Mark appropriate linux integrations as requiring root.

[norrietaylor]

Linux packages that require root to execute should be marked accordingly. An example can be found here

This includes:

• system_audit (auditbeat)
• fim (auditbeat)
• auditd_manager (auditbeat)
• network_traffic (packetbeat)
• and maybe cloud_defend (I am not sure if we need root once the appropriate capabilities are exposed)

[epixa]

@norrietaylor Does osquery need root?

[norrietaylor]

@norrietaylor Does osquery need root?

Good question. I would assume it does. @aleksmaus Can you give a more definitive answer?

[aleksmaus]

@norrietaylor Does osquery need root?

Good question. I would assume it does. @aleksmaus Can you give a more definitive answer?

Yes, it needs root.
You could run it as non-root but some functionality will not available.

[elasticmachine]

Package auditd_manager - 1.16.3 containing this change is available at https://epr.elastic.co/search?package=auditd_manager