Merge remote-tracking branch 'upstream/main' into streaming/default_w…

…ebsocket_retry
elastic · Dec 12, 2024 · 1d3666a · 1d3666a
2 parents 556b2fb + 560b842
commit 1d3666a
Show file tree

Hide file tree

Showing 13 changed files with 123 additions and 146 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -128,6 +128,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
 - auditd: Update syscall names for Linux 6.11. {pull}41558[41558]
 - hasher: Geneneral improvements and fixes. {pull}41863[41863]
 - hasher: Add a cached hasher for upcoming backend. {pull}41952[41952]
+- Split common tty definitions. {pull}42004[42004]
 
 *Filebeat*
 

diff --git a/auditbeat/helper/tty/tty.go b/auditbeat/helper/tty/tty.go
@@ -0,0 +1,76 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package tty
+
+type TTYType int
+
+const (
+	TTYUnknown TTYType = iota
+	Pts
+	TTY
+	TTYConsole
+)
+
+const (
+	ptsMinMajor     = 136
+	ptsMaxMajor     = 143
+	ttyMajor        = 4
+	consoleMaxMinor = 63
+	ttyMaxMinor     = 255
+)
+
+type TTYDev struct {
+	Minor   uint32
+	Major   uint32
+	Winsize TTYWinsize
+	Termios TTYTermios
+}
+
+type TTYWinsize struct {
+	Rows uint16
+	Cols uint16
+}
+
+type TTYTermios struct {
+	CIflag uint32
+	COflag uint32
+	CLflag uint32
+	CCflag uint32
+}
+
+// interactiveFromTTY returns if this is an interactive tty device.
+func InteractiveFromTTY(tty TTYDev) bool {
+	return TTYUnknown != GetTTYType(tty.Major, tty.Minor)
+}
+
+// getTTYType returns the type of a TTY device based on its major and minor numbers.
+func GetTTYType(major uint32, minor uint32) TTYType {
+	if major >= ptsMinMajor && major <= ptsMaxMajor {
+		return Pts
+	}
+
+	if ttyMajor == major {
+		if minor <= consoleMaxMinor {
+			return TTYConsole
+		} else if minor > consoleMaxMinor && minor <= ttyMaxMinor {
+			return TTY
+		}
+	}
+
+	return TTYUnknown
+}
diff --git a/dev-tools/packaging/templates/ironbank/auditbeat/hardening_manifest.yaml b/dev-tools/packaging/templates/ironbank/auditbeat/hardening_manifest.yaml
@@ -52,9 +52,6 @@ resources:
 
 # List of project maintainers
 maintainers:
-  - email: "[email protected]"
-    name: "Nassim Kammah"
-    username: "nassim.kammah"
   - email: "[email protected]"
     name: "Julien lind"
     username: "julien.lind"
diff --git a/dev-tools/packaging/templates/ironbank/filebeat/hardening_manifest.yaml b/dev-tools/packaging/templates/ironbank/filebeat/hardening_manifest.yaml
@@ -52,9 +52,6 @@ resources:
 
 # List of project maintainers
 maintainers:
-  - email: "[email protected]"
-    name: "Nassim Kammah"
-    username: "nassim.kammah"
   - email: "[email protected]"
     name: "Julien lind"
     username: "julien.lind"
diff --git a/dev-tools/packaging/templates/ironbank/heartbeat/hardening_manifest.yaml b/dev-tools/packaging/templates/ironbank/heartbeat/hardening_manifest.yaml
@@ -52,9 +52,6 @@ resources:
 
 # List of project maintainers
 maintainers:
-  - email: "[email protected]"
-    name: "Nassim Kammah"
-    username: "nassim.kammah"
   - email: "[email protected]"
     name: "Julien lind"
     username: "julien.lind"
diff --git a/dev-tools/packaging/templates/ironbank/metricbeat/hardening_manifest.yaml b/dev-tools/packaging/templates/ironbank/metricbeat/hardening_manifest.yaml
@@ -52,9 +52,6 @@ resources:
 
 # List of project maintainers
 maintainers:
-  - email: "[email protected]"
-    name: "Nassim Kammah"
-    username: "nassim.kammah"
   - email: "[email protected]"
     name: "Julien lind"
     username: "julien.lind"
diff --git a/dev-tools/packaging/templates/ironbank/packetbeat/hardening_manifest.yaml b/dev-tools/packaging/templates/ironbank/packetbeat/hardening_manifest.yaml
@@ -52,9 +52,6 @@ resources:
 
 # List of project maintainers
 maintainers:
-  - email: "[email protected]"
-    name: "Nassim Kammah"
-    username: "nassim.kammah"
   - email: "[email protected]"
     name: "Julien lind"
     username: "julien.lind"
diff --git a/x-pack/auditbeat/processors/sessionmd/processdb/db.go b/x-pack/auditbeat/processors/sessionmd/processdb/db.go
@@ -20,22 +20,14 @@ import (
 	"sync"
 	"time"
 
+	"github.com/elastic/beats/v7/auditbeat/helper/tty"
 	"github.com/elastic/beats/v7/libbeat/common/capabilities"
 	"github.com/elastic/beats/v7/x-pack/auditbeat/processors/sessionmd/procfs"
 	"github.com/elastic/beats/v7/x-pack/auditbeat/processors/sessionmd/timeutils"
 	"github.com/elastic/beats/v7/x-pack/auditbeat/processors/sessionmd/types"
 	"github.com/elastic/elastic-agent-libs/logp"
 )
 
-type TTYType int
-
-const (
-	TTYUnknown TTYType = iota
-	Pts
-	TTY
-	TTYConsole
-)
-
 type EntryType string
 
 const (
@@ -67,18 +59,13 @@ var filteredExecutables = [...]string{
 }
 
 const (
-	ptsMinMajor     = 136
-	ptsMaxMajor     = 143
-	ttyMajor        = 4
-	consoleMaxMinor = 63
-	ttyMaxMinor     = 255
-	retryCount      = 2
+	retryCount = 2
 )
 
 type Process struct {
 	PIDs     types.PIDInfo
 	Creds    types.CredInfo
-	CTTY     types.TTYDev
+	CTTY     tty.TTYDev
 	Argv     []string
 	Cwd      string
 	Env      map[string]string
@@ -142,24 +129,24 @@ func credInfoFromProto(p types.CredInfo) types.CredInfo {
 	}
 }
 
-func ttyTermiosFromProto(p types.TTYTermios) types.TTYTermios {
-	return types.TTYTermios{
+func ttyTermiosFromProto(p tty.TTYTermios) tty.TTYTermios {
+	return tty.TTYTermios{
 		CIflag: p.CIflag,
 		COflag: p.COflag,
 		CLflag: p.CLflag,
 		CCflag: p.CCflag,
 	}
 }
 
-func ttyWinsizeFromProto(p types.TTYWinsize) types.TTYWinsize {
-	return types.TTYWinsize{
+func ttyWinsizeFromProto(p tty.TTYWinsize) tty.TTYWinsize {
+	return tty.TTYWinsize{
 		Rows: p.Rows,
 		Cols: p.Cols,
 	}
 }
 
-func ttyDevFromProto(p types.TTYDev) types.TTYDev {
-	return types.TTYDev{
+func ttyDevFromProto(p tty.TTYDev) tty.TTYDev {
+	return tty.TTYDev{
 		Major:   p.Major,
 		Minor:   p.Minor,
 		Winsize: ttyWinsizeFromProto(p.Winsize),
@@ -319,15 +306,15 @@ func (db *DB) evaluateEntryLeader(p Process) *uint32 {
 
 	// could be an entry leader
 	if p.PIDs.Tgid == p.PIDs.Sid {
-		ttyType := getTTYType(p.CTTY.Major, p.CTTY.Minor)
+		ttyType := tty.GetTTYType(p.CTTY.Major, p.CTTY.Minor)
 
 		procBasename := basename(p.Filename)
 		switch {
-		case ttyType == TTY:
+		case ttyType == tty.TTY:
 			db.createEntryLeader(pid, Terminal)
 			db.logger.Debugf("entry_eval %d: entry type is terminal", p.PIDs.Tgid)
 			return &pid
-		case ttyType == TTYConsole && procBasename == "login":
+		case ttyType == tty.TTYConsole && procBasename == "login":
 			db.createEntryLeader(pid, EntryConsole)
 			db.logger.Debugf("entry_eval %d: entry type is console", p.PIDs.Tgid)
 			return &pid
@@ -338,7 +325,7 @@ func (db *DB) evaluateEntryLeader(p Process) *uint32 {
 		case !isFilteredExecutable(procBasename):
 			if parent, ok := db.processes[p.PIDs.Ppid]; ok {
 				parentBasename := basename(parent.Filename)
-				if ttyType == Pts && parentBasename == "ssm-session-worker" {
+				if ttyType == tty.Pts && parentBasename == "ssm-session-worker" {
 					db.createEntryLeader(pid, Ssm)
 					db.logger.Debugf("entry_eval %d: entry type is ssm", p.PIDs.Tgid)
 					return &pid
@@ -433,13 +420,9 @@ func (db *DB) InsertExit(exit types.ProcessExitEvent) {
 	})
 }
 
-func interactiveFromTTY(tty types.TTYDev) bool {
-	return TTYUnknown != getTTYType(tty.Major, tty.Minor)
-}
-
 func fullProcessFromDBProcess(p Process) types.Process {
 	reducedPrecisionStartTime := timeutils.ReduceTimestampPrecision(p.PIDs.StartTimeNS)
-	interactive := interactiveFromTTY(p.CTTY)
+	interactive := tty.InteractiveFromTTY(p.CTTY)
 
 	ret := types.Process{
 		PID:              p.PIDs.Tgid,
@@ -475,7 +458,7 @@ func fullProcessFromDBProcess(p Process) types.Process {
 func fillParent(process *types.Process, parent Process) {
 	reducedPrecisionStartTime := timeutils.ReduceTimestampPrecision(parent.PIDs.StartTimeNS)
 
-	interactive := interactiveFromTTY(parent.CTTY)
+	interactive := tty.InteractiveFromTTY(parent.CTTY)
 	euid := parent.Creds.Euid
 	egid := parent.Creds.Egid
 	process.Parent.PID = parent.PIDs.Tgid
@@ -500,7 +483,7 @@ func fillParent(process *types.Process, parent Process) {
 func fillGroupLeader(process *types.Process, groupLeader Process) {
 	reducedPrecisionStartTime := timeutils.ReduceTimestampPrecision(groupLeader.PIDs.StartTimeNS)
 
-	interactive := interactiveFromTTY(groupLeader.CTTY)
+	interactive := tty.InteractiveFromTTY(groupLeader.CTTY)
 	euid := groupLeader.Creds.Euid
 	egid := groupLeader.Creds.Egid
 	process.GroupLeader.PID = groupLeader.PIDs.Tgid
@@ -525,7 +508,7 @@ func fillGroupLeader(process *types.Process, groupLeader Process) {
 func fillSessionLeader(process *types.Process, sessionLeader Process) {
 	reducedPrecisionStartTime := timeutils.ReduceTimestampPrecision(sessionLeader.PIDs.StartTimeNS)
 
-	interactive := interactiveFromTTY(sessionLeader.CTTY)
+	interactive := tty.InteractiveFromTTY(sessionLeader.CTTY)
 	euid := sessionLeader.Creds.Euid
 	egid := sessionLeader.Creds.Egid
 	process.SessionLeader.PID = sessionLeader.PIDs.Tgid
@@ -550,7 +533,7 @@ func fillSessionLeader(process *types.Process, sessionLeader Process) {
 func fillEntryLeader(process *types.Process, entryType EntryType, entryLeader Process) {
 	reducedPrecisionStartTime := timeutils.ReduceTimestampPrecision(entryLeader.PIDs.StartTimeNS)
 
-	interactive := interactiveFromTTY(entryLeader.CTTY)
+	interactive := tty.InteractiveFromTTY(entryLeader.CTTY)
 	euid := entryLeader.Creds.Euid
 	egid := entryLeader.Creds.Egid
 	process.EntryLeader.PID = entryLeader.PIDs.Tgid
@@ -743,22 +726,6 @@ func isFilteredExecutable(executable string) bool {
 	return stringStartsWithEntryInList(executable, filteredExecutables[:])
 }
 
-func getTTYType(major uint32, minor uint32) TTYType {
-	if major >= ptsMinMajor && major <= ptsMaxMajor {
-		return Pts
-	}
-
-	if ttyMajor == major {
-		if minor <= consoleMaxMinor {
-			return TTYConsole
-		} else if minor > consoleMaxMinor && minor <= ttyMaxMinor {
-			return TTY
-		}
-	}
-
-	return TTYUnknown
-}
-
 func (db *DB) Close() {
 	close(db.stopChan)
 }
diff --git a/x-pack/auditbeat/processors/sessionmd/processdb/db_test.go b/x-pack/auditbeat/processors/sessionmd/processdb/db_test.go
@@ -11,14 +11,15 @@ import (
 
 	"github.com/stretchr/testify/require"
 
+	"github.com/elastic/beats/v7/auditbeat/helper/tty"
 	"github.com/elastic/elastic-agent-libs/logp"
 )
 
 var logger = logp.NewLogger("processdb")
 
 func TestGetTTYType(t *testing.T) {
-	require.Equal(t, TTYConsole, getTTYType(4, 0))
-	require.Equal(t, Pts, getTTYType(136, 0))
-	require.Equal(t, TTY, getTTYType(4, 64))
-	require.Equal(t, TTYUnknown, getTTYType(1000, 1000))
+	require.Equal(t, tty.TTYConsole, tty.GetTTYType(4, 0))
+	require.Equal(t, tty.Pts, tty.GetTTYType(136, 0))
+	require.Equal(t, tty.TTY, tty.GetTTYType(4, 64))
+	require.Equal(t, tty.TTYUnknown, tty.GetTTYType(1000, 1000))
 }