Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Add linux malware config options and migration #100166

Merged
merged 12 commits into from
May 19, 2021
3 changes: 3 additions & 0 deletions x-pack/plugins/fleet/server/saved_objects/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@ import {
migrateOutputToV7130,
} from './migrations/to_v7_13_0';

import { migratePackagePolicyToV7140 } from './migrations/to_v7_14_0';

/*
* Saved object types and mappings
*
Expand Down Expand Up @@ -267,6 +269,7 @@ const getSavedObjectTypes = (
'7.11.0': migratePackagePolicyToV7110,
'7.12.0': migratePackagePolicyToV7120,
'7.13.0': migratePackagePolicyToV7130,
'7.14.0': migratePackagePolicyToV7140,
},
},
[PACKAGES_SAVED_OBJECT_TYPE]: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,4 @@
export { migratePackagePolicyToV7110 } from './to_v7_11_0';
export { migratePackagePolicyToV7120 } from './to_v7_12_0';
export { migrateEndpointPackagePolicyToV7130 } from './to_v7_13_0';
export { migrateEndpointPackagePolicyToV7140 } from './to_v7_14_0';
Original file line number Diff line number Diff line change
@@ -0,0 +1,335 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import type { SavedObjectMigrationContext, SavedObjectUnsanitizedDoc } from 'kibana/server';

import type { PackagePolicy } from '../../../../common';

import { migrateEndpointPackagePolicyToV7140 } from './to_v7_14_0';

describe('7.14.0 Endpoint Package Policy migration', () => {
const migration = migrateEndpointPackagePolicyToV7140;
it('adds linux malware option and notification customization when windows malware is disabled', () => {
const doc = {
id: 'mock-saved-object-id',
attributes: {
name: 'Some Policy Name',
package: {
name: 'endpoint',
title: '',
version: '',
},
id: 'endpoint',
policy_id: '',
enabled: true,
namespace: '',
output_id: '',
revision: 0,
updated_at: '',
updated_by: '',
created_at: '',
created_by: '',
inputs: [
{
type: 'endpoint',
enabled: true,
streams: [],
config: {
policy: {
value: {
windows: {
ransomware: {
mode: 'off',
},
malware: {
mode: 'off',
},
popup: {
malware: {
message: '',
enabled: false,
},
ransomware: {
message: '',
enabled: false,
},
},
},
linux: {
events: { process: true, file: true, network: true },
logging: { file: 'info' },
},
},
},
},
},
],
},
type: ' nested',
};

expect(migration(doc, {} as SavedObjectMigrationContext)).toEqual({
attributes: {
name: 'Some Policy Name',
package: {
name: 'endpoint',
title: '',
version: '',
},
id: 'endpoint',
policy_id: '',
enabled: true,
namespace: '',
output_id: '',
revision: 0,
updated_at: '',
updated_by: '',
created_at: '',
created_by: '',
inputs: [
{
type: 'endpoint',
enabled: true,
streams: [],
config: {
policy: {
value: {
windows: {
ransomware: {
mode: 'off',
},
malware: {
mode: 'off',
},
popup: {
malware: {
message: '',
enabled: false,
},
ransomware: {
message: '',
enabled: false,
},
},
},
linux: {
events: { process: true, file: true, network: true },
logging: { file: 'info' },
malware: {
mode: 'off',
},
popup: {
malware: {
message: '',
enabled: false,
},
},
},
},
},
},
},
],
},
type: ' nested',
id: 'mock-saved-object-id',
});
});

