From 03268c1b89c3e37b6d13f7e17102708d75f32aaf Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Wed, 6 Jul 2022 15:36:17 +0100 Subject: [PATCH 01/16] ironbank: added templates for some beats --- .../packaging/files/linux/ironbank/LICENSE | 280 ++++++++++++++++++ .../templates/ironbank/auditbeat/Dockerfile | 81 +++++ .../templates/ironbank/auditbeat/README.md | 38 +++ .../auditbeat/hardening_manifest.yaml | 63 ++++ .../templates/ironbank/filebeat/Dockerfile | 81 +++++ .../templates/ironbank/filebeat/README.md | 37 +++ .../ironbank/filebeat/hardening_manifest.yaml | 63 ++++ .../templates/ironbank/metricbeat/Dockerfile | 82 +++++ .../templates/ironbank/metricbeat/README.md | 37 +++ .../metricbeat/hardening_manifest.yaml | 63 ++++ .../templates/ironbank/packetbeat/Dockerfile | 83 ++++++ .../templates/ironbank/packetbeat/README.md | 37 +++ .../packetbeat/hardening_manifest.yaml | 63 ++++ 13 files changed, 1008 insertions(+) create mode 100644 dev-tools/packaging/files/linux/ironbank/LICENSE create mode 100644 dev-tools/packaging/templates/ironbank/auditbeat/Dockerfile create mode 100644 dev-tools/packaging/templates/ironbank/auditbeat/README.md create mode 100644 dev-tools/packaging/templates/ironbank/auditbeat/hardening_manifest.yaml create mode 100644 dev-tools/packaging/templates/ironbank/filebeat/Dockerfile create mode 100644 dev-tools/packaging/templates/ironbank/filebeat/README.md create mode 100644 dev-tools/packaging/templates/ironbank/filebeat/hardening_manifest.yaml create mode 100644 dev-tools/packaging/templates/ironbank/metricbeat/Dockerfile create mode 100644 dev-tools/packaging/templates/ironbank/metricbeat/README.md create mode 100644 dev-tools/packaging/templates/ironbank/metricbeat/hardening_manifest.yaml create mode 100644 dev-tools/packaging/templates/ironbank/packetbeat/Dockerfile create mode 100644 dev-tools/packaging/templates/ironbank/packetbeat/README.md create mode 100644 dev-tools/packaging/templates/ironbank/packetbeat/hardening_manifest.yaml diff --git a/dev-tools/packaging/files/linux/ironbank/LICENSE b/dev-tools/packaging/files/linux/ironbank/LICENSE new file mode 100644 index 00000000000..ef2739c152e --- /dev/null +++ b/dev-tools/packaging/files/linux/ironbank/LICENSE @@ -0,0 +1,280 @@ +ELASTIC LICENSE AGREEMENT + +PLEASE READ CAREFULLY THIS ELASTIC LICENSE AGREEMENT (THIS "AGREEMENT"), WHICH +CONSTITUTES A LEGALLY BINDING AGREEMENT AND GOVERNS ALL OF YOUR USE OF ALL OF +THE ELASTIC SOFTWARE WITH WHICH THIS AGREEMENT IS INCLUDED ("ELASTIC SOFTWARE") +THAT IS PROVIDED IN OBJECT CODE FORMAT, AND, IN ACCORDANCE WITH SECTION 2 BELOW, +CERTAIN OF THE ELASTIC SOFTWARE THAT IS PROVIDED IN SOURCE CODE FORMAT. BY +INSTALLING OR USING ANY OF THE ELASTIC SOFTWARE GOVERNED BY THIS AGREEMENT, YOU +ARE ASSENTING TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT AGREE +WITH SUCH TERMS AND CONDITIONS, YOU MAY NOT INSTALL OR USE THE ELASTIC SOFTWARE +GOVERNED BY THIS AGREEMENT. IF YOU ARE INSTALLING OR USING THE SOFTWARE ON +BEHALF OF A LEGAL ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE THE ACTUAL +AUTHORITY TO AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT ON BEHALF OF +SUCH ENTITY. + +Posted Date: April 20, 2018 + +This Agreement is entered into by and between Elasticsearch BV ("Elastic") and +You, or the legal entity on behalf of whom You are acting (as applicable, +"You"). + +1. OBJECT CODE END USER LICENSES, RESTRICTIONS AND THIRD PARTY OPEN SOURCE +SOFTWARE + + 1.1 Object Code End User License. Subject to the terms and conditions of + Section 1.2 of this Agreement, Elastic hereby grants to You, AT NO CHARGE and + for so long as you are not in breach of any provision of this Agreement, a + License to the Basic Features and Functions of the Elastic Software. + + 1.2 Reservation of Rights; Restrictions. As between Elastic and You, Elastic + and its licensors own all right, title and interest in and to the Elastic + Software, and except as expressly set forth in Sections 1.1, and 2.1 of this + Agreement, no other license to the Elastic Software is granted to You under + this Agreement, by implication, estoppel or otherwise. You agree not to: (i) + reverse engineer or decompile, decrypt, disassemble or otherwise reduce any + Elastic Software provided to You in Object Code, or any portion thereof, to + Source Code, except and only to the extent any such restriction is prohibited + by applicable law, (ii) except as expressly permitted in this Agreement, + prepare derivative works from, modify, copy or use the Elastic Software Object + Code or the Commercial Software Source Code in any manner; (iii) except as + expressly permitted in Section 1.1 above, transfer, sell, rent, lease, + distribute, sublicense, loan or otherwise transfer, Elastic Software Object + Code, in whole or in part, to any third party; (iv) use Elastic Software + Object Code for providing time-sharing services, any software-as-a-service, + service bureau services or as part of an application services provider or + other service offering (collectively, "SaaS Offering") where obtaining access + to the Elastic Software or the features and functions of the Elastic Software + is a primary reason or substantial motivation for users of the SaaS Offering + to access and/or use the SaaS Offering ("Prohibited SaaS Offering"); (v) + circumvent the limitations on use of Elastic Software provided to You in + Object Code format that are imposed or preserved by any License Key, or (vi) + alter or remove any Marks and Notices in the Elastic Software. If You have any + question as to whether a specific SaaS Offering constitutes a Prohibited SaaS + Offering, or are interested in obtaining Elastic's permission to engage in + commercial or non-commercial distribution of the Elastic Software, please + contact elastic_license@elastic.co. + + 1.3 Third Party Open Source Software. The Commercial Software may contain or + be provided with third party open source libraries, components, utilities and + other open source software (collectively, "Open Source Software"), which Open + Source Software may have applicable license terms as identified on a website + designated by Elastic. Notwithstanding anything to the contrary herein, use of + the Open Source Software shall be subject to the license terms and conditions + applicable to such Open Source Software, to the extent required by the + applicable licensor (which terms shall not restrict the license rights granted + to You hereunder, but may contain additional rights). To the extent any + condition of this Agreement conflicts with any license to the Open Source + Software, the Open Source Software license will govern with respect to such + Open Source Software only. Elastic may also separately provide you with + certain open source software that is licensed by Elastic. Your use of such + Elastic open source software will not be governed by this Agreement, but by + the applicable open source license terms. + +2. COMMERCIAL SOFTWARE SOURCE CODE + + 2.1 Limited License. Subject to the terms and conditions of Section 2.2 of + this Agreement, Elastic hereby grants to You, AT NO CHARGE and for so long as + you are not in breach of any provision of this Agreement, a limited, + non-exclusive, non-transferable, fully paid up royalty free right and license + to the Commercial Software in Source Code format, without the right to grant + or authorize sublicenses, to prepare Derivative Works of the Commercial + Software, provided You (i) do not hack the licensing mechanism, or otherwise + circumvent the intended limitations on the use of Elastic Software to enable + features other than Basic Features and Functions or those features You are + entitled to as part of a Subscription, and (ii) use the resulting object code + only for reasonable testing purposes. + + 2.2 Restrictions. Nothing in Section 2.1 grants You the right to (i) use the + Commercial Software Source Code other than in accordance with Section 2.1 + above, (ii) use a Derivative Work of the Commercial Software outside of a + Non-production Environment, in any production capacity, on a temporary or + permanent basis, or (iii) transfer, sell, rent, lease, distribute, sublicense, + loan or otherwise make available the Commercial Software Source Code, in whole + or in part, to any third party. Notwithstanding the foregoing, You may + maintain a copy of the repository in which the Source Code of the Commercial + Software resides and that copy may be publicly accessible, provided that you + include this Agreement with Your copy of the repository. + +3. TERMINATION + + 3.1 Termination. This Agreement will automatically terminate, whether or not + You receive notice of such Termination from Elastic, if You breach any of its + provisions. + + 3.2 Post Termination. Upon any termination of this Agreement, for any reason, + You shall promptly cease the use of the Elastic Software in Object Code format + and cease use of the Commercial Software in Source Code format. For the + avoidance of doubt, termination of this Agreement will not affect Your right + to use Elastic Software, in either Object Code or Source Code formats, made + available under the Apache License Version 2.0. + + 3.3 Survival. Sections 1.2, 2.2. 3.3, 4 and 5 shall survive any termination or + expiration of this Agreement. + +4. DISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITY + + 4.1 Disclaimer of Warranties. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE + LAW, THE ELASTIC SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, + AND ELASTIC AND ITS LICENSORS MAKE NO WARRANTIES WHETHER EXPRESSED, IMPLIED OR + STATUTORY REGARDING OR RELATING TO THE ELASTIC SOFTWARE. TO THE MAXIMUM EXTENT + PERMITTED UNDER APPLICABLE LAW, ELASTIC AND ITS LICENSORS SPECIFICALLY + DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + PURPOSE AND NON-INFRINGEMENT WITH RESPECT TO THE ELASTIC SOFTWARE, AND WITH + RESPECT TO THE USE OF THE FOREGOING. FURTHER, ELASTIC DOES NOT WARRANT RESULTS + OF USE OR THAT THE ELASTIC SOFTWARE WILL BE ERROR FREE OR THAT THE USE OF THE + ELASTIC SOFTWARE WILL BE UNINTERRUPTED. + + 4.2 Limitation of Liability. IN NO EVENT SHALL ELASTIC OR ITS LICENSORS BE + LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT OR INDIRECT DAMAGES, + INCLUDING, WITHOUT LIMITATION, FOR ANY LOSS OF PROFITS, LOSS OF USE, BUSINESS + INTERRUPTION, LOSS OF DATA, COST OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY + SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND, IN CONNECTION WITH + OR ARISING OUT OF THE USE OR INABILITY TO USE THE ELASTIC SOFTWARE, OR THE + PERFORMANCE OF OR FAILURE TO PERFORM THIS AGREEMENT, WHETHER ALLEGED AS A + BREACH OF CONTRACT OR TORTIOUS CONDUCT, INCLUDING NEGLIGENCE, EVEN IF ELASTIC + HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +5. MISCELLANEOUS + + This Agreement completely and exclusively states the entire agreement of the + parties regarding the subject matter herein, and it supersedes, and its terms + govern, all prior proposals, agreements, or other communications between the + parties, oral or written, regarding such subject matter. This Agreement may be + modified by Elastic from time to time, and any such modifications will be + effective upon the "Posted Date" set forth at the top of the modified + Agreement. If any provision hereof is held unenforceable, this Agreement will + continue without said provision and be interpreted to reflect the original + intent of the parties. This Agreement and any non-contractual obligation + arising out of or in connection with it, is governed exclusively by Dutch law. + This Agreement shall not be governed by the 1980 UN Convention on Contracts + for the International Sale of Goods. All disputes arising out of or in + connection with this Agreement, including its existence and validity, shall be + resolved by the courts with jurisdiction in Amsterdam, The Netherlands, except + where mandatory law provides for the courts at another location in The + Netherlands to have jurisdiction. The parties hereby irrevocably waive any and + all claims and defenses either might otherwise have in any such action or + proceeding in any of such courts based upon any alleged lack of personal + jurisdiction, improper venue, forum non conveniens or any similar claim or + defense. A breach or threatened breach, by You of Section 2 may cause + irreparable harm for which damages at law may not provide adequate relief, and + therefore Elastic shall be entitled to seek injunctive relief without being + required to post a bond. You may not assign this Agreement (including by + operation of law in connection with a merger or acquisition), in whole or in + part to any third party without the prior written consent of Elastic, which + may be withheld or granted by Elastic in its sole and absolute discretion. + Any assignment in violation of the preceding sentence is void. Notices to + Elastic may also be sent to legal@elastic.co. + +6. DEFINITIONS + + The following terms have the meanings ascribed: + + 6.1 "Affiliate" means, with respect to a party, any entity that controls, is + controlled by, or which is under common control with, such party, where + "control" means ownership of at least fifty percent (50%) of the outstanding + voting shares of the entity, or the contractual right to establish policy for, + and manage the operations of, the entity. + + 6.2 "Basic Features and Functions" means those features and functions of the + Elastic Software that are eligible for use under a Basic license, as set forth + at https://www.elastic.co/subscriptions, as may be modified by Elastic from + time to time. + + 6.3 "Commercial Software" means the Elastic Software Source Code in any file + containing a header stating the contents are subject to the Elastic License or + which is contained in the repository folder labeled "x-pack", unless a LICENSE + file present in the directory subtree declares a different license. + + 6.4 "Derivative Work of the Commercial Software" means, for purposes of this + Agreement, any modification(s) or enhancement(s) to the Commercial Software, + which represent, as a whole, an original work of authorship. + + 6.5 "License" means a limited, non-exclusive, non-transferable, fully paid up, + royalty free, right and license, without the right to grant or authorize + sublicenses, solely for Your internal business operations to (i) install and + use the applicable Features and Functions of the Elastic Software in Object + Code, and (ii) permit Contractors and Your Affiliates to use the Elastic + software as set forth in (i) above, provided that such use by Contractors must + be solely for Your benefit and/or the benefit of Your Affiliates, and You + shall be responsible for all acts and omissions of such Contractors and + Affiliates in connection with their use of the Elastic software that are + contrary to the terms and conditions of this Agreement. + + 6.6 "License Key" means a sequence of bytes, including but not limited to a + JSON blob, that is used to enable certain features and functions of the + Elastic Software. + + 6.7 "Marks and Notices" means all Elastic trademarks, trade names, logos and + notices present on the Documentation as originally provided by Elastic. + + 6.8 "Non-production Environment" means an environment for development, testing + or quality assurance, where software is not used for production purposes. + + 6.9 "Object Code" means any form resulting from mechanical transformation or + translation of Source Code form, including but not limited to compiled object + code, generated documentation, and conversions to other media types. + + 6.10 "Source Code" means the preferred form of computer software for making + modifications, including but not limited to software source code, + documentation source, and configuration files. + + 6.11 "Subscription" means the right to receive Support Services and a License + to the Commercial Software. + + +GOVERNMENT END USER ADDENDUM TO THE ELASTIC LICENSE AGREEMENT + + This ADDENDUM TO THE ELASTIC LICENSE AGREEMENT (this "Addendum") applies +only to U.S. Federal Government, State Government, and Local Government +entities ("Government End Users") of the Elastic Software. This Addendum is +subject to, and hereby incorporated into, the Elastic License Agreement, +which is being entered into as of even date herewith, by Elastic and You (the +"Agreement"). This Addendum sets forth additional terms and conditions +related to Your use of the Elastic Software. Capitalized terms not defined in +this Addendum have the meaning set forth in the Agreement. + + 1. LIMITED LICENSE TO DISTRIBUTE (DSOP ONLY). Subject to the terms and +conditions of the Agreement (including this Addendum), Elastic grants the +Department of Defense Enterprise DevSecOps Initiative (DSOP) a royalty-free, +non-exclusive, non-transferable, limited license to reproduce and distribute +the Elastic Software solely through a software distribution repository +controlled and managed by DSOP, provided that DSOP: (i) distributes the +Elastic Software complete and unmodified, inclusive of the Agreement +(including this Addendum) and (ii) does not remove or alter any proprietary +legends or notices contained in the Elastic Software. + + 2. CHOICE OF LAW. The choice of law and venue provisions set forth shall +prevail over those set forth in Section 5 of the Agreement. + + "For U.S. Federal Government Entity End Users. This Agreement and any + non-contractual obligation arising out of or in connection with it, is + governed exclusively by U.S. Federal law. To the extent permitted by + federal law, the laws of the State of Delaware (excluding Delaware choice + of law rules) will apply in the absence of applicable federal law. + + For State and Local Government Entity End Users. This Agreement and any + non-contractual obligation arising out of or in connection with it, is + governed exclusively by the laws of the state in which you are located + without reference to conflict of laws. Furthermore, the Parties agree that + the Uniform Computer Information Transactions Act or any version thereof, + adopted by any state in any form ('UCITA'), shall not apply to this + Agreement and, to the extent that UCITA is applicable, the Parties agree to + opt out of the applicability of UCITA pursuant to the opt-out provision(s) + contained therein." + + 3. ELASTIC LICENSE MODIFICATION. Section 5 of the Agreement is hereby +amended to replace + + "This Agreement may be modified by Elastic from time to time, and any + such modifications will be effective upon the "Posted Date" set forth at + the top of the modified Agreement." + + with: + + "This Agreement may be modified by Elastic from time to time; provided, + however, that any such modifications shall apply only to Elastic Software + that is installed after the "Posted Date" set forth at the top of the + modified Agreement." + +V100820.0 diff --git a/dev-tools/packaging/templates/ironbank/auditbeat/Dockerfile b/dev-tools/packaging/templates/ironbank/auditbeat/Dockerfile new file mode 100644 index 00000000000..1253f9a5d7b --- /dev/null +++ b/dev-tools/packaging/templates/ironbank/auditbeat/Dockerfile @@ -0,0 +1,81 @@ +################################################################################ +# Build stage 0 +# Extract Auditbeat and make various file manipulations. +################################################################################ +ARG BASE_REGISTRY=registry1.dsop.io +ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 +ARG BASE_TAG=8.6 + +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as builder + +ARG ELASTIC_STACK={{ beat_version }} +ARG ELASTIC_PRODUCT=auditbeat +ARG OS_AND_ARCH=linux-x86_64 + +RUN mkdir /usr/share/${ELASTIC_PRODUCT} +WORKDIR /usr/share/${ELASTIC_PRODUCT} +COPY --chown=1000:0 ${ELASTIC_PRODUCT}-${ELASTIC_STACK}-${OS_AND_ARCH}.tar.gz . +RUN tar --strip-components=1 -zxf ${ELASTIC_PRODUCT}-${ELASTIC_STACK}-${OS_AND_ARCH}.tar.gz \ + && rm ${ELASTIC_PRODUCT}-${ELASTIC_STACK}-${OS_AND_ARCH}.tar.gz +COPY config/auditbeat.yml /usr/share/${ELASTIC_PRODUCT} + +# Support arbitrary user ids +# Ensure that group permissions are the same as user permissions. +# This will help when relying on GID-0 to run Kibana, rather than UID-1000. +# OpenShift does this, for example. +# REF: https://docs.okd.io/latest/openshift_images/create-images.html +RUN chmod -R g=u /usr/share/${ELASTIC_PRODUCT} + +# Create auxiliar folders and assing default permissions. +RUN mkdir /usr/share/${ELASTIC_PRODUCT}/data /usr/share/${ELASTIC_PRODUCT}/logs && \ + chown -R root:root /usr/share/${ELASTIC_PRODUCT} && \ + find /usr/share/${ELASTIC_PRODUCT} -type d -exec chmod 0750 {} \; && \ + find /usr/share/${ELASTIC_PRODUCT} -type f -exec chmod 0640 {} \; && \ + chmod 0750 /usr/share/${ELASTIC_PRODUCT}/${ELASTIC_PRODUCT} && \ + chmod 0770 /usr/share/${ELASTIC_PRODUCT}/data /usr/share/${ELASTIC_PRODUCT}/logs + +################################################################################ +# Build stage 1 +# Copy prepared files from the previous stage and complete the image. +################################################################################ +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +ARG ELASTIC_PRODUCT=auditbeat + +COPY LICENSE /licenses/elastic-${ELASTIC_PRODUCT} + +# Add a dumb init process +COPY tinit /tinit +RUN chmod +x /tinit + +# Bring in product from the initial stage. +COPY --from=builder --chown=1000:0 /usr/share/${ELASTIC_PRODUCT} /usr/share/${ELASTIC_PRODUCT} +WORKDIR /usr/share/${ELASTIC_PRODUCT} +RUN ln -s /usr/share/${ELASTIC_PRODUCT} /opt/${ELASTIC_PRODUCT} + +ENV ELASTIC_CONTAINER="true" +RUN ln -s /usr/share/${ELASTIC_PRODUCT}/${ELASTIC_PRODUCT} /usr/bin/${ELASTIC_PRODUCT} + +# Support arbitrary user ids +# Ensure gid 0 write permissions for OpenShift. +RUN chmod -R g+w /usr/share/${ELASTIC_PRODUCT} + +# config file ("${ELASTIC_PRODUCT}.yml") can only be writable by the root and group root +# it is needed on some configurations where the container needs to run as root +RUN chown root:root /usr/share/${ELASTIC_PRODUCT}/${ELASTIC_PRODUCT}.yml \ + && chmod go-w /usr/share/${ELASTIC_PRODUCT}/${ELASTIC_PRODUCT}.yml + +# Remove the suid bit everywhere to mitigate "Stack Clash" +RUN find / -xdev -perm -4000 -exec chmod u-s {} + + +# Provide a non-root user to run the process. +RUN groupadd --gid 1000 ${ELASTIC_PRODUCT} && useradd --uid 1000 --gid 1000 --groups 0 --home-dir /usr/share/${ELASTIC_PRODUCT} --no-create-home ${ELASTIC_PRODUCT} + +USER ${ELASTIC_PRODUCT} +ENV ELASTIC_PRODUCT=${ELASTIC_PRODUCT} + +ENTRYPOINT ["/tinit", "--", "/usr/share/auditbeat/auditbeat", "-E", "http.enabled=true", "-E", "http.host=unix:///usr/share/auditbeat/data/auditbeat.sock"] +CMD ["-environment", "container"] + +# see https://www.elastic.co/guide/en/beats/auditbeat/current/http-endpoint.html +HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD curl -I -f --max-time 5 --unix-socket '/usr/share/auditbeat/data/auditbeat.sock' 'http:/stats?pretty' diff --git a/dev-tools/packaging/templates/ironbank/auditbeat/README.md b/dev-tools/packaging/templates/ironbank/auditbeat/README.md new file mode 100644 index 00000000000..f2248f50e72 --- /dev/null +++ b/dev-tools/packaging/templates/ironbank/auditbeat/README.md @@ -0,0 +1,38 @@ +# Auditbeat + +**Auditbeat** Lightweight shipper for audit data + +Collect your Linux audit framework data and monitor the integrity of your files. +Auditbeat ships these events in real time to the rest of the Elastic Stack for further analysis. + +For more information about Auditbeat, please visit +https://www.elastic.co/products/beats/auditbeat. + +### Installation instructions + +Please follow the documentation on [running Auditbeat on Docker](https://www.elastic.co/guide/en/beats/auditbeat/current/running-on-docker.html). + +### Where to file issues and PRs + +- [Issues](https://github.com/elastic/beats/issues) +- [PRs](https://github.com/elastic/beats/pulls) + +### DoD Restrictions + +### Where to get help + +- [Auditbeat Discuss Forums](https://discuss.elastic.co/tags/c/elastic-stack/beats/28/auditbeat) +- [Auditbeat Documentation](https://www.elastic.co/guide/en/beats/auditbeat/current/index.html) + +### Still need help? + +You can learn more about the Elastic Community and also understand how to get more help +visiting [Elastic Community](https://www.elastic.co/community). + +This software is governed by the [Elastic +License](https://github.com/elastic/beats/blob/{{ .MajorMinor }}/licenses/ELASTIC-LICENSE.txt), +and includes the full set of [free +features](https://www.elastic.co/subscriptions). + +View the detailed release notes +[here](https://www.elastic.co/guide/en/beats/libbeat/current/release-notes-{{ beat_version }}.html). diff --git a/dev-tools/packaging/templates/ironbank/auditbeat/hardening_manifest.yaml b/dev-tools/packaging/templates/ironbank/auditbeat/hardening_manifest.yaml new file mode 100644 index 00000000000..e6094bc1952 --- /dev/null +++ b/dev-tools/packaging/templates/ironbank/auditbeat/hardening_manifest.yaml @@ -0,0 +1,63 @@ +--- +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "elastic/beats/auditbeat" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: + - "{{ beat_version }}" + - "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "redhat/ubi/ubi8" + BASE_TAG: "8.6" + ELASTIC_STACK: "{{ beat_version }}" + ELASTIC_PRODUCT: "auditbeat" + +# Docker image labels +labels: + org.opencontainers.image.title: "auditbeat" + ## Human-readable description of the software packaged in the image + org.opencontainers.image.description: "Auditbeat Lightweight shipper for audit data" + ## License(s) under which contained software is distributed + org.opencontainers.image.licenses: "Elastic License" + ## URL to find more information on the image + org.opencontainers.image.url: "https://www.elastic.co/products/beats/auditbeat" + ## Name of the distributing entity, organization or individual + org.opencontainers.image.vendor: "Elastic" + org.opencontainers.image.version: "{{ beat_version }}" + ## Keywords to help with search (ex. "cicd,gitops,golang") + mil.dso.ironbank.image.keywords: "audit,observabilty,o11y,oblt,beats,elastic,elasticsearch,golang" + ## This value can be "opensource" or "commercial" + mil.dso.ironbank.image.type: "commercial" + ## Product the image belongs to for grouping multiple images + mil.dso.ironbank.product.name: "beats" + +# List of resources to make available to the offline build context +resources: + - filename: "auditbeat-{{ beat_version }}-linux-x86_64.tar.gz" + url: "/auditbeat-{{ beat_version }}-linux-x86_64.tar.gz" + validation: + type: "sha512" + value: "" + - filename: tinit + url: https://github.com/krallin/tini/releases/download/v0.19.0/tini-amd64 + validation: + type: sha256 + value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c + +# List of project maintainers +maintainers: + - email: "nassim.kammah@elastic.co" + name: "Nassim Kammah" + username: "nassim.kammah" + - email: "ivan.fernandez@elastic.co" + name: "Ivan Fernandez Calvo" + username: "ivan.fernandez" + - email: "victor.martinez@elastic.co" + name: "Victor Martinez" + username: "victor.martinez" diff --git a/dev-tools/packaging/templates/ironbank/filebeat/Dockerfile b/dev-tools/packaging/templates/ironbank/filebeat/Dockerfile new file mode 100644 index 00000000000..f19d65a449f --- /dev/null +++ b/dev-tools/packaging/templates/ironbank/filebeat/Dockerfile @@ -0,0 +1,81 @@ +################################################################################ +# Build stage 0 +# Extract Filebeat and make various file manipulations. +################################################################################ +ARG BASE_REGISTRY=registry1.dsop.io +ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 +ARG BASE_TAG=8.6 + +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as builder + +ARG ELASTIC_STACK={{ beat_version }} +ARG ELASTIC_PRODUCT=filebeat +ARG OS_AND_ARCH=linux-x86_64 + +RUN mkdir /usr/share/${ELASTIC_PRODUCT} +WORKDIR /usr/share/${ELASTIC_PRODUCT} +COPY --chown=1000:0 ${ELASTIC_PRODUCT}-${ELASTIC_STACK}-${OS_AND_ARCH}.tar.gz . +RUN tar --strip-components=1 -zxf ${ELASTIC_PRODUCT}-${ELASTIC_STACK}-${OS_AND_ARCH}.tar.gz \ + && rm ${ELASTIC_PRODUCT}-${ELASTIC_STACK}-${OS_AND_ARCH}.tar.gz +#COPY config/filebeat.yml /usr/share/${ELASTIC_PRODUCT} + +# Support arbitrary user ids +# Ensure that group permissions are the same as user permissions. +# This will help when relying on GID-0 to run Kibana, rather than UID-1000. +# OpenShift does this, for example. +# REF: https://docs.okd.io/latest/openshift_images/create-images.html +RUN chmod -R g=u /usr/share/${ELASTIC_PRODUCT} + +# Create auxiliar folders and assing default permissions. +RUN mkdir /usr/share/${ELASTIC_PRODUCT}/data /usr/share/${ELASTIC_PRODUCT}/logs && \ + chown -R root:root /usr/share/${ELASTIC_PRODUCT} && \ + find /usr/share/${ELASTIC_PRODUCT} -type d -exec chmod 0750 {} \; && \ + find /usr/share/${ELASTIC_PRODUCT} -type f -exec chmod 0640 {} \; && \ + chmod 0750 /usr/share/${ELASTIC_PRODUCT}/${ELASTIC_PRODUCT} && \ + chmod 0770 /usr/share/${ELASTIC_PRODUCT}/data /usr/share/${ELASTIC_PRODUCT}/logs + +################################################################################ +# Build stage 1 +# Copy prepared files from the previous stage and complete the image. +################################################################################ +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +ARG ELASTIC_PRODUCT=filebeat + +COPY LICENSE /licenses/elastic-${ELASTIC_PRODUCT} + +# Add a dumb init process +COPY tinit /tinit +RUN chmod +x /tinit + +# Bring in product from the initial stage. +COPY --from=builder --chown=1000:0 /usr/share/${ELASTIC_PRODUCT} /usr/share/${ELASTIC_PRODUCT} +WORKDIR /usr/share/${ELASTIC_PRODUCT} +RUN ln -s /usr/share/${ELASTIC_PRODUCT} /opt/${ELASTIC_PRODUCT} + +ENV ELASTIC_CONTAINER="true" +RUN ln -s /usr/share/${ELASTIC_PRODUCT}/${ELASTIC_PRODUCT} /usr/bin/${ELASTIC_PRODUCT} + +# Support arbitrary user ids +# Ensure gid 0 write permissions for OpenShift. +RUN chmod -R g+w /usr/share/${ELASTIC_PRODUCT} + +# config file ("${ELASTIC_PRODUCT}.yml") can only be writable by the root and group root +# it is needed on some configurations where the container needs to run as root +RUN chown root:root /usr/share/${ELASTIC_PRODUCT}/${ELASTIC_PRODUCT}.yml \ + && chmod go-w /usr/share/${ELASTIC_PRODUCT}/${ELASTIC_PRODUCT}.yml + +# Remove the suid bit everywhere to mitigate "Stack Clash" +RUN find / -xdev -perm -4000 -exec chmod u-s {} + + +# Provide a non-root user to run the process. +RUN groupadd --gid 1000 ${ELASTIC_PRODUCT} && useradd --uid 1000 --gid 1000 --groups 0 --home-dir /usr/share/${ELASTIC_PRODUCT} --no-create-home ${ELASTIC_PRODUCT} + +USER ${ELASTIC_PRODUCT} +ENV ELASTIC_PRODUCT=${ELASTIC_PRODUCT} + +ENTRYPOINT ["/tinit", "--", "/usr/share/filebeat/filebeat", "-E", "http.enabled=true", "-E", "http.host=unix:///usr/share/filebeat/data/filebeat.sock"] +CMD ["-environment", "container"] + +# see https://www.elastic.co/guide/en/beats/filebeat/current/http-endpoint.html +HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD curl -I -f --max-time 5 --unix-socket '/usr/share/filebeat/data/filebeat.sock' 'http:/stats/?pretty' diff --git a/dev-tools/packaging/templates/ironbank/filebeat/README.md b/dev-tools/packaging/templates/ironbank/filebeat/README.md new file mode 100644 index 00000000000..c3424c79723 --- /dev/null +++ b/dev-tools/packaging/templates/ironbank/filebeat/README.md @@ -0,0 +1,37 @@ +# filebeat + +**filebeat** Lightweight shipper for logs + +Forget using SSH when you have tens, hundreds, or even thousands of servers, virtual machines, and containers generating logs. Filebeat helps you keep the simple things simple by offering a lightweight way to forward and centralize logs and files. + +For more information about filebeat, please visit +https://www.elastic.co/products/beats/filebeat. + +### Installation instructions + +Please follow the documentation on [running filebeat on Docker](https://www.elastic.co/guide/en/beats/filebeat/current/running-on-docker.html). + +### Where to file issues and PRs + +- [Issues](https://github.com/elastic/beats/issues) +- [PRs](https://github.com/elastic/beats/pulls) + +### DoD Restrictions + +### Where to get help + +- [filebeat Discuss Forums](https://discuss.elastic.co/tags/c/elastic-stack/beats/28/filebeat) +- [filebeat Documentation](https://www.elastic.co/guide/en/beats/filebeat/current/index.html) + +### Still need help? + +You can learn more about the Elastic Community and also understand how to get more help +visiting [Elastic Community](https://www.elastic.co/community). + +This software is governed by the [Elastic +License](https://github.com/elastic/beats/blob/{{ .MajorMinor }}/licenses/ELASTIC-LICENSE.txt), +and includes the full set of [free +features](https://www.elastic.co/subscriptions). + +View the detailed release notes +[here](https://www.elastic.co/guide/en/beats/libbeat/current/release-notes-{{ beat_version }}.html). diff --git a/dev-tools/packaging/templates/ironbank/filebeat/hardening_manifest.yaml b/dev-tools/packaging/templates/ironbank/filebeat/hardening_manifest.yaml new file mode 100644 index 00000000000..161a4458ade --- /dev/null +++ b/dev-tools/packaging/templates/ironbank/filebeat/hardening_manifest.yaml @@ -0,0 +1,63 @@ +--- +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "elastic/beats/filebeat" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: + - "{{ beat_version }}" + - "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "redhat/ubi/ubi8" + BASE_TAG: "8.6" + ELASTIC_STACK: "{{ beat_version }}" + ELASTIC_PRODUCT: "filebeat" + +# Docker image labels +labels: + org.opencontainers.image.title: "filebeat" + ## Human-readable description of the software packaged in the image + org.opencontainers.image.description: "filebeat Lightweight shipper for logs" + ## License(s) under which contained software is distributed + org.opencontainers.image.licenses: "Elastic License" + ## URL to find more information on the image + org.opencontainers.image.url: "https://www.elastic.co/products/beats/filebeat" + ## Name of the distributing entity, organization or individual + org.opencontainers.image.vendor: "Elastic" + org.opencontainers.image.version: "{{ beat_version }}" + ## Keywords to help with search (ex. "cicd,gitops,golang") + mil.dso.ironbank.image.keywords: "log,observabilty,o11y,oblt,beats,elastic,elasticsearch,golang" + ## This value can be "opensource" or "commercial" + mil.dso.ironbank.image.type: "commercial" + ## Product the image belongs to for grouping multiple images + mil.dso.ironbank.product.name: "beats" + +# List of resources to make available to the offline build context +resources: + - filename: "filebeat-{{ beat_version }}-linux-x86_64.tar.gz" + url: "/filebeat-{{ beat_version }}-linux-x86_64.tar.gz" + validation: + type: "sha512" + value: "" + - filename: tinit + url: https://github.com/krallin/tini/releases/download/v0.19.0/tini-amd64 + validation: + type: sha256 + value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c + +# List of project maintainers +maintainers: + - email: "nassim.kammah@elastic.co" + name: "Nassim Kammah" + username: "nassim.kammah" + - email: "ivan.fernandez@elastic.co" + name: "Ivan Fernandez Calvo" + username: "ivan.fernandez" + - email: "victor.martinez@elastic.co" + name: "Victor Martinez" + username: "victor.martinez" diff --git a/dev-tools/packaging/templates/ironbank/metricbeat/Dockerfile b/dev-tools/packaging/templates/ironbank/metricbeat/Dockerfile new file mode 100644 index 00000000000..745f83009bb --- /dev/null +++ b/dev-tools/packaging/templates/ironbank/metricbeat/Dockerfile @@ -0,0 +1,82 @@ +################################################################################ +# Build stage 0 +# Extract Metricbeat and make various file manipulations. +################################################################################ +ARG BASE_REGISTRY=registry1.dsop.io +ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 +ARG BASE_TAG=8.6 + +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as builder + +ARG ELASTIC_STACK={{ beat_version }} +ARG ELASTIC_PRODUCT=metricbeat +ARG OS_AND_ARCH=linux-x86_64 + +RUN mkdir /usr/share/${ELASTIC_PRODUCT} +WORKDIR /usr/share/${ELASTIC_PRODUCT} +COPY --chown=1000:0 ${ELASTIC_PRODUCT}-${ELASTIC_STACK}-${OS_AND_ARCH}.tar.gz . +RUN tar --strip-components=1 -zxf ${ELASTIC_PRODUCT}-${ELASTIC_STACK}-${OS_AND_ARCH}.tar.gz \ + && rm ${ELASTIC_PRODUCT}-${ELASTIC_STACK}-${OS_AND_ARCH}.tar.gz +#COPY config/metricbeat.yml /usr/share/${ELASTIC_PRODUCT} + +# Support arbitrary user ids +# Ensure that group permissions are the same as user permissions. +# This will help when relying on GID-0 to run Kibana, rather than UID-1000. +# OpenShift does this, for example. +# REF: https://docs.okd.io/latest/openshift_images/create-images.html +RUN chmod -R g=u /usr/share/${ELASTIC_PRODUCT} + +# Create auxiliar folders and assing default permissions. +RUN mkdir /usr/share/${ELASTIC_PRODUCT}/data /usr/share/${ELASTIC_PRODUCT}/logs && \ + chown -R root:root /usr/share/${ELASTIC_PRODUCT} && \ + find /usr/share/${ELASTIC_PRODUCT} -type d -exec chmod 0750 {} \; && \ + find /usr/share/${ELASTIC_PRODUCT} -type f -exec chmod 0640 {} \; && \ + chmod 0750 /usr/share/${ELASTIC_PRODUCT}/${ELASTIC_PRODUCT} && \ + chmod 0770 /usr/share/${ELASTIC_PRODUCT}/data /usr/share/${ELASTIC_PRODUCT}/logs + +################################################################################ +# Build stage 1 +# Copy prepared files from the previous stage and complete the image. +################################################################################ +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +ARG ELASTIC_PRODUCT=metricbeat + +COPY LICENSE /licenses/elastic-${ELASTIC_PRODUCT} + +# Add a dumb init process +COPY tinit /tinit +RUN chmod +x /tinit + +# Bring in product from the initial stage. +COPY --from=builder --chown=1000:0 /usr/share/${ELASTIC_PRODUCT} /usr/share/${ELASTIC_PRODUCT} +WORKDIR /usr/share/${ELASTIC_PRODUCT} +RUN ln -s /usr/share/${ELASTIC_PRODUCT} /opt/${ELASTIC_PRODUCT} + +ENV ELASTIC_CONTAINER="true" +RUN ln -s /usr/share/${ELASTIC_PRODUCT}/${ELASTIC_PRODUCT} /usr/bin/${ELASTIC_PRODUCT} + +# Support arbitrary user ids +# Ensure gid 0 write permissions for OpenShift. +RUN chmod -R g+w /usr/share/${ELASTIC_PRODUCT} + +# config file ("${ELASTIC_PRODUCT}.yml") can only be writable by the root and group root +# it is needed on some configurations where the container needs to run as root +RUN chown root:root /usr/share/${ELASTIC_PRODUCT}/${ELASTIC_PRODUCT}.yml \ + && chmod go-w /usr/share/${ELASTIC_PRODUCT}/${ELASTIC_PRODUCT}.yml \ + && chmod go-w /usr/share/${ELASTIC_PRODUCT}/modules.d/system.yml + +# Remove the suid bit everywhere to mitigate "Stack Clash" +RUN find / -xdev -perm -4000 -exec chmod u-s {} + + +# Provide a non-root user to run the process. +RUN groupadd --gid 1000 ${ELASTIC_PRODUCT} && useradd --uid 1000 --gid 1000 --groups 0 --home-dir /usr/share/${ELASTIC_PRODUCT} --no-create-home ${ELASTIC_PRODUCT} + +USER ${ELASTIC_PRODUCT} +ENV ELASTIC_PRODUCT=${ELASTIC_PRODUCT} + +ENTRYPOINT ["/tinit", "--", "/usr/share/metricbeat/metricbeat", "-E", "http.enabled=true", "-E", "http.host=unix:///usr/share/metricbeat/data/metricbeat.sock"] +CMD ["-environment", "container"] + +# see https://www.elastic.co/guide/en/beats/metricbeat/current/http-endpoint.html +HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD curl -I -f --max-time 5 --unix-socket '/usr/share/metricbeat/data/metricbeat.sock' 'http:/stats/?pretty' diff --git a/dev-tools/packaging/templates/ironbank/metricbeat/README.md b/dev-tools/packaging/templates/ironbank/metricbeat/README.md new file mode 100644 index 00000000000..b6c75af420d --- /dev/null +++ b/dev-tools/packaging/templates/ironbank/metricbeat/README.md @@ -0,0 +1,37 @@ +# metricbeat + +**metricbeat** Lightweight shipper for metrics + +Collect metrics from your systems and services. From CPU to memory, Redis to NGINX, and much more, Metricbeat is a lightweight way to send system and service statistics. + +For more information about metricbeat, please visit +https://www.elastic.co/products/beats/metricbeat. + +### Installation instructions + +Please follow the documentation on [running metricbeat on Docker](https://www.elastic.co/guide/en/beats/metricbeat/current/running-on-docker.html). + +### Where to file issues and PRs + +- [Issues](https://github.com/elastic/beats/issues) +- [PRs](https://github.com/elastic/beats/pulls) + +### DoD Restrictions + +### Where to get help + +- [metricbeat Discuss Forums](https://discuss.elastic.co/tags/c/elastic-stack/beats/28/metricbeat) +- [metricbeat Documentation](https://www.elastic.co/guide/en/beats/metricbeat/current/index.html) + +### Still need help? + +You can learn more about the Elastic Community and also understand how to get more help +visiting [Elastic Community](https://www.elastic.co/community). + +This software is governed by the [Elastic +License](https://github.com/elastic/beats/blob/{{ .MajorMinor }}/licenses/ELASTIC-LICENSE.txt), +and includes the full set of [free +features](https://www.elastic.co/subscriptions). + +View the detailed release notes +[here](https://www.elastic.co/guide/en/beats/libbeat/current/release-notes-{{ beat_version }}.html). diff --git a/dev-tools/packaging/templates/ironbank/metricbeat/hardening_manifest.yaml b/dev-tools/packaging/templates/ironbank/metricbeat/hardening_manifest.yaml new file mode 100644 index 00000000000..f625c847625 --- /dev/null +++ b/dev-tools/packaging/templates/ironbank/metricbeat/hardening_manifest.yaml @@ -0,0 +1,63 @@ +--- +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "elastic/beats/metricbeat" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: + - "{{ beat_version }}" + - "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "redhat/ubi/ubi8" + BASE_TAG: "8.6" + ELASTIC_STACK: "{{ beat_version }}" + ELASTIC_PRODUCT: "metricbeat" + +# Docker image labels +labels: + org.opencontainers.image.title: "metricbeat" + ## Human-readable description of the software packaged in the image + org.opencontainers.image.description: "metricbeat Lightweight shipper for metrics" + ## License(s) under which contained software is distributed + org.opencontainers.image.licenses: "Elastic License" + ## URL to find more information on the image + org.opencontainers.image.url: "https://www.elastic.co/products/beats/metricbeat" + ## Name of the distributing entity, organization or individual + org.opencontainers.image.vendor: "Elastic" + org.opencontainers.image.version: "{{ beat_version }}" + ## Keywords to help with search (ex. "cicd,gitops,golang") + mil.dso.ironbank.image.keywords: "metrics,observabilty,o11y,oblt,beats,elastic,elasticsearch,golang" + ## This value can be "opensource" or "commercial" + mil.dso.ironbank.image.type: "commercial" + ## Product the image belongs to for grouping multiple images + mil.dso.ironbank.product.name: "beats" + +# List of resources to make available to the offline build context +resources: + - filename: "metricbeat-{{ beat_version }}-linux-x86_64.tar.gz" + url: "/metricbeat-{{ beat_version }}-linux-x86_64.tar.gz" + validation: + type: "sha512" + value: "" + - filename: tinit + url: https://github.com/krallin/tini/releases/download/v0.19.0/tini-amd64 + validation: + type: sha256 + value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c + +# List of project maintainers +maintainers: + - email: "nassim.kammah@elastic.co" + name: "Nassim Kammah" + username: "nassim.kammah" + - email: "ivan.fernandez@elastic.co" + name: "Ivan Fernandez Calvo" + username: "ivan.fernandez" + - email: "victor.martinez@elastic.co" + name: "Victor Martinez" + username: "victor.martinez" diff --git a/dev-tools/packaging/templates/ironbank/packetbeat/Dockerfile b/dev-tools/packaging/templates/ironbank/packetbeat/Dockerfile new file mode 100644 index 00000000000..b780503ffa6 --- /dev/null +++ b/dev-tools/packaging/templates/ironbank/packetbeat/Dockerfile @@ -0,0 +1,83 @@ +################################################################################ +# Build stage 0 +# Extract Packetbeat and make various file manipulations. +################################################################################ +ARG BASE_REGISTRY=registry1.dsop.io +ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 +ARG BASE_TAG=8.4 + +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as builder + +ARG ELASTIC_STACK={{ beat_version }} +ARG ELASTIC_PRODUCT=packetbeat +ARG OS_AND_ARCH=linux-x86_64 + +RUN mkdir /usr/share/${ELASTIC_PRODUCT} +WORKDIR /usr/share/${ELASTIC_PRODUCT} +COPY --chown=1000:0 ${ELASTIC_PRODUCT}-${ELASTIC_STACK}-${OS_AND_ARCH}.tar.gz . +RUN tar --strip-components=1 -zxf ${ELASTIC_PRODUCT}-${ELASTIC_STACK}-${OS_AND_ARCH}.tar.gz \ + && rm ${ELASTIC_PRODUCT}-${ELASTIC_STACK}-${OS_AND_ARCH}.tar.gz +#COPY config/packetbeat.yml /usr/share/${ELASTIC_PRODUCT} + +# Support arbitrary user ids +# Ensure that group permissions are the same as user permissions. +# This will help when relying on GID-0 to run Kibana, rather than UID-1000. +# OpenShift does this, for example. +# REF: https://docs.okd.io/latest/openshift_images/create-images.html +RUN chmod -R g=u /usr/share/${ELASTIC_PRODUCT} + +# Create auxiliar folders and assing default permissions. +RUN mkdir /usr/share/${ELASTIC_PRODUCT}/data /usr/share/${ELASTIC_PRODUCT}/logs && \ + chown -R root:root /usr/share/${ELASTIC_PRODUCT} && \ + find /usr/share/${ELASTIC_PRODUCT} -type d -exec chmod 0750 {} \; && \ + find /usr/share/${ELASTIC_PRODUCT} -type f -exec chmod 0640 {} \; && \ + chmod 0750 /usr/share/${ELASTIC_PRODUCT}/${ELASTIC_PRODUCT} && \ + chmod 0770 /usr/share/${ELASTIC_PRODUCT}/data /usr/share/${ELASTIC_PRODUCT}/logs + +################################################################################ +# Build stage 1 +# Copy prepared files from the previous stage and complete the image. +################################################################################ +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +ARG ELASTIC_PRODUCT=packetbeat + +COPY LICENSE /licenses/elastic-${ELASTIC_PRODUCT} + +# Add a dumb init process +COPY tinit /tinit +RUN chmod +x /tinit + +# Bring in product from the initial stage. +COPY --from=builder --chown=1000:0 /usr/share/${ELASTIC_PRODUCT} /usr/share/${ELASTIC_PRODUCT} +WORKDIR /usr/share/${ELASTIC_PRODUCT} +RUN ln -s /usr/share/${ELASTIC_PRODUCT} /opt/${ELASTIC_PRODUCT} + +ENV ELASTIC_CONTAINER="true" +RUN ln -s /usr/share/${ELASTIC_PRODUCT}/${ELASTIC_PRODUCT} /usr/bin/${ELASTIC_PRODUCT} + +# Support arbitrary user ids +# Ensure gid 0 write permissions for OpenShift. +RUN chmod -R g+w /usr/share/${ELASTIC_PRODUCT} + +# config file ("${ELASTIC_PRODUCT}.yml") can only be writable by the root and group root +# it is needed on some configurations where the container needs to run as root +RUN chown root:root /usr/share/${ELASTIC_PRODUCT}/${ELASTIC_PRODUCT}.yml \ + && chmod go-w /usr/share/${ELASTIC_PRODUCT}/${ELASTIC_PRODUCT}.yml + +# Remove the suid bit everywhere to mitigate "Stack Clash" +RUN find / -xdev -perm -4000 -exec chmod u-s {} + + +# Provide a non-root user to run the process. +RUN groupadd --gid 1000 ${ELASTIC_PRODUCT} && useradd --uid 1000 --gid 1000 --groups 0 --home-dir /usr/share/${ELASTIC_PRODUCT} --no-create-home ${ELASTIC_PRODUCT} + +# packetbeat needs to run as root to snif the network traffic +#USER ${ELASTIC_PRODUCT} +USER root +ENV ELASTIC_PRODUCT=${ELASTIC_PRODUCT} + +ENTRYPOINT ["/tinit", "--", "/usr/share/packetbeat/packetbeat", "-E", "http.enabled=true", "-E", "http.host=unix:///usr/share/packetbeat/data/packetbeat.sock"] +CMD ["-environment", "container"] + +# see https://www.elastic.co/guide/en/beats/packetbeat/current/http-endpoint.html +HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD curl -I -f --max-time 5 --unix-socket '/usr/share/packetbeat/data/packetbeat.sock' 'http:/stats/?pretty' diff --git a/dev-tools/packaging/templates/ironbank/packetbeat/README.md b/dev-tools/packaging/templates/ironbank/packetbeat/README.md new file mode 100644 index 00000000000..5a9541e9db8 --- /dev/null +++ b/dev-tools/packaging/templates/ironbank/packetbeat/README.md @@ -0,0 +1,37 @@ +# packetbeat + +**packetbeat** Lightweight shipper for network data + +Monitoring your network traffic is critical to gaining observability over your environment — ensuring high levels of performance and security. Packetbeat is a lightweight network packet analyzer that sends data from your hosts and containers