Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow auditbeat setup to run without elevated privileges #7111

Closed
jordansissel opened this issue May 15, 2018 · 2 comments
Closed

Allow auditbeat setup to run without elevated privileges #7111

jordansissel opened this issue May 15, 2018 · 2 comments
Labels
Auditbeat bug Metricbeat Metricbeat

Comments

@jordansissel
Copy link
Contributor

Tested on Auditbeat 6.2.4 (docker.elastic.co/beats/auditbeat:6.2.4).

Running auditbeat setup --dashboards results in:

Exiting: 1 error: 1 error: failed to create audit client: failed to get audit status: operation not permitted

Proposal: Have auditbeat setup skip creation of the audit client because it probably doesn't need it.
@andrewkroh
Copy link
Member

I found that there is an InSetupCmd flag that gets set during setup. I think it would be sufficient to modify metricbeat to basically be a no-op during setup. This would stop any initialization of metricsets when setup runs.

We might want to move the return to just after the config validation, but before instantiating the metricsets.

@ruflin @exekias @jsoriano Do you foresee any side-effects for doing this?

diff --git a/metricbeat/beater/metricbeat.go b/metricbeat/beater/metricbeat.go
index f0d26263a..168797573 100644
--- a/metricbeat/beater/metricbeat.go
+++ b/metricbeat/beater/metricbeat.go
@@ -77,6 +77,10 @@ func DefaultCreator() beat.Creator {
 
 // newMetricbeat creates and returns a new Metricbeat instance.
 func newMetricbeat(b *beat.Beat, c *common.Config, options ...Option) (*Metricbeat, error) {
+       if b.InSetupCmd {
+               return nil, nil
+       }
+
        // List all registered modules and metricsets.
        logp.Debug("modules", "%s", mb.Registry.String())

@exekias
Copy link
Contributor

exekias commented May 15, 2018

uhm, that could do the trick, I think in the past some things (like template loading) were configured here, but that doesn't seem to be the case anymore.

also sorry, I think I introduced this 🙈

andrewkroh added a commit to andrewkroh/beats that referenced this issue May 15, 2018
@andrewkroh
Don't instantiate MetricSets with the setup command
0de2a4f 
This will allow `auditbeat setup` to run without requiring elevated privileges
to create the audit socket.

Fixes elastic#7111
@andrewkroh andrewkroh mentioned this issue May 15, 2018
Merged
ruflin pushed a commit that referenced this issue May 16, 2018
@andrewkroh @ruflin
Don't instantiate MetricSets with the setup command (#7112)
a769619 
This will allow `auditbeat setup` to run without requiring elevated privileges
to create the audit socket.

Fixes #7111
stevea78 pushed a commit to stevea78/beats that referenced this issue May 20, 2018
@andrewkroh @stevea78
Don't instantiate MetricSets with the setup command (elastic#7112)
67ed5c8 
This will allow `auditbeat setup` to run without requiring elevated privileges
to create the audit socket.

Fixes elastic#7111
stevea78 pushed a commit to stevea78/beats that referenced this issue May 20, 2018
@andrewkroh @stevea78
Don't instantiate MetricSets with the setup command (elastic#7112)
ac60067 
This will allow `auditbeat setup` to run without requiring elevated privileges
to create the audit socket.

Fixes elastic#7111
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Auditbeat bug Metricbeat Metricbeat
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jordansissel @exekias @andrewkroh