it('adds linux malware option and notification customization when windows malware is enabled', () => {
const doc = {
id: 'mock-saved-object-id',
attributes: {
name: 'Some Policy Name',
package: {
name: 'endpoint',
title: '',
version: '',
},
id: 'endpoint',
policy_id: '',
enabled: true,
namespace: '',
output_id: '',
revision: 0,
updated_at: '',
updated_by: '',
created_at: '',
created_by: '',
inputs: [
{
type: 'endpoint',
enabled: true,
streams: [],
config: {
policy: {
value: {
windows: {
ransomware: {
mode: 'off',
},
malware: {
mode: 'on',
},
popup: {
malware: {
message: '',
enabled: true,
},
ransomware: {
message: '',
enabled: false,
},
},
},
linux: {
events: { process: true, file: true, network: true },
logging: { file: 'info' },
},
},
},
},
},
],
},
type: ' nested',
};

expect(migration(doc, {} as SavedObjectMigrationContext)).toEqual({
attributes: {
name: 'Some Policy Name',
package: {
name: 'endpoint',
title: '',
version: '',
},
id: 'endpoint',
policy_id: '',
enabled: true,
namespace: '',
output_id: '',
revision: 0,
updated_at: '',
updated_by: '',
created_at: '',
created_by: '',
inputs: [
{
type: 'endpoint',
enabled: true,
streams: [],
config: {
policy: {
value: {
windows: {
ransomware: {
mode: 'off',
},
malware: {
mode: 'on',
},
popup: {
malware: {
message: '',
enabled: true,
},
ransomware: {
message: '',
enabled: false,
},
},
},
linux: {
events: { process: true, file: true, network: true },
logging: { file: 'info' },
malware: {
mode: 'on',
},
popup: {
malware: {
message: '',
enabled: true,
},
},
},
},
},
},
},
],
},
type: ' nested',
id: 'mock-saved-object-id',
});
});

it('does not modify non-endpoint package policies', () => {
const doc: SavedObjectUnsanitizedDoc<PackagePolicy> = {
id: 'mock-saved-object-id',
attributes: {
name: 'Some Policy Name',
package: {
name: 'notEndpoint',
title: '',
version: '',
},
id: 'notEndpoint',
policy_id: '',
enabled: true,
namespace: '',
output_id: '',
revision: 0,
updated_at: '',
updated_by: '',
created_at: '',
created_by: '',
inputs: [
{
type: 'notEndpoint',
enabled: true,
streams: [],
config: {},
},
],
},
type: ' nested',
};

expect(
migration(doc, {} as SavedObjectMigrationContext) as SavedObjectUnsanitizedDoc<PackagePolicy>
).toEqual({
attributes: {
name: 'Some Policy Name',
package: {
name: 'notEndpoint',
title: '',
version: '',
},
id: 'notEndpoint',
policy_id: '',
enabled: true,
namespace: '',
output_id: '',
revision: 0,
updated_at: '',
updated_by: '',
created_at: '',
created_by: '',
inputs: [
{
type: 'notEndpoint',
enabled: true,
streams: [],
config: {},
},
],
},
type: ' nested',
id: 'mock-saved-object-id',
});
});
});
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import type { SavedObjectMigrationFn, SavedObjectUnsanitizedDoc } from 'kibana/server';
import { cloneDeep } from 'lodash';

import type { PackagePolicy } from '../../../../common';

export const migrateEndpointPackagePolicyToV7140: SavedObjectMigrationFn<
PackagePolicy,
PackagePolicy
> = (packagePolicyDoc) => {
const updatedPackagePolicyDoc: SavedObjectUnsanitizedDoc<PackagePolicy> = cloneDeep(
packagePolicyDoc
);
if (packagePolicyDoc.attributes.package?.name === 'endpoint') {
const input = updatedPackagePolicyDoc.attributes.inputs[0];
if (input && input.config) {
const policy = input.config.policy.value;
const linuxMalware = cloneDeep(input.config.policy.value.windows.malware);
const linuxMalwarePopup = {
malware: cloneDeep(input.config.policy.value.windows.popup.malware),
};

policy.linux.malware = linuxMalware;
policy.linux.popup = linuxMalwarePopup;
}
}

return updatedPackagePolicyDoc;
};
Loading