diff --git a/README.md b/README.md index 66292cf..6d7a173 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,7 @@ fileserver_backend: - git gitfs_remotes: - https://github.com/hubblestack/hubble-salt.git: - - base: v2017.8.1 + - base: v2017.8.2 - root: '' ``` diff --git a/_beacons/pulsar.py b/_beacons/pulsar.py index 6d34602..3eb5856 100644 --- a/_beacons/pulsar.py +++ b/_beacons/pulsar.py @@ -39,7 +39,7 @@ DEFAULT_MASK = None __virtualname__ = 'pulsar' -__version__ = 'v2017.8.1' +__version__ = 'v2017.8.2' CONFIG = None CONFIG_STALENESS = 0 diff --git a/_beacons/win_pulsar.py b/_beacons/win_pulsar.py index 942f13d..5950a26 100644 --- a/_beacons/win_pulsar.py +++ b/_beacons/win_pulsar.py @@ -26,7 +26,7 @@ DEFAULT_TYPE = 'all' __virtualname__ = 'pulsar' -__version__ = 'v2017.8.1' +__version__ = 'v2017.8.2' CONFIG = None CONFIG_STALENESS = 0 diff --git a/_modules/hubble.py b/_modules/hubble.py index 6fa34a2..dbc8404 100644 --- a/_modules/hubble.py +++ b/_modules/hubble.py @@ -35,7 +35,7 @@ from nova_loader import NovaLazyLoader __nova__ = {} -__version__ = 'v2017.8.1' +__version__ = 'v2017.8.2' def audit(configs=None, diff --git a/_modules/nebula_osquery.py b/_modules/nebula_osquery.py index ed189e2..18d7154 100644 --- a/_modules/nebula_osquery.py +++ b/_modules/nebula_osquery.py @@ -40,7 +40,7 @@ log = logging.getLogger(__name__) -__version__ = 'v2017.8.1' +__version__ = 'v2017.8.2' __virtualname__ = 'nebula' diff --git a/_modules/win_pulsar.py b/_modules/win_pulsar.py index a038382..38abb1b 100644 --- a/_modules/win_pulsar.py +++ b/_modules/win_pulsar.py @@ -28,7 +28,7 @@ CONFIG = None CONFIG_STALENESS = 0 -__version__ = 'v2017.8.1' +__version__ = 'v2017.8.2' def __virtual__(): diff --git a/_returners/slack_pulsar_returner.py b/_returners/slack_pulsar_returner.py index 8b508ea..8638b93 100644 --- a/_returners/slack_pulsar_returner.py +++ b/_returners/slack_pulsar_returner.py @@ -69,7 +69,7 @@ # Import Salt Libs import salt.returners -__version__ = 'v2017.8.1' +__version__ = 'v2017.8.2' log = logging.getLogger(__name__) diff --git a/_returners/splunk_nebula_return.py b/_returners/splunk_nebula_return.py index e3d6f9b..ccc381c 100644 --- a/_returners/splunk_nebula_return.py +++ b/_returners/splunk_nebula_return.py @@ -50,7 +50,7 @@ import logging -__version__ = 'v2017.8.1' +__version__ = 'v2017.8.2' _max_content_bytes = 100000 http_event_collector_SSL_verify = False @@ -145,7 +145,7 @@ def returner(ret): # Potentially add metadata fields: fields = {} for item in index_extracted_fields: - if item in payload['event'] and not isinstance(payload['event'], (list, dict, tuple)): + if item in payload['event'] and not isinstance(payload['event'][item], (list, dict, tuple)): fields[item] = str(payload['event'][item]) if fields: payload.update({'fields': fields}) diff --git a/_returners/splunk_nova_return.py b/_returners/splunk_nova_return.py index 92f7a6d..786b5d1 100644 --- a/_returners/splunk_nova_return.py +++ b/_returners/splunk_nova_return.py @@ -49,7 +49,7 @@ import logging -__version__ = 'v2017.8.1' +__version__ = 'v2017.8.2' _max_content_bytes = 100000 http_event_collector_SSL_verify = False @@ -152,7 +152,7 @@ def returner(ret): # Potentially add metadata fields: fields = {} for item in index_extracted_fields: - if item in payload['event'] and not isinstance(payload['event'], (list, dict, tuple)): + if item in payload['event'] and not isinstance(payload['event'][item], (list, dict, tuple)): fields[item] = str(payload['event'][item]) if fields: payload.update({'fields': fields}) @@ -197,7 +197,7 @@ def returner(ret): # Potentially add metadata fields: fields = {} for item in index_extracted_fields: - if item in payload['event'] and not isinstance(payload['event'], (list, dict, tuple)): + if item in payload['event'] and not isinstance(payload['event'][item], (list, dict, tuple)): fields[item] = str(payload['event'][item]) if fields: payload.update({'fields': fields}) @@ -234,7 +234,7 @@ def returner(ret): # Potentially add metadata fields: fields = {} for item in index_extracted_fields: - if item in payload['event'] and not isinstance(payload['event'], (list, dict, tuple)): + if item in payload['event'] and not isinstance(payload['event'][item], (list, dict, tuple)): fields[item] = str(payload['event'][item]) if fields: payload.update({'fields': fields}) diff --git a/_returners/splunk_pulsar_return.py b/_returners/splunk_pulsar_return.py index 954f178..21b15c7 100644 --- a/_returners/splunk_pulsar_return.py +++ b/_returners/splunk_pulsar_return.py @@ -51,7 +51,7 @@ import logging -__version__ = 'v2017.8.1' +__version__ = 'v2017.8.2' _max_content_bytes = 100000 http_event_collector_SSL_verify = False @@ -236,7 +236,7 @@ def returner(ret): # Potentially add metadata fields: fields = {} for item in index_extracted_fields: - if item in payload['event'] and not isinstance(payload['event'], (list, dict, tuple)): + if item in payload['event'] and not isinstance(payload['event'][item], (list, dict, tuple)): fields[item] = str(payload['event'][item]) if fields: payload.update({'fields': fields}) diff --git a/hubblestack_nova/grep.py b/hubblestack_nova/grep.py index f757cf6..63d3e03 100644 --- a/hubblestack_nova/grep.py +++ b/hubblestack_nova/grep.py @@ -28,6 +28,7 @@ pattern: '/tmp' # grep pattern match_output: 'nodev' # string to check for in output of grep command (optional) match_output_regex: True # whether to use regex when matching output (default: False) + match_output_multiline: False # whether to use multiline flag for regex matching (default: True) grep_args: # extra args to grep - '-E' - '-i' @@ -122,8 +123,12 @@ def audit(data_list, tags, debug=False, **kwargs): if tag_data['match_output'] not in grep_ret: found = False else: # match with regex - if not re.match(tag_data['match_output'], grep_ret): - found = False + if tag_data.get('match_output_multiline', True): + if not re.search(tag_data['match_output'], grep_ret, re.MULTILINE): + found = False + else: + if not re.search(tag_data['match_output'], grep_ret): + found = False if not os.path.exists(name) and 'match_on_file_missing' in tag_data: if tag_data['match_on_file_missing']: