Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Auditbeat] Cherry-pick #12289 to 7.2: Package: Auto-detect package directories #12323

Merged
merged 1 commit into from
May 29, 2019
Merged

[Auditbeat] Cherry-pick #12289 to 7.2: Package: Auto-detect package directories #12323

merged 1 commit into from
May 29, 2019

Conversation

cwurm
Copy link
Contributor

@cwurm cwurm commented May 28, 2019

Cherry-pick of PR #12289 to 7.2 branch. Original message:

Users have recently struggled with using Auditbeat on distros the system/package dataset does not recognize. When this happens, Auditbeat aborts the start with a not very helpful error message.

This PR fixes this by changing the behavior:

  1. Instead of selecting the package manager based on the OS family we check which package directories exist: /var/lib/dpkg, /var/lib/rpm, or /usr/local/Cellar. In the future, we could make these configurable.
  2. If we find no directories, we log a warning once and continue checking. We do not abort Auditbeat's launch.

Possible future improvements:

  1. Add a package.type (naming tbd) to distinguish between rpm, deb, and homebrew packages.
  2. Make the package directories configurable by the user. We use the default path for each which will work in most cases, but each package manager allows this to be customized.

This is a bigger change, but I'd want to backport it as a bugfix since the current behavior is causing frustration to users. The system module is still in beta, giving us more freedom in what we backport.

[Auditbeat] Package: Auto-detect package directories (elastic#12289)
990502b 
Changes the `system/package` dataset to select the package manager based on which package directories exist: `/var/lib/dpkg`, `/var/lib/rpm`, or `/usr/local/Cellar`.

If we find no directories, we log a warning once and continue checking. We do not abort Auditbeat's launch.

(cherry picked from commit afbe070)
@cwurm cwurm requested a review from a team as a code owner May 28, 2019 22:16
@cwurm cwurm changed the title Cherry-pick #12289 to 7.2: [Auditbeat] Package: Auto-detect package directories [Auditbeat] Cherry-pick #12289 to 7.2: Package: Auto-detect package directories May 28, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/secops

@cwurm cwurm merged commit c1dd2e4 into elastic:7.2 May 29, 2019
@cwurm cwurm deleted the backport_12289_7.2 branch May 29, 2019 08:12
leweafan pushed a commit to leweafan/beats that referenced this pull request Apr 28, 2023
[Auditbeat] Cherry-pick elastic#12289 to 7.2: Package: Auto-detect pa…
3d6052f 
…ckage directories (elastic#12323)

Changes the `system/package` dataset to select the package manager based on which package directories exist: `/var/lib/dpkg`, `/var/lib/rpm`, or `/usr/local/Cellar`.

If we find no directories, we log a warning once and continue checking. We do not abort Auditbeat's launch.

(cherry picked from commit 33d5d1b)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adriansr adriansr adriansr approved these changes

Assignees
No one assigned
Labels
Auditbeat backport review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cwurm @elasticmachine @adriansr