[Auditbeat] btmp offset check #24515
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
botelastic
bot
added
the
needs_team
leehinman
added
Auditbeat
bug
needs_backport
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
botelastic
bot
removed
the
needs_team
Add check that saved offset is not larger than the current file size to prevent seeking past the end of file
leehinman
force-pushed
the
btmp_offset_bigger_than_size
branch
from
ac64376 to
0a21f8e
Compare
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪💚 Flaky test reportTests succeeded. Expand to view the summary
Test stats 🧪
|
marc-gr
reviewed
Mar 12, 2021
| @@ -181,14 +181,14 @@ func (r *UtmpFileReader) readNewInFile(loginRecordC chan<- LoginRecord, errorC c | |||
|
|
|||
| size := utmpFile.Size | |||
| oldSize := savedUtmpFile.Size | |||
| if size < oldSize { | |||
| if size < oldSize || utmpFile.Offset > size { | |||
There was a problem hiding this comment.
not sure, but maybe we need to add this check to line 233 also
There was a problem hiding this comment.
I think you are correct, I added 2 more checks,
marc-gr
approved these changes
Mar 15, 2021
3 tasks
leehinman
added
v7.13.0
and removed
needs_backport
leehinman
added a commit
to leehinman/beats
that referenced
this pull request
Mar 15, 2021
* auditbeat btmp offset check Add check that saved offset is not larger than the current file size to prevent seeking past the end of file (cherry picked from commit b03a935)
3 tasks
leehinman
added a commit
to leehinman/beats
that referenced
this pull request
Mar 15, 2021
* auditbeat btmp offset check Add check that saved offset is not larger than the current file size to prevent seeking past the end of file (cherry picked from commit b03a935)
3 tasks
leehinman
added a commit
to leehinman/beats
that referenced
this pull request
Mar 15, 2021
* auditbeat btmp offset check Add check that saved offset is not larger than the current file size to prevent seeking past the end of file (cherry picked from commit b03a935)
v1v
added a commit
to v1v/beats
that referenced
this pull request
Mar 16, 2021
…reporting-changes * upstream/master: (23 commits) [Auditbeat] btmp offset check (elastic#24515) Clarify that the Tomcat module is for ingesting access logs (elastic#24543) [Ingest Manager] Move logging defaults to agent (elastic#24535) Update input-http-endpoint.asciidoc (elastic#24490) Fix typo in mqtt input docs (elastic#24509) [Elastic Agent] Add verification check when updating communication to Kibana. (elastic#24489) Refactor use of system.hostfs to fix cgroup metrics (elastic#24334) Add test for close.reader.after_interval to filestream input (elastic#24423) chore(ci): use beat_version instead of PR version (elastic#24446) Add syntax for multiple selector logging (elastic#24207) (elastic#24497) Update Golang to 1.15.9 (elastic#24442) [Elastic Agent] Add the ability to provide custom CA's inside of docker. (elastic#24486) Add tests for encoding settings of filestream input (elastic#24426) [Ingest Manager] Sync on rename on windows (elastic#24504) Port four Harvester tests of log input to filestream in Golang (elastic#24250) [DOCS] Restructure content for SSL settings (elastic#24342) Move example to the correct location in reference docs (elastic#24455) Add unit tests for harvester.go of input-logfile package (elastic#24107) Fix type for uwsgi.status.worker.rss field (elastic#24468) [Ingest Manager] Logging to file disabled on enroll (elastic#24466) ...
