Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove arch from test audit rules #6783

Merged
merged 2 commits into from
Apr 6, 2018
Merged

Remove arch from test audit rules #6783

merged 2 commits into from
Apr 6, 2018

Conversation

andrewkroh
Copy link
Member

The audit rules in the tests contain "-F arch=b64" which makes them valid only for a few architectures ("aarch64", "x86_64", "ppc"). By removing the filter Auditbeat will automatically use the GOOS architecture in determining how to translate the syscall name to the appropriate syscall number (syscall numbers are architecture specific).

@andrewkroh
Copy link
Member Author

This is related to the patch from https://github.com/linux-on-ibm-z/docs/wiki/Building-Beats.

elastic/go-libaudit#23 should be merged first then I'll update the vendor.json with the actual commit ID.

@ph
Copy link
Contributor

ph commented Apr 5, 2018
edited
Loading

The referenced PR was merged.

@andrewkroh
Copy link
Member Author

This is now updated with the latest go-libaudit release.

@ph
Copy link
Contributor

ph commented Apr 6, 2018
edited
Loading

@andrewkroh make check is failling on CI.

 --------------------------------------------------------------------
 Dependency: github.com/elastic/go-libaudit
-Version: v0.1.0
-Revision: 4a806edf821706e315ef7d4f3b5d0cac6d638b34
+Version: v0.1.1
+Revision: bc9f53eaa23bfe3fbf023ab5ec7523336b4d9b2f
 License type (autodetected): Apache-2.0
 ./vendor/github.com/elastic/go-libaudit/LICENSE:
 --------------------------------------------------------------------
NOTICE.txt: needs update
make: *** [check] Error 1

@andrewkroh
Remove arch from test audit rules
19e6aaf 
The audit rules in the tests contain "-F arch=b64" which makes them valid only for a few architectures ("aarch64", "x86_64", "ppc"). By removing the filter Auditbeat will automatically use the GOOS architecture in determining how to translate the syscall name to the appropriate syscall number (syscall numbers are architecture specific).
@andrewkroh
Update github.com/elastic/go-libaudit/rule
791e9a9
@andrewkroh
Copy link
Member Author

I updated the NOTICE and pushed an update.

@ph
Copy link
Contributor

ph commented Apr 6, 2018

Changes lgtm, wfg

@ruflin ruflin merged commit 1693ebd into elastic:master Apr 6, 2018
@andrewkroh andrewkroh mentioned this pull request Apr 9, 2018
Open
@andrewkroh andrewkroh deleted the bugfix/ab/s390-patch branch April 19, 2018 23:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Auditbeat review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andrewkroh @ph @ruflin