Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[7.17](backport #40130) Osquerybeat: Disable allow_unsafe osquery configuration #41239

Merged
merged 2 commits into from
Oct 15, 2024
Merged

[7.17](backport #40130) Osquerybeat: Disable allow_unsafe osquery configuration #41239

merged 2 commits into from
Oct 15, 2024

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented Oct 15, 2024

Proposed commit message

Osquerybeat: Disable allow_unsafe osquery configuration

The allow_unsafe flag was used for windows only since Oct 21, 2021.

This addresses the issue reported in:
https://github.com/elastic/security/issues/2194

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Disruptive User Impact

If any of the existing users used their custom extensions since 2021 without proper permissions set (the osquerybeat was careful to preserve modifications to the autoload file in order to allow these use cases)
https://osquery.readthedocs.io/en/stable/deployment/extensions/#extensions-binary-permissions

then these extensions will fail to load.

How to test this PR locally

Install the Agent with osquery manager integration in the policy. Make sure the extension loads.

Related issues

This is an automatic backport of pull request #40130 done by [Mergify](https://mergify.com).

@aleksmaus @mergify
Osquerybeat: Disable allow_unsafe osquery configuration (#40130)
1a61f00 
* Osquerybeat: Disable allow_unsafe osquery configuration

* Make linter happier

* Added changelog

* Make linter happier

(cherry picked from commit fec980b)
@mergify mergify bot requested a review from a team as a code owner October 15, 2024 14:23
@mergify mergify bot added the backport label Oct 15, 2024
@mergify mergify bot requested review from AndersonQ and leehinman and removed request for a team October 15, 2024 14:23
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Oct 15, 2024
@aleksmaus aleksmaus requested a review from a team October 15, 2024 14:25
@aleksmaus aleksmaus added the Team:Security-Deployment and Devices Deployment and Devices Team in Security Solution label Oct 15, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Oct 15, 2024
@aleksmaus aleksmaus merged commit ef6504b into 7.17 Oct 15, 2024
17 checks passed
@aleksmaus aleksmaus deleted the mergify/bp/7.17/pr-40130 branch October 15, 2024 15:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dwhyrock dwhyrock dwhyrock approved these changes

@AndersonQ AndersonQ Awaiting requested review from AndersonQ AndersonQ is a code owner automatically assigned from elastic/elastic-agent-data-plane

@leehinman leehinman Awaiting requested review from leehinman leehinman is a code owner automatically assigned from elastic/elastic-agent-data-plane

Assignees

@aleksmaus aleksmaus

Labels
backport Team:Security-Deployment and Devices Deployment and Devices Team in Security Solution
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@elasticmachine @dwhyrock @aleksmaus