From 70827e1da794b3ec36d8aa9973c9669f924a40ad Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Tue, 15 Oct 2024 11:15:44 -0400 Subject: [PATCH] [8.15](backport #40130) Osquerybeat: Disable allow_unsafe osquery configuration (#41238) * Osquerybeat: Disable allow_unsafe osquery configuration (#40130) * Osquerybeat: Disable allow_unsafe osquery configuration * Make linter happier * Added changelog * Make linter happier (cherry picked from commit fec980b98f1092eeb9fff1e9f30ea10eac32e334) * Fix CHANGELOG.next.asciidoc --------- Co-authored-by: Aleksandr Maus --- CHANGELOG.next.asciidoc | 1 + x-pack/osquerybeat/internal/osqd/osqueryd_windows.go | 8 +++----- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index f794c8ab9024..875fb39d7be3 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -37,6 +37,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] *Osquerybeat* +- Disable allow_unsafe osquery configuration. {pull}40130[40130] *Packetbeat* diff --git a/x-pack/osquerybeat/internal/osqd/osqueryd_windows.go b/x-pack/osquerybeat/internal/osqd/osqueryd_windows.go index e51496eccf60..0d14c417cbf3 100644 --- a/x-pack/osquerybeat/internal/osqd/osqueryd_windows.go +++ b/x-pack/osquerybeat/internal/osqd/osqueryd_windows.go @@ -28,9 +28,7 @@ func SocketPath(dir string) string { } func platformArgs() map[string]interface{} { - return map[string]interface{}{ - "allow_unsafe": true, - } + return nil } func setpgid() *syscall.SysProcAttr { @@ -41,6 +39,6 @@ func setpgid() *syscall.SysProcAttr { // For clean process tree kill func killProcessGroup(cmd *exec.Cmd) error { // https://github.com/golang/dep/pull/857 - exec.Command("taskkill", "/F", "/T", "/PID", fmt.Sprint(cmd.Process.Pid)).Run() - return nil + //nolint:gosec // works as expected + return exec.Command("taskkill", "/F", "/T", "/PID", fmt.Sprint(cmd.Process.Pid)).Run() }