leehinman
added a commit
that referenced
this pull request
Mar 16, 2021
leehinman
added a commit
that referenced
this pull request
Mar 16, 2021
leehinman
added a commit
that referenced
this pull request
Mar 16, 2021
v1v
added a commit
to v1v/beats
that referenced
this pull request
Mar 17, 2021
* upstream/master: [CI] bump gvm version and use the binary (elastic#24571) [Filebeat] Add Dashboards to Threat Intel Module (elastic#24488) Fix default scope in add_nomad_metadata (elastic#24559) [Heartbeat] Produce error rather than panic on missing source (elastic#24404) [Auditbeat] btmp offset check (elastic#24515) Clarify that the Tomcat module is for ingesting access logs (elastic#24543) [Ingest Manager] Move logging defaults to agent (elastic#24535)
narph
pushed a commit
to narph/beats
that referenced
this pull request
Mar 17, 2021
* auditbeat btmp offset check Add check that saved offset is not larger than the current file size to prevent seeking past the end of file
narph
added a commit
that referenced
this pull request
Mar 18, 2021
* mofidy doc * work on fix * update changelog * update notice * Update notice * [Ingest Manager] Sync on rename on windows (#24504) * Add tests for encoding settings of filestream input (#24426) * [Elastic Agent] Add the ability to provide custom CA's inside of docker. (#24486) * Add the ability to provide custom CA's for Elastic Agent docker. * Add changelog. * Update Golang to 1.15.9 (#24442) * Add syntax for multiple selector logging (#24207) (#24497) * Add syntax for multiple selector logging * Update libbeat/docs/loggingconfig.asciidoc Co-authored-by: EamonnTP <[email protected]> Co-authored-by: EamonnTP <[email protected]> Co-authored-by: AndyHunt66 <[email protected]> * chore(ci): use beat_version instead of PR version (#24446) * Add test for close.reader.after_interval to filestream input (#24423) * Refactor use of system.hostfs to fix cgroup metrics (#24334) * refactor use of system.hostfs to fix cgroup metrics * add changelog * remove comment * add cfgwarn * move changelog * shift around CLI config location and rep warning * add comment about system.hostfs usage * update docs * capitalization * fix grammar, add conditional * change docs phrasing * [Elastic Agent] Add verification check when updating communication to Kibana. (#24489) * Add verification check when updating communication to Kibana. * Add changelog. * Add const. * Fix typo in mqtt input docs (#24509) * Update input-http-endpoint.asciidoc (#24490) * [Ingest Manager] Move logging defaults to agent (#24535) [Ingest Manager] Move logging defaults to agent (#24535) * Clarify that the Tomcat module is for ingesting access logs (#24543) The Tomcat module is for ingesting access logs, not Catalina or localhost logs. * [Auditbeat] btmp offset check (#24515) * auditbeat btmp offset check Add check that saved offset is not larger than the current file size to prevent seeking past the end of file * [Heartbeat] Produce error rather than panic on missing source (#24404) Fixes #24403. With the changes to the heartbeat config syntax in 7.12 the `source` field is now required. Our config validation code didn't actually check for this field's presence, which caused an NPE. This PR adds a validation checking for that config's presence. It also adds tests for the validation code for config sub-fields. There were no defects found in the validations for source.inline, or source.browser, but a few tests were missing. Instead of the panic seen in #24403 users will now get the error seen below. ``` 2021-03-05T15:41:40.146-0600 ERROR instance/beat.go:952 Exiting: could not create monitor: job err could not parse suite config: config 'source' must be specified for this monitor, if upgrading from a previous experimental version please see our new config docs accessing 'heartbeat.monitors.0' (source:'sample-synthetics-config/heartbeat.yml') Exiting: could not create monitor: job err could not parse suite config: config 'source' must be specified for this monitor, if upgrading from a previous experimental version please see our new config docs accessing 'heartbeat.monitors.0' (source:'sample-synthetics-config/heartbeat.yml') ``` * Fix default scope in add_nomad_metadata (#24559) Fix default scope in add_nomad_metadata. It is set to local, but it should be node. Fix also error message that showed that local is a valid value. * [Filebeat] Add Dashboards to Threat Intel Module (#24488) * added dashboards & docs * ran mage fmt update * [CI] bump gvm version and use the binary (#24571) * [CI] Add resilience when installing required tooling (#24542) * [CI] enable new flaky detector (#24464) * chore: do not pass beat version (#24586) We will be delegating the version calculation to the e2e tests, using target branch values as defaults Co-authored-by: Jaime Soriano Pastor <[email protected]> Co-authored-by: Michal Pristas <[email protected]> Co-authored-by: Noémi Ványi <[email protected]> Co-authored-by: Blake Rouse <[email protected]> Co-authored-by: EamonnTP <[email protected]> Co-authored-by: AndyHunt66 <[email protected]> Co-authored-by: Manuel de la Peña <[email protected]> Co-authored-by: Alex K <[email protected]> Co-authored-by: DeDe Morton <[email protected]> Co-authored-by: Lee Hinman <[email protected]> Co-authored-by: Andrew Cholakian <[email protected]> Co-authored-by: Andrew Pease <[email protected]> Co-authored-by: Victor Martinez <[email protected]>
narph
added a commit
to narph/beats
that referenced
this pull request
Mar 18, 2021
* mofidy doc * work on fix * update changelog * update notice * Update notice * [Ingest Manager] Sync on rename on windows (elastic#24504) * Add tests for encoding settings of filestream input (elastic#24426) * [Elastic Agent] Add the ability to provide custom CA's inside of docker. (elastic#24486) * Add the ability to provide custom CA's for Elastic Agent docker. * Add changelog. * Update Golang to 1.15.9 (elastic#24442) * Add syntax for multiple selector logging (elastic#24207) (elastic#24497) * Add syntax for multiple selector logging * Update libbeat/docs/loggingconfig.asciidoc Co-authored-by: EamonnTP <[email protected]> Co-authored-by: EamonnTP <[email protected]> Co-authored-by: AndyHunt66 <[email protected]> * chore(ci): use beat_version instead of PR version (elastic#24446) * Add test for close.reader.after_interval to filestream input (elastic#24423) * Refactor use of system.hostfs to fix cgroup metrics (elastic#24334) * refactor use of system.hostfs to fix cgroup metrics * add changelog * remove comment * add cfgwarn * move changelog * shift around CLI config location and rep warning * add comment about system.hostfs usage * update docs * capitalization * fix grammar, add conditional * change docs phrasing * [Elastic Agent] Add verification check when updating communication to Kibana. (elastic#24489) * Add verification check when updating communication to Kibana. * Add changelog. * Add const. * Fix typo in mqtt input docs (elastic#24509) * Update input-http-endpoint.asciidoc (elastic#24490) * [Ingest Manager] Move logging defaults to agent (elastic#24535) [Ingest Manager] Move logging defaults to agent (elastic#24535) * Clarify that the Tomcat module is for ingesting access logs (elastic#24543) The Tomcat module is for ingesting access logs, not Catalina or localhost logs. * [Auditbeat] btmp offset check (elastic#24515) * auditbeat btmp offset check Add check that saved offset is not larger than the current file size to prevent seeking past the end of file * [Heartbeat] Produce error rather than panic on missing source (elastic#24404) Fixes elastic#24403. With the changes to the heartbeat config syntax in 7.12 the `source` field is now required. Our config validation code didn't actually check for this field's presence, which caused an NPE. This PR adds a validation checking for that config's presence. It also adds tests for the validation code for config sub-fields. There were no defects found in the validations for source.inline, or source.browser, but a few tests were missing. Instead of the panic seen in elastic#24403 users will now get the error seen below. ``` 2021-03-05T15:41:40.146-0600 ERROR instance/beat.go:952 Exiting: could not create monitor: job err could not parse suite config: config 'source' must be specified for this monitor, if upgrading from a previous experimental version please see our new config docs accessing 'heartbeat.monitors.0' (source:'sample-synthetics-config/heartbeat.yml') Exiting: could not create monitor: job err could not parse suite config: config 'source' must be specified for this monitor, if upgrading from a previous experimental version please see our new config docs accessing 'heartbeat.monitors.0' (source:'sample-synthetics-config/heartbeat.yml') ``` * Fix default scope in add_nomad_metadata (elastic#24559) Fix default scope in add_nomad_metadata. It is set to local, but it should be node. Fix also error message that showed that local is a valid value. * [Filebeat] Add Dashboards to Threat Intel Module (elastic#24488) * added dashboards & docs * ran mage fmt update * [CI] bump gvm version and use the binary (elastic#24571) * [CI] Add resilience when installing required tooling (elastic#24542) * [CI] enable new flaky detector (elastic#24464) * chore: do not pass beat version (elastic#24586) We will be delegating the version calculation to the e2e tests, using target branch values as defaults Co-authored-by: Jaime Soriano Pastor <[email protected]> Co-authored-by: Michal Pristas <[email protected]> Co-authored-by: Noémi Ványi <[email protected]> Co-authored-by: Blake Rouse <[email protected]> Co-authored-by: EamonnTP <[email protected]> Co-authored-by: AndyHunt66 <[email protected]> Co-authored-by: Manuel de la Peña <[email protected]> Co-authored-by: Alex K <[email protected]> Co-authored-by: DeDe Morton <[email protected]> Co-authored-by: Lee Hinman <[email protected]> Co-authored-by: Andrew Cholakian <[email protected]> Co-authored-by: Andrew Pease <[email protected]> Co-authored-by: Victor Martinez <[email protected]> (cherry picked from commit 5c6f1b6)
narph
added a commit
to narph/beats
that referenced
this pull request
Mar 18, 2021
* mofidy doc * work on fix * update changelog * update notice * Update notice * [Ingest Manager] Sync on rename on windows (elastic#24504) * Add tests for encoding settings of filestream input (elastic#24426) * [Elastic Agent] Add the ability to provide custom CA's inside of docker. (elastic#24486) * Add the ability to provide custom CA's for Elastic Agent docker. * Add changelog. * Update Golang to 1.15.9 (elastic#24442) * Add syntax for multiple selector logging (elastic#24207) (elastic#24497) * Add syntax for multiple selector logging * Update libbeat/docs/loggingconfig.asciidoc Co-authored-by: EamonnTP <[email protected]> Co-authored-by: EamonnTP <[email protected]> Co-authored-by: AndyHunt66 <[email protected]> * chore(ci): use beat_version instead of PR version (elastic#24446) * Add test for close.reader.after_interval to filestream input (elastic#24423) * Refactor use of system.hostfs to fix cgroup metrics (elastic#24334) * refactor use of system.hostfs to fix cgroup metrics * add changelog * remove comment * add cfgwarn * move changelog * shift around CLI config location and rep warning * add comment about system.hostfs usage * update docs * capitalization * fix grammar, add conditional * change docs phrasing * [Elastic Agent] Add verification check when updating communication to Kibana. (elastic#24489) * Add verification check when updating communication to Kibana. * Add changelog. * Add const. * Fix typo in mqtt input docs (elastic#24509) * Update input-http-endpoint.asciidoc (elastic#24490) * [Ingest Manager] Move logging defaults to agent (elastic#24535) [Ingest Manager] Move logging defaults to agent (elastic#24535) * Clarify that the Tomcat module is for ingesting access logs (elastic#24543) The Tomcat module is for ingesting access logs, not Catalina or localhost logs. * [Auditbeat] btmp offset check (elastic#24515) * auditbeat btmp offset check Add check that saved offset is not larger than the current file size to prevent seeking past the end of file * [Heartbeat] Produce error rather than panic on missing source (elastic#24404) Fixes elastic#24403. With the changes to the heartbeat config syntax in 7.12 the `source` field is now required. Our config validation code didn't actually check for this field's presence, which caused an NPE. This PR adds a validation checking for that config's presence. It also adds tests for the validation code for config sub-fields. There were no defects found in the validations for source.inline, or source.browser, but a few tests were missing. Instead of the panic seen in elastic#24403 users will now get the error seen below. ``` 2021-03-05T15:41:40.146-0600 ERROR instance/beat.go:952 Exiting: could not create monitor: job err could not parse suite config: config 'source' must be specified for this monitor, if upgrading from a previous experimental version please see our new config docs accessing 'heartbeat.monitors.0' (source:'sample-synthetics-config/heartbeat.yml') Exiting: could not create monitor: job err could not parse suite config: config 'source' must be specified for this monitor, if upgrading from a previous experimental version please see our new config docs accessing 'heartbeat.monitors.0' (source:'sample-synthetics-config/heartbeat.yml') ``` * Fix default scope in add_nomad_metadata (elastic#24559) Fix default scope in add_nomad_metadata. It is set to local, but it should be node. Fix also error message that showed that local is a valid value. * [Filebeat] Add Dashboards to Threat Intel Module (elastic#24488) * added dashboards & docs * ran mage fmt update * [CI] bump gvm version and use the binary (elastic#24571) * [CI] Add resilience when installing required tooling (elastic#24542) * [CI] enable new flaky detector (elastic#24464) * chore: do not pass beat version (elastic#24586) We will be delegating the version calculation to the e2e tests, using target branch values as defaults Co-authored-by: Jaime Soriano Pastor <[email protected]> Co-authored-by: Michal Pristas <[email protected]> Co-authored-by: Noémi Ványi <[email protected]> Co-authored-by: Blake Rouse <[email protected]> Co-authored-by: EamonnTP <[email protected]> Co-authored-by: AndyHunt66 <[email protected]> Co-authored-by: Manuel de la Peña <[email protected]> Co-authored-by: Alex K <[email protected]> Co-authored-by: DeDe Morton <[email protected]> Co-authored-by: Lee Hinman <[email protected]> Co-authored-by: Andrew Cholakian <[email protected]> Co-authored-by: Andrew Pease <[email protected]> Co-authored-by: Victor Martinez <[email protected]> (cherry picked from commit 5c6f1b6)
narph
added a commit
that referenced
this pull request
Mar 26, 2021
* mofidy doc * work on fix * update changelog * update notice * Update notice * [Ingest Manager] Sync on rename on windows (#24504) * Add tests for encoding settings of filestream input (#24426) * [Elastic Agent] Add the ability to provide custom CA's inside of docker. (#24486) * Add the ability to provide custom CA's for Elastic Agent docker. * Add changelog. * Update Golang to 1.15.9 (#24442) * Add syntax for multiple selector logging (#24207) (#24497) * Add syntax for multiple selector logging * Update libbeat/docs/loggingconfig.asciidoc Co-authored-by: EamonnTP <[email protected]> Co-authored-by: EamonnTP <[email protected]> Co-authored-by: AndyHunt66 <[email protected]> * chore(ci): use beat_version instead of PR version (#24446) * Add test for close.reader.after_interval to filestream input (#24423) * Refactor use of system.hostfs to fix cgroup metrics (#24334) * refactor use of system.hostfs to fix cgroup metrics * add changelog * remove comment * add cfgwarn * move changelog * shift around CLI config location and rep warning * add comment about system.hostfs usage * update docs * capitalization * fix grammar, add conditional * change docs phrasing * [Elastic Agent] Add verification check when updating communication to Kibana. (#24489) * Add verification check when updating communication to Kibana. * Add changelog. * Add const. * Fix typo in mqtt input docs (#24509) * Update input-http-endpoint.asciidoc (#24490) * [Ingest Manager] Move logging defaults to agent (#24535) [Ingest Manager] Move logging defaults to agent (#24535) * Clarify that the Tomcat module is for ingesting access logs (#24543) The Tomcat module is for ingesting access logs, not Catalina or localhost logs. * [Auditbeat] btmp offset check (#24515) * auditbeat btmp offset check Add check that saved offset is not larger than the current file size to prevent seeking past the end of file * [Heartbeat] Produce error rather than panic on missing source (#24404) Fixes #24403. With the changes to the heartbeat config syntax in 7.12 the `source` field is now required. Our config validation code didn't actually check for this field's presence, which caused an NPE. This PR adds a validation checking for that config's presence. It also adds tests for the validation code for config sub-fields. There were no defects found in the validations for source.inline, or source.browser, but a few tests were missing. Instead of the panic seen in #24403 users will now get the error seen below. ``` 2021-03-05T15:41:40.146-0600 ERROR instance/beat.go:952 Exiting: could not create monitor: job err could not parse suite config: config 'source' must be specified for this monitor, if upgrading from a previous experimental version please see our new config docs accessing 'heartbeat.monitors.0' (source:'sample-synthetics-config/heartbeat.yml') Exiting: could not create monitor: job err could not parse suite config: config 'source' must be specified for this monitor, if upgrading from a previous experimental version please see our new config docs accessing 'heartbeat.monitors.0' (source:'sample-synthetics-config/heartbeat.yml') ``` * Fix default scope in add_nomad_metadata (#24559) Fix default scope in add_nomad_metadata. It is set to local, but it should be node. Fix also error message that showed that local is a valid value. * [Filebeat] Add Dashboards to Threat Intel Module (#24488) * added dashboards & docs * ran mage fmt update * [CI] bump gvm version and use the binary (#24571) * [CI] Add resilience when installing required tooling (#24542) * [CI] enable new flaky detector (#24464) * chore: do not pass beat version (#24586) We will be delegating the version calculation to the e2e tests, using target branch values as defaults Co-authored-by: Jaime Soriano Pastor <[email protected]> Co-authored-by: Michal Pristas <[email protected]> Co-authored-by: Noémi Ványi <[email protected]> Co-authored-by: Blake Rouse <[email protected]> Co-authored-by: EamonnTP <[email protected]> Co-authored-by: AndyHunt66 <[email protected]> Co-authored-by: Manuel de la Peña <[email protected]> Co-authored-by: Alex K <[email protected]> Co-authored-by: DeDe Morton <[email protected]> Co-authored-by: Lee Hinman <[email protected]> Co-authored-by: Andrew Cholakian <[email protected]> Co-authored-by: Andrew Pease <[email protected]> Co-authored-by: Victor Martinez <[email protected]> (cherry picked from commit 5c6f1b6)
narph
added a commit
that referenced
this pull request
Mar 26, 2021
* Update gosigar package after fix (#24502) * mofidy doc * work on fix * update changelog * update notice * Update notice * [Ingest Manager] Sync on rename on windows (#24504) * Add tests for encoding settings of filestream input (#24426) * [Elastic Agent] Add the ability to provide custom CA's inside of docker. (#24486) * Add the ability to provide custom CA's for Elastic Agent docker. * Add changelog. * Update Golang to 1.15.9 (#24442) * Add syntax for multiple selector logging (#24207) (#24497) * Add syntax for multiple selector logging * Update libbeat/docs/loggingconfig.asciidoc Co-authored-by: EamonnTP <[email protected]> Co-authored-by: EamonnTP <[email protected]> Co-authored-by: AndyHunt66 <[email protected]> * chore(ci): use beat_version instead of PR version (#24446) * Add test for close.reader.after_interval to filestream input (#24423) * Refactor use of system.hostfs to fix cgroup metrics (#24334) * refactor use of system.hostfs to fix cgroup metrics * add changelog * remove comment * add cfgwarn * move changelog * shift around CLI config location and rep warning * add comment about system.hostfs usage * update docs * capitalization * fix grammar, add conditional * change docs phrasing * [Elastic Agent] Add verification check when updating communication to Kibana. (#24489) * Add verification check when updating communication to Kibana. * Add changelog. * Add const. * Fix typo in mqtt input docs (#24509) * Update input-http-endpoint.asciidoc (#24490) * [Ingest Manager] Move logging defaults to agent (#24535) [Ingest Manager] Move logging defaults to agent (#24535) * Clarify that the Tomcat module is for