From e752637e5c4ccee77ac64cb7a68f5ba9ed983f56 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Wed, 6 Jun 2018 15:55:55 -0400
Subject: [PATCH] Filebeat Module - Add SSL to the config

---
 salt/filebeat/etc/filebeat.yml |  8 ++++----
 salt/filebeat/init.sls         | 13 -------------
 2 files changed, 4 insertions(+), 17 deletions(-)

diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index 2db54f393..8bdbf7341 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -823,13 +823,13 @@ output.logstash:
   #proxy_use_local_resolver: false
 
   # Enable SSL support. SSL is automatically enabled, if any SSL setting is set.
-  #ssl.enabled: true
+  ssl.enabled: true
 
   # Configure SSL verification mode. If `none` is configured, all server hosts
   # and certificates will be accepted. In this mode, SSL based connections are
   # susceptible to man-in-the-middle attacks. Use only for testing. Default is
   # `full`.
-  #ssl.verification_mode: full
+  ssl.verification_mode: full
 
   # List of supported/valid TLS versions. By default all TLS versions 1.0 up to
   # 1.2 are enabled.
@@ -837,10 +837,10 @@ output.logstash:
 
   # Optional SSL configuration options. SSL is off by default.
   # List of root certificates for HTTPS server verifications
-  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
+  ssl.certificate_authorities: ["/usr/share/filebeat/intraca.crt"]
 
   # Certificate for SSL client authentication
-  #ssl.certificate: "/etc/pki/client/cert.pem"
+  ssl.certificate: "/usr/share/filebeat/filebeat.crt"
 
   # Client Certificate Key
   #ssl.key: "/etc/pki/client/cert.key"
diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls
index 27441cdfc..ca173f5d7 100644
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -30,18 +30,6 @@ filebeatconfsync:
     - group: 0
     - template: jinja
 
-# Create Symlinks to the keys so I can distribute it to all the things
-
-fbkeylink:
-  file.symlink:
-    - name: /opt/so/saltstack/salt/filebeat/files/filebeat.key
-    - target: /etc/pki/filebeat.key
-
-fbcrtlink:
-  file.symlink:
-    - name: /opt/so/saltstack/salt/filebeat/files/filebeat.crt
-    - target: /etc/pki/filebeat.crt
-
 filebeatcrt:
   file.managed:
     - name: /opt/so/conf/filebeat/etc/pki/filebeat.crt
@@ -56,6 +44,5 @@ so-filebeat:
       - /opt/so/log/filebeat:/var/log/filebeat:rw
       - /opt/so/conf/filebeat/etc/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
       - /nsm/bro/spool/manager:/nsm/bro/spool:ro
-      - /opt/so/conf/filebeat/etc/pki/filebeat.key:/usr/share/filebeat/filebeat.key:ro
       - /opt/so/conf/filebeat/etc/pki/filebeat.crt:/usr/share/filebeat/filebeat.crt:ro
     - network_mode: so-elastic-net