beats icon indicating copy to clipboard operation
beats copied to clipboard

Published 20 hours ago verified publisher icon elastic

libbeat/processors/add_process_metada: add capabilities to process me…

Open haesbaert opened this issue 1 year ago • 10 comments
trafficstars

Proposed commit message

Extends process metadata with effective and permitted capabilities.

Errors from capabilities.FromPid() are ignored since it returns a nil slice, which results in len() == 0 which supresses any output. A possible common error is getting ESRCH as the process might have already exited.

Checklist

  • [ ] ~~My code follows the style guidelines of this project~~
  • [x] I have commented my code, particularly in hard-to-understand areas
  • [ ] ~~I have made corresponding changes to the documentation~~
  • [ ] ~~I have made corresponding change to the default configuration files~~
  • [x] I have added tests that prove my fix is effective or that my feature works
  • [x] I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

processors:
  - add_process_metadata:
      overwrite_keys: true
      match_pids: ["process.pid"]

auditbeat.modules:
- module: system
  datasets:
    - socket
  period: 10s # The frequency at which the datasets check for changes
  state.period: 20s

output.console:
  pretty: true

Related issues

Part of https://github.com/elastic/security-team/issues/4375 Related to https://github.com/elastic/beats/pull/37453

Screenshots

Screenshot from 2024-03-11 12-07-56

output.txt

haesbaert avatar Mar 11 '24 12:03 haesbaert

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)

elasticmachine avatar Mar 11 '24 12:03 elasticmachine

This pull request does not have a backport label. If this is a bug or security fix, could you label this PR @haesbaert? 🙏. For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed branches, such as:

  • backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

mergify[bot] avatar Mar 11 '24 12:03 mergify[bot]

:green_heart: Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Duration: 133 min 9 sec

:grey_exclamation: Flaky test report

No test was executed to be analysed.

:robot: GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

elasticmachine avatar Mar 11 '24 12:03 elasticmachine

The Windows errors seem to be unrelated, apparently the CI can't find the go binary and whatnot

haesbaert avatar Mar 11 '24 15:03 haesbaert

Pinging @elastic/elastic-agent (Team:Elastic-Agent)

elasticmachine avatar Mar 11 '24 16:03 elasticmachine

BuildKite should not prevent the PR from be merged yet. Once you get the approvals and Jenkins is green you should be able to merge it.

belimawr avatar Mar 12 '24 14:03 belimawr

BuildKite should not prevent the PR from be merged yet. Once you get the approvals and Jenkins is green you should be able to merge it.

Awesome, thanks :)

haesbaert avatar Mar 19 '24 06:03 haesbaert

Merging is blocked as waiting a review from @fearful-symmetry , is this because we need a reviewer from each team?

haesbaert avatar Mar 21 '24 16:03 haesbaert

:green_heart: Build Succeeded

History

  • :green_heart: Build #2504 succeeded 9e9a4df3c55db017f17f3478802aa1950bac73d1
  • :green_heart: Build #2296 succeeded 4eb35fdecbfbdeecf9d2b7e8b6edd8ff0bc6bddc
  • :broken_heart: Build #1947 failed a6ca13fcaa13868630b733965185ea9915d19c2b

cc @haesbaert

elasticmachine avatar Mar 21 '24 16:03 elasticmachine

:green_heart: Build Succeeded

History

  • :green_heart: Build #1272 succeeded 9e9a4df3c55db017f17f3478802aa1950bac73d1
  • :green_heart: Build #1066 succeeded 4eb35fdecbfbdeecf9d2b7e8b6edd8ff0bc6bddc

cc @haesbaert

elasticmachine avatar Mar 21 '24 16:03 elasticmachine

:green_heart: Build Succeeded

History

  • :green_heart: Build #1230 succeeded 9e9a4df3c55db017f17f3478802aa1950bac73d1
  • :green_heart: Build #1024 succeeded 4eb35fdecbfbdeecf9d2b7e8b6edd8ff0bc6bddc

cc @haesbaert

elasticmachine avatar Mar 21 '24 16:03 elasticmachine

:green_heart: Build Succeeded

History

  • :green_heart: Build #1665 succeeded 9e9a4df3c55db017f17f3478802aa1950bac73d1
  • :green_heart: Build #1459 succeeded 4eb35fdecbfbdeecf9d2b7e8b6edd8ff0bc6bddc
  • :green_heart: Build #1110 succeeded a6ca13fcaa13868630b733965185ea9915d19c2b

cc @haesbaert

elasticmachine avatar Mar 21 '24 16:03 elasticmachine

:green_heart: Build Succeeded

History

  • :green_heart: Build #2509 succeeded 9e9a4df3c55db017f17f3478802aa1950bac73d1
  • :green_heart: Build #2303 succeeded 4eb35fdecbfbdeecf9d2b7e8b6edd8ff0bc6bddc
  • :green_heart: Build #1954 succeeded a6ca13fcaa13868630b733965185ea9915d19c2b

cc @haesbaert

elasticmachine avatar Mar 21 '24 16:03 elasticmachine

:green_heart: Build Succeeded

History

  • :green_heart: Build #1227 succeeded 9e9a4df3c55db017f17f3478802aa1950bac73d1
  • :green_heart: Build #1021 succeeded 4eb35fdecbfbdeecf9d2b7e8b6edd8ff0bc6bddc

cc @haesbaert

elasticmachine avatar Mar 21 '24 16:03 elasticmachine

:green_heart: Build Succeeded

History

  • :green_heart: Build #2799 succeeded 9e9a4df3c55db017f17f3478802aa1950bac73d1
  • :broken_heart: Build #2593 failed 4eb35fdecbfbdeecf9d2b7e8b6edd8ff0bc6bddc
  • :broken_heart: Build #2244 failed a6ca13fcaa13868630b733965185ea9915d19c2b
  • :broken_heart: Build #2243 failed 58ec06f35a8692d09d31cae931b12cfafc7154c9

cc @haesbaert

elasticmachine avatar Mar 21 '24 16:03 elasticmachine

:green_heart: Build Succeeded

History

  • :green_heart: Build #1240 succeeded 9e9a4df3c55db017f17f3478802aa1950bac73d1
  • :green_heart: Build #1034 succeeded 4eb35fdecbfbdeecf9d2b7e8b6edd8ff0bc6bddc

cc @haesbaert

elasticmachine avatar Mar 21 '24 17:03 elasticmachine

:green_heart: Build Succeeded

History

  • :green_heart: Build #3720 succeeded 9e9a4df3c55db017f17f3478802aa1950bac73d1
  • :green_heart: Build #3514 succeeded 4eb35fdecbfbdeecf9d2b7e8b6edd8ff0bc6bddc
  • :green_heart: Build #3161 succeeded a6ca13fcaa13868630b733965185ea9915d19c2b

cc @haesbaert

elasticmachine avatar Mar 21 '24 17:03 elasticmachine

:green_heart: Build Succeeded

History

  • :green_heart: Build #4153 succeeded 9e9a4df3c55db017f17f3478802aa1950bac73d1
  • :broken_heart: Build #3946 failed 4eb35fdecbfbdeecf9d2b7e8b6edd8ff0bc6bddc
  • :broken_heart: Build #3585 failed a6ca13fcaa13868630b733965185ea9915d19c2b
  • :broken_heart: Build #3584 failed 58ec06f35a8692d09d31cae931b12cfafc7154c9

cc @haesbaert

elasticmachine avatar Mar 21 '24 17:03 elasticmachine

/test

haesbaert avatar Apr 03 '24 11:04 haesbaert