[Auditbeat] Fix formatting of config files on macOS and Windows (elas…

…tic#12148)

Fixes formatting of auditbeat.yml and auditbeat.reference.yml across platforms.

CHANGELOG.next.asciidoc

@@ -82,6 +82,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Process dataset: Fixed a memory leak under Windows. {pull}12100[12100]
 - Login dataset: Fix re-read of utmp files. {pull}12028[12028]
 - Package dataset: Fixed a crash inside librpm after Auditbeat has been running for a while. {issue}12147[12147] {pull}12168[12168]
+- Fix formatting of config files on macOS and Windows. {pull}12148[12148]
 
 *Filebeat*
 

auditbeat/docs/modules/auditd.asciidoc

@@ -298,5 +298,6 @@ auditbeat.modules:
     #-a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EACCES -k access
     #-a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EPERM -k access
 
+
 ----
 

auditbeat/module/auditd/_meta/config.yml.tmpl

@@ -41,4 +41,5 @@
     ## Unauthorized access attempts.
     #-a always,exit -F arch=b{{call .ArchBits .GOARCH}} -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EACCES -k access
     #-a always,exit -F arch=b{{call .ArchBits .GOARCH}} -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EPERM -k access
+
 {{ end }}

auditbeat/module/file_integrity/_meta/config.yml.tmpl

@@ -1,43 +1,44 @@
-{{ if .Reference -}}
+{{- if .Reference -}}
 # The file integrity module sends events when files are changed (created,
 # updated, deleted). The events contain file metadata and hashes.
 {{ end -}}
 - module: file_integrity
-  {{ if eq .GOOS "darwin" -}}
+  {{- if eq .GOOS "darwin" }}
   paths:
   - /bin
   - /usr/bin
   - /usr/local/bin
   - /sbin
   - /usr/sbin
   - /usr/local/sbin
-  {{ else if eq .GOOS "windows" -}}
+{{ else if eq .GOOS "windows" }}
   paths:
   - C:/windows
   - C:/windows/system32
   - C:/Program Files
   - C:/Program Files (x86)
-  {{ else -}}
+{{ else }}
   paths:
   - /bin
   - /usr/bin
   - /sbin
   - /usr/sbin
   - /etc
-  {{- end }}
-{{ if .Reference }}
+{{ end -}}
+
+{{- if .Reference }}
   # List of regular expressions to filter out notifications for unwanted files.
   # Wrap in single quotes to workaround YAML escaping rules. By default no files
   # are ignored.
-  {{ if eq .GOOS "darwin" -}}
+  {{- if eq .GOOS "darwin" }}
   exclude_files:
   - '\.DS_Store$'
   - '\.swp$'
-  {{ else if eq .GOOS "windows" -}}
+  {{- else if eq .GOOS "windows" }}
   exclude_files:
   - '(?i)\.lnk$'
   - '(?i)\.swp$'
-  {{ else -}}
+  {{- else }}
   exclude_files:
   - '(?i)\.sw[nop]$'
   - '~$'
@@ -46,10 +47,10 @@
 
   # List of regular expressions used to explicitly include files. When configured,
   # Auditbeat will ignore files unless they match a pattern.
-  {{ if eq .GOOS "windows" -}}
+  {{- if eq .GOOS "windows" }}
   #include_files:
   #- '\\\.ssh($|\\)'
-  {{ else -}}
+  {{- else }}
   #include_files:
   #- '/\.ssh($|/)'
   {{- end }}

x-pack/auditbeat/module/system/_meta/config.yml.tmpl

@@ -7,14 +7,14 @@
 - module: system
   datasets:
     - host    # General host information, e.g. uptime, IPs
-    {{ if eq .GOOS "linux" -}}
+    {{- if eq .GOOS "linux" }}
     - login   # User logins, logouts, and system boots.
-    {{- end }}
-    {{ if ne .GOOS "windows" -}}
+    {{- end -}}
+    {{- if ne .GOOS "windows" }}
     - package # Installed, updated, and removed packages
     {{- end }}
     - process # Started and stopped processes
-    {{ if eq .GOOS "linux" -}}
+    {{- if eq .GOOS "linux" }}
     - socket  # Opened and closed sockets
     - user    # User information
     {{- end }}
@@ -28,11 +28,11 @@
 
   # The state.period can be overridden for any dataset.
   # host.state.period: 12h
-  {{ if ne .GOOS "windows" -}}
+  {{- if ne .GOOS "windows" }}
   # package.state.period: 12h
   {{- end }}
   # process.state.period: 12h
-  {{ if eq .GOOS "linux" -}}
+  {{- if eq .GOOS "linux" }}
   # socket.state.period: 12h
   # user.state.period: 12h
   {{- end }}