to Logstash or Elasticsearch. + +For more information about packetbeat, please visit +https://www.elastic.co/products/beats/packetbeat. + +### Installation instructions + +Please follow the documentation on [running packetbeat on Docker](https://www.elastic.co/guide/en/beats/packetbeat/current/running-on-docker.html). + +### Where to file issues and PRs + +- [Issues](https://github.com/elastic/beats/issues) +- [PRs](https://github.com/elastic/beats/pulls) + +### DoD Restrictions + +### Where to get help + +- [packetbeat Discuss Forums](https://discuss.elastic.co/tags/c/elastic-stack/beats/28/packetbeat) +- [packetbeat Documentation](https://www.elastic.co/guide/en/beats/packetbeat/current/index.html) + +### Still need help? + +You can learn more about the Elastic Community and also understand how to get more help +visiting [Elastic Community](https://www.elastic.co/community). + +This software is governed by the [Elastic +License](https://github.com/elastic/beats/blob/{{ .MajorMinor }}/licenses/ELASTIC-LICENSE.txt), +and includes the full set of [free +features](https://www.elastic.co/subscriptions). + +View the detailed release notes +[here](https://www.elastic.co/guide/en/beats/libbeat/current/release-notes-{{ beat_version }}.html). diff --git a/dev-tools/packaging/templates/ironbank/packetbeat/hardening_manifest.yaml b/dev-tools/packaging/templates/ironbank/packetbeat/hardening_manifest.yaml new file mode 100644 index 00000000000..6ee29922d59 --- /dev/null +++ b/dev-tools/packaging/templates/ironbank/packetbeat/hardening_manifest.yaml @@ -0,0 +1,63 @@ +--- +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "elastic/beats/7.x/packetbeat" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: + - "{{ beat_version }}" + - "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "redhat/ubi/ubi8" + BASE_TAG: "8.6" + ELASTIC_STACK: "{{ beat_version }}" + ELASTIC_PRODUCT: "packetbeat" + +# Docker image labels +labels: + org.opencontainers.image.title: "packetbeat" + ## Human-readable description of the software packaged in the image + org.opencontainers.image.description: "packetbeat Lightweight shipper for network data" + ## License(s) under which contained software is distributed + org.opencontainers.image.licenses: "Elastic License" + ## URL to find more information on the image + org.opencontainers.image.url: "https://www.elastic.co/products/beats/packetbeat" + ## Name of the distributing entity, organization or individual + org.opencontainers.image.vendor: "Elastic" + org.opencontainers.image.version: "{{ beat_version }}" + ## Keywords to help with search (ex. "cicd,gitops,golang") + mil.dso.ironbank.image.keywords: "network,observabilty,o11y,oblt,beats,elastic,elasticsearch,golang" + ## This value can be "opensource" or "commercial" + mil.dso.ironbank.image.type: "commercial" + ## Product the image belongs to for grouping multiple images + mil.dso.ironbank.product.name: "beats" + +# List of resources to make available to the offline build context +resources: + - filename: "packetbeat-{{ beat_version }}-linux-x86_64.tar.gz" + url: "/packetbeat-{{ beat_version }}-linux-x86_64.tar.gz" + validation: + type: "sha512" + value: "" + - filename: tinit + url: https://github.com/krallin/tini/releases/download/v0.19.0/tini-amd64 + validation: + type: sha256 + value: 93dcc18adc78c65a028a84799ecf8ad40c936fdfc5f2a57b1acda5a8117fa82c + +# List of project maintainers +maintainers: + - email: "nassim.kammah@elastic.co" + name: "Nassim Kammah" + username: "nassim.kammah" + - email: "ivan.fernandez@elastic.co" + name: "Ivan Fernandez Calvo" + username: "ivan.fernandez" + - email: "victor.martinez@elastic.co" + name: "Victor Martinez" + username: "victor.martinez" From 4aa48febbc9db87a93100c8e44ce94dc4b98e9c2 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 7 Jul 2022 12:40:54 +0100 Subject: [PATCH 02/16] mage: initial support for Ironbank in auditbeat and generally --- .gitignore | 3 ++ dev-tools/mage/pkg.go | 97 ++++++++++++++++++++++++++++++++++++ dev-tools/mage/settings.go | 8 +++ x-pack/auditbeat/magefile.go | 10 ++++ 4 files changed, 118 insertions(+) diff --git a/.gitignore b/.gitignore index 7bd0f98590d..070ebdc1b85 100644 --- a/.gitignore +++ b/.gitignore @@ -48,3 +48,6 @@ x-pack/dockerlogbeat/temproot.tar # Files generated with the bump version automations *.bck + +# Ironbank +*-ironbank-* diff --git a/dev-tools/mage/pkg.go b/dev-tools/mage/pkg.go index e605ec948c4..eeacf6fc73d 100644 --- a/dev-tools/mage/pkg.go +++ b/dev-tools/mage/pkg.go @@ -24,6 +24,7 @@ import ( "path/filepath" "runtime" "strconv" + "strings" "github.com/magefile/mage/mg" "github.com/magefile/mage/sh" @@ -115,6 +116,102 @@ func Package() error { return nil } +// Package packages the Beat for IronBank distribution, relying on the +// binaries having already been built. +// +// Use SNAPSHOT=true to build snapshots. +func Ironbank() error { + if runtime.GOARCH != "amd64" { + fmt.Printf(">> IronBank images are only supported for amd64 arch (%s is not supported)\n", runtime.GOARCH) + return nil + } + if err := prepareIronbankBuild(); err != nil { + return errors.Wrap(err, "failed to prepare the IronBank context") + } + if err := saveIronbank(); err != nil { + return errors.Wrap(err, "failed to save artifacts for IronBank") + } + return nil +} + +func getIronbankContextName() string { + version, _ := BeatQualifiedVersion() + ironbankBinaryName := "{{.Name}}-ironbank-{{.Version}}{{if .Snapshot}}-SNAPSHOT{{end}}-docker-build-context" + // TODO: get the name of the project + outputDir, _ := Expand(ironbankBinaryName, map[string]interface{}{ + "Name": "auditbeat", + "Version": version, + }) + return outputDir +} + +func prepareIronbankBuild() error { + fmt.Println(">> prepareIronbankBuild: prepare the IronBank container context.") + ironbank := getIronbankContextName() + // TODO: get the name of the project + templatesDir := filepath.Join("dev-tools", "packaging", "templates", "ironbank", "auditbeat") + + data := map[string]interface{}{ + "MajorMinor": BeatMajorMinorVersion(), + } + + fmt.Printf(">> prepareIronbankBuild %s \n", ironbank) + + err := filepath.Walk(templatesDir, func(path string, info os.FileInfo, _ error) error { + if !info.IsDir() { + target := strings.TrimSuffix( + filepath.Join(ironbank, filepath.Base(path)), + ".tmpl", + ) + + err := ExpandFile(path, target, data) + if err != nil { + return errors.Wrapf(err, "expanding template '%s' to '%s'", path, target) + } + } + return nil + }) + + if err != nil { + return fmt.Errorf("cannot create templates for the IronBank: %+v", err) + } + + // copy files + fmt.Printf(">> prepareIronbankBuild 3 \n") + sourcePath := filepath.Join("dev-tools", "packaging", "files", "ironbank") + if err := Copy(sourcePath, ironbank); err != nil { + return fmt.Errorf("cannot create files for the IronBank: %+v", err) + } + return nil +} + +func saveIronbank() error { + fmt.Println(">> saveIronbank: save the IronBank container context.") + + ironbank := getIronbankContextName() + buildDir := filepath.Join(ironbank) + if _, err := os.Stat(buildDir); os.IsNotExist(err) { + return fmt.Errorf("cannot find the folder with the ironbank context") + } + + distributionsDir := "build/distributions" + if _, err := os.Stat(distributionsDir); os.IsNotExist(err) { + err := os.MkdirAll(distributionsDir, 0750) + if err != nil { + return fmt.Errorf("cannot create folder for docker artifacts: %+v", err) + } + } + tarGzFile := filepath.Join(distributionsDir, ironbank+".tar.gz") + + // Save the build context as tar.gz artifact + err := Tar(buildDir, tarGzFile) + if err != nil { + return fmt.Errorf("cannot compress the tar.gz file") + } + + return errors.Wrap(CreateSHA512File(tarGzFile), "failed to create .sha512 file") +} + // updateWithDarwinUniversal checks if darwin/amd64 and darwin/arm64, are listed // if so, the universal binary was built, then we need to package it as well. func updateWithDarwinUniversal(platforms BuildPlatformList) BuildPlatformList { diff --git a/dev-tools/mage/settings.go b/dev-tools/mage/settings.go index d55a436e2d8..fe199c14e06 100644 --- a/dev-tools/mage/settings.go +++ b/dev-tools/mage/settings.go @@ -360,6 +360,14 @@ func BeatQualifiedVersion() (string, error) { return version + "-" + versionQualifier, nil } +func BeatMajorMinorVersion() string { + if v, _ := BeatQualifiedVersion(); v != "" { + parts := strings.SplitN(v, ".", 3) + return parts[0] + "." + parts[1] + } + return "" +} + // BeatVersion returns the Beat's version. The value can be overridden by // setting BEAT_VERSION in the environment. func beatVersion() (string, error) { diff --git a/x-pack/auditbeat/magefile.go b/x-pack/auditbeat/magefile.go index c5cde8abae3..1a875740145 100644 --- a/x-pack/auditbeat/magefile.go +++ b/x-pack/auditbeat/magefile.go @@ -88,6 +88,16 @@ func Package() { mg.SerialDeps(devtools.Package, TestPackages) } +// Package packages the Beat for IronBank distribution, relying on the +// binaries having already been built. +// +// Use SNAPSHOT=true to build snapshots. +func Ironbank() error { + start := time.Now() + defer func() { fmt.Println("ironbank ran for", time.Since(start)) }() + return devtools.Ironbank() +} + // TestPackages tests the generated packages (i.e. file modes, owners, groups). func TestPackages() error { return devtools.TestPackages() From fb5c6201dcd858110eaecf270a0e7e05d2a49e6d Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 7 Jul 2022 12:46:56 +0100 Subject: [PATCH 03/16] mage: fix paths to be relative to the root folder --- dev-tools/mage/pkg.go | 15 +++++++++------ .../packaging/files/{linux => }/ironbank/LICENSE | 0 2 files changed, 9 insertions(+), 6 deletions(-) rename dev-tools/packaging/files/{linux => }/ironbank/LICENSE (100%) diff --git a/dev-tools/mage/pkg.go b/dev-tools/mage/pkg.go index eeacf6fc73d..0cb44accdc6 100644 --- a/dev-tools/mage/pkg.go +++ b/dev-tools/mage/pkg.go @@ -148,16 +148,20 @@ func getIronbankContextName() string { func prepareIronbankBuild() error { fmt.Println(">> prepareIronbankBuild: prepare the IronBank container context.") ironbank := getIronbankContextName() + + beatsDir, err := ElasticBeatsDir() + if err != nil { + return fmt.Errorf("could not get the base dir: %+v", err) + } + // TODO: get the name of the project - templatesDir := filepath.Join("dev-tools", "packaging", "templates", "ironbank", "auditbeat") + templatesDir := filepath.Join(beatsDir, "dev-tools", "packaging", "templates", "ironbank", "auditbeat") data := map[string]interface{}{ "MajorMinor": BeatMajorMinorVersion(), } - fmt.Printf(">> prepareIronbankBuild %s \n", ironbank) - - err := filepath.Walk(templatesDir, func(path string, info os.FileInfo, _ error) error { + err = filepath.Walk(templatesDir, func(path string, info os.FileInfo, _ error) error { if !info.IsDir() { target := strings.TrimSuffix( filepath.Join(ironbank, filepath.Base(path)), @@ -177,8 +181,7 @@ func prepareIronbankBuild() error { } // copy files - fmt.Printf(">> prepareIronbankBuild 3 \n") - sourcePath := filepath.Join("dev-tools", "packaging", "files", "ironbank") + sourcePath := filepath.Join(beatsDir, "dev-tools", "packaging", "files", "ironbank") if err := Copy(sourcePath, ironbank); err != nil { return fmt.Errorf("cannot create files for the IronBank: %+v", err) } diff --git a/dev-tools/packaging/files/linux/ironbank/LICENSE b/dev-tools/packaging/files/ironbank/LICENSE similarity index 100% rename from dev-tools/packaging/files/linux/ironbank/LICENSE rename to dev-tools/packaging/files/ironbank/LICENSE From dfda93d2a96c45e30cf802ee3eb9cff315a994ed Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 7 Jul 2022 13:15:23 +0100 Subject: [PATCH 04/16] ironbank: support auditbeat with config mage: use BeatName --- dev-tools/mage/copy.go | 10 + dev-tools/mage/pkg.go | 22 +- .../ironbank/auditbeat/config/auditbeat.yml | 242 ++++++++++++++++++ 3 files changed, 268 insertions(+), 6 deletions(-) create mode 100644 dev-tools/packaging/files/ironbank/auditbeat/config/auditbeat.yml diff --git a/dev-tools/mage/copy.go b/dev-tools/mage/copy.go index 73f9643379a..c4774539871 100644 --- a/dev-tools/mage/copy.go +++ b/dev-tools/mage/copy.go @@ -33,6 +33,16 @@ func Copy(src, dest string) error { return copy.Execute() } +// Copy copies a file and preserves the permissions. +func CopyFile(src, dest string) error { + copy := &CopyTask{Source: src, Dest: dest} + info, err := os.Stat(src) + if err != nil { + return errors.Wrapf(err, "copy failed: cannot stat source file %v", src) + } + return copy.fileCopy(src, dest, info) +} + // CopyTask copies a file or directory (recursively) and preserves the permissions. type CopyTask struct { Source string // Source directory or file. diff --git a/dev-tools/mage/pkg.go b/dev-tools/mage/pkg.go index 0cb44accdc6..013f6913a16 100644 --- a/dev-tools/mage/pkg.go +++ b/dev-tools/mage/pkg.go @@ -139,7 +139,7 @@ func getIronbankContextName() string { ironbankBinaryName := "{{.Name}}-ironbank-{{.Version}}{{if .Snapshot}}-SNAPSHOT{{end}}-docker-build-context" // TODO: get the name of the project outputDir, _ := Expand(ironbankBinaryName, map[string]interface{}{ - "Name": "auditbeat", + "Name": BeatName, "Version": version, }) return outputDir @@ -155,7 +155,7 @@ func prepareIronbankBuild() error { } // TODO: get the name of the project - templatesDir := filepath.Join(beatsDir, "dev-tools", "packaging", "templates", "ironbank", "auditbeat") + templatesDir := filepath.Join(beatsDir, "dev-tools", "packaging", "templates", "ironbank", BeatName) data := map[string]interface{}{ "MajorMinor": BeatMajorMinorVersion(), @@ -180,11 +180,21 @@ func prepareIronbankBuild() error { return fmt.Errorf("cannot create templates for the IronBank: %+v", err) } - // copy files - sourcePath := filepath.Join(beatsDir, "dev-tools", "packaging", "files", "ironbank") - if err := Copy(sourcePath, ironbank); err != nil { - return fmt.Errorf("cannot create files for the IronBank: %+v", err) + // copy license + sourceLicense := filepath.Join(beatsDir, "dev-tools", "packaging", "files", "ironbank", "LICENSE") + targetLicense := filepath.Join(ironbank, "LICENSE") + if err := CopyFile(sourceLicense, targetLicense); err != nil { + return fmt.Errorf("cannot copy LICENSE file for the IronBank: %+v", err) } + + // copy specific files for the given beat + sourceBeatPath := filepath.Join(beatsDir, "dev-tools", "packaging", "files", "ironbank", BeatName) + if _, err := os.Stat(sourceBeatPath); !os.IsNotExist(err) { + if err := Copy(sourceBeatPath, ironbank); err != nil { + return fmt.Errorf("cannot create files for the IronBank: %+v", err) + } + } + return nil } diff --git a/dev-tools/packaging/files/ironbank/auditbeat/config/auditbeat.yml b/dev-tools/packaging/files/ironbank/auditbeat/config/auditbeat.yml new file mode 100644 index 00000000000..5e18b623d32 --- /dev/null +++ b/dev-tools/packaging/files/ironbank/auditbeat/config/auditbeat.yml @@ -0,0 +1,242 @@ +###################### Auditbeat Configuration Example ######################### + +# This is an example configuration file highlighting only the most common +# options. The auditbeat.reference.yml file from the same directory contains all +# the supported options with more comments. You can use it as a reference. +# +# You can find the full configuration reference here: +# https://www.elastic.co/guide/en/beats/auditbeat/index.html + +# =========================== Modules configuration ============================ +auditbeat.modules: + +# - module: auditd +# # Load audit rules from separate files. Same format as audit.rules(7). +# audit_rule_files: [ '${path.config}/audit.rules.d/*.conf' ] +# audit_rules: | +# ## Define audit rules here. +# ## Create file watches (-w) or syscall audits (-a or -A). Uncomment these +# ## examples or add your own rules. +# +# ## If you are on a 64 bit platform, everything should be running +# ## in 64 bit mode. This rule will detect any use of the 32 bit syscalls +# ## because this might be a sign of someone exploiting a hole in the 32 +# ## bit API. +# #-a always,exit -F arch=b32 -S all -F key=32bit-abi +# +# ## Executions. +# #-a always,exit -F arch=b64 -S execve,execveat -k exec +# +# ## External access (warning: these can be expensive to audit). +# #-a always,exit -F arch=b64 -S accept,bind,connect -F key=external-access +# +# ## Identity changes. +# #-w /etc/group -p wa -k identity +# #-w /etc/passwd -p wa -k identity +# #-w /etc/gshadow -p wa -k identity +# +# ## Unauthorized access attempts. +# #-a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EACCES -k access +# #-a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EPERM -k access + +- module: file_integrity + paths: + - /bin + - /usr/bin + - /sbin + - /usr/sbin + - /etc + +- module: system + datasets: + - package # Installed, updated, and removed packages + + period: 2m # The frequency at which the datasets check for changes + +- module: system + datasets: + - host # General host information, e.g. uptime, IPs + - login # User logins, logouts, and system boots. + - process # Started and stopped processes +# - socket # Opened and closed sockets + - user # User information + + # How often datasets send state updates with the + # current state of the system (e.g. all currently + # running processes, all open sockets). + state.period: 12h + + # Enabled by default. Auditbeat will read password fields in + # /etc/passwd and /etc/shadow and store a hash locally to + # detect any changes. + user.detect_password_changes: true + + # File patterns of the login record files. + login.wtmp_file_pattern: /var/log/wtmp* + login.btmp_file_pattern: /var/log/btmp* + +# ======================= Elasticsearch template setting ======================= +setup.template.settings: + index.number_of_shards: 1 + #index.codec: best_compression + #_source.enabled: false + + +# ================================== General =================================== + +# The name of the shipper that publishes the network data. It can be used to group +# all the transactions sent by a single shipper in the web interface. +#name: + +# The tags of the shipper are included in their own field with each +# transaction published. +#tags: ["service-X", "web-tier"] + +# Optional fields that you can specify to add additional information to the +# output. +#fields: +# env: staging + +# ================================= Dashboards ================================= +# These settings control loading the sample dashboards to the Kibana index. Loading +# the dashboards is disabled by default and can be enabled either by setting the +# options here or by using the `setup` command. +#setup.dashboards.enabled: false + +# The URL from where to download the dashboards archive. By default this URL +# has a value which is computed based on the Beat name and version. For released +# versions, this URL points to the dashboard archive on the artifacts.elastic.co +# website. +#setup.dashboards.url: + +# =================================== Kibana =================================== + +# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. +# This requires a Kibana endpoint configuration. +setup.kibana: + + # Kibana Host + # Scheme and port can be left out and will be set to the default (http and 5601) + # In case you specify and additional path, the scheme is required: http://localhost:5601/path + # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601 + #host: "localhost:5601" + + # Kibana Space ID + # ID of the Kibana Space into which the dashboards should be loaded. By default, + # the Default Space will be used. + #space.id: + +# =============================== Elastic Cloud ================================ + +# These settings simplify using Auditbeat with the Elastic Cloud (https://cloud.elastic.co/). + +# The cloud.id setting overwrites the `output.elasticsearch.hosts` and +# `setup.kibana.host` options. +# You can find the `cloud.id` in the Elastic Cloud web UI. +#cloud.id: + +# The cloud.auth setting overwrites the `output.elasticsearch.username` and +# `output.elasticsearch.password` settings. The format is `:`. +#cloud.auth: + +# ================================== Outputs =================================== + +# Configure what output to use when sending the data collected by the beat. + +# ---------------------------- Elasticsearch Output ---------------------------- +output.elasticsearch: + # Array of hosts to connect to. + hosts: ["localhost:9200"] + + # Protocol - either `http` (default) or `https`. + #protocol: "https" + + # Authentication credentials - either API key or username/password. + #api_key: "id:api_key" + #username: "elastic" + #password: "changeme" + +# ------------------------------ Logstash Output ------------------------------- +#output.logstash: + # The Logstash hosts + #hosts: ["localhost:5044"] + + # Optional SSL. By default is off. + # List of root certificates for HTTPS server verifications + #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] + + # Certificate for SSL client authentication + #ssl.certificate: "/etc/pki/client/cert.pem" + + # Client Certificate Key + #ssl.key: "/etc/pki/client/cert.key" + +# ================================= Processors ================================= + +# Configure processors to enhance or manipulate events generated by the beat. + +processors: + - add_host_metadata: ~ + - add_cloud_metadata: ~ + - add_docker_metadata: ~ + + +# ================================== Logging =================================== + +# Sets log level. The default log level is info. +# Available log levels are: error, warning, info, debug +#logging.level: debug + +# At debug level, you can selectively enable logging only for some components. +# To enable all selectors use ["*"]. Examples of other selectors are "beat", +# "publish", "service". +#logging.selectors: ["*"] + +# ============================= X-Pack Monitoring ============================== +# Auditbeat can export internal metrics to a central Elasticsearch monitoring +# cluster. This requires xpack monitoring to be enabled in Elasticsearch. The +# reporting is disabled by default. + +# Set to true to enable the monitoring reporter. +#monitoring.enabled: false + +# Sets the UUID of the Elasticsearch cluster under which monitoring data for this +# Auditbeat instance will appear in the Stack Monitoring UI. If output.elasticsearch +# is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch. +#monitoring.cluster_uuid: + +# Uncomment to send the metrics to Elasticsearch. Most settings from the +# Elasticsearch output are accepted here as well. +# Note that the settings should point to your Elasticsearch *monitoring* cluster. +# Any setting that is not set is automatically inherited from the Elasticsearch +# output configuration, so if you have the Elasticsearch output configured such +# that it is pointing to your Elasticsearch monitoring cluster, you can simply +# uncomment the following line. +#monitoring.elasticsearch: + +# ============================== Instrumentation =============================== + +# Instrumentation support for the auditbeat. +#instrumentation: + # Set to true to enable instrumentation of auditbeat. + #enabled: false + + # Environment in which auditbeat is running on (eg: staging, production, etc.) + #environment: "" + + # APM Server hosts to report instrumentation results to. + #hosts: + # - http://localhost:8200 + + # API Key for the APM Server(s). + # If api_key is set then secret_token will be ignored. + #api_key: + + # Secret token for the APM Server(s). + #secret_token: + + +# ================================= Migration ================================== + +# This allows to enable 6.7 migration aliases +#migration.6_to_7.enabled: true From 993e8927d68510007e68e7b76a32e21e6c050dc8 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 7 Jul 2022 13:18:38 +0100 Subject: [PATCH 05/16] chore: update docs --- dev-tools/mage/pkg.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/dev-tools/mage/pkg.go b/dev-tools/mage/pkg.go index 013f6913a16..034d0641b11 100644 --- a/dev-tools/mage/pkg.go +++ b/dev-tools/mage/pkg.go @@ -116,8 +116,7 @@ func Package() error { return nil } -// Package packages the Beat for IronBank distribution, relying on the -// binaries having already been built. +// Package packages the Beat for IronBank distribution. // // Use SNAPSHOT=true to build snapshots. func Ironbank() error { From d8f0cd139ecf52e4ace0e4f6e11898e685871b2a Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 7 Jul 2022 13:19:06 +0100 Subject: [PATCH 06/16] chore: update docs --- x-pack/auditbeat/magefile.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/x-pack/auditbeat/magefile.go b/x-pack/auditbeat/magefile.go index 1a875740145..6112b601a57 100644 --- a/x-pack/auditbeat/magefile.go +++ b/x-pack/auditbeat/magefile.go @@ -88,8 +88,7 @@ func Package() { mg.SerialDeps(devtools.Package, TestPackages) } -// Package packages the Beat for IronBank distribution, relying on the -// binaries having already been built. +// Package packages the Beat for IronBank distribution. // // Use SNAPSHOT=true to build snapshots. func Ironbank() error { From 6e7b9d98232018f4a9de5381140517e5eec2f3a8 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 7 Jul 2022 13:19:25 +0100 Subject: [PATCH 07/16] ironbank: add support for filebeat metricbeat and packetbeat --- x-pack/filebeat/magefile.go | 9 +++++++++ x-pack/metricbeat/magefile.go | 9 +++++++++ x-pack/packetbeat/magefile.go | 9 +++++++++ 3 files changed, 27 insertions(+) diff --git a/x-pack/filebeat/magefile.go b/x-pack/filebeat/magefile.go index 6d5e4a07da4..0474e41e61e 100644 --- a/x-pack/filebeat/magefile.go +++ b/x-pack/filebeat/magefile.go @@ -99,6 +99,15 @@ func Package() { mg.SerialDeps(devtools.Package, TestPackages) } +// Package packages the Beat for IronBank distribution. +// +// Use SNAPSHOT=true to build snapshots. +func Ironbank() error { + start := time.Now() + defer func() { fmt.Println("ironbank ran for", time.Since(start)) }() + return devtools.Ironbank() +} + // TestPackages tests the generated packages (i.e. file modes, owners, groups). func TestPackages() error { return devtools.TestPackages() diff --git a/x-pack/metricbeat/magefile.go b/x-pack/metricbeat/magefile.go index 2460f7ef665..9a23e78103c 100644 --- a/x-pack/metricbeat/magefile.go +++ b/x-pack/metricbeat/magefile.go @@ -164,6 +164,15 @@ func Package() { mg.SerialDeps(devtools.Package, TestPackages) } +// Package packages the Beat for IronBank distribution. +// +// Use SNAPSHOT=true to build snapshots. +func Ironbank() error { + start := time.Now() + defer func() { fmt.Println("ironbank ran for", time.Since(start)) }() + return devtools.Ironbank() +} + // TestPackages tests the generated packages (i.e. file modes, owners, groups). func TestPackages() error { return devtools.TestPackages( diff --git a/x-pack/packetbeat/magefile.go b/x-pack/packetbeat/magefile.go index edd7b32fec9..0220c5b992b 100644 --- a/x-pack/packetbeat/magefile.go +++ b/x-pack/packetbeat/magefile.go @@ -150,6 +150,15 @@ func Package() { mg.SerialDeps(devtools.Package, TestPackages) } +// Package packages the Beat for IronBank distribution. +// +// Use SNAPSHOT=true to build snapshots. +func Ironbank() error { + start := time.Now() + defer func() { fmt.Println("ironbank ran for", time.Since(start)) }() + return devtools.Ironbank() +} + // TestPackages tests the generated packages (i.e. file modes, owners, groups). func TestPackages() error { return devtools.TestPackages() From 0f15745fb7de4593069b216623fdcc0b82f82c3f Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 7 Jul 2022 13:29:21 +0100 Subject: [PATCH 08/16] ironbank: add goal for the remaining beats even though they are not subscribed to the ironbank releases this should help the calls in the package to just run it --- heartbeat/magefile.go | 8 ++++++++ metricbeat/magefile.go | 8 ++++++++ packetbeat/magefile.go | 8 ++++++++ winlogbeat/magefile.go | 8 ++++++++ x-pack/dockerlogbeat/magefile.go | 8 ++++++++ x-pack/functionbeat/magefile.go | 8 ++++++++ x-pack/heartbeat/magefile.go | 8 ++++++++ x-pack/osquerybeat/magefile.go | 8 ++++++++ x-pack/winlogbeat/magefile.go | 8 ++++++++ 9 files changed, 72 insertions(+) diff --git a/heartbeat/magefile.go b/heartbeat/magefile.go index 07b2444fa74..f560ad3d9b1 100644 --- a/heartbeat/magefile.go +++ b/heartbeat/magefile.go @@ -66,6 +66,14 @@ func Package() { mg.SerialDeps(devtools.Package, TestPackages) } +// Package packages the Beat for IronBank distribution. +// +// Use SNAPSHOT=true to build snapshots. +func Ironbank() error { + fmt.Println(">> Ironbank: this module is not subscribed to the IronBank releases.") + return nil +} + // TestPackages tests the generated packages (i.e. file modes, owners, groups). func TestPackages() error { return devtools.TestPackages(devtools.WithMonitorsD()) diff --git a/metricbeat/magefile.go b/metricbeat/magefile.go index d5c012fb489..8a215dcc6fd 100644 --- a/metricbeat/magefile.go +++ b/metricbeat/magefile.go @@ -91,6 +91,14 @@ func Package() { mg.SerialDeps(devtools.Package, TestPackages) } +// Package packages the Beat for IronBank distribution. +// +// Use SNAPSHOT=true to build snapshots. +func Ironbank() error { + fmt.Println(">> Ironbank: this module is not subscribed to the IronBank releases.") + return nil +} + // TestPackages tests the generated packages (i.e. file modes, owners, groups). func TestPackages() error { return devtools.TestPackages( diff --git a/packetbeat/magefile.go b/packetbeat/magefile.go index 7f1342bea7c..fa2056251ee 100644 --- a/packetbeat/magefile.go +++ b/packetbeat/magefile.go @@ -97,6 +97,14 @@ func Package() { mg.SerialDeps(devtools.Package, TestPackages) } +// Package packages the Beat for IronBank distribution. +// +// Use SNAPSHOT=true to build snapshots. +func Ironbank() error { + fmt.Println(">> Ironbank: this module is not subscribed to the IronBank releases.") + return nil +} + // TestPackages tests the generated packages (i.e. file modes, owners, groups). func TestPackages() error { return devtools.TestPackages() diff --git a/winlogbeat/magefile.go b/winlogbeat/magefile.go index e8edd6cc9e8..12a1961fb44 100644 --- a/winlogbeat/magefile.go +++ b/winlogbeat/magefile.go @@ -56,3 +56,11 @@ func Update() { mg.Deps(winlogbeat.Update.All) } func Dashboards() error { return devtools.KibanaDashboards() } + +// Package packages the Beat for IronBank distribution. +// +// Use SNAPSHOT=true to build snapshots. +func Ironbank() error { + fmt.Println(">> Ironbank: this module is not subscribed to the IronBank releases.") + return nil +} diff --git a/x-pack/dockerlogbeat/magefile.go b/x-pack/dockerlogbeat/magefile.go index f7419331982..c8d5cff8688 100644 --- a/x-pack/dockerlogbeat/magefile.go +++ b/x-pack/dockerlogbeat/magefile.go @@ -382,6 +382,14 @@ func Package() { mg.SerialDeps(Build, Export) } +// Package packages the Beat for IronBank distribution. +// +// Use SNAPSHOT=true to build snapshots. +func Ironbank() error { + fmt.Println(">> Ironbank: this module is not subscribed to the IronBank releases.") + return nil +} + func isSupportedPlatform() bool { _, isAMD64Selected := devtools.Platforms.Get("linux/amd64") _, isARM64Selected := devtools.Platforms.Get("linux/arm64") diff --git a/x-pack/functionbeat/magefile.go b/x-pack/functionbeat/magefile.go index e4332fcdae3..48fa55cbd61 100644 --- a/x-pack/functionbeat/magefile.go +++ b/x-pack/functionbeat/magefile.go @@ -162,6 +162,14 @@ func Package() { mg.SerialDeps(devtools.Package, TestPackages) } +// Package packages the Beat for IronBank distribution. +// +// Use SNAPSHOT=true to build snapshots. +func Ironbank() error { + fmt.Println(">> Ironbank: this module is not subscribed to the IronBank releases.") + return nil +} + // TestPackages tests the generated packages (i.e. file modes, owners, groups). func TestPackages() error { return devtools.TestPackages() diff --git a/x-pack/heartbeat/magefile.go b/x-pack/heartbeat/magefile.go index a7cd2b442ee..9f7fa4375b1 100644 --- a/x-pack/heartbeat/magefile.go +++ b/x-pack/heartbeat/magefile.go @@ -58,6 +58,14 @@ func Package() { mg.SerialDeps(devtools.Package, TestPackages) } +// Package packages the Beat for IronBank distribution. +// +// Use SNAPSHOT=true to build snapshots. +func Ironbank() error { + fmt.Println(">> Ironbank: this is not supported yet for heartbeat.") + return nil +} + // TestPackages tests the generated packages (i.e. file modes, owners, groups). func TestPackages() error { return devtools.TestPackages(devtools.WithMonitorsD()) diff --git a/x-pack/osquerybeat/magefile.go b/x-pack/osquerybeat/magefile.go index 2dc333fda70..82d30526b54 100644 --- a/x-pack/osquerybeat/magefile.go +++ b/x-pack/osquerybeat/magefile.go @@ -221,6 +221,14 @@ func Package() { mg.SerialDeps(devtools.Package, TestPackages) } +// Package packages the Beat for IronBank distribution. +// +// Use SNAPSHOT=true to build snapshots. +func Ironbank() error { + fmt.Println(">> Ironbank: this module is not subscribed to the IronBank releases.") + return nil +} + // TestPackages tests the generated packages (i.e. file modes, owners, groups). func TestPackages() error { return devtools.TestPackages() diff --git a/x-pack/winlogbeat/magefile.go b/x-pack/winlogbeat/magefile.go index 56d55306cc4..ac8db5498cf 100644 --- a/x-pack/winlogbeat/magefile.go +++ b/x-pack/winlogbeat/magefile.go @@ -88,3 +88,11 @@ func PythonVirtualEnv() error { fmt.Println(venv) return nil } + +// Package packages the Beat for IronBank distribution. +// +// Use SNAPSHOT=true to build snapshots. +func Ironbank() error { + fmt.Println(">> Ironbank: this module is not subscribed to the IronBank releases.") + return nil +} From d8e953bd9c61f93e371cd22a17b8e0ccee54578a Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 7 Jul 2022 13:31:02 +0100 Subject: [PATCH 09/16] ci: enable ironbank goal in the packaging --- .ci/packaging.groovy | 1 + 1 file changed, 1 insertion(+) diff --git a/.ci/packaging.groovy b/.ci/packaging.groovy index 5f615d2ac62..c5998090bc8 100644 --- a/.ci/packaging.groovy +++ b/.ci/packaging.groovy @@ -400,6 +400,7 @@ def release(type){ dockerLogin(secret: "${DOCKERELASTIC_SECRET}", registry: "${DOCKER_REGISTRY}") dir("${env.BEATS_FOLDER}") { sh(label: "mage package ${type} ${env.BEATS_FOLDER} ${env.PLATFORMS}", script: 'mage package') + sh(label: "mage ironbank ${type} ${env.BEATS_FOLDER} ${env.PLATFORMS}", script: 'mage ironbank') def folder = getBeatsName(env.BEATS_FOLDER) uploadPackagesToGoogleBucket( credentialsId: env.JOB_GCS_EXT_CREDENTIALS, From dd13abcb43014bd6fc043b54bf1ff9e3ef15921d Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 7 Jul 2022 13:44:31 +0100 Subject: [PATCH 10/16] make: enable ironbank as part of the release --- dev-tools/make/mage.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-tools/make/mage.mk b/dev-tools/make/mage.mk index 6b210832006..6adba5805d2 100644 --- a/dev-tools/make/mage.mk +++ b/dev-tools/make/mage.mk @@ -38,7 +38,7 @@ help: .PHONY: release release: mage - mage package + mage package ironbank stop-environment: From 93161f67a1e209a2c52f8724ad32938cb4cd54d3 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 7 Jul 2022 14:36:19 +0100 Subject: [PATCH 11/16] lint: fix import --- winlogbeat/magefile.go | 1 + 1 file changed, 1 insertion(+) diff --git a/winlogbeat/magefile.go b/winlogbeat/magefile.go index 12a1961fb44..69a51805dfb 100644 --- a/winlogbeat/magefile.go +++ b/winlogbeat/magefile.go @@ -21,6 +21,7 @@ package main import ( + "fmt" "github.com/magefile/mage/mg" devtools "github.com/elastic/beats/v7/dev-tools/mage" From 8ddfaf1e3549831b2ddc26aec1f4ed10bbe54925 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 7 Jul 2022 14:44:41 +0100 Subject: [PATCH 12/16] fix: linting --- dev-tools/mage/pkg.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/dev-tools/mage/pkg.go b/dev-tools/mage/pkg.go index 034d0641b11..a2e6c9cb61a 100644 --- a/dev-tools/mage/pkg.go +++ b/dev-tools/mage/pkg.go @@ -125,10 +125,10 @@ func Ironbank() error { return nil } if err := prepareIronbankBuild(); err != nil { - return errors.Wrap(err, "failed to prepare the IronBank context") + return fmt.Errorf("failed to prepare the IronBank context: %w", err) } if err := saveIronbank(); err != nil { - return errors.Wrap(err, "failed to save artifacts for IronBank") + return fmt.Errorf("failed to save the IronBank context: %w", err) } return nil } @@ -150,7 +150,7 @@ func prepareIronbankBuild() error { beatsDir, err := ElasticBeatsDir() if err != nil { - return fmt.Errorf("could not get the base dir: %+v", err) + return fmt.Errorf("could not get the base dir: %w", err) } // TODO: get the name of the project @@ -169,28 +169,28 @@ func prepareIronbankBuild() error { err := ExpandFile(path, target, data) if err != nil { - return errors.Wrapf(err, "expanding template '%s' to '%s'", path, target) + return fmt.Errorf("expanding template '%s' to '%s': %w", path, target, err) } } return nil }) if err != nil { - return fmt.Errorf("cannot create templates for the IronBank: %+v", err) + return fmt.Errorf("cannot create templates for the IronBank: %w", err) } // copy license sourceLicense := filepath.Join(beatsDir, "dev-tools", "packaging", "files", "ironbank", "LICENSE") targetLicense := filepath.Join(ironbank, "LICENSE") if err := CopyFile(sourceLicense, targetLicense); err != nil { - return fmt.Errorf("cannot copy LICENSE file for the IronBank: %+v", err) + return fmt.Errorf("cannot copy LICENSE file for the IronBank: %w", err) } // copy specific files for the given beat sourceBeatPath := filepath.Join(beatsDir, "dev-tools", "packaging", "files", "ironbank", BeatName) if _, err := os.Stat(sourceBeatPath); !os.IsNotExist(err) { if err := Copy(sourceBeatPath, ironbank); err != nil { - return fmt.Errorf("cannot create files for the IronBank: %+v", err) + return fmt.Errorf("cannot create files for the IronBank: %w", err) } } From 683f7e02cd1fd4114d915c098a2cef4ff670e73b Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 7 Jul 2022 14:45:08 +0100 Subject: [PATCH 13/16] mage: add ironbank goal even if they are not subscribed --- auditbeat/magefile.go | 8 ++++++++ filebeat/magefile.go | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/auditbeat/magefile.go b/auditbeat/magefile.go index f8d4a38f9a4..962713383ea 100644 --- a/auditbeat/magefile.go +++ b/auditbeat/magefile.go @@ -101,6 +101,14 @@ func Package() { mg.SerialDeps(devtools.Package, TestPackages) } +// Package packages the Beat for IronBank distribution. +// +// Use SNAPSHOT=true to build snapshots. +func Ironbank() error { + fmt.Println(">> Ironbank: this module is not subscribed to the IronBank releases.") + return nil +} + // TestPackages tests the generated packages (i.e. file modes, owners, groups). func TestPackages() error { return devtools.TestPackages() diff --git a/filebeat/magefile.go b/filebeat/magefile.go index fdc4a0931c7..18ec05e73a8 100644 --- a/filebeat/magefile.go +++ b/filebeat/magefile.go @@ -105,6 +105,14 @@ func Package() { mg.SerialDeps(devtools.Package, TestPackages) } +// Package packages the Beat for IronBank distribution. +// +// Use SNAPSHOT=true to build snapshots. +func Ironbank() error { + fmt.Println(">> Ironbank: this module is not subscribed to the IronBank releases.") + return nil +} + // TestPackages tests the generated packages (i.e. file modes, owners, groups). func TestPackages() error { return devtools.TestPackages(devtools.WithModules(), devtools.WithModulesD()) From 8e45ee3d622b19ab363c5cee13f7f90d28bf905e Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Tue, 19 Jul 2022 11:47:19 +0100 Subject: [PATCH 14/16] mage: support Tar without nested folders --- .gitignore | 3 --- dev-tools/mage/common.go | 19 +++++++++++++++++-- dev-tools/mage/pkg.go | 18 ++++++++---------- 3 files changed, 25 insertions(+), 15 deletions(-) diff --git a/.gitignore b/.gitignore index 070ebdc1b85..7bd0f98590d 100644 --- a/.gitignore +++ b/.gitignore @@ -48,6 +48,3 @@ x-pack/dockerlogbeat/temproot.tar # Files generated with the bump version automations *.bck - -# Ironbank -*-ironbank-* diff --git a/dev-tools/mage/common.go b/dev-tools/mage/common.go index 3c53c1ddab5..0647a13a59a 100644 --- a/dev-tools/mage/common.go +++ b/dev-tools/mage/common.go @@ -374,8 +374,9 @@ func unzip(sourceFile, destinationDir string) error { return nil } -// Tar compress a directory using tar + gzip algorithms -func Tar(src string, targetFile string) error { +// Tar compress a directory using tar + gzip algorithms but without adding +// the directory +func TarWithOptions(src string, targetFile string, trimSource bool) error { fmt.Printf(">> creating TAR file from directory: %s, target: %s\n", src, targetFile) f, err := os.Create(targetFile) @@ -409,6 +410,15 @@ func Tar(src string, targetFile string) error { // must provide real name // (see https://golang.org/src/archive/tar/common.go?#L626) header.Name = filepath.ToSlash(file) + // Replace the source folder in the files to be compressed + if trimSource { + header.Name = strings.ReplaceAll(filepath.ToSlash(file), filepath.ToSlash(src), "") + header.Name = strings.TrimPrefix(header.Name, "/") + if header.Name == "" { + fmt.Print(">> skipping root directory\n") + return nil + } + } // write header if err := tw.WriteHeader(header); err != nil { @@ -441,6 +451,11 @@ func Tar(src string, targetFile string) error { return nil } +// Tar compress a directory using tar + gzip algorithms +func Tar(src string, targetFile string) error { + return TarWithOptions(src, targetFile, false) +} + func untar(sourceFile, destinationDir string) error { file, err := os.Open(sourceFile) if err != nil { diff --git a/dev-tools/mage/pkg.go b/dev-tools/mage/pkg.go index a2e6c9cb61a..ba680983144 100644 --- a/dev-tools/mage/pkg.go +++ b/dev-tools/mage/pkg.go @@ -146,14 +146,12 @@ func getIronbankContextName() string { func prepareIronbankBuild() error { fmt.Println(">> prepareIronbankBuild: prepare the IronBank container context.") - ironbank := getIronbankContextName() - + buildDir := filepath.Join("build", getIronbankContextName()) beatsDir, err := ElasticBeatsDir() if err != nil { return fmt.Errorf("could not get the base dir: %w", err) } - // TODO: get the name of the project templatesDir := filepath.Join(beatsDir, "dev-tools", "packaging", "templates", "ironbank", BeatName) data := map[string]interface{}{ @@ -163,7 +161,7 @@ func prepareIronbankBuild() error { err = filepath.Walk(templatesDir, func(path string, info os.FileInfo, _ error) error { if !info.IsDir() { target := strings.TrimSuffix( - filepath.Join(ironbank, filepath.Base(path)), + filepath.Join(buildDir, filepath.Base(path)), ".tmpl", ) @@ -181,7 +179,7 @@ func prepareIronbankBuild() error { // copy license sourceLicense := filepath.Join(beatsDir, "dev-tools", "packaging", "files", "ironbank", "LICENSE") - targetLicense := filepath.Join(ironbank, "LICENSE") + targetLicense := filepath.Join(buildDir, "LICENSE") if err := CopyFile(sourceLicense, targetLicense); err != nil { return fmt.Errorf("cannot copy LICENSE file for the IronBank: %w", err) } @@ -189,7 +187,7 @@ func prepareIronbankBuild() error { // copy specific files for the given beat sourceBeatPath := filepath.Join(beatsDir, "dev-tools", "packaging", "files", "ironbank", BeatName) if _, err := os.Stat(sourceBeatPath); !os.IsNotExist(err) { - if err := Copy(sourceBeatPath, ironbank); err != nil { + if err := Copy(sourceBeatPath, buildDir); err != nil { return fmt.Errorf("cannot create files for the IronBank: %w", err) } } @@ -201,9 +199,9 @@ func saveIronbank() error { fmt.Println(">> saveIronbank: save the IronBank container context.") ironbank := getIronbankContextName() - buildDir := filepath.Join(ironbank) + buildDir := filepath.Join("build", ironbank) if _, err := os.Stat(buildDir); os.IsNotExist(err) { - return fmt.Errorf("cannot find the folder with the ironbank context") + return fmt.Errorf("cannot find the folder with the ironbank context: %+v", err) } distributionsDir := "build/distributions" @@ -216,9 +214,9 @@ func saveIronbank() error { tarGzFile := filepath.Join(distributionsDir, ironbank+".tar.gz") // Save the build context as tar.gz artifact - err := Tar(buildDir, tarGzFile) + err := TarWithOptions(buildDir, tarGzFile, true) if err != nil { - return fmt.Errorf("cannot compress the tar.gz file") + return fmt.Errorf("cannot compress the tar.gz file: %+v", err) } return errors.Wrap(CreateSHA512File(tarGzFile), "failed to create .sha512 file") From 92fbb1c0b7786685d61f40d0ae79726a863434c3 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Tue, 19 Jul 2022 11:49:36 +0100 Subject: [PATCH 15/16] chore: fix comment --- dev-tools/packaging/templates/ironbank/auditbeat/Dockerfile | 2 +- dev-tools/packaging/templates/ironbank/filebeat/Dockerfile | 2 +- dev-tools/packaging/templates/ironbank/metricbeat/Dockerfile | 2 +- dev-tools/packaging/templates/ironbank/packetbeat/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/dev-tools/packaging/templates/ironbank/auditbeat/Dockerfile b/dev-tools/packaging/templates/ironbank/auditbeat/Dockerfile index 1253f9a5d7b..356ffde9760 100644 --- a/dev-tools/packaging/templates/ironbank/auditbeat/Dockerfile +++ b/dev-tools/packaging/templates/ironbank/auditbeat/Dockerfile @@ -26,7 +26,7 @@ COPY config/auditbeat.yml /usr/share/${ELASTIC_PRODUCT} # REF: https://docs.okd.io/latest/openshift_images/create-images.html RUN chmod -R g=u /usr/share/${ELASTIC_PRODUCT} -# Create auxiliar folders and assing default permissions. +# Create auxiliary folders and assigning default permissions. RUN mkdir /usr/share/${ELASTIC_PRODUCT}/data /usr/share/${ELASTIC_PRODUCT}/logs && \ chown -R root:root /usr/share/${ELASTIC_PRODUCT} && \ find /usr/share/${ELASTIC_PRODUCT} -type d -exec chmod 0750 {} \; && \ diff --git a/dev-tools/packaging/templates/ironbank/filebeat/Dockerfile b/dev-tools/packaging/templates/ironbank/filebeat/Dockerfile index f19d65a449f..8a33c60f62a 100644 --- a/dev-tools/packaging/templates/ironbank/filebeat/Dockerfile +++ b/dev-tools/packaging/templates/ironbank/filebeat/Dockerfile @@ -26,7 +26,7 @@ RUN tar --strip-components=1 -zxf ${ELASTIC_PRODUCT}-${ELASTIC_STACK}-${OS_AND_A # REF: https://docs.okd.io/latest/openshift_images/create-images.html RUN chmod -R g=u /usr/share/${ELASTIC_PRODUCT} -# Create auxiliar folders and assing default permissions. +# Create auxiliary folders and assigning default permissions. RUN mkdir /usr/share/${ELASTIC_PRODUCT}/data /usr/share/${ELASTIC_PRODUCT}/logs && \ chown -R root:root /usr/share/${ELASTIC_PRODUCT} && \ find /usr/share/${ELASTIC_PRODUCT} -type d -exec chmod 0750 {} \; && \ diff --git a/dev-tools/packaging/templates/ironbank/metricbeat/Dockerfile b/dev-tools/packaging/templates/ironbank/metricbeat/Dockerfile index 745f83009bb..e837b18f381 100644 --- a/dev-tools/packaging/templates/ironbank/metricbeat/Dockerfile +++ b/dev-tools/packaging/templates/ironbank/metricbeat/Dockerfile @@ -26,7 +26,7 @@ RUN tar --strip-components=1 -zxf ${ELASTIC_PRODUCT}-${ELASTIC_STACK}-${OS_AND_A # REF: https://docs.okd.io/latest/openshift_images/create-images.html RUN chmod -R g=u /usr/share/${ELASTIC_PRODUCT} -# Create auxiliar folders and assing default permissions. +# Create auxiliary folders and assigning default permissions. RUN mkdir /usr/share/${ELASTIC_PRODUCT}/data /usr/share/${ELASTIC_PRODUCT}/logs && \ chown -R root:root /usr/share/${ELASTIC_PRODUCT} && \ find /usr/share/${ELASTIC_PRODUCT} -type d -exec chmod 0750 {} \; && \ diff --git a/dev-tools/packaging/templates/ironbank/packetbeat/Dockerfile b/dev-tools/packaging/templates/ironbank/packetbeat/Dockerfile index b780503ffa6..17d665c986c 100644 --- a/dev-tools/packaging/templates/ironbank/packetbeat/Dockerfile +++ b/dev-tools/packaging/templates/ironbank/packetbeat/Dockerfile @@ -26,7 +26,7 @@ RUN tar --strip-components=1 -zxf ${ELASTIC_PRODUCT}-${ELASTIC_STACK}-${OS_AND_A # REF: https://docs.okd.io/latest/openshift_images/create-images.html RUN chmod -R g=u /usr/share/${ELASTIC_PRODUCT} -# Create auxiliar folders and assing default permissions. +# Create auxiliary folders and assigning default permissions. RUN mkdir /usr/share/${ELASTIC_PRODUCT}/data /usr/share/${ELASTIC_PRODUCT}/logs && \ chown -R root:root /usr/share/${ELASTIC_PRODUCT} && \ find /usr/share/${ELASTIC_PRODUCT} -type d -exec chmod 0750 {} \; && \ From 7eba9db6f7baa85206cbc899862399036c9ac87e Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Wed, 20 Jul 2022 12:52:47 +0100 Subject: [PATCH 16/16] fix linting --- winlogbeat/magefile.go | 1 + 1 file changed, 1 insertion(+) diff --git a/winlogbeat/magefile.go b/winlogbeat/magefile.go index 69a51805dfb..56146068994 100644 --- a/winlogbeat/magefile.go +++ b/winlogbeat/magefile.go @@ -22,6 +22,7 @@ package main import ( "fmt" + "github.com/magefile/mage/mg" devtools "github.com/elastic/beats/v7/dev-tools/mage"