Skip to content

Commit

Permalink
Osquerybeat: Disable allow_unsafe osquery configuration (elastic#40130)
Browse files Browse the repository at this point in the history
* Osquerybeat: Disable allow_unsafe osquery configuration

* Make linter happier

* Added changelog

* Make linter happier
  • Loading branch information
aleksmaus authored Jul 9, 2024
1 parent b056515 commit fec980b
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 5 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
*Osquerybeat*

- Add action responses data stream, allowing osquerybeat to post action results directly to elasticsearch. {pull}39143[39143]
- Disable allow_unsafe osquery configuration. {pull}40130[40130]

*Packetbeat*

Expand Down
8 changes: 3 additions & 5 deletions x-pack/osquerybeat/internal/osqd/osqueryd_windows.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,7 @@ func SocketPath(dir string) string {
}

func platformArgs() map[string]interface{} {
return map[string]interface{}{
"allow_unsafe": true,
}
return nil
}

func setpgid() *syscall.SysProcAttr {
Expand All @@ -41,6 +39,6 @@ func setpgid() *syscall.SysProcAttr {
// For clean process tree kill
func killProcessGroup(cmd *exec.Cmd) error {
// https://github.com/golang/dep/pull/857
exec.Command("taskkill", "/F", "/T", "/PID", fmt.Sprint(cmd.Process.Pid)).Run()
return nil
//nolint:gosec // works as expected
return exec.Command("taskkill", "/F", "/T", "/PID", fmt.Sprint(cmd.Process.Pid)).Run()
}

0 comments on commit fec980b

Please sign in to comment.