ingesting access logs (#24543) The Tomcat module is for ingesting access logs, not Catalina or localhost logs. * [Auditbeat] btmp offset check (#24515) * auditbeat btmp offset check Add check that saved offset is not larger than the current file size to prevent seeking past the end of file * [Heartbeat] Produce error rather than panic on missing source (#24404) Fixes #24403. With the changes to the heartbeat config syntax in 7.12 the `source` field is now required. Our config validation code didn't actually check for this field's presence, which caused an NPE. This PR adds a validation checking for that config's presence. It also adds tests for the validation code for config sub-fields. There were no defects found in the validations for source.inline, or source.browser, but a few tests were missing. Instead of the panic seen in #24403 users will now get the error seen below. ``` 2021-03-05T15:41:40.146-0600 ERROR instance/beat.go:952 Exiting: could not create monitor: job err could not parse suite config: config 'source' must be specified for this monitor, if upgrading from a previous experimental version please see our new config docs accessing 'heartbeat.monitors.0' (source:'sample-synthetics-config/heartbeat.yml') Exiting: could not create monitor: job err could not parse suite config: config 'source' must be specified for this monitor, if upgrading from a previous experimental version please see our new config docs accessing 'heartbeat.monitors.0' (source:'sample-synthetics-config/heartbeat.yml') ``` * Fix default scope in add_nomad_metadata (#24559) Fix default scope in add_nomad_metadata. It is set to local, but it should be node. Fix also error message that showed that local is a valid value. * [Filebeat] Add Dashboards to Threat Intel Module (#24488) * added dashboards & docs * ran mage fmt update * [CI] bump gvm version and use the binary (#24571) * [CI] Add resilience when installing required tooling (#24542) * [CI] enable new flaky detector (#24464) * chore: do not pass beat version (#24586) We will be delegating the version calculation to the e2e tests, using target branch values as defaults Co-authored-by: Jaime Soriano Pastor <[email protected]> Co-authored-by: Michal Pristas <[email protected]> Co-authored-by: Noémi Ványi <[email protected]> Co-authored-by: Blake Rouse <[email protected]> Co-authored-by: EamonnTP <[email protected]> Co-authored-by: AndyHunt66 <[email protected]> Co-authored-by: Manuel de la Peña <[email protected]> Co-authored-by: Alex K <[email protected]> Co-authored-by: DeDe Morton <[email protected]> Co-authored-by: Lee Hinman <[email protected]> Co-authored-by: Andrew Cholakian <[email protected]> Co-authored-by: Andrew Pease <[email protected]> Co-authored-by: Victor Martinez <[email protected]> (cherry picked from commit 5c6f1b6) * upadte changelog
leweafan
pushed a commit
to leweafan/beats
that referenced
this pull request
Apr 28, 2023
* auditbeat btmp offset check Add check that saved offset is not larger than the current file size to prevent seeking past the end of file (cherry picked from commit 920fd38)
leweafan
pushed a commit
to leweafan/beats
that referenced
this pull request
Apr 28, 2023
…lastic#24627) * Update gosigar package after fix (elastic#24502) * mofidy doc * work on fix * update changelog * update notice * Update notice * [Ingest Manager] Sync on rename on windows (elastic#24504) * Add tests for encoding settings of filestream input (elastic#24426) * [Elastic Agent] Add the ability to provide custom CA's inside of docker. (elastic#24486) * Add the ability to provide custom CA's for Elastic Agent docker. * Add changelog. * Update Golang to 1.15.9 (elastic#24442) * Add syntax for multiple selector logging (elastic#24207) (elastic#24497) * Add syntax for multiple selector logging * Update libbeat/docs/loggingconfig.asciidoc Co-authored-by: EamonnTP <[email protected]> Co-authored-by: EamonnTP <[email protected]> Co-authored-by: AndyHunt66 <[email protected]> * chore(ci): use beat_version instead of PR version (elastic#24446) * Add test for close.reader.after_interval to filestream input (elastic#24423) * Refactor use of system.hostfs to fix cgroup metrics (elastic#24334) * refactor use of system.hostfs to fix cgroup metrics * add changelog * remove comment * add cfgwarn * move changelog * shift around CLI config location and rep warning * add comment about system.hostfs usage * update docs * capitalization * fix grammar, add conditional * change docs phrasing * [Elastic Agent] Add verification check when updating communication to Kibana. (elastic#24489) * Add verification check when updating communication to Kibana. * Add changelog. * Add const. * Fix typo in mqtt input docs (elastic#24509) * Update input-http-endpoint.asciidoc (elastic#24490) * [Ingest Manager] Move logging defaults to agent (elastic#24535) [Ingest Manager] Move logging defaults to agent (elastic#24535) * Clarify that the Tomcat module is for ingesting access logs (elastic#24543) The Tomcat module is for ingesting access logs, not Catalina or localhost logs. * [Auditbeat] btmp offset check (elastic#24515) * auditbeat btmp offset check Add check that saved offset is not larger than the current file size to prevent seeking past the end of file * [Heartbeat] Produce error rather than panic on missing source (elastic#24404) Fixes elastic#24403. With the changes to the heartbeat config syntax in 7.12 the `source` field is now required. Our config validation code didn't actually check for this field's presence, which caused an NPE. This PR adds a validation checking for that config's presence. It also adds tests for the validation code for config sub-fields. There were no defects found in the validations for source.inline, or source.browser, but a few tests were missing. Instead of the panic seen in elastic#24403 users will now get the error seen below. ``` 2021-03-05T15:41:40.146-0600 ERROR instance/beat.go:952 Exiting: could not create monitor: job err could not parse suite config: config 'source' must be specified for this monitor, if upgrading from a previous experimental version please see our new config docs accessing 'heartbeat.monitors.0' (source:'sample-synthetics-config/heartbeat.yml') Exiting: could not create monitor: job err could not parse suite config: config 'source' must be specified for this monitor, if upgrading from a previous experimental version please see our new config docs accessing 'heartbeat.monitors.0' (source:'sample-synthetics-config/heartbeat.yml') ``` * Fix default scope in add_nomad_metadata (elastic#24559) Fix default scope in add_nomad_metadata. It is set to local, but it should be node. Fix also error message that showed that local is a valid value. * [Filebeat] Add Dashboards to Threat Intel Module (elastic#24488) * added dashboards & docs * ran mage fmt update * [CI] bump gvm version and use the binary (elastic#24571) * [CI] Add resilience when installing required tooling (elastic#24542) * [CI] enable new flaky detector (elastic#24464) * chore: do not pass beat version (elastic#24586) We will be delegating the version calculation to the e2e tests, using target branch values as defaults Co-authored-by: Jaime Soriano Pastor <[email protected]> Co-authored-by: Michal Pristas <[email protected]> Co-authored-by: Noémi Ványi <[email protected]> Co-authored-by: Blake Rouse <[email protected]> Co-authored-by: EamonnTP <[email protected]> Co-authored-by: AndyHunt66 <[email protected]> Co-authored-by: Manuel de la Peña <[email protected]> Co-authored-by: Alex K <[email protected]> Co-authored-by: DeDe Morton <[email protected]> Co-authored-by: Lee Hinman <[email protected]> Co-authored-by: Andrew Cholakian <[email protected]> Co-authored-by: Andrew Pease <[email protected]> Co-authored-by: Victor Martinez <[email protected]> (cherry picked from commit b5b66f5) * upadte changelog
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Adds check that saved offset is not larger than the current file size.
Why is it important?
This prevents seeking past the end of the file.
Checklist
- [ ] I have made corresponding changes to the documentation- [ ] I have made corresponding change to the default configuration files- [ ] I have added tests that prove my fix is effective or that my feature worksCHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Related issues
Logs
Bug report contained logs like: