ansible/wazuh-manager.yml
@@ -130,6 +130,11 @@
       changed_when: false
       retries: 2
 
+    - name: Correct permissions on alerts manifest
+      ansible.builtin.file:
+        path: "/usr/share/filebeat/module/wazuh/alerts/manifest.yml"
+        mode: "go-w"
+
   handlers:
     - name: Restart wazuh
       ansible.builtin.service: