From 8e39a5f931c122835b579af473c8f04aed37d319 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Wed, 19 Aug 2020 12:56:00 -0500 Subject: [PATCH 1/3] upgrade to go-libaudit 2.0.2 - changes network.direction to use ECS recommended values of inbound & outbound Closes #12445 --- CHANGELOG.next.asciidoc | 1 + auditbeat/module/auditd/_meta/accept.json | 4 ++-- auditbeat/module/auditd/_meta/data.json | 4 ++-- go.mod | 2 +- go.sum | 2 ++ 5 files changed, 8 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 8d6c64689ff..c33b5e052aa 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -24,6 +24,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - File integrity dataset (macOS): Replace unnecessary `file.origin.raw` (type keyword) with `file.origin.text` (type `text`). {issue}12423[12423] {pull}15630[15630] - Change event.kind=error to event.kind=event to comply with ECS. {issue}18870[18870] {pull}20685[20685] +- Change network.direction values to ECS recommended values (inbound, outbound). {issue}12445[12445] {pull}20695[20695] *Filebeat* diff --git a/auditbeat/module/auditd/_meta/accept.json b/auditbeat/module/auditd/_meta/accept.json index 7d300556af3..2ec04e0226c 100644 --- a/auditbeat/module/auditd/_meta/accept.json +++ b/auditbeat/module/auditd/_meta/accept.json @@ -38,7 +38,7 @@ "module": "auditd" }, "network": { - "direction": "incoming" + "direction": "inbound" }, "process": { "executable": "/usr/sbin/sshd", @@ -92,4 +92,4 @@ "name": "root" } } -} \ No newline at end of file +} diff --git a/auditbeat/module/auditd/_meta/data.json b/auditbeat/module/auditd/_meta/data.json index 7dccb3a6e1b..906fef698ed 100644 --- a/auditbeat/module/auditd/_meta/data.json +++ b/auditbeat/module/auditd/_meta/data.json @@ -36,7 +36,7 @@ ] }, "network": { - "direction": "incoming" + "direction": "inbound" }, "process": { "executable": "/usr/sbin/sshd", @@ -55,4 +55,4 @@ "id": "0", "name": "root" } -} \ No newline at end of file +} diff --git a/go.mod b/go.mod index 2965a0c704e..aedfd88ebcc 100644 --- a/go.mod +++ b/go.mod @@ -60,7 +60,7 @@ require ( github.com/elastic/ecs v1.5.0 github.com/elastic/elastic-agent-client/v7 v7.0.0-20200709172729-d43b7ad5833a github.com/elastic/go-concert v0.0.4 - github.com/elastic/go-libaudit/v2 v2.0.1 + github.com/elastic/go-libaudit/v2 v2.0.2 github.com/elastic/go-licenser v0.3.1 github.com/elastic/go-lookslike v0.3.0 github.com/elastic/go-lumber v0.1.0 diff --git a/go.sum b/go.sum index 4818b113c54..62b8cc7aeb4 100644 --- a/go.sum +++ b/go.sum @@ -234,6 +234,8 @@ github.com/elastic/go-concert v0.0.4 h1:pzgYCmJ/xMJsW8PSk33inAWZ065hrwSeP79TpwAb github.com/elastic/go-concert v0.0.4/go.mod h1:9MtFarjXroUgmm0m6HY3NSe1XiKhdktiNRRj9hWvIaM= github.com/elastic/go-libaudit/v2 v2.0.1 h1:5xcgkgNTIUA6XO6C3Q6P7TZlnDgxrZUWmO2NG3enBXQ= github.com/elastic/go-libaudit/v2 v2.0.1/go.mod h1:u100Al3gXDlDelEutZ0CZ6BMM+LsRFqdi7kzdrn6g7o= +github.com/elastic/go-libaudit/v2 v2.0.2 h1:g83cmsDT0V4Aa6WuuGI9L6WC4fpo2zZjLwOlqBkSna4= +github.com/elastic/go-libaudit/v2 v2.0.2/go.mod h1:MM/l/4xV7ilcl+cIblL8Zn448J7RZaDwgNLE4gNKYPg= github.com/elastic/go-licenser v0.3.1 h1:RmRukU/JUmts+rpexAw0Fvt2ly7VVu6mw8z4HrEzObU= github.com/elastic/go-licenser v0.3.1/go.mod h1:D8eNQk70FOCVBl3smCGQt/lv7meBeQno2eI1S5apiHQ= github.com/elastic/go-lookslike v0.3.0 h1:HDI/DQ65V85ZqM7D/sbxcK2wFFnh3+7iFvBk2v2FTHs= From 7b4200602392352a34c71fc04efe6d544bc1a001 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Wed, 19 Aug 2020 13:52:57 -0500 Subject: [PATCH 2/3] fix go.sum --- NOTICE.txt | 4 ++-- go.sum | 2 -- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/NOTICE.txt b/NOTICE.txt index d7403a9dd9c..2178ed74712 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -6147,11 +6147,11 @@ Contents of probable licence file $GOMODCACHE/github.com/elastic/go-concert@v0.0 -------------------------------------------------------------------------------- Dependency : github.com/elastic/go-libaudit/v2 -Version: v2.0.1 +Version: v2.0.2 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/go-libaudit/v2@v2.0.1/LICENSE.txt: +Contents of probable licence file $GOMODCACHE/github.com/elastic/go-libaudit/v2@v2.0.2/LICENSE.txt: Apache License diff --git a/go.sum b/go.sum index 62b8cc7aeb4..79f809ec994 100644 --- a/go.sum +++ b/go.sum @@ -232,8 +232,6 @@ github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270 h1:cWPqxlPtir4RoQ github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270/go.mod h1:Msl1pdboCbArMF/nSCDUXgQuWTeoMmE/z8607X+k7ng= github.com/elastic/go-concert v0.0.4 h1:pzgYCmJ/xMJsW8PSk33inAWZ065hrwSeP79TpwAbsLE= github.com/elastic/go-concert v0.0.4/go.mod h1:9MtFarjXroUgmm0m6HY3NSe1XiKhdktiNRRj9hWvIaM= -github.com/elastic/go-libaudit/v2 v2.0.1 h1:5xcgkgNTIUA6XO6C3Q6P7TZlnDgxrZUWmO2NG3enBXQ= -github.com/elastic/go-libaudit/v2 v2.0.1/go.mod h1:u100Al3gXDlDelEutZ0CZ6BMM+LsRFqdi7kzdrn6g7o= github.com/elastic/go-libaudit/v2 v2.0.2 h1:g83cmsDT0V4Aa6WuuGI9L6WC4fpo2zZjLwOlqBkSna4= github.com/elastic/go-libaudit/v2 v2.0.2/go.mod h1:MM/l/4xV7ilcl+cIblL8Zn448J7RZaDwgNLE4gNKYPg= github.com/elastic/go-licenser v0.3.1 h1:RmRukU/JUmts+rpexAw0Fvt2ly7VVu6mw8z4HrEzObU= From 4dc202e52ebbc0af014688826fe2ef7d52298bd4 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Wed, 19 Aug 2020 17:03:27 -0500 Subject: [PATCH 3/3] fix NOTICE.txt and go.sum --- NOTICE.txt | 31 ------------------------------- go.sum | 1 - 2 files changed, 32 deletions(-) diff --git a/NOTICE.txt b/NOTICE.txt index 2178ed74712..894608f446e 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -19595,37 +19595,6 @@ SOFTWARE. --------------------------------------------------------------------------------- -Dependency : github.com/Sirupsen/logrus -Version: v1.0.1-0.20170608221441-85b1699d5056 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/!sirupsen/logrus@v1.0.1-0.20170608221441-85b1699d5056/LICENSE: - -The MIT License (MIT) - -Copyright (c) 2014 Simon Eskildsen - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. - - -------------------------------------------------------------------------------- Dependency : github.com/akavel/rsrc Version: v0.8.0 diff --git a/go.sum b/go.sum index 79f809ec994..8116d7b74be 100644 --- a/go.sum +++ b/go.sum @@ -87,7 +87,6 @@ github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbt github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/Shopify/toxiproxy v2.1.4+incompatible h1:TKdv8HiTLgE5wdJuEML90aBgNWsokNbMijUGhmcoBJc= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= -github.com/Sirupsen/logrus v1.0.1-0.20170608221441-85b1699d5056/go.mod h1:rmk17hk6i8ZSAJkSDa7nOxamrG+SP4P0mm+DAvExv4U= github.com/StackExchange/wmi v0.0.0-20170221213301-9f32b5905fd6 h1:2Gl9Tray0NEjP9KC0FjdGWlszbmTIsBP3JYzgyFdL4E= github.com/StackExchange/wmi v0.0.0-20170221213301-9f32b5905fd6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= github.com/adriansr/fsnotify v0.0.0-20180417234312-c9bbe1f46f1d h1:g0M6kedfjDpyAAuxqBvJzMNjFzlrQ7Av6LCDFqWierk=