Merge pull request #104 from hubblestack/develop

Merge to master (prep v2017.8.2)
hubblestack · Aug 8, 2017 · 0fca004 · 0fca004
2 parents 51c239d + 1f8df84
commit 0fca004
Show file tree

Hide file tree

Showing 11 changed files with 22 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -56,7 +56,7 @@ fileserver_backend:
   - git
 gitfs_remotes:
   - https://github.com/hubblestack/hubble-salt.git:
-    - base: v2017.8.1
+    - base: v2017.8.2
     - root: ''
 ```
 

diff --git a/_beacons/pulsar.py b/_beacons/pulsar.py
@@ -39,7 +39,7 @@
     DEFAULT_MASK = None
 
 __virtualname__ = 'pulsar'
-__version__ = 'v2017.8.1'
+__version__ = 'v2017.8.2'
 CONFIG = None
 CONFIG_STALENESS = 0
 

diff --git a/_beacons/win_pulsar.py b/_beacons/win_pulsar.py
@@ -26,7 +26,7 @@
 DEFAULT_TYPE = 'all'
 
 __virtualname__ = 'pulsar'
-__version__ = 'v2017.8.1'
+__version__ = 'v2017.8.2'
 CONFIG = None
 CONFIG_STALENESS = 0
 

diff --git a/_modules/hubble.py b/_modules/hubble.py
@@ -35,7 +35,7 @@
 from nova_loader import NovaLazyLoader
 
 __nova__ = {}
-__version__ = 'v2017.8.1'
+__version__ = 'v2017.8.2'
 
 
 def audit(configs=None,

diff --git a/_modules/nebula_osquery.py b/_modules/nebula_osquery.py
@@ -40,7 +40,7 @@
 
 log = logging.getLogger(__name__)
 
-__version__ = 'v2017.8.1'
+__version__ = 'v2017.8.2'
 __virtualname__ = 'nebula'
 
 

diff --git a/_modules/win_pulsar.py b/_modules/win_pulsar.py
@@ -28,7 +28,7 @@
 CONFIG = None
 CONFIG_STALENESS = 0
 
-__version__ = 'v2017.8.1'
+__version__ = 'v2017.8.2'
 
 
 def __virtual__():

diff --git a/_returners/slack_pulsar_returner.py b/_returners/slack_pulsar_returner.py
@@ -69,7 +69,7 @@
 # Import Salt Libs
 import salt.returners
 
-__version__ = 'v2017.8.1'
+__version__ = 'v2017.8.2'
 
 log = logging.getLogger(__name__)
 

diff --git a/_returners/splunk_nebula_return.py b/_returners/splunk_nebula_return.py
@@ -50,7 +50,7 @@
 
 import logging
 
-__version__ = 'v2017.8.1'
+__version__ = 'v2017.8.2'
 
 _max_content_bytes = 100000
 http_event_collector_SSL_verify = False
@@ -145,7 +145,7 @@ def returner(ret):
                         # Potentially add metadata fields:
                         fields = {}
                         for item in index_extracted_fields:
-                            if item in payload['event'] and not isinstance(payload['event'], (list, dict, tuple)):
+                            if item in payload['event'] and not isinstance(payload['event'][item], (list, dict, tuple)):
                                 fields[item] = str(payload['event'][item])
                         if fields:
                             payload.update({'fields': fields})

diff --git a/_returners/splunk_nova_return.py b/_returners/splunk_nova_return.py
@@ -49,7 +49,7 @@
 
 import logging
 
-__version__ = 'v2017.8.1'
+__version__ = 'v2017.8.2'
 
 _max_content_bytes = 100000
 http_event_collector_SSL_verify = False
@@ -152,7 +152,7 @@ def returner(ret):
             # Potentially add metadata fields:
             fields = {}
             for item in index_extracted_fields:
-                if item in payload['event'] and not isinstance(payload['event'], (list, dict, tuple)):
+                if item in payload['event'] and not isinstance(payload['event'][item], (list, dict, tuple)):
                     fields[item] = str(payload['event'][item])
             if fields:
                 payload.update({'fields': fields})
@@ -197,7 +197,7 @@ def returner(ret):
             # Potentially add metadata fields:
             fields = {}
             for item in index_extracted_fields:
-                if item in payload['event'] and not isinstance(payload['event'], (list, dict, tuple)):
+                if item in payload['event'] and not isinstance(payload['event'][item], (list, dict, tuple)):
                     fields[item] = str(payload['event'][item])
             if fields:
                 payload.update({'fields': fields})
@@ -234,7 +234,7 @@ def returner(ret):
             # Potentially add metadata fields:
             fields = {}
             for item in index_extracted_fields:
-                if item in payload['event'] and not isinstance(payload['event'], (list, dict, tuple)):
+                if item in payload['event'] and not isinstance(payload['event'][item], (list, dict, tuple)):
                     fields[item] = str(payload['event'][item])
             if fields:
                 payload.update({'fields': fields})

diff --git a/_returners/splunk_pulsar_return.py b/_returners/splunk_pulsar_return.py
@@ -51,7 +51,7 @@
 
 import logging
 
-__version__ = 'v2017.8.1'
+__version__ = 'v2017.8.2'
 
 _max_content_bytes = 100000
 http_event_collector_SSL_verify = False
@@ -236,7 +236,7 @@ def returner(ret):
             # Potentially add metadata fields:
             fields = {}
             for item in index_extracted_fields:
-                if item in payload['event'] and not isinstance(payload['event'], (list, dict, tuple)):
+                if item in payload['event'] and not isinstance(payload['event'][item], (list, dict, tuple)):
                     fields[item] = str(payload['event'][item])
             if fields:
                 payload.update({'fields': fields})

diff --git a/hubblestack_nova/grep.py b/hubblestack_nova/grep.py
@@ -28,6 +28,7 @@
               pattern: '/tmp'  # grep pattern
               match_output: 'nodev'  # string to check for in output of grep command (optional)
               match_output_regex: True  # whether to use regex when matching output (default: False)
+              match_output_multiline: False  # whether to use multiline flag for regex matching (default: True)
               grep_args:  # extra args to grep
                 - '-E'
                 - '-i'
@@ -122,8 +123,12 @@ def audit(data_list, tags, debug=False, **kwargs):
                         if tag_data['match_output'] not in grep_ret:
                             found = False
                     else:  # match with regex
-                        if not re.match(tag_data['match_output'], grep_ret):
-                            found = False
+                        if tag_data.get('match_output_multiline', True):
+                            if not re.search(tag_data['match_output'], grep_ret, re.MULTILINE):
+                                found = False
+                        else:
+                            if not re.search(tag_data['match_output'], grep_ret):
+                                found = False
 
                 if not os.path.exists(name) and 'match_on_file_missing' in tag_data:
                     if tag_data['match_on_file_missing']: