Osquerybeat: lock down flagfile, prevent global defaults#27611
Merged
aleksmaus merged 1 commit intoelastic:masterfrom Aug 31, 2021
Merged
Osquerybeat: lock down flagfile, prevent global defaults#27611aleksmaus merged 1 commit intoelastic:masterfrom
aleksmaus merged 1 commit intoelastic:masterfrom
Conversation
Contributor
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪💚 Flaky test reportTests succeeded. Expand to view the summary
Test stats 🧪
|
mergify bot
pushed a commit
that referenced
this pull request
Aug 31, 2021
(cherry picked from commit e3adb91)
aleksmaus
added a commit
that referenced
this pull request
Aug 31, 2021
mdelapenya
added a commit
to mdelapenya/beats
that referenced
this pull request
Sep 1, 2021
* master: Forward port 7.14.1 changelog to master (elastic#27687) Addressing multiple dashboard issues: deps loading once, field conversion, etc. (elastic#27669) Remove adaptive queue sizes from agent's spec files (elastic#27653) Osquerybeat: Improve testability and unit test coverage (elastic#27591) Osquerybeat: lockdown flagsfile, prevent global defaults (elastic#27611) Import the references of dashboard assets using the Saved Objects API (elastic#27647) Fix bug with override path in cgroups (elastic#27620) Allow Kibana client to authorize with Elasticsearch API key (elastic#27540) Filebeat auditd: Fix Top Exec Commands dashboard visualization (elastic#27638) [elastic-agent] Fix docker tar.gz generation for complete image (elastic#27621) Follow up changes in dashboards in mage check && fix minor issue (elastic#27553) [Heartbeat] Fix bug where `enabled: false` is ignored. (elastic#27615) Support kube_state_metrics v2.0.0 (elastic#27552)
Icedroid
pushed a commit
to Icedroid/beats
that referenced
this pull request
Nov 1, 2021
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Lock down flagfile, prevent global defaults, otherwise the osqueryi and osqueryd processes try to load defaults from
osquery.flags.defaults file from OSQUERY_HOME locations:
https://github.com/osquery/osquery/blob/2cd5b42c8f8fa52c6d251c6537595c7c59c90f4c/osquery/utils/config/default_paths.h
and can potentially mess with configuration if it was not specified by us via the command line flags.
This could be considered a bug or a feature, for example without this change you can create
/var/osquery/osquery.flags.defaults on Mac with content
--disable_tables=usersand this will prevent any osquery instance (including ours) from querying this table.
Why is it important?
This change prevents global osquery defaults flagfile from affecting our osquery instance configuration.
Checklist
Screenshots
Empty osquery.flags file is created in the osquery "data" directory
Logs
Starting our osqueryd instance with flagfile parameter