x-pack/auditbeat/tracing: fix regexp for kprobe description line #28609
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
efd6
added
bug
Team:Security-External Integrations
backport-v7.16.0
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
botelastic
bot
added
needs_team
efd6
force-pushed
the
audit/removeprobes
branch
2 times, most recently
from
c9990a8 to
c77961d
Compare
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
💚 Flaky test reportTests succeeded. 🤖 GitHub commentsTo re-run your PR in the CI, just comment with:
|
|
This is related to and partially addresses #20327 |
adriansr
approved these changes
Oct 25, 2021
CHANGELOG.next.asciidoc
Outdated
| @@ -34,6 +34,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d | |||
| - File integrity dataset: Remove non-ECS `hash.*` fields. Hashes are under `file.hash.*`. {issue}19039[19039] {pull}28378[28378] | |||
| - Auditd dataset: Removes the authentication_success and authentication_failure event.type values for user logins. {issue}19039[19039] {pull}28378[28378] | |||
| - Fix handling of long file names on Windows. {issue}25334[25334] {pull}28517[28517] | |||
| - Fix uninstallation of return kprobes {issue}28608[28608] {pull}28609[28609] | |||
There was a problem hiding this comment.
Suggested change
| - Fix uninstallation of return kprobes {issue}28608[28608] {pull}28609[28609] | |
| - System/socket dataset: Fix uninstallation of return kprobes {issue}28608[28608] {pull}28609[28609] |
The pattern was previously lacking knowledge of the MAXACTIVE field that may be present in return probes. The new pattern is slightly less strict than it could be but is simpler for it.
efd6
force-pushed
the
audit/removeprobes
branch
from
c77961d to
811bfd4
Compare
2 tasks
mergify bot
pushed a commit
that referenced
this pull request
Oct 25, 2021
) The pattern was previously lacking knowledge of the MAXACTIVE field that may be present in return probes. The new pattern is slightly less strict than it could be but is simpler for it. (cherry picked from commit 362c708)
efd6
added a commit
that referenced
this pull request
Oct 26, 2021
) (#28628) The pattern was previously lacking knowledge of the MAXACTIVE field that may be present in return probes. The new pattern is slightly less strict than it could be but is simpler for it. (cherry picked from commit 362c708) Co-authored-by: Dan Kortschak <[email protected]>
v1v
added a commit
to v1v/beats
that referenced
this pull request
Oct 26, 2021
…urnalbeat-ci * upstream/master: (49 commits) [CI]: use the downstream packaging pipeline for branches/tags (elastic#28589) fix: use declarative style for complete variant of the elastic-agent (elastic#28526) x-pack/auditbeat/tracing: fix regexp for kprobe description line (elastic#28609) docs: Update `api_key` example on elasticsearch output (elastic#28606) chore: add build scripts to CODEOWNERS (elastic#28615) Osquerybeat: Fix host_processes missing cmdline arguments (elastic#28622) Add note about changes to regexp package in Golang (elastic#28616) CI: nightly/weekly builds for 7.x targeting 7.16 instead (elastic#28612) Osquerybeat: Fix extenstion unable to start on windows (elastic#28598) Osquerybeat: Return the query result count with the action response (elastic#28576) Agent: Allow custom response properties in the action response (elastic#28575) [Heartbeat] Only setuid in elastic-agent image (elastic#28577) Fix formatting of `mapStateJSON` and `layerListJSON` in dashboard assets (elastic#28530) CI: refactor the run e2e build (elastic#28502) Use fsnotify with long windows name-safe changes (elastic#28517) Remove unneeded mergify config backport: Add 7.16 branch (elastic#28560) Add proxy_url support to threatintel module's malwarebazaar fileset (elastic#28533) Osquerybeat: Implement host_users, host_groups, host_processes tables as a part of our osquery_extension. (elastic#28434) [Heartbeat] Make run_once syntax a boolean (elastic#28548) ...
Icedroid
pushed a commit
to Icedroid/beats
that referenced
this pull request
Nov 1, 2021
…stic#28609) The pattern was previously lacking knowledge of the MAXACTIVE field that may be present in return probes. The new pattern is slightly less strict than it could be but is simpler for it.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This change fixes a bug that leaves stale return kprobes installed after auditbeat exit.
The pattern was previously lacking knowledge of the MAXACTIVE field that may be
present in return probes. The new pattern is slightly less strict than it could
be but is simpler for it.
Why is it important?
While the presence of the stale probes is not strictly an issue, their presence gets in the way of debugging other issues.
Checklist
CHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Author's Checklist
How to test this PR locally
See reproducer instructions at #28608.
Related issues
Use cases
N/A
Screenshots
N/A
Logs
N/A