diff --git a/x-pack/elastic-agent/pkg/agent/program/supported.go b/x-pack/elastic-agent/pkg/agent/program/supported.go index 220f187a3fe..d4e3cc4f7da 100644 --- a/x-pack/elastic-agent/pkg/agent/program/supported.go +++ b/x-pack/elastic-agent/pkg/agent/program/supported.go @@ -25,7 +25,7 @@ func init() { // spec/metricbeat.yml // spec/osquerybeat.yml // spec/packetbeat.yml - unpacked := packer.MustUnpack("eJzEWll34ri2fr8/o1/vcDwU6fZd6zxg0p4gTmGCJOsNycQGJEMHM9h33f9+luQB2zipSlV3nwdWgpClra09fPvb/r9fjoc1/cfqwP/7uH47r9/+J+fsl//9hXArwy/7eA5MfwZ8RlPMaHzYEjh/cG3rQhZqgZGnYeROQ+QpK4iTUB/8LaXFPoaXfexO3CxYuEd34mUhHCVYAxmGI2XGwSmE3hHDuRE5nooX7nGyGcfuRrXczSV2ebRFusko9xlJ54bnZObyd/UlAB4MgPcaKIYzL/bXp0fTcONDNOHgC7WNPLLBDmkqixzvEOpPD651nLqT8SZEZjZD1Zk27nHClClNwRGjpwex72xhbolujpAenJF2PVB9LsfdyTh2baZgqDy4Nj5iCJRm3AnOzxvzQFJTjZynqRybjGOijV5DzThhfj2U+hmdiT4Wv2eurSb0cd/MpbalrB73MeZXhtH8Nt6SrR6bLcwcQ/UccfC60sDoOd43v5Uf8w2jnbiPbaiBgqpGQm0m5/7QOo7HSp2yE7605ygx5SAjOmZIy9j65Xae+iPX3Zjivk/ReC+fwZx9QbqvUA4S8rKP17pS6QQfiBMwygwthFe1c27HZ8QG28g28iFdV/soa2Sy2zM4IQ5gtOjIlUk7nTeyHCMb5LezmwWGVxbqwZmmd3q/27dcz1Ajx1TL891007rLzLXZacXBNrKMPYbWDiOveN6Yv77OD/rKBqfnjXnEcJRGdrz3nKzaxzemi/F/uo/jOISjnWsnCVUytl7Eu7VW7ekoR3cSMWJbRWSzLdVAQrm/9/JL7OkewzYrvPwiZEhXmsVX2u/pbDJOiW2kVA8SqsXpdL7/5y//VQaDdRod9ps064WCAI521DYOJJ3HSw1sI+QdImc3DTV197wxGeHBhWjsFE3UAkNfpZwp6/khoWlwwNzaRsK0b2tk2AbaJJVueAi15YP7GOrPj/E0hL6ygsYJaexEHaAgPRhRGxTP8T5zbXDCjnlewZEy4dczVo1LiIJ9eb3mLkSevoJfHtyJe36x2YZyK18vDKtWzUy5PT/TfSVEAZtp1zPOjZb8yh8zsXbuijWPKzhS14/72N0YZ+rMzwG8JlQPDmFuWLdnjCKyLQUvjCPR6Ll9zulmJMY2wowijZ2wbegiJLq7pwdkXeeUGynlVub+jg/EBgWyro288v96D+tKxXVFNqDIFme/0sF9uL/H0H+T+tODhNiXh8lGiTFKWKgafAWvrDb1OuS4vKUX5LNQB/kKBSO3mleF8Wlt1q4InZzx9cK9jW2UTJhU/cxsMd5QPRBmntdjkc0yDA1V2MJTMZ5S2ygiS8jvKyG8Hqs7/oKh/yrcEtfhxDGTyI4f3Ik3bGe1HLaVY71x2cydeM3abblmC7W5k2peEdkBo6nbGnOzGQIXrHsJtpe9cY9RzVBFSqJ5Swfv6LE7f/SwQuNqPVNZQZURHSjPm7H29DieUsdjSAenFRwJmzqSx/10tjDZ2gZbpAkbWVbnM6XtP2/Gm7Yd0Jtv1nsklEdFK7SL86qEN/axuYW4+3sc1s+A3E2aGg7v1bgMtUjvheWPQrst00ocOeyC55UdcesYQdCcSeinsYux1JewcwUj77U/l2rgiKGvEN19ECFZxBhapbQqhTDCrQ2xwa46az8VZa4T5BFcyjMRaF36/tRJ4Y6nErsj6/sptzor1UAecZBPpD9UKXF7r6u2T3ZhgxKv4OgSoaBoZO6lKCkHwgeqsTOJ99NISxjZ7mMiYqwe7KeT4NdyzaCXgq6M8EhZTUQKqvSnKwf38Uv8NDETwufxyraKhQZGYg1hI2LO6+ISexo4hkjEd7/A0MpDmXoOW6KNisjxEuE3IjYSbiiuWF/3VJIGBwKXpxB525WjxF9flNjTrJy8hIqXl/t5TpZHcCRtcsZxQiA7rlE1V6bAJIkmtJR/EvxKU3CSsWgxykJ4ONO0mlvQdLoYT+tU+Lpha7Je3aVCEZqgx0I0r9OfDKshB0k0PpTutjFJB8WmPosccJlxdiSLUWNiX6FwBZ+5G5mhN7PlcjObjDdUA0qExqfIBhm1r0lkL08YjpJQXMmjykN4Le6RspoQbqVYuGY6b89XaAru9hBujkVKykdHjDAjj+oOQ0/F+TcRuL1YXq35DpjAMpwXJXp83v5+eXKUjUDT3YpA6CkoZjJ0gQ2GljJJPSaRRxq8CoRcmwjS/H0IRymW7u6peH7II3iVYUK6NEpeqR7kGFpZiZz2bVR1IDxg6xpROwI2LB9ckSr1J+mqKzj6Q7h+E5qAcaHc2GLkFyIcVO5+JswQJsmJzSRsEaEYI09BmsVF+KpDoECaArURLSpKV20h+jpl9UJMD81nru2fqcNeRYoarDhk2vztwXUqmVEbed7LSrhxpm0UaoMvoQYu4jeYe8LNWAjVorxXtiv/NhVYaXuOd5ZVg2bkNPeivqyRbbwSmxXRYxtVmwdhq88bs6VTr/jRc9x07jHMjRzPpQ3kwqYJbFIgp9zI7lJGpxrzmzNPKnghQk2oB+UZLEPKfUtFvXvTe/LWFWD/HL0K8L3U0A3LZmPfddgWspHUPwpo2kkNtVylXbd1l4XIvGDkdmxGQFeiRSXckzZKu5WZDTRZfVeQQvrJpVv9yZiQzs8CxklY7fgKttmptw+LOBAQWAn1sZBv27G/1joRDC7PG1PFzrgni4TgO6L5b+Icrh2cQy1jtFeNing1qyoapPtHokfiXLI6FWP356dnqrNCPPe8MYs18lt6+KhyrateUGBgnCMUXKJWav3mc7aA6VYTq26wwWMEGhoGhpzXlreCHrsQBUkTnxajUwhVRnUzCbXlD+8/4/J7IeDBXwzDkkh/ykLtKu5aD1GwXY27v9HiqTlHiA4q5custI9gH8EblK7W4EQXkNobtWMQSQMBFRr7mC3M2nZucEjzLzNkqmHqq+Ft3j5yggvSWmVks26iRI75B9WM023scI6QdwrhdXcbyxLMs+T2/eY3s4WZURS01hyxyMZHot9sjhRPmg8tFdtMadtFy36znp+J7yOqdfYRvnaLGTC43OaC0wrFt980dhL2f5OpLDPLmPjzsLzBGON3bUJijzL2Nrm6ZINkzsbnKpdPa+atfhan3lmUD72YqZBiL2WuMVj7DPcw32vL0sJpzdidfwtfpHpwpnzZxQ1awkIoyqCnB9fJjEk8yNzc9piM/m0szitbr7NhUjcoK4V4WVcZ3M/wrWrJmuqDl9W0ax1FxVxe2UTNiBYw9w7mlYRoQ6zGh3Zqk2a3toza7Cr1dQm4O/P7RrV2C9PdlNg3wV6FlLWqqz9nf7uBT9+UoYS1lU7eSweVa9WwuJazlgWJKtf+bZAYlWR7bnJiAxZNRjURf6rXmvG7CixG8+Y8FaNwc4mKEK8J0VcRMsmgfiSZSRo7SGuCfXQh2vUQ6rvTCs6H9qrDyulp0syt9z0QuU7wim3AQwSOkTNMCN8TvHdy7InuKz0y905PkuQeJnFPtd3MuNA/yAm3jkg3zzSdf2vvgmqXO6K/Dmuz7fjUt8k2dGzpqpS3ka8PH1shvs0YtD5DYbH7UeIQRgKu3T1bpckz1Ru7yEI0bt3HcMnzrpwfwKEO5EA+Q9owwf6dzYcurJr/CWsMQrPPnQvblhKCJiae5Hfksx88Y7vM+ZHGRs+2xkMs0l3KbPyUH8r4YIME20DGIcn6pdEei9KhwxqV/vG62MVfN+OLa1snPPmzmx+7hsVJ1qu3bIDGWdggoWlQUhJVDlx1xlr5r0fLrOA1azcuMbeOVCvnfJbC+UxjtDVXlHfpCo7SGb+KEuz4FQYsTEF6n5trCiZhYryiqXKMfCWUJbZxavzLMrYrcR/a8qFmOXvN0SEaZjiPqoa+QsEeCfiigS/tZudws84Tpeqa6iK+JkzeZ/7baXoZsN9tFxZ+xPh+9NxHUHaA+e1C2p7tl3FT5khOioGm5vadvBl/zue68ThjayTXYcO+9vMMrYCZlIPdCj2lM6mb6C2E+C1cUOF7kv4S5eVqQg+T+J8NBOXr7G1DBxzvBQKFcratDLF6q6Dq1GsVrzr85kCBUaBSgatt5dt8aM25pgEjyJScyqDTjn/m7YTrGWvRgXB6IpJTuRjYBpsI0v66aagaF4y8rVj36yL49WUJlssdexziUfsyYRTkK+jLwDTj/plwfMD5SIBx2V4YOtf7XGxX15QDcYF5ZBlnwmq+I3gNtSQhPBJOWRp82rQyhgF9p1ZiJ2yDL7VxS95AgNrq7ulF1nuN89QBBelmTjSfUd0/Nw5jiwAlz3xcQV8pQWMJDEOIlabubzjf5q0PWb9RqRuVfU9dWY/V8lRytoBOH7i2+MV3OL1QMy5rYCTEvr7Hncq9W3u2wMLd2U9EMy7t4IBRssXIVCQATxteUiahVcXpNr4ykfbU4WhFwujJqhDVOK6Qr3TbUzX32bqj9OlHz3G7Qw64DGB/Mz/73QlrgPuifPngWl9O09yofbPwxh+2GP/tbcnPcM9Ijw6RnbxSDlKMkst3ctG58HG0if+xfLzK5P518+VturjXUbmO2CN+cCdBGwiUALrMFe21a66/CxrqvoKtnrEDjvX9SJ+FGUOalVNujQbtuIkTPdBd2kojM263Ub/N4bae+wxn3CcR/laeWX4XgPVv56p7HHs3h1ipyJUyl/DfatKo6kPtvqcH1Mmb8tm+bdk4J5rSxx+nodxAoLGTPtPx5aZvOFRcZX1cU+ulIXc2A0Du85xjDx9UvoB+ineUXGMD/L6Td9wf/zit3/Ih1Kf71wiCfN3tnJ+pbqkYeaN+9/wTnfPPI752FxxaJwndIThFk9b6SEbT7tx3O+Ze9ImuduelOHlu5+lM+vr58EU4o6AIMJrupn8KKhO3+ZcislsX/i/sPjW29J3dhu/04G427tAff1HJNfRSTPclFzEvMdzJ74Y7ocXzY5i2S6/Diu7WQ5zH0ra2Kw0ondLLESE7Y5HdK71ymgVljfeNskvMuZurYKheiHwr8t5pZVsjVy35V/v4tZXu3HfLrRS941i0e+Yf5z1+kl9oG+8H3MIlhP4bHuDWhviFrmzud3LjfX62l5KGU8zf3cqa/vL///GvAAAA//9M8ln7") + unpacked := packer.MustUnpack("eJzUeluT4riW9fv3M/r1m5njS5HdnojzgMn2DXAWppBkvSGZtAHJ0Im52BPz3yckX7CNM6uyuqdPzAORiZClLWnvtdde8n/9cjpu6D/WR/7vp83bZfP2Hzlnv/znL4RbGf52iBfA9GfAZzTFjMbHHYGLJ9e2rmSpFhh5GkbuNESesoY4CfXB31JaHGJ4PcTuxM2CpXtyJ14WwlGCNZBhOFJmHJxD6J0wXBiR46l46Z4m23HsblXL3V5jl0c7pJuMcp+RdGF4Tmaufle/BcCDAfBeA8VwFsXhNn82DTc+RhMOvlDbyCMb7JGmssjxjqE+f3Kt09SdjLchMrMZqta0dU8TpkxpCk4YzZ/EvLOluSO6OUJ6cEHa7Uj1hWx3J+PYtZmCofLk2viEIVCadie4vGzNI0lNNXLmU9k2GcdEG72GmnHG/HYs92d0IfpY/J65tprQ50PTl9qWsn4+xJjfGEaLe3vLtrpttjRzDNVLxMHrWgOjl/jQ/FZ+zDeM9uI8dqEGCqoaCbWZ7PtT4zgeK/eUnfG13UeJKQcZ0TFDWsY23+7rqT9y3K0pzvscjQ/yGczZF6T7CuUgId8O8UZXqj3BR+IEjDJDC+FN7azb8RmxwS6yjXxor6t5lA0y2f0ZnBAHMFp07Mqkny4aW06RDfL72s0CwxsL9eBC04d9f5i3HM9QI8dUy/Xd96Z1lplrs/Oag11kGQcMrT1GXvGyNX99XRz1tQ3OL1vzhOEojez44DlZNY9vTJfj/+8+j+MQjvaunSRUydhmGe83WjWno5zcScSIbRWRzXZUAwnl/sHLr7GnewzbrPDyq7AhXWsWX2u/p7PJOCW2kVI9SKgWp9PF4Z+//FsJBps0Oh62adaDggCO9tQ2jiRdxCsN7CLkHSNnPw01df+yNRnhwZVo7BxN1AJDX6WcKZvFMaFpcMTc2kXCte9jZNgG2iSVYXgMtdWT+xzqL8/xNIS+sobGGWnsTB2gID0YURsUL/Ehc21wxo55WcORMuG3C1aNa4iCQ3m85j5Enr6GX57ciXv5ZrMt5Va+WRpWvTUz5f78TPeVEAVspt0uODda9it/zMTYuSvGPK3hSN08H2J3a1yos7gE8JZQPTiGuWHdnzGKyLYUvDRORKOX9jqn25Fo2wo3ijR2xrahC0h09/MnZN0WlBsp5Vbm/o6PxAYFsm6NvfL/eg7rRsVxRTagyBZrv9HBebh/wNB/k/unBwmxr0+TrRJjlLBQNfga3ljt6jXkuLy1L8hnoQ7yNQpGbtWvgvFp7daugE7O+Gbp3tu2SiZcqn5mthxvqR4IN8/rtshmGYaGKnxhXoyn1DaKyBL2+0oIb6fqjL9g6L+KsMQ1nDhmEtnxkzvxhv2stsO2cqw3IZu5E68Zu23XbKk2Z1L1KyI7YDR1W21uNkPginUvwfaq1+4xqhmqSEk0b+3BO/vY7T96WqNxNZ6prKHKiA6Ul+1Ymz+Pp9TxGNLBeQ1HwqdO5PkwnS1NtrHBDmnCR1bV+kzp+y/b8bbtB/Qem/UcCeVR0YJ2sV6V8MY/tneIezzH4f0ZsLtJU8PwXrVLqEV6D5Y/gnZbppU4ctgVLyo/4tYpgqBZk9ifxi/Gcr+EnysYea/9vlQDJwx9hejuk4BkgTG0SmlVCmGEW1tig3211n4qylwnyCO4kmsi0Lr246mTwh1PJXbH1vdTbrVWqoE84iCfyHioUuLuca/aMdmlDUq8hqNrhIKisbmXoqQdCB+pxi4kPkwjLWFkd4iJwFg9OEwnwa/lmEEvBd0Y4ZGynogUVO2frhzd5y/xfGImhC/itW0VSw2MxBjCR0Sf1+U19jRwCpHAd7/A0MpDmXqOO6KNisjxEhE3AhsJNxRXjK97KkmDI4Grc4i83dpR4q/flNjTrJx8CxUvL+fznCyP4Ej65IzjhEB22qCqr0yBSRJNaGn/JPiVpuAssWg5ykJ4vNC06lvQdLocT+tU+LplG7JZP6RCAU3QYyFa1OlPwmrIQRKNj2W4bU3SYbGpzyIHXGecnchy1LjYVyhCwWfuVmbo7Wy12s4m4y3VgBKh8TmyQUbtWxLZqzOGoyQUR/Ks8hDeikemrCaEWykWoZku2v0VmoKHOUSYY5GS8tEJI8zIs7rH0FNx/l0Gbi9XN2uxByawDOebEj2/7H6/zh1lK9h0tyIQ+xQUMwldYIuhpUxSj0nmkQavgiHXLoI0/xDCUYpluHsqXhzzCN4kTMiQRskr1YMcQysrmdOhzaqOhAdsUzNqR9CG1ZMrUqU+l6G6hqM/ROg30ASMK+XGDiO/EHBQhfuFMEO4JCc2k7RFQDFGnoI0iwv4qiFQME3B2ogWFWWothh9nbJ6ENNj85lr+xfqsFeRogYrDpk2f3tyncpm1Gaej7YSblxom4Xa4Euogav4DeaeCDMWQrUoz5Xty79NBVb6nuNdZNWgGTnNvahva2Qbr8RmRfTcZtXmUfjqy9Zs7alX/Ow67nvuMcyNHC+kD+TCpwlsUiCn3MgeUkanGvObNU8qeiGgJtSDcg2WIe2+p6Leuek9e+sKsL+OXgX4XmrowrLZ+HcN28I2kvonQU07qaG2q/Tr9t5lITKvGLkdnxHUlWhRSfekj9JuZWYDTVbfFaWQcXLtVn8SE9LFRdA4SasdX8E2O/fmYREHggIroT4W9u06/tcaJ4LB9WVrqtgZ92yRFHxPNP9NrMO1g0uoZYz2qlGBV7OqokG6fyJ6JNYlq1PR9rh+eqE6K8RzL1uz2CC/tQ8fVa511QsKDIxLhIJr1Eqt333OFjTdarDqThs8RqChYWDIfm17K+qxD1GQNPi0HJ1DqDKqm0morX56/hmX3wtBD/6XaVgS6fMs1G7irPUQBbv1uPsbLebNOkJ0VClfZaV/BIcI3ql0NQYnuqDU3qiNQSQNBFVo/GO2NGvfudMhzb/OkKmGqa+G936HyAmuSGuVkc24iRI55h9UM873tuMlQt45hLf9vS1LMM+S+/d73MyWZkZR0BpzxCIbn4h+9zlSzDUfWiq2mdL2i5b/Zr04E99HVOvMI2LtjhkwuN77gvMaxfffNHYW/n+3qSwzS0z887S84Rjjd31Cco8Se5tcXapBMmfjS5XLp7XyVj+LU+8iyoceZiqkOEibaw7WXsMjzffatrR4WtP2EN8iFqkeXChfdXmDlrAQijJo/uQ6mTGJB5Wb+xyT0b9MxXllm002LOoGZaUQr+oqg/sZvlctWVN98LKadq2TqJjLI5uoGdEC5j7QvFIQbYTV+NhObdLtNpZRu121fV0B7sH9vlOt3WG6mxL7LtirkLJWdfXXzG839Om7NpS0ttqT99JBFVo1La7trG1Bosq1fxsURqXYnpuc2IBFk1EtxJ/rsWb8oQKL0aJZT6Uo3EOiEsRrQfRVQCYZ3B8pZpLGD9JaYB9diXY7hvr+vIaLoblqWDnPJ03fet4jkeMEr9gGPETgFDnDgvCjwPtgx4HovtITcx/2SYrcwyLuufabGRf7D3LCrRPSzQtNF9+bu6Da9UHor2Ftthuf+z7Zpo6tvSrtbezr08cWxLcVg9ZnCBa7HyUOYSTo2sOzVZq8UL3xiyxE49Z5DJc879r5AR3qUA7kM6QNC+w/ePnQpVWLv2CMQWr2uXVh21JC0GDiWX5HPvvJNbbLnJ+52Oj51nhIRXpImU2c8mOJDzZIsA0kDknVL40OWJQOHdWojI/X5T7+uh1fXds648lfffmxb1ScZLN+ywZknKUNEpoGpSRR5cB1p62V/3qyzBresvbFJebWiWpln89KOJ+5GG31FeVduoajdMZvogQ7fYUBC1OQPubmWoJJmGivZKocI18JZYltnJv4sozdWpyHtnqqVc7e5eiQDDOcR1VDX6PggAR90cCX9mXn8GWdJ0rVDdUFviZMnmf+23l6HfDfXZcWfqT4fvTcR1R2QPntUtqe75e4KXMkJ8XApebunbwZfy7municsQ2S47DhWPvzCq2gmZSD/RrN05ncm+gthPgtXFIRe1L+EuXlekKPk/ifDQXlm+xtSwcC7xsECuVsVzli9VZBdVOvVbrq8JsDBUaBSgWvtpXv66G15poGjCBTaiqDQTv+M28n3C5Yi46E0zORmsrVwDbYRpD2x01D1bhi5O3EuF+Xwa/fVmC12rPnIR21bxNGQb6GvgSmGfcvhOMjzkeCjMvrhaF1va/FdveaciAOMI8s40JYrXcEr6GWJIRHIihLh0+bq4xhQt+pldgZ2+BL7dxSNxCktjp7epX1XhM8NaAg3cyJ5jOq+5cmYGwBUHLNpzX0lZI0lsQwhFhp6v5G823e+pD1G5V7o7IfqSvrttqeys4W0ekT15a++I6mF2rGdQOMhNi397RTOXdrzhZZeFj7mWjGtQ0OGCU7jExFEvC00SVlElpXmm4TKxPpTx2NViSMnq0KUY3TGvlK93qq1j5bZ5TOf3Yd9zPkgEsA+5v12R9OWAPaF+WrJ9f6cp7mRh2bhTf+8IrxX34t+RntGenRMbKTV8pBilFy/UEtOhcxjrbxP1bPN5ncv26/vE2Xj3tUjiPmiJ/cSdAmAiWBLnNFe+xa6++ShvpewVYv2AGn+nxkzMKMIc3KKbdGg37c4ESPdJe+0tiM29eo39dwW899RjPuiwh/q84svwvC+rdr1T2NvZtDrFTkSplL+G+1aFTdQ+1/5A6okzfls33fsnFONKXPP85DuYFAYy9jphPLzb3hUHGV9XlNvS+NuLMdIHKf1xx7/KCKBfSndEepNTbE7wd1x8Ppj/PmLR9ifbp/iyDIN92b8wvVLRUjb9S/Pf/EzfnnGV/7FhxaZ0ndIThHk9b4SKJpt++7N+Ze9Ilb7c5LcXLdzvxC+vvz4YtwRkERYDTdT3/uha/6eSY95odf9HKCI4HgEqHFk/v8+3US/1+7oX/v/dKPSsQBmfnhvVIR0dX5LbrMdqgs/MSNRe990xZyDCPBXyKdhJohfCkPITtHzvyp99KM7Pe6HCdfl+N0XsSad70jwHFN95shvWVlW7u1BpRO2eeIdJGxyO6VfTnNgrK+/E7JJ/o89FUwVK9EvpH5CBjySiVXLflX+/iVmW7fd0u9FL0T1LS75p/XXP6kttGmrh/oGtcQ+m94QNcbduK2be4P6vJ9bfjvcupPXaNNf/nv//c/AQAA//8NQYV2") SupportedMap = make(map[string]Spec) for f, v := range unpacked { diff --git a/x-pack/elastic-agent/spec/osquerybeat.yml b/x-pack/elastic-agent/spec/osquerybeat.yml index 6a9f41a9316..36e60901a34 100644 --- a/x-pack/elastic-agent/spec/osquerybeat.yml +++ b/x-pack/elastic-agent/spec/osquerybeat.yml @@ -6,6 +6,13 @@ artifact: beats/osquerybeat action_input_types: - osquery +check_install: +- exec_file: + path: "osquerybeat" + args: + - "verify" + timeout: 10 + rules: - fix_stream: {} - inject_index: diff --git a/x-pack/osquerybeat/cmd/root.go b/x-pack/osquerybeat/cmd/root.go index ce2e4ebdcf2..3f3b2f45852 100644 --- a/x-pack/osquerybeat/cmd/root.go +++ b/x-pack/osquerybeat/cmd/root.go @@ -8,11 +8,16 @@ import ( cmd "github.com/elastic/beats/v7/libbeat/cmd" "github.com/elastic/beats/v7/libbeat/cmd/instance" "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/cli" "github.com/elastic/beats/v7/libbeat/ecs" + "github.com/elastic/beats/v7/libbeat/logp" "github.com/elastic/beats/v7/libbeat/publisher/processing" + "github.com/spf13/cobra" + _ "github.com/elastic/beats/v7/x-pack/libbeat/include" "github.com/elastic/beats/v7/x-pack/osquerybeat/beater" + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/install" ) // Name of this beat @@ -37,5 +42,24 @@ func Osquerybeat() *cmd.BeatsRootCmd { } command := cmd.GenRootCmdWithSettings(beater.New, settings) + // Add verify command + command.AddCommand(genVerifyCmd(settings)) + return command } + +func genVerifyCmd(settings instance.Settings) *cobra.Command { + return &cobra.Command{ + Use: "verify", + Short: "Verify installation", + Run: cli.RunWith( + func(_ *cobra.Command, args []string) error { + log := logp.NewLogger("osquerybeat") + err := install.VerifyWithExecutableDirectory(log) + if err != nil { + return err + } + return nil + }), + } +} diff --git a/x-pack/osquerybeat/internal/install/verify.go b/x-pack/osquerybeat/internal/install/verify.go new file mode 100644 index 00000000000..4027c5e3169 --- /dev/null +++ b/x-pack/osquerybeat/internal/install/verify.go @@ -0,0 +1,90 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package install + +import ( + "fmt" + "os" + "path/filepath" + "runtime" + + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/distro" + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/fileutil" + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/osqd" +) + +func execDir() (exedir string, err error) { + exefp, err := os.Executable() + if err != nil { + return exedir, nil + } + exedir = filepath.Dir(exefp) + return exedir, nil +} + +// VerifyWithExecutableDirectory verifies installation with the current executable directory +func VerifyWithExecutableDirectory(log *logp.Logger) error { + exedir, err := execDir() + if err != nil { + return err + } + + return Verify(runtime.GOOS, exedir, log) +} + +// Verify verifies installation in the given executable directory +func Verify(goos, dir string, log *logp.Logger) error { + log.Infof("Install verification for %s", dir) + // For darwin expect installer PKG or unpackages osqueryd + if goos == "darwin" { + pkgFile := filepath.Join(dir, distro.OsquerydDistroPlatformFilename(goos)) + pkgExists, err := fileExistsLogged(log, pkgFile) + if err != nil { + return err + } + if pkgExists { + return nil + } + } + + // Verify osqueryd or osqueryd.exe exists + osqFile := osqd.QsquerydPathForPlatform(goos, dir) + osqExists, err := fileExistsLogged(log, osqFile) + if err != nil { + return err + } + if !osqExists { + return fmt.Errorf("%w: %v", os.ErrNotExist, osqFile) + } + + // Verify extension file exists + extFileName := "osquery-extension.ext" + if goos == "windows" { + extFileName = "osquery-extension.exe" + } + extFile := filepath.Join(dir, extFileName) + osqExtExists, err := fileExistsLogged(log, extFile) + if err != nil { + return err + } + + if !osqExtExists { + return fmt.Errorf("%w: %v", os.ErrNotExist, extFileName) + } + return nil +} + +func fileExistsLogged(log *logp.Logger, fp string) (bool, error) { + log.Infof("Check if file exists %s:", fp) + fpExists, err := fileutil.FileExists(fp) + if err != nil { + log.Infof("File exists check failed for %s", fp) + } + if !fpExists { + log.Infof("File %s doesn't exists", fp) + } + return fpExists, err +} diff --git a/x-pack/osquerybeat/internal/install/verify_test.go b/x-pack/osquerybeat/internal/install/verify_test.go new file mode 100644 index 00000000000..0fce79c744b --- /dev/null +++ b/x-pack/osquerybeat/internal/install/verify_test.go @@ -0,0 +1,148 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package install + +import ( + "errors" + "io/ioutil" + "os" + "path/filepath" + "testing" + + "github.com/elastic/beats/v7/libbeat/logp" +) + +// setupFiles helper function that creates subdirectory with a given set of files +// The verification currently checks for the file presence only +func setupFiles(testdataBaseDir string, files []string) (string, error) { + testdir, err := ioutil.TempDir(testdataBaseDir, "") + if err != nil { + return "", err + } + + for _, f := range files { + fp := filepath.Join(testdir, f) + + dir := filepath.Dir(fp) + err = os.MkdirAll(dir, 0750) + if err != nil { + return "", err + } + + err = ioutil.WriteFile(fp, nil, 0750) + if err != nil { + return "", err + } + } + + return testdir, nil +} + +func TestVerify(t *testing.T) { + log := logp.NewLogger("verify_test") + tests := []struct { + name string + goos string + files []string + err error + }{ + { + name: "darwin no files", + goos: "darwin", + err: os.ErrNotExist, + }, + { + name: "linux no files", + goos: "linux", + err: os.ErrNotExist, + }, + { + name: "windows no files", + goos: "windows", + err: os.ErrNotExist, + }, + { + name: "darwin extension file missing", + goos: "darwin", + files: []string{"osquery.app/Contents/MacOS/osqueryd"}, + err: os.ErrNotExist, + }, + { + name: "darwin osqueryd missing", + goos: "darwin", + files: []string{"osquery-extension.ext"}, + err: os.ErrNotExist, + }, + { + name: "darwin valid install", + goos: "darwin", + files: []string{"osquery.app/Contents/MacOS/osqueryd", "osquery-extension.ext"}, + }, + { + name: "linux extension file missing", + goos: "linux", + files: []string{"osqueryd"}, + err: os.ErrNotExist, + }, + { + name: "linux osqueryd missing", + goos: "linux", + files: []string{"osquery-extension.ext"}, + err: os.ErrNotExist, + }, + { + name: "linux valid install", + goos: "linux", + files: []string{"osqueryd", "osquery-extension.ext"}, + }, + { + name: "windows extension file missing", + goos: "windows", + files: []string{"osqueryd.exe"}, + err: os.ErrNotExist, + }, + { + name: "windows osqueryd missing", + goos: "windows", + files: []string{"osquery-extension.exe"}, + err: os.ErrNotExist, + }, + { + name: "windows valid install", + goos: "windows", + files: []string{"osqueryd.exe", "osquery-extension.exe"}, + }, + } + + // Setup test data + testdataBaseDir, err := ioutil.TempDir("", "") + if err != nil { + t.Fatal(err) + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + dir, err := setupFiles(testdataBaseDir, tc.files) + if err != nil { + t.Fatal(err) + } + + err = Verify(tc.goos, dir, log) + // check for matching error if tc exppect error + if err != nil { + if tc.err != nil { + if !errors.Is(err, tc.err) { + t.Fatalf("want error: %v, got: %v", tc.err, err) + } + } else { + t.Fatalf("want error: nil, got: %v", err) + } + } else if tc.err != nil { + t.Fatalf("want error: %v, got: nil", tc.err) + } + }) + } + +} diff --git a/x-pack/osquerybeat/internal/osqd/osqueryd.go b/x-pack/osquerybeat/internal/osqd/osqueryd.go index 0f38d28e082..97ce50a053a 100644 --- a/x-pack/osquerybeat/internal/osqd/osqueryd.go +++ b/x-pack/osquerybeat/internal/osqd/osqueryd.go @@ -418,11 +418,23 @@ func (q *OSQueryD) isVerbose() bool { } func osquerydPath(dir string) string { - if runtime.GOOS == "darwin" { - return filepath.Join(dir, osqueryDarwinAppBundlePath, osquerydFilename()) + return QsquerydPathForPlatform(runtime.GOOS, dir) +} + +// QsquerydPathForPlatform returns the full path to osqueryd binary for platform +func QsquerydPathForPlatform(platform, dir string) string { + if platform == "darwin" { + return filepath.Join(dir, osqueryDarwinAppBundlePath, osquerydFilename(platform)) + + } + return filepath.Join(dir, osquerydFilename(platform)) +} +func osquerydFilename(platform string) string { + if platform == "windows" { + return osqueryDName + ".exe" } - return filepath.Join(dir, osquerydFilename()) + return osqueryDName } func osqueryExtensionPath(dir string) string { diff --git a/x-pack/osquerybeat/internal/osqd/osqueryd_unix.go b/x-pack/osquerybeat/internal/osqd/osqueryd_unix.go index d698ce599db..5377a06551f 100644 --- a/x-pack/osquerybeat/internal/osqd/osqueryd_unix.go +++ b/x-pack/osquerybeat/internal/osqd/osqueryd_unix.go @@ -59,7 +59,3 @@ func killProcessGroup(cmd *exec.Cmd) error { err := syscall.Kill(-cmd.Process.Pid, syscall.SIGKILL) return errors.Wrapf(err, "kill process group %d", cmd.Process.Pid) } - -func osquerydFilename() string { - return osqueryDName -} diff --git a/x-pack/osquerybeat/internal/osqd/osqueryd_windows.go b/x-pack/osquerybeat/internal/osqd/osqueryd_windows.go index 720a94a6ad7..b7427552f21 100644 --- a/x-pack/osquerybeat/internal/osqd/osqueryd_windows.go +++ b/x-pack/osquerybeat/internal/osqd/osqueryd_windows.go @@ -45,7 +45,3 @@ func killProcessGroup(cmd *exec.Cmd) error { exec.Command("taskkill", "/F", "/T", "/PID", fmt.Sprint(cmd.Process.Pid)).Run() return nil } - -func osquerydFilename() string { - return osqueryDName + ".exe" -}