From fec980b98f1092eeb9fff1e9f30ea10eac32e334 Mon Sep 17 00:00:00 2001 From: Aleksandr Maus Date: Tue, 9 Jul 2024 18:37:34 -0400 Subject: [PATCH] Osquerybeat: Disable allow_unsafe osquery configuration (#40130) * Osquerybeat: Disable allow_unsafe osquery configuration * Make linter happier * Added changelog * Make linter happier --- CHANGELOG.next.asciidoc | 1 + x-pack/osquerybeat/internal/osqd/osqueryd_windows.go | 8 +++----- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index e2c7cea7d507..f019222cceb3 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -57,6 +57,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] *Osquerybeat* - Add action responses data stream, allowing osquerybeat to post action results directly to elasticsearch. {pull}39143[39143] +- Disable allow_unsafe osquery configuration. {pull}40130[40130] *Packetbeat* diff --git a/x-pack/osquerybeat/internal/osqd/osqueryd_windows.go b/x-pack/osquerybeat/internal/osqd/osqueryd_windows.go index e51496eccf60..0d14c417cbf3 100644 --- a/x-pack/osquerybeat/internal/osqd/osqueryd_windows.go +++ b/x-pack/osquerybeat/internal/osqd/osqueryd_windows.go @@ -28,9 +28,7 @@ func SocketPath(dir string) string { } func platformArgs() map[string]interface{} { - return map[string]interface{}{ - "allow_unsafe": true, - } + return nil } func setpgid() *syscall.SysProcAttr { @@ -41,6 +39,6 @@ func setpgid() *syscall.SysProcAttr { // For clean process tree kill func killProcessGroup(cmd *exec.Cmd) error { // https://github.com/golang/dep/pull/857 - exec.Command("taskkill", "/F", "/T", "/PID", fmt.Sprint(cmd.Process.Pid)).Run() - return nil + //nolint:gosec // works as expected + return exec.Command("taskkill", "/F", "/T", "/PID", fmt.Sprint(cmd.Process.Pid)).Run() }