From 7de7468fc3521d3724747d1b2fd636eecbfccf65 Mon Sep 17 00:00:00 2001 From: Michal Pristas Date: Tue, 18 Oct 2022 08:56:05 +0200 Subject: [PATCH 1/6] check for admin rights in groups --- .../agent/control/server/listener_windows.go | 33 +++++++++++++++++-- internal/pkg/agent/program/supported.go | 2 +- 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/internal/pkg/agent/control/server/listener_windows.go b/internal/pkg/agent/control/server/listener_windows.go index 69d211502ea..0e179c619c2 100644 --- a/internal/pkg/agent/control/server/listener_windows.go +++ b/internal/pkg/agent/control/server/listener_windows.go @@ -10,6 +10,7 @@ package server import ( "net" "os/user" + "strings" "github.com/pkg/errors" @@ -18,6 +19,11 @@ import ( "github.com/elastic/elastic-agent/pkg/core/logger" ) +const ( + NTAUTHORITY_SYSTEM = "S-1-5-18" + ADMINISTRATORS_GROUP = "S-1-5-32-544" +) + // createListener creates a named pipe listener on Windows func createListener(_ *logger.Logger) (net.Listener, error) { sd, err := securityDescriptor() @@ -42,11 +48,34 @@ func securityDescriptor() (string, error) { // String definition: https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings // Give generic read/write access to the specified user. descriptor := "D:P(A;;GA;;;" + u.Uid + ")" - if u.Username == "NT AUTHORITY\\SYSTEM" { + + if isAdmin, err := isWindowsAdmin(u); err != nil { + return "", err + } else if isAdmin { // running as SYSTEM, include Administrators group so Administrators can talk over // the named pipe to the running Elastic Agent system process // https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems - descriptor += "(A;;GA;;;S-1-5-32-544)" // Administrators group + descriptor += "(A;;GA;;;" + ADMINISTRATORS_GROUP + ")" } return descriptor, nil } + +func isWindowsAdmin(u *user.User) (bool, error) { + if u.Username == "NT AUTHORITY\\SYSTEM" { + return true, nil + } + + groups, err := u.GroupIds() + if err != nil { + return false, errors.Wrap(err, "failed to get current user groups") + } + + for _, groupSid := range groups { + if strings.EqualFold(groupSid, NTAUTHORITY_SYSTEM) || + strings.EqualFold(groupSid, ADMINISTRATORS_GROUP) { + return true, nil + } + } + + return false, nil +} diff --git a/internal/pkg/agent/program/supported.go b/internal/pkg/agent/program/supported.go index 52685137b97..1e862c8bc8b 100644 --- a/internal/pkg/agent/program/supported.go +++ b/internal/pkg/agent/program/supported.go @@ -27,7 +27,7 @@ func init() { // internal/spec/metricbeat.yml // internal/spec/osquerybeat.yml // internal/spec/packetbeat.yml - unpacked := packer.MustUnpack("eJzce1mTo0h39v33M+b2s/2ylGoaR7wXgmo2qagRapGQd2SmCiQlSFMCSeDwf3dksggQqqVnPB77oiK6U5DLybM85zmH//hlk2brtzSk/zge1vgf4SH51+P67bR++7ciob/8+y8o0TP4Yx8tPNWZew7FKaQ4OmwRWDxahn5GS7GEvi1B35oFvi2EAMaBPPpbist9BM77yNKszF1aR0uzswBMYih5GQQTYZ54eQDsIwQLhZi2CJfWUdtMI2sj6tbmHFkJ2fqySnHiUJQuFNvM1NV38Yfr2cD17FdXUMxFub88P6mKFR2IlngP2FAKYng7XxIpMe1DID8/WvpxZmnTTeCr2dyvz7SxjhoVZjj1jtB/fmTrzpfqFsnqxJfdky9dDlhe8HFLm0aWQQUIhEfLgEcIPKEdN93Ty0Y9oFQVifk842PaNELS5DWQlBwml0Mln8kJyVP2e2YZYoyf9u2z2NCF8GkfweRCob+4jnf21ozNl2oBgXgiifcaSt7kJdq3v1V/6hv0d+w+toHklVhUYmxQ/uxPzWPatJIpzeG5+4wQ4cTLkAypL2V0/eN6nuaPz7tR2X3nZLrn78CEPviyI+DEi9GPfbSWhVom8IBMl2KqSAG4iL1zmw5FhrclhlKMybpeR1j7Kr2+A2NkehSXvX1lXE8X7V6OxPCK69nVEoILDWT3hNMbud+sW82niMRUxep8V9l07jKzDJqHibclurKHQN9B3y5fNuqvr4uDHBpe/rJRjxBMUmJEe9vM6nUcZbac/n/raRoFYLKzjDjGQkbXy2i3luo1TeFoaYQiQy+JQbdY8mKcOHu7OEe2bFNo0NIuzmwPaSjpSSh9T+faNEWGkmLZjbEUpbPF/p+//MvQK+Rkk6F1mA2dgu/tQt/dQKALWuJk8GkfBb0xvYAdg5uD582cG971mXniHQPfEULwnAWAMMPO10A8Wptz9c5qxd/BkicQf5qH4JJ1HQVM9COWVpv5tOdYSui7ItYmAgTiGRm6AJcTihJ9gwxv9xtgyuDQ4RoI6DnfA/ByonWe992CgJs1jkgiaQgm6Ty5UJJ4x9+AS4PUS4fzQsl5xYZXBEzxn4TdWtA99ztdLXae6umK+UMgTy/b7+dnUxiuERPgHohh08Bf5JUDoek8EU/Q5M4gh2ASB0y5nsQkAJcSLq2ZvzjEOHUPMNG3hN1J4sXEfD717ia1Kb/01H1lzgnJnoBNT/AlZx+AScrulzvhxb7jFMcNVts8RwtwOVrfdREaVODrabWBaJUh4kLdQEAOaKPKoe/uLY1UZ9O+pfNoP2LwziuRqBDqSgEBoWtzWhtg44jcCTZWlfGZNn3ZTFM/qdafFw9vdu2csOQdIXAEJFuPzPDYGfF5P7MKVYWGW1oaOaDEpeunfcQNoRB/hYYuBJ5SEtOmARBy/n/focQUsrXkxsTQX7HsFhDo2TyZxAh4JTb0LfSFlAUAy/DiQIqiEEzOxF/kTG4hmPzO9uFLNIeG99A4GWLSM5M1X7u7L9OVUaHG0HBfYUIp4mNqgSSHYtlhDok5oRNKVhFMlMIyPKkKonx/JfQXtaNQcrhUEyRbbO5d4Ltxe3/LCf8/s625dvMbv7e5psYoWURDmXAf4DvnADi0ur/WqdXPiK/YtE886EhK61RvAyHNseQVRFdimLoU35fLE5ImEvRtoblHIAp5cw9YzAgbJ8a3Wu5uyX7nOuvHAma2oCvH0Od3wPxC2eypCbjNe7WeHYjhZS8btTlPMy6gsvMsP3sngJtqTIyoq2tjwXtrfa9+r/TYKy0DnvBGVTv2zuw2DcFDxO1Am6aV/S5OdvEQuT6kOKVCyAIx0xMmu40qhIbO5FO265hcPgIEiyjwnyNixNQyav+xVPMAiOz+mqDG5JRj6RITw7tjf32Qwu9p0Ql2N7YY5bNil3bf5fM+7SP76fusAx74XnrAw4AFkoS+rWvXO0BA2RFwoR2ZJpbxPWrtVVMPuFBLbHjbEMADl4Gk5CTxCuaXallxnbGlxm5cFoyRzQGeSOziod0jAvob9JQYp3bcBzitrrT21Duv8e3RMq7z179lTFYIKBL0FO7Tuu/UIGY432feaePWV9dpbX+x/xgUGhzkcXmyew6Bkrf3oNsU+94BJ6soYHHBcE4ogQdYqAIq1C2SRGqZ7h4nigilqNLJ73rK/JelxTkq1COSnBhpahKCC8XFLv/CWaq4oisF0w1fggdkeLWd3gOVHaC3vfEDNYCubaaWDUn0IwFe2ZEJA5Nc5+G0O8bXfw0BwyKkCH23A7yFCMu0ZLqjRfut9V3fQfM5IiY5WYa+g7qShMA7srGuL8UFB5qNX48a3BSCUZ/fAkJfqmQ8T+huro2Mp04e+GoZGoow/jvzOc4BSQ+DmFb9zmNb8u3RMjOlkrdzwmZzR2qCEyW7AexVwtTFOTM299AfwNQ+MbzRx459H1vZWYuNZjVe6YH6Kx6w27ubL/vrt/ZeY6JW95jO+/xdWt1XHfM0tQXyjT+p/GwNzDWm85MkBETEic5tZRAzB4nAfkakmKIti39eDmV3P9PcX/tnb875hxIDngzghM37zJOBLyUGmO5zMpYYSJcTAYPEoDc2SAz+ViD/QD4PjgdAu3vG6MAdUJ1xckewbsGRUBnJps4kkwNzPsxJ7KAfdTJdHvgeLeNygjJT6P7zDfjx5Q4w3O7fYR3GwZZVg3SWeSKJMGfJgSgyzr27bEDNFbTYFEo0t0xyIEYU2ZJzRLK3qxIAnNf7ZU5cgL792jhNX2bPx6848VLox+dOxn0L7pnRJqtHSyPrrnznm336ESMwlFflKLmcEwYgquSlu0drlGW4ZQ36jufGYUR/SSYf2VIWwySLq38zHXEY8NnbxW52Y6zrlBz2m3Roqy6Y7LChHFC6iFaStyW+fSDmbhZI4q4CE+4ZSTQnmlhC4Ig4ocJ6oPfwOkcGDU/SUs6qHQJp9Wg9BfLLUzQLgMMdHwsS3JbkSodeuCP0cmiqJxYkteRygqJyDnx3X8mdgRNbDsHDo6VZpx8G3eBEL9ZLRW/kMxeu78+5DFw6Z/IolM7+hd/nbO7CYnMeQzARWdJnbZQTNhcnF1xiLLuHoFD06ztKSbhfUY5IwqfuOWebCRvbMH0hPKlTZFzuI2v3/OjrlwVOlBQnemZ9rwCIr1/a/fJ/N2voF8x8DTE87DM7Fy94dJ3E2UPgvHH5yW6MjPNjndzQQFQ4UBomNFbSkYvv0ED2OACx6udqVrYNeBYL8AlN1kvrOrYRMhYIrDZYTjdYdlmwKpoxYtAMAkVkuvBcTmfYUEqis/07AgOA9R0/QOCwZPYIfwySJc0e17NmH0YVL9pArNnt3N19zZdieyf1cyUxXIpTqzNmZXPfO0PZjqGxGozbFEuKiBOH4qIjgzty7D8/eQz96aZJEkMgUuYPXjZT6flpOsOmTX3Zy0MwYTp1RE/72Xyp0rXhbSuQumqAEtf9l81009UDfLXNZo0YJ6QPQDVbREmrH5su0Bze47h8Rvb9IflzBVm+PGBZ32Nq6wSim0AOQTWTT6sXUy6vm1hyC+ysm+R7PDFSh8xyxpJlAlb8TAjo56E99Rh50xaR0dvrh8kSj72JV/SSke2trLo22a8CCIPk5JZx5vvw4QFL9ISicSBZzekO4tCFooQIocbiUC0/WThYTw/Rc00ChYZeLiVvwuZoYt3rksWehsR1Sgj0IpCiEQB5YCCY4Z+Y2RHzlShRBIutJ9siSt0DAqs88O1taArRbz+EyJb0Av0IBLuo1rfNrCBgwnV0nsAYAXpc+/WzPC7GDHdU59HcX3Hq5dw3LSdZAA4nnNbPljidLae3MfJ1Q9cjeNZlPgtUyUEdF7m/5ThneqjscKOiXrUqdSgxvfM8oUf0CVzaYF+WDGLjEhNjNUbuDipiYowSlnyJPAHsPC/g1LvFvoaSMrwGi8kR+pCiJ3EHgS3C4sNKm7FcXfRPENZXuWiTOunBeUPU4GJEDrxSpxfEoAnDCC8bleM7XChdGRfQZ3HdFnyJYYha53VlGxp6DhnOqG33I391H2/fYOC/gtS0a5K88WsHlOAIJR7lRIDxjdncGRtezrF2ohRwqcYo3UVIdvfQtxqSmeUjMUqdBMl2FvjugdnanCWpukPhUt0T0z3jcn+aSxx7i8GG3Y9wglfc0+LNOagTfomWWPYoLr4Jz1uc/zf7+pjIz1mN8eXAd7fhtP8bLp9bPxj4BxEnq4zrceruCbjG63qOBMksbtuTq690Tih1mf9p72S+VHdIct6gf32/mnNx4ljlSoZRkng1JnQPKLoZF4KqotubgwD3fF2/woJ1Dnh9VnLOc18Vg9QRg+u8/M58qYON23ligZjq71hSrsSYcTgR384DcNl1CAueH1z/fzk1Vdv5Uq0wraFsQ8kres8USgGBe8CiUiJDkZm+Dn4v177D3r+SJcy39OV1JEDcQN/+PQDO2/V98ULMDsmSeAJMLidy3dfpuQzEmuzuEsS70L/eP8OgIXiYdYm03j5Nd4uv+iNC83o3BEwO6+tvcgg4xr4b9weEYDevr/VNOa89JUbG5ZUYyisyaEme9jeEdVus6OaNBvNnnCA9hpX/y5GknLvEJvTjLfRV9huy0tqf+VUxtfX5Gve/Z5woW+g7JZLt0qLCcI8CEqsiSB+f1N0M/QLTz+6fYXOKU/c1SLykJssq4raKp7MeuW+MkXgN/mjPOvuZQs5wv6HvUhYHhuO9Nc8cZ2aBPx3g8SFxeYP/OsWT1eeKJYYYY1OlXc6mGr+cYJ0TdG32qg8d/1THk+56ljbwVdv9wF6adeqioexuMduf4ZzvzMPs59EyvR2e9vfC1p5L7imQMnaOaOBPmnm4r6ls2HnFzD+z/JzpVM+uO+e/+phHy3Qm7J2O7/oQaxPfoS1OmH7+vUGhs+t/7nS3NAWCdwrDXyio3C0+/8X5z59I7ndwXPcM1m3xJe3spYqVFZd6P9d5gz4tGeaAi30f2xleDA2P5VJVnpqSPQQPj/0857pGW0z4gzlPS6bzPZK3AMC3YImPlkY4riSGXoYaPmjRP28J9Ve6XmfjHXhulQdGqyaHrHn1Oj/M2tzyyq1v5kux6rbSxAxJLmXxoN+lV3WvtV1wn+Gso3631A0O/EAX73G8IwW1bv6bdXLnP2d9o60vfLiHphHm3QJkbb9XDrjaZ7MXZj8sztzhlyNQqAkyPEq0SdM1mTdzXZukWl2L/DaOtPHpRHyX5QINp93YFS8+olH58IITavUgbbohJ2cksVxmx4uKI2s1dp4/a+2zV769jv/Q8JLA947EHO/eu+XVb/axR7IjDDrvbuTEOxLHO+7yRm+YfTN9QYl+9GX1hNPFR2uXWDrfdGU22GK+neZDnexix46sqv22+xvix46/6/JBnb+xomX/T2iKwDfv1vnCCcutXnSwzf2Glbv7fKcA/1H8/TiWTrvxarQp4Q/NsZzwojKW1TiQVj91rnfi88/s79pcFP1UF+pAt6ZjHGHz7NA/fDVWcvt4Xe6i3zbTs2XoOdT+7PrWSN0qXodvY92nS8OLcdovMoe9sU4g/GyB+ScIua+0s3+qe/QmSNs0YA5Hiikb/3lCrC50+nELUutug/GAKiq8U9OXbQol76Hboj7eYm3Tl426xjJztDHlF1t8y2fnEUUedNm8B2zf787pGGZzN1dHe9s63iRqqUc/Uxy+55jvO+SPja/vmDsdJaNG9zcApck6e9vgEQv8ATwBJ3Rba2T9UUj9oYVU0+XjH340rRsHZAgf09wNlZ66FPnqkZd3P24P+eLHJSzlJgeU4BzxtPisQMPbEICH86aBqJyhb2/ZvL8t3V9/rLzVakefPkGPZ9B3ixA4dcrR9MVNGDzndMLYubS7HqEva5x47CYLoisnRJVa49zXQIpjlBBmnZXmpy11cact5RP9yvXd13TJ51pS3qOKABRaCrZte2k/2nm3J2xAz/X6cztUzwe0jjPs8/1b0XwhWPzvovsM74GYdsx0gstJV3iP7LVcMICdHaqvv8fB+OADq9GSxL3INVKG4K1F+kM+K5TGNkt7+v63A//TZeiP6Oi6FMT95P1Wq84d3PZXF8zG/U30j9XThUf53zYPb7PlrYyqeXj716OluV1EcEv5aj2qqI8ehv2bV8osC0BGfUkvcKJPRvW49RMDGF7pSrvnL/Zed95bfIEGHNIKX6cOf7pvu/M9xx+YYyRF+sQZTK+EntJJMf5UCrEXN98vJ/RiYj4WG9py9PkrdGQ/1jZyebdHuCeDmAbApWzO6vyjLYIDfPA36PHdH3/P12/FGPyTnQsBXrHud0acsKyL0Lcnw+6IL3RGfB36faXD91MdEfbPdwHXn9uhoXze7YBUSux7FKe72c91+jXv06pT97MdfqZ7QMA7EX/xaD19P3e7lu8ki92uiObTuQFsa7qVO+rfuBdP6UCW1uQYXOXdIsigXIYh4Owecx0JC+33OzT+wCcdvU8IhywyM+36/gaVhfEu4k9/ajD4bvgv7xr+4Pvf2y6tftcVSypjxdK+K5aGy5enIB1NGg8h3q3HaJuVoW9DyRN6SaPJgk1Gmw8w2qSxwJlbpakfJIzsmZtn3/0ugEulEPWqd/r9Pqr+s3cTxfTeh7e4f+afp27+IEXSrz/fpUfOAXDe4AhP+H+sf/6jL+Fnv/zn//uvAAAA//8jBKIe") + unpacked := packer.MustUnpack("eJzcXFt3o7iWfp+f0a9zOVzidDNrnQeDCwyxSRknCPSGJBuwBaZjfMGz5r/PkrgYME65qqv79JqHrEpACGlrX7797U39zy9xmq8+0oD+Y5+t8D+CLPnP/erjuPr4ryKhv/z3LyjRc/i2Cxeuas9cm+IUUhwKL74kbl9jNcKGkGPJLUjiFpNFFuHUyWCib8hkF/qems+81jOeleLLLgQn4cXUxvHs/T2eaeMYAf3gA0IRcA9EG1GU6DEy3O1XzykIeI9n4+54KNlrbLiFL7kHMhG2K0FfvLm2/k6h/k6V6ZtAJq+bL6f5VIgni4xMFhldTdUjTh0KdSWHnlMEwL68xiqaLHahqVmdfZjxydaoYGupJSLDvbyG/P25adhHPKVrYihrZNALmexsLR6HpjYOTYMKEAjPpgH3ELhCOS+7pwrosgsDMDoRz7m0rh8RVTZIGiXIoFxeKFGOeFy/S4xwe/6pGhEjHJq/IOBM8aU1VhuHs6VaQCAeSeKuA8kdVXsI2z/8eqxGvmRTLNtr31MzT8rpatEZm5tTiyKgSNBVPqC3fb6+u/5R+XU2DhtKQQx6gKcfnMPQUwhG1f6EECb0yZNtASduhN524UoW+D5nSzUJwFmAnrUmib4noDknPh+W3D0EtoBk89k06AFPXQG31lTtXVh5Km3JUvLBWYTevLc+getya017YrjF8PusS0/W+dD7y+uKSKaqSMb96+0zFpju/M7m9qSI+sChOJ0/m9NcmSwyOTDcw2us7iEYpcQId9Y0z1CqimRqKy/L8b+bk3Hog9HWNKIICzldLcPtSqreOxX2pkYoMvQLMegGS26EE3tnFafQki0KDXqxihOXtyXlEUzyiN+Tzkco24LvsbFbWwv/+c9f/qPvSQ4kztEqyPuOxHO3gefEEOjCZJFtEFiwQxehQQU/cSMmjBtHAebc8P3Ws7PE3fueLQRgnnPnkS4OKyDuufEyQ4hF3YxPoZnalEzd0yyhe7RsORcAIzS16d3xqUORp+59z6GzxD34wNpDsFBgou+xdOuUvteJIUNJoUQPsBjtoQcpmohbCCwRFua+PHgzd5bm3tSs1BeVE/SsDTOMr0vn14Xrflm6jua86++eQL46wvx5/jY+rZc3z0YEOBkxLOp7i4MvKQeY0HSWiEc4dffQmx8gGEV+cqZwIiY+OF/g0iydX6IzQ058YAuvscpljgulPR9zkBTLDnP6aySN1kh2BabonmTvfDBK2XmTqSXChfAyWWQtR3XHsJnhFKqKjFNHT2oDMqfOCBvuxTQsymRnTklGjDC0pFJ/ZgU+TBY7ZkAZmjoUU6UyaHtNJCoEulJAQOhqOm4MfMgR4OT92dTIqtS3xXEW79Pm3h3HMlnsNuYXfQun89Bi52q4T8wwkUQuMy/f+p4TNftdjvjfWHKF9VL8FRq64LvKhUwt6gPhwG3Fs08+sOl6iUNi/BZCoG8CTS2NW3viMrw6hup9tePhcnp/Ng1mqPNGrtBwLubUkVGhRtBw1jChFPFraoHKIHDE6Zw51yNK3kOYKIVpuBLTu1niRMTQL9BbVA5FOcClmiDZtLV4Hvb3wP/2bEq00809MqUnuDxV8/B511h2Cgj0fJaMIgTcCzb0DVz29lnLz1VOOFE20LMv7Bzqs2E6WOr4OfPlRXk+LKjrSgRTh4OQT+QzQdJIgp7V6BsQhUO9LizmhF1nZ1EHc3a/1Df3iUytyJedEhjoSkYMN78GZfXke87uNa7Obzqvr/Nxr7FayUZsAAIxfuvrVw8U3J2zDwg25pe+/cAjjlW1Zcuhn7hpAJ5CbifaOK113yqeQseDFKdUCFhgZ7rDZBmrQmBw27yCmkLl50MMd2saOtO1HVyqOZIcERnvIddrfqY1KHAKH4wuyNAF6Cpy4Dk7jwUeyX3qgB9md4YuBBPmT+gJdgCKWjA/Y4mj0jdpv+1m8T6zOsFW5XO/xuPtvHlWCDH36yLtBmw1wYmS34IDrjfH17jZT1u+iWl8Ca86r2a4UC/YcDcBgBkEi5DpJQOXRGvkxnXJkmq7cjggtTiQFIlVtORkiFEguWvfswq/D54a4NnYZ0dupR5d31E/+zlArMHYzZyfAzkjp6u3XdjElHFH1jmSIeUA8617tpUP7vrIxXc9y4A0ixcZkp6u56JbFHtuhpP30AfnPQPwKIEZLFQBFewZkTIdxYkiQikMiRFR80sJQE0tOqCC+W87QhoHmxQX28P3ya+MS57MEwnmb1nM5f7mUwA7tSky3A0xlGLAvqu5qxhey2nK8IzbSwQYcOVxdNs6pzI+Gu46ACMBAlIEnjPq3J/aIyw7FC26cY1MydE09C3UlSQA7p5dw1Pr6EvuBUtKgQsOauu4ENa4LAB3YgY4R1h2Ml9UIihx3JRBFi9ur19Qop+wFB3J8H3mty8BUA6zUrYZSjLK/HG5BoftNWGJWI0zZkt1g2T1em4GLJAk3CYLpc13cU/5fMH0HIH3xgZgah0Zluni1MH5Kh/iMnus8VA3qWjpQOtM8z5Wrs+5xl4t/fyAHr2w52FzjvQQJO6GaOoOAn3LZFb7Ia77dUKicXtKAkBEnOjCkFwDw42g4bK1NTIlUkTRZhciwz1A2dm9aM6vXVnUuPMPJSdlQnJNUL4/OcF0dyBDyYl0PhLQT07sPZLd7d3kpAL0DMwRb3wIwDl/JGGox3OgYJwjYrwPgfE+oM99MGJKn5eg7PoeDrT5eM54FNBjQrAET1IOXi1UXdkEhn6A0vszC74EvPeB/gYZighbio5Tnig8P5CRX5UDjLbQC5/bLAgLpjUgLpW++0wNtDy5BUY3bYaF7YM78H1QrjVDqU1Z8uEDKEDPbLEltwCvcmR7pKmT1h4rMLcogYU3vwVCLZ2og/KQ8/ZkloxEa5y4KfSiUzsg3GEbauDSlvnhJcatfdwJBA0jVRm0XjlCXclQApmD+XVdGv2fxlj8RezD9xv3KiXZLk77tu2A0RYbSobSRfguuRviWRmZbm0tsXM44aClvp/jzv2OfVCUOCck0QPRxC30fFvjOggzn9nUxJdfJyF7ZkMMekRUKeWhK/zsm+T3+i5bS85HKCoczNeOHhp6QSR6eI3H8Uw4Z35qRTjdHp068BWKfl2HciEMQC+VPZLwsb2Pl3jErsVcD4xzhlKWlI7jmaSciKbotexngnuAU/XIAMGMy9ehMybrQmntV/h9xtZalHZGeNKpyMwXmtv5s6efFzhRUpzoufmFA4yLp5+bd/Df67n0M8YyA5cu9piNimc8vO5sEzAQLbLrtsBA3GsZiOjKcDeexN5zDcB1kmAmrf14NvVll4Mcswn2egHlK8s3W45jBs4DAK9jNCE0YyFHhpJ2rqW2wANfXPsbVQiASFkAfo3Hl/lYeMGGwpPAP3vNARixs98jzbwCBM3MZ+B6TuU160IMh+LUjNvPz5aiiA1S+MCh/X3jxL0gmbPsl869O+uceRbFkiLixKa4GD0H3ji+JrM0h0ARyWQX2pvxabLITjhx1wSM/lQZVXsXEQNhshMh4xR3793I6pEzluaTcac6wOOBFzUxrOV/B8io6/o+ZamrZKqT8N6C/Nw0rjLpg0lP7o9XLxCcWbxlsfWmKlHFqYa8bM7vhmEXWsTeXWIiQYZLG5A67VRTHk3sLtCzJB7bO0mTOSBDqzM3ZDiqnbjexLRB0FxAD2ZYokcU3o1x5b6mQmZOnsK5pkYoWXRAby3X9XIbfo3HJ5NhLk3d+Z49g96WzXEknsPGKDNtnDYJjWxT37M2gYZZbORYiSXggYYzjkel0YVMrYidNfO7KFEEUwu3K5Zgpk6GwPuBPz8Vwq9vQmhJeoHefMEqyjVa07wgYMR1eZbACAG6X3nVWB5zo4houIzZmvMrTt0Dt93lKPdBdsRpNfaC05fleDj+rmO6GsDWDkt+QYUr65jbuVbarqnv/98T+M6Wzp13S1+4ztoRlOnisjvPJ6pys5eEx9EqearJi1GTPA7tq8L/3Uosy12m82NH3t9B3rdyAO7PVnpD5laVqF0bi2Yocejq6g8GsP9fRupaJWHe4PUMJThEiUs5oWH8FgaGfsKGe+BFhUQp4FKNULoNkezsoGe28gMrQqmdINnKfU40jS6z8h1vELyHwdQR8HT+PCuUNPCcHQHmwZeUfCY1hapjY+eFWBEXSoZlm8WEoz0x5dnPIIZKOdTXbmLObKlGRJ7nVV4j+56zCVpEgu+Ry8ybt4nCaJW6BVyKlCTMH0Si3/Kz1TwJklkcskat55i/EnxAD63cLDcN5+hL+fXcmK9m9pMuSv1c3F7HsrMNQJsQrYoSsrPB49vxBDin1jpK8q6Kza3rqS+Pczx1Yyy7LVyk7sjUOXlSJ6527gWpzeND/d4gYbhnFCGjHW/KvKX1LMO0rfscX2+RZH905cOvFxA4GRaVCzIUmfma3jxHLNPL7XXC99q+RoAYQ8/63Qf2R+t6jj2nva8D9JyEvat17Ti/+GJVCOgQwLBF+s+WKsOWWVseA2sTfHncmsPdts+N4cBV+2+JHqrnua9AQL/m000nRJ9Yu8UXvqScVq4SIeM83LVRE+TTygd58869W98zOqLrPkrSz4s20FNZbogYbqzmKTtVaj5H43Gg5d+si0mF1pl/0lnCsJDnUPS265Kt3QIH7zJpilXdezedJixvgJwbqnxejeOmFq3ide0/6mJI39d0ulra7/2xgph9UwBr9tzfU0mgdrgQps++N77JF/r4tstllXqJE/2AJc6/dYsZtZ51/GmlF4DHjOKmq4bZbpW78N9P/fuV33pkjMxyEHrgxcGOffXHORs82YXEsE/9rpq2P3yNVRFOu7praqUvgYayCSSXxZS+P+qMwwnzBfYaM58vnY+Q6Ry/Nh8eX/kBtoeVZ3f93wOFJOLZtOEu/7piUr9Yz4uEWFYjX3r/vkLYvaL4+OfkhjeFtqH8sOZ5/5zCCI83NTfe2dNmIOdMO7bXefaTnKxfyGhjzaaQcc25h3O25l3a6O/RIbWmq1U+3G3plLlr+H7trKxqEWVn2GBXZWHmM1AWL2dAPELjPfYW/L4QABiV8ev2+Yf4/YZvvq+v3+IWhvHpvcJlqR88z9bEDgfw09ZhNLnTI2sRcOrSVt3ibvG38iFVfr+4rrnG7pwXdI53uXiGI+pzSqtzikf1fIdbrkAlrb3VcfVnv/+EJIaBtryY67UaMPqxdrYZH7Ch7ANgjzp1nqpWAw038T13T6Z3ziy97b6suJxD3aE7S6Ijlhd39GVU68uBd6Pe6a5s7Y3Jg3L8risnJFvCN9+f2hc0/oYMGtttZNDBKHd5sgGccl3HbR1n8AwH7lfF41Z3bf++EAaGcqn8eOmL27j7E1z1E7qQRSy5677vfyRmfxJvf3Qtj8T/Pzpn0wD4o3vtYe4frPP1u8nHdcdx73xvYvNtzffBhoDSlpxe7D1TlBAh0FjsrXCG3OVXA0O/LCV3xOao17Feslhb8yv2BQK98KUwfVkILzfxNloFH0MdyUvDjXDaL/pHzLnediQXDal3gZ4jYgYmDGGwcN8iAOuxAgTiiXe7DROZLeJPjFDCjFXkHTSt+Xkg6o5lSQfJUIIPiCcFJwUabkwAHgAAFvWZg5K6+8OJeyGGXhBdYcliTU6vfSmKUELoa1wHwKxj6PcKH8NB+n4X7n1wYLF3r7BMD8SIKAdhxW+Hl9NDrf7/SqDQa90vHS/v1E1+q0nTv+hzgpyuPD4X/Vt/MpCs8o8YD1joG3AFnNBNY43lx0f1hzy15UY4Ia2Peh631Dvjv2WtPar+mxbbG3/far/9wZOou7plLYRHSggiJVMr86Wf9g1AX+6Ptxo9UDL9rI2Il0LfdiGq9OFKNzXpYE0jrdtU2TWVfbSFqClZNB+L1VTkTc/w5+nxEL31bUpT7tORN/CqoQx9cN57snP0pHOG5cXzQL/yDbV2RxYHJCldCslwn3zJPZEJi3xWM0+pV3Rb/tt4x7KtrdMPapFOOUBWR3fXWvcxd79F+ANUbVMmiiGAR5w0FAhd8b5z5pXZOpw1pxrb1EsP5t5QkM1ab86p/7HfcDlevNfrPljC4W1iXvz0MZMqW5bn2we+R/lX0Es/gYZ1P0EJn9Oy/Lsd/Wn3VRz/VvqKp8NLsT02/qLo9caz90x2odWda4AGL3/q/t6BbxD4uSOgbEm3/JL7IKeepBc40fs94vW3H42PGe7dr8/cplf6/TH6sdm31Gtx+Gbf+g3i+RG686dRpY+kRj+buu1Tz704c6/dsvLL25ue8L4NdM5WeqyvHLVxUENjdn1PrYM3PuDbdGwvrl/LgA2VFA8hyh+iYzvv+tv0he/2vx9WH8UQBJXtMwFusep1sKCb600Xy+Od4T/QFf49HeGtsXskkTQAo3SWnClJ3P1X4FA/dVOz/N794Y6Q4aRSuWDPpTilDST3Zd4psa7Uf111WVedJPX4LVd9nyWlUr5uuhonVfj0IuqLCmfwbyCTZh2xrIvQs0alWTQQrkwHOp2bkOKEJqvlYFffeT5+8DPV7/z08vEu988qtXrCIMQNFDaU9GeF+293GnbP68Fq0sMde30X2XE9d9ikn9RpV3ZbFLhKBcmHD+CHv3ysC6/bVacXvhQppvZFMTV8eZ346WSxu3U1WYC3qyE66t3QN4HkCr1k9+QD+wNeP5xvkl2rEPUy/f68T46P6Y/9vEcuZRKbvZf/fqM/rjv2bm8cudubhnv7/kOU1F/4P0PU6x7iRO9ZRYeaan/jMvzRV20NvYA//htbya4MsP/7b/8XAAD//4D+hrs=") SupportedMap = make(map[string]Spec) for f, v := range unpacked { From 66a9985965cf6f608c96310e38fbfe52e951d288 Mon Sep 17 00:00:00 2001 From: Michal Pristas Date: Tue, 18 Oct 2022 09:00:13 +0200 Subject: [PATCH 2/6] line ending --- internal/pkg/agent/program/supported.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/pkg/agent/program/supported.go b/internal/pkg/agent/program/supported.go index 1e862c8bc8b..52685137b97 100644 --- a/internal/pkg/agent/program/supported.go +++ b/internal/pkg/agent/program/supported.go @@ -27,7 +27,7 @@ func init() { // internal/spec/metricbeat.yml // internal/spec/osquerybeat.yml // internal/spec/packetbeat.yml - unpacked := packer.MustUnpack("eJzcXFt3o7iWfp+f0a9zOVzidDNrnQeDCwyxSRknCPSGJBuwBaZjfMGz5r/PkrgYME65qqv79JqHrEpACGlrX7797U39zy9xmq8+0oD+Y5+t8D+CLPnP/erjuPr4ryKhv/z3LyjRc/i2Cxeuas9cm+IUUhwKL74kbl9jNcKGkGPJLUjiFpNFFuHUyWCib8hkF/qems+81jOeleLLLgQn4cXUxvHs/T2eaeMYAf3gA0IRcA9EG1GU6DEy3O1XzykIeI9n4+54KNlrbLiFL7kHMhG2K0FfvLm2/k6h/k6V6ZtAJq+bL6f5VIgni4xMFhldTdUjTh0KdSWHnlMEwL68xiqaLHahqVmdfZjxydaoYGupJSLDvbyG/P25adhHPKVrYihrZNALmexsLR6HpjYOTYMKEAjPpgH3ELhCOS+7pwrosgsDMDoRz7m0rh8RVTZIGiXIoFxeKFGOeFy/S4xwe/6pGhEjHJq/IOBM8aU1VhuHs6VaQCAeSeKuA8kdVXsI2z/8eqxGvmRTLNtr31MzT8rpatEZm5tTiyKgSNBVPqC3fb6+u/5R+XU2DhtKQQx6gKcfnMPQUwhG1f6EECb0yZNtASduhN524UoW+D5nSzUJwFmAnrUmib4noDknPh+W3D0EtoBk89k06AFPXQG31lTtXVh5Km3JUvLBWYTevLc+getya017YrjF8PusS0/W+dD7y+uKSKaqSMb96+0zFpju/M7m9qSI+sChOJ0/m9NcmSwyOTDcw2us7iEYpcQId9Y0z1CqimRqKy/L8b+bk3Hog9HWNKIICzldLcPtSqreOxX2pkYoMvQLMegGS26EE3tnFafQki0KDXqxihOXtyXlEUzyiN+Tzkco24LvsbFbWwv/+c9f/qPvSQ4kztEqyPuOxHO3gefEEOjCZJFtEFiwQxehQQU/cSMmjBtHAebc8P3Ws7PE3fueLQRgnnPnkS4OKyDuufEyQ4hF3YxPoZnalEzd0yyhe7RsORcAIzS16d3xqUORp+59z6GzxD34wNpDsFBgou+xdOuUvteJIUNJoUQPsBjtoQcpmohbCCwRFua+PHgzd5bm3tSs1BeVE/SsDTOMr0vn14Xrflm6jua86++eQL46wvx5/jY+rZc3z0YEOBkxLOp7i4MvKQeY0HSWiEc4dffQmx8gGEV+cqZwIiY+OF/g0iydX6IzQ058YAuvscpljgulPR9zkBTLDnP6aySN1kh2BabonmTvfDBK2XmTqSXChfAyWWQtR3XHsJnhFKqKjFNHT2oDMqfOCBvuxTQsymRnTklGjDC0pFJ/ZgU+TBY7ZkAZmjoUU6UyaHtNJCoEulJAQOhqOm4MfMgR4OT92dTIqtS3xXEW79Pm3h3HMlnsNuYXfQun89Bi52q4T8wwkUQuMy/f+p4TNftdjvjfWHKF9VL8FRq64LvKhUwt6gPhwG3Fs08+sOl6iUNi/BZCoG8CTS2NW3viMrw6hup9tePhcnp/Ng1mqPNGrtBwLubUkVGhRtBw1jChFPFraoHKIHDE6Zw51yNK3kOYKIVpuBLTu1niRMTQL9BbVA5FOcClmiDZtLV4Hvb3wP/2bEq00809MqUnuDxV8/B511h2Cgj0fJaMIgTcCzb0DVz29lnLz1VOOFE20LMv7Bzqs2E6WOr4OfPlRXk+LKjrSgRTh4OQT+QzQdJIgp7V6BsQhUO9LizmhF1nZ1EHc3a/1Df3iUytyJedEhjoSkYMN78GZfXke87uNa7Obzqvr/Nxr7FayUZsAAIxfuvrVw8U3J2zDwg25pe+/cAjjlW1Zcuhn7hpAJ5CbifaOK113yqeQseDFKdUCFhgZ7rDZBmrQmBw27yCmkLl50MMd2saOtO1HVyqOZIcERnvIddrfqY1KHAKH4wuyNAF6Cpy4Dk7jwUeyX3qgB9md4YuBBPmT+gJdgCKWjA/Y4mj0jdpv+1m8T6zOsFW5XO/xuPtvHlWCDH36yLtBmw1wYmS34IDrjfH17jZT1u+iWl8Ca86r2a4UC/YcDcBgBkEi5DpJQOXRGvkxnXJkmq7cjggtTiQFIlVtORkiFEguWvfswq/D54a4NnYZ0dupR5d31E/+zlArMHYzZyfAzkjp6u3XdjElHFH1jmSIeUA8617tpUP7vrIxXc9y4A0ixcZkp6u56JbFHtuhpP30AfnPQPwKIEZLFQBFewZkTIdxYkiQikMiRFR80sJQE0tOqCC+W87QhoHmxQX28P3ya+MS57MEwnmb1nM5f7mUwA7tSky3A0xlGLAvqu5qxhey2nK8IzbSwQYcOVxdNs6pzI+Gu46ACMBAlIEnjPq3J/aIyw7FC26cY1MydE09C3UlSQA7p5dw1Pr6EvuBUtKgQsOauu4ENa4LAB3YgY4R1h2Ml9UIihx3JRBFi9ur19Qop+wFB3J8H3mty8BUA6zUrYZSjLK/HG5BoftNWGJWI0zZkt1g2T1em4GLJAk3CYLpc13cU/5fMH0HIH3xgZgah0Zluni1MH5Kh/iMnus8VA3qWjpQOtM8z5Wrs+5xl4t/fyAHr2w52FzjvQQJO6GaOoOAn3LZFb7Ia77dUKicXtKAkBEnOjCkFwDw42g4bK1NTIlUkTRZhciwz1A2dm9aM6vXVnUuPMPJSdlQnJNUL4/OcF0dyBDyYl0PhLQT07sPZLd7d3kpAL0DMwRb3wIwDl/JGGox3OgYJwjYrwPgfE+oM99MGJKn5eg7PoeDrT5eM54FNBjQrAET1IOXi1UXdkEhn6A0vszC74EvPeB/gYZighbio5Tnig8P5CRX5UDjLbQC5/bLAgLpjUgLpW++0wNtDy5BUY3bYaF7YM78H1QrjVDqU1Z8uEDKEDPbLEltwCvcmR7pKmT1h4rMLcogYU3vwVCLZ2og/KQ8/ZkloxEa5y4KfSiUzsg3GEbauDSlvnhJcatfdwJBA0jVRm0XjlCXclQApmD+XVdGv2fxlj8RezD9xv3KiXZLk77tu2A0RYbSobSRfguuRviWRmZbm0tsXM44aClvp/jzv2OfVCUOCck0QPRxC30fFvjOggzn9nUxJdfJyF7ZkMMekRUKeWhK/zsm+T3+i5bS85HKCoczNeOHhp6QSR6eI3H8Uw4Z35qRTjdHp068BWKfl2HciEMQC+VPZLwsb2Pl3jErsVcD4xzhlKWlI7jmaSciKbotexngnuAU/XIAMGMy9ehMybrQmntV/h9xtZalHZGeNKpyMwXmtv5s6efFzhRUpzoufmFA4yLp5+bd/Df67n0M8YyA5cu9piNimc8vO5sEzAQLbLrtsBA3GsZiOjKcDeexN5zDcB1kmAmrf14NvVll4Mcswn2egHlK8s3W45jBs4DAK9jNCE0YyFHhpJ2rqW2wANfXPsbVQiASFkAfo3Hl/lYeMGGwpPAP3vNARixs98jzbwCBM3MZ+B6TuU160IMh+LUjNvPz5aiiA1S+MCh/X3jxL0gmbPsl869O+uceRbFkiLixKa4GD0H3ji+JrM0h0ARyWQX2pvxabLITjhx1wSM/lQZVXsXEQNhshMh4xR3793I6pEzluaTcac6wOOBFzUxrOV/B8io6/o+ZamrZKqT8N6C/Nw0rjLpg0lP7o9XLxCcWbxlsfWmKlHFqYa8bM7vhmEXWsTeXWIiQYZLG5A67VRTHk3sLtCzJB7bO0mTOSBDqzM3ZDiqnbjexLRB0FxAD2ZYokcU3o1x5b6mQmZOnsK5pkYoWXRAby3X9XIbfo3HJ5NhLk3d+Z49g96WzXEknsPGKDNtnDYJjWxT37M2gYZZbORYiSXggYYzjkel0YVMrYidNfO7KFEEUwu3K5Zgpk6GwPuBPz8Vwq9vQmhJeoHefMEqyjVa07wgYMR1eZbACAG6X3nVWB5zo4houIzZmvMrTt0Dt93lKPdBdsRpNfaC05fleDj+rmO6GsDWDkt+QYUr65jbuVbarqnv/98T+M6Wzp13S1+4ztoRlOnisjvPJ6pys5eEx9EqearJi1GTPA7tq8L/3Uosy12m82NH3t9B3rdyAO7PVnpD5laVqF0bi2Yocejq6g8GsP9fRupaJWHe4PUMJThEiUs5oWH8FgaGfsKGe+BFhUQp4FKNULoNkezsoGe28gMrQqmdINnKfU40jS6z8h1vELyHwdQR8HT+PCuUNPCcHQHmwZeUfCY1hapjY+eFWBEXSoZlm8WEoz0x5dnPIIZKOdTXbmLObKlGRJ7nVV4j+56zCVpEgu+Ry8ybt4nCaJW6BVyKlCTMH0Si3/Kz1TwJklkcskat55i/EnxAD63cLDcN5+hL+fXcmK9m9pMuSv1c3F7HsrMNQJsQrYoSsrPB49vxBDin1jpK8q6Kza3rqS+Pczx1Yyy7LVyk7sjUOXlSJ6527gWpzeND/d4gYbhnFCGjHW/KvKX1LMO0rfscX2+RZH905cOvFxA4GRaVCzIUmfma3jxHLNPL7XXC99q+RoAYQ8/63Qf2R+t6jj2nva8D9JyEvat17Ti/+GJVCOgQwLBF+s+WKsOWWVseA2sTfHncmsPdts+N4cBV+2+JHqrnua9AQL/m000nRJ9Yu8UXvqScVq4SIeM83LVRE+TTygd58869W98zOqLrPkrSz4s20FNZbogYbqzmKTtVaj5H43Gg5d+si0mF1pl/0lnCsJDnUPS265Kt3QIH7zJpilXdezedJixvgJwbqnxejeOmFq3ide0/6mJI39d0ulra7/2xgph9UwBr9tzfU0mgdrgQps++N77JF/r4tstllXqJE/2AJc6/dYsZtZ51/GmlF4DHjOKmq4bZbpW78N9P/fuV33pkjMxyEHrgxcGOffXHORs82YXEsE/9rpq2P3yNVRFOu7praqUvgYayCSSXxZS+P+qMwwnzBfYaM58vnY+Q6Ry/Nh8eX/kBtoeVZ3f93wOFJOLZtOEu/7piUr9Yz4uEWFYjX3r/vkLYvaL4+OfkhjeFtqH8sOZ5/5zCCI83NTfe2dNmIOdMO7bXefaTnKxfyGhjzaaQcc25h3O25l3a6O/RIbWmq1U+3G3plLlr+H7trKxqEWVn2GBXZWHmM1AWL2dAPELjPfYW/L4QABiV8ev2+Yf4/YZvvq+v3+IWhvHpvcJlqR88z9bEDgfw09ZhNLnTI2sRcOrSVt3ibvG38iFVfr+4rrnG7pwXdI53uXiGI+pzSqtzikf1fIdbrkAlrb3VcfVnv/+EJIaBtryY67UaMPqxdrYZH7Ch7ANgjzp1nqpWAw038T13T6Z3ziy97b6suJxD3aE7S6Ijlhd39GVU68uBd6Pe6a5s7Y3Jg3L8risnJFvCN9+f2hc0/oYMGtttZNDBKHd5sgGccl3HbR1n8AwH7lfF41Z3bf++EAaGcqn8eOmL27j7E1z1E7qQRSy5677vfyRmfxJvf3Qtj8T/Pzpn0wD4o3vtYe4frPP1u8nHdcdx73xvYvNtzffBhoDSlpxe7D1TlBAh0FjsrXCG3OVXA0O/LCV3xOao17Feslhb8yv2BQK98KUwfVkILzfxNloFH0MdyUvDjXDaL/pHzLnediQXDal3gZ4jYgYmDGGwcN8iAOuxAgTiiXe7DROZLeJPjFDCjFXkHTSt+Xkg6o5lSQfJUIIPiCcFJwUabkwAHgAAFvWZg5K6+8OJeyGGXhBdYcliTU6vfSmKUELoa1wHwKxj6PcKH8NB+n4X7n1wYLF3r7BMD8SIKAdhxW+Hl9NDrf7/SqDQa90vHS/v1E1+q0nTv+hzgpyuPD4X/Vt/MpCs8o8YD1joG3AFnNBNY43lx0f1hzy15UY4Ia2Peh631Dvjv2WtPar+mxbbG3/far/9wZOou7plLYRHSggiJVMr86Wf9g1AX+6Ptxo9UDL9rI2Il0LfdiGq9OFKNzXpYE0jrdtU2TWVfbSFqClZNB+L1VTkTc/w5+nxEL31bUpT7tORN/CqoQx9cN57snP0pHOG5cXzQL/yDbV2RxYHJCldCslwn3zJPZEJi3xWM0+pV3Rb/tt4x7KtrdMPapFOOUBWR3fXWvcxd79F+ANUbVMmiiGAR5w0FAhd8b5z5pXZOpw1pxrb1EsP5t5QkM1ab86p/7HfcDlevNfrPljC4W1iXvz0MZMqW5bn2we+R/lX0Es/gYZ1P0EJn9Oy/Lsd/Wn3VRz/VvqKp8NLsT02/qLo9caz90x2odWda4AGL3/q/t6BbxD4uSOgbEm3/JL7IKeepBc40fs94vW3H42PGe7dr8/cplf6/TH6sdm31Gtx+Gbf+g3i+RG686dRpY+kRj+buu1Tz704c6/dsvLL25ue8L4NdM5WeqyvHLVxUENjdn1PrYM3PuDbdGwvrl/LgA2VFA8hyh+iYzvv+tv0he/2vx9WH8UQBJXtMwFusep1sKCb600Xy+Od4T/QFf49HeGtsXskkTQAo3SWnClJ3P1X4FA/dVOz/N794Y6Q4aRSuWDPpTilDST3Zd4psa7Uf111WVedJPX4LVd9nyWlUr5uuhonVfj0IuqLCmfwbyCTZh2xrIvQs0alWTQQrkwHOp2bkOKEJqvlYFffeT5+8DPV7/z08vEu988qtXrCIMQNFDaU9GeF+293GnbP68Fq0sMde30X2XE9d9ikn9RpV3ZbFLhKBcmHD+CHv3ysC6/bVacXvhQppvZFMTV8eZ346WSxu3U1WYC3qyE66t3QN4HkCr1k9+QD+wNeP5xvkl2rEPUy/f68T46P6Y/9vEcuZRKbvZf/fqM/rjv2bm8cudubhnv7/kOU1F/4P0PU6x7iRO9ZRYeaan/jMvzRV20NvYA//htbya4MsP/7b/8XAAD//4D+hrs=") + unpacked := packer.MustUnpack("eJzce1mTo0h39v33M+b2s/2ylGoaR7wXgmo2qagRapGQd2SmCiQlSFMCSeDwf3dksggQqqVnPB77oiK6U5DLybM85zmH//hlk2brtzSk/zge1vgf4SH51+P67bR++7ciob/8+y8o0TP4Yx8tPNWZew7FKaQ4OmwRWDxahn5GS7GEvi1B35oFvi2EAMaBPPpbist9BM77yNKszF1aR0uzswBMYih5GQQTYZ54eQDsIwQLhZi2CJfWUdtMI2sj6tbmHFkJ2fqySnHiUJQuFNvM1NV38Yfr2cD17FdXUMxFub88P6mKFR2IlngP2FAKYng7XxIpMe1DID8/WvpxZmnTTeCr2dyvz7SxjhoVZjj1jtB/fmTrzpfqFsnqxJfdky9dDlhe8HFLm0aWQQUIhEfLgEcIPKEdN93Ty0Y9oFQVifk842PaNELS5DWQlBwml0Mln8kJyVP2e2YZYoyf9u2z2NCF8GkfweRCob+4jnf21ozNl2oBgXgiifcaSt7kJdq3v1V/6hv0d+w+toHklVhUYmxQ/uxPzWPatJIpzeG5+4wQ4cTLkAypL2V0/eN6nuaPz7tR2X3nZLrn78CEPviyI+DEi9GPfbSWhVom8IBMl2KqSAG4iL1zmw5FhrclhlKMybpeR1j7Kr2+A2NkehSXvX1lXE8X7V6OxPCK69nVEoILDWT3hNMbud+sW82niMRUxep8V9l07jKzDJqHibclurKHQN9B3y5fNuqvr4uDHBpe/rJRjxBMUmJEe9vM6nUcZbac/n/raRoFYLKzjDjGQkbXy2i3luo1TeFoaYQiQy+JQbdY8mKcOHu7OEe2bFNo0NIuzmwPaSjpSSh9T+faNEWGkmLZjbEUpbPF/p+//MvQK+Rkk6F1mA2dgu/tQt/dQKALWuJk8GkfBb0xvYAdg5uD582cG971mXniHQPfEULwnAWAMMPO10A8Wptz9c5qxd/BkicQf5qH4JJ1HQVM9COWVpv5tOdYSui7ItYmAgTiGRm6AJcTihJ9gwxv9xtgyuDQ4RoI6DnfA/ByonWe992CgJs1jkgiaQgm6Ty5UJJ4x9+AS4PUS4fzQsl5xYZXBEzxn4TdWtA99ztdLXae6umK+UMgTy/b7+dnUxiuERPgHohh08Bf5JUDoek8EU/Q5M4gh2ASB0y5nsQkAJcSLq2ZvzjEOHUPMNG3hN1J4sXEfD717ia1Kb/01H1lzgnJnoBNT/AlZx+AScrulzvhxb7jFMcNVts8RwtwOVrfdREaVODrabWBaJUh4kLdQEAOaKPKoe/uLY1UZ9O+pfNoP2LwziuRqBDqSgEBoWtzWhtg44jcCTZWlfGZNn3ZTFM/qdafFw9vdu2csOQdIXAEJFuPzPDYGfF5P7MKVYWGW1oaOaDEpeunfcQNoRB/hYYuBJ5SEtOmARBy/n/focQUsrXkxsTQX7HsFhDo2TyZxAh4JTb0LfSFlAUAy/DiQIqiEEzOxF/kTG4hmPzO9uFLNIeG99A4GWLSM5M1X7u7L9OVUaHG0HBfYUIp4mNqgSSHYtlhDok5oRNKVhFMlMIyPKkKonx/JfQXtaNQcrhUEyRbbO5d4Ltxe3/LCf8/s625dvMbv7e5psYoWURDmXAf4DvnADi0ur/WqdXPiK/YtE886EhK61RvAyHNseQVRFdimLoU35fLE5ImEvRtoblHIAp5cw9YzAgbJ8a3Wu5uyX7nOuvHAma2oCvH0Od3wPxC2eypCbjNe7WeHYjhZS8btTlPMy6gsvMsP3sngJtqTIyoq2tjwXtrfa9+r/TYKy0DnvBGVTv2zuw2DcFDxO1Am6aV/S5OdvEQuT6kOKVCyAIx0xMmu40qhIbO5FO265hcPgIEiyjwnyNixNQyav+xVPMAiOz+mqDG5JRj6RITw7tjf32Qwu9p0Ql2N7YY5bNil3bf5fM+7SP76fusAx74XnrAw4AFkoS+rWvXO0BA2RFwoR2ZJpbxPWrtVVMPuFBLbHjbEMADl4Gk5CTxCuaXallxnbGlxm5cFoyRzQGeSOziod0jAvob9JQYp3bcBzitrrT21Duv8e3RMq7z179lTFYIKBL0FO7Tuu/UIGY432feaePWV9dpbX+x/xgUGhzkcXmyew6Bkrf3oNsU+94BJ6soYHHBcE4ogQdYqAIq1C2SRGqZ7h4nigilqNLJ73rK/JelxTkq1COSnBhpahKCC8XFLv/CWaq4oisF0w1fggdkeLWd3gOVHaC3vfEDNYCubaaWDUn0IwFe2ZEJA5Nc5+G0O8bXfw0BwyKkCH23A7yFCMu0ZLqjRfut9V3fQfM5IiY5WYa+g7qShMA7srGuL8UFB5qNX48a3BSCUZ/fAkJfqmQ8T+huro2Mp04e+GoZGoow/jvzOc4BSQ+DmFb9zmNb8u3RMjOlkrdzwmZzR2qCEyW7AexVwtTFOTM299AfwNQ+MbzRx459H1vZWYuNZjVe6YH6Kx6w27ubL/vrt/ZeY6JW95jO+/xdWt1XHfM0tQXyjT+p/GwNzDWm85MkBETEic5tZRAzB4nAfkakmKIti39eDmV3P9PcX/tnb875hxIDngzghM37zJOBLyUGmO5zMpYYSJcTAYPEoDc2SAz+ViD/QD4PjgdAu3vG6MAdUJ1xckewbsGRUBnJps4kkwNzPsxJ7KAfdTJdHvgeLeNygjJT6P7zDfjx5Q4w3O7fYR3GwZZVg3SWeSKJMGfJgSgyzr27bEDNFbTYFEo0t0xyIEYU2ZJzRLK3qxIAnNf7ZU5cgL792jhNX2bPx6848VLox+dOxn0L7pnRJqtHSyPrrnznm336ESMwlFflKLmcEwYgquSlu0drlGW4ZQ36jufGYUR/SSYf2VIWwySLq38zHXEY8NnbxW52Y6zrlBz2m3Roqy6Y7LChHFC6iFaStyW+fSDmbhZI4q4CE+4ZSTQnmlhC4Ig4ocJ6oPfwOkcGDU/SUs6qHQJp9Wg9BfLLUzQLgMMdHwsS3JbkSodeuCP0cmiqJxYkteRygqJyDnx3X8mdgRNbDsHDo6VZpx8G3eBEL9ZLRW/kMxeu78+5DFw6Z/IolM7+hd/nbO7CYnMeQzARWdJnbZQTNhcnF1xiLLuHoFD06ztKSbhfUY5IwqfuOWebCRvbMH0hPKlTZFzuI2v3/OjrlwVOlBQnemZ9rwCIr1/a/fJ/N2voF8x8DTE87DM7Fy94dJ3E2UPgvHH5yW6MjPNjndzQQFQ4UBomNFbSkYvv0ED2OACx6udqVrYNeBYL8AlN1kvrOrYRMhYIrDZYTjdYdlmwKpoxYtAMAkVkuvBcTmfYUEqis/07AgOA9R0/QOCwZPYIfwySJc0e17NmH0YVL9pArNnt3N19zZdieyf1cyUxXIpTqzNmZXPfO0PZjqGxGozbFEuKiBOH4qIjgzty7D8/eQz96aZJEkMgUuYPXjZT6flpOsOmTX3Zy0MwYTp1RE/72Xyp0rXhbSuQumqAEtf9l81009UDfLXNZo0YJ6QPQDVbREmrH5su0Bze47h8Rvb9IflzBVm+PGBZ32Nq6wSim0AOQTWTT6sXUy6vm1hyC+ysm+R7PDFSh8xyxpJlAlb8TAjo56E99Rh50xaR0dvrh8kSj72JV/SSke2trLo22a8CCIPk5JZx5vvw4QFL9ISicSBZzekO4tCFooQIocbiUC0/WThYTw/Rc00ChYZeLiVvwuZoYt3rksWehsR1Sgj0IpCiEQB5YCCY4Z+Y2RHzlShRBIutJ9siSt0DAqs88O1taArRbz+EyJb0Av0IBLuo1rfNrCBgwnV0nsAYAXpc+/WzPC7GDHdU59HcX3Hq5dw3LSdZAA4nnNbPljidLae3MfJ1Q9cjeNZlPgtUyUEdF7m/5ThneqjscKOiXrUqdSgxvfM8oUf0CVzaYF+WDGLjEhNjNUbuDipiYowSlnyJPAHsPC/g1LvFvoaSMrwGi8kR+pCiJ3EHgS3C4sNKm7FcXfRPENZXuWiTOunBeUPU4GJEDrxSpxfEoAnDCC8bleM7XChdGRfQZ3HdFnyJYYha53VlGxp6DhnOqG33I391H2/fYOC/gtS0a5K88WsHlOAIJR7lRIDxjdncGRtezrF2ohRwqcYo3UVIdvfQtxqSmeUjMUqdBMl2FvjugdnanCWpukPhUt0T0z3jcn+aSxx7i8GG3Y9wglfc0+LNOagTfomWWPYoLr4Jz1uc/zf7+pjIz1mN8eXAd7fhtP8bLp9bPxj4BxEnq4zrceruCbjG63qOBMksbtuTq690Tih1mf9p72S+VHdIct6gf32/mnNx4ljlSoZRkng1JnQPKLoZF4KqotubgwD3fF2/woJ1Dnh9VnLOc18Vg9QRg+u8/M58qYON23ligZjq71hSrsSYcTgR384DcNl1CAueH1z/fzk1Vdv5Uq0wraFsQ8kres8USgGBe8CiUiJDkZm+Dn4v177D3r+SJcy39OV1JEDcQN/+PQDO2/V98ULMDsmSeAJMLidy3dfpuQzEmuzuEsS70L/eP8OgIXiYdYm03j5Nd4uv+iNC83o3BEwO6+tvcgg4xr4b9weEYDevr/VNOa89JUbG5ZUYyisyaEme9jeEdVus6OaNBvNnnCA9hpX/y5GknLvEJvTjLfRV9huy0tqf+VUxtfX5Gve/Z5woW+g7JZLt0qLCcI8CEqsiSB+f1N0M/QLTz+6fYXOKU/c1SLykJssq4raKp7MeuW+MkXgN/mjPOvuZQs5wv6HvUhYHhuO9Nc8cZ2aBPx3g8SFxeYP/OsWT1eeKJYYYY1OlXc6mGr+cYJ0TdG32qg8d/1THk+56ljbwVdv9wF6adeqioexuMduf4ZzvzMPs59EyvR2e9vfC1p5L7imQMnaOaOBPmnm4r6ls2HnFzD+z/JzpVM+uO+e/+phHy3Qm7J2O7/oQaxPfoS1OmH7+vUGhs+t/7nS3NAWCdwrDXyio3C0+/8X5z59I7ndwXPcM1m3xJe3spYqVFZd6P9d5gz4tGeaAi30f2xleDA2P5VJVnpqSPQQPj/0857pGW0z4gzlPS6bzPZK3AMC3YImPlkY4riSGXoYaPmjRP28J9Ve6XmfjHXhulQdGqyaHrHn1Oj/M2tzyyq1v5kux6rbSxAxJLmXxoN+lV3WvtV1wn+Gso3631A0O/EAX73G8IwW1bv6bdXLnP2d9o60vfLiHphHm3QJkbb9XDrjaZ7MXZj8sztzhlyNQqAkyPEq0SdM1mTdzXZukWl2L/DaOtPHpRHyX5QINp93YFS8+olH58IITavUgbbohJ2cksVxmx4uKI2s1dp4/a+2zV769jv/Q8JLA947EHO/eu+XVb/axR7IjDDrvbuTEOxLHO+7yRm+YfTN9QYl+9GX1hNPFR2uXWDrfdGU22GK+neZDnexix46sqv22+xvix46/6/JBnb+xomX/T2iKwDfv1vnCCcutXnSwzf2Glbv7fKcA/1H8/TiWTrvxarQp4Q/NsZzwojKW1TiQVj91rnfi88/s79pcFP1UF+pAt6ZjHGHz7NA/fDVWcvt4Xe6i3zbTs2XoOdT+7PrWSN0qXodvY92nS8OLcdovMoe9sU4g/GyB+ScIua+0s3+qe/QmSNs0YA5Hiikb/3lCrC50+nELUutug/GAKiq8U9OXbQol76Hboj7eYm3Tl426xjJztDHlF1t8y2fnEUUedNm8B2zf787pGGZzN1dHe9s63iRqqUc/Uxy+55jvO+SPja/vmDsdJaNG9zcApck6e9vgEQv8ATwBJ3Rba2T9UUj9oYVU0+XjH340rRsHZAgf09wNlZ66FPnqkZd3P24P+eLHJSzlJgeU4BzxtPisQMPbEICH86aBqJyhb2/ZvL8t3V9/rLzVakefPkGPZ9B3ixA4dcrR9MVNGDzndMLYubS7HqEva5x47CYLoisnRJVa49zXQIpjlBBmnZXmpy11cact5RP9yvXd13TJ51pS3qOKABRaCrZte2k/2nm3J2xAz/X6cztUzwe0jjPs8/1b0XwhWPzvovsM74GYdsx0gstJV3iP7LVcMICdHaqvv8fB+OADq9GSxL3INVKG4K1F+kM+K5TGNkt7+v63A//TZeiP6Oi6FMT95P1Wq84d3PZXF8zG/U30j9XThUf53zYPb7PlrYyqeXj716OluV1EcEv5aj2qqI8ehv2bV8osC0BGfUkvcKJPRvW49RMDGF7pSrvnL/Zed95bfIEGHNIKX6cOf7pvu/M9xx+YYyRF+sQZTK+EntJJMf5UCrEXN98vJ/RiYj4WG9py9PkrdGQ/1jZyebdHuCeDmAbApWzO6vyjLYIDfPA36PHdH3/P12/FGPyTnQsBXrHud0acsKyL0Lcnw+6IL3RGfB36faXD91MdEfbPdwHXn9uhoXze7YBUSux7FKe72c91+jXv06pT97MdfqZ7QMA7EX/xaD19P3e7lu8ki92uiObTuQFsa7qVO+rfuBdP6UCW1uQYXOXdIsigXIYh4Owecx0JC+33OzT+wCcdvU8IhywyM+36/gaVhfEu4k9/ajD4bvgv7xr+4Pvf2y6tftcVSypjxdK+K5aGy5enIB1NGg8h3q3HaJuVoW9DyRN6SaPJgk1Gmw8w2qSxwJlbpakfJIzsmZtn3/0ugEulEPWqd/r9Pqr+s3cTxfTeh7e4f+afp27+IEXSrz/fpUfOAXDe4AhP+H+sf/6jL+Fnv/zn//uvAAAA//8jBKIe") SupportedMap = make(map[string]Spec) for f, v := range unpacked { From 8096e0e36dd247a8198c3817f00073ea18a341c4 Mon Sep 17 00:00:00 2001 From: Michal Pristas Date: Tue, 18 Oct 2022 11:46:49 +0200 Subject: [PATCH 3/6] deep check --- internal/pkg/agent/control/server/listener_windows.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/internal/pkg/agent/control/server/listener_windows.go b/internal/pkg/agent/control/server/listener_windows.go index 0e179c619c2..2eb2845f277 100644 --- a/internal/pkg/agent/control/server/listener_windows.go +++ b/internal/pkg/agent/control/server/listener_windows.go @@ -65,17 +65,24 @@ func isWindowsAdmin(u *user.User) (bool, error) { return true, nil } + if equalsSystemGroup(u.Uid) || equalsSystemGroup(u.Gid) { + return true, nil + } + groups, err := u.GroupIds() if err != nil { return false, errors.Wrap(err, "failed to get current user groups") } for _, groupSid := range groups { - if strings.EqualFold(groupSid, NTAUTHORITY_SYSTEM) || - strings.EqualFold(groupSid, ADMINISTRATORS_GROUP) { + if equalsSystemGroup(groupSid) { return true, nil } } return false, nil } + +func equalsSystemGroup(s string) bool { + return strings.EqualFold(s, NTAUTHORITY_SYSTEM) || strings.EqualFold(s, ADMINISTRATORS_GROUP) +} From f38b3d357105a46522a55a802fc498cdcf7961b9 Mon Sep 17 00:00:00 2001 From: Michal Pristas Date: Tue, 18 Oct 2022 11:57:48 +0200 Subject: [PATCH 4/6] log failure instead of failing --- internal/pkg/agent/control/server/listener_windows.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/internal/pkg/agent/control/server/listener_windows.go b/internal/pkg/agent/control/server/listener_windows.go index 2eb2845f277..73fd3b97d95 100644 --- a/internal/pkg/agent/control/server/listener_windows.go +++ b/internal/pkg/agent/control/server/listener_windows.go @@ -25,8 +25,8 @@ const ( ) // createListener creates a named pipe listener on Windows -func createListener(_ *logger.Logger) (net.Listener, error) { - sd, err := securityDescriptor() +func createListener(log *logger.Logger) (net.Listener, error) { + sd, err := securityDescriptor(log) if err != nil { return nil, err } @@ -37,7 +37,7 @@ func cleanupListener(_ *logger.Logger) { // nothing to do on windows } -func securityDescriptor() (string, error) { +func securityDescriptor(log *logger.Logger) (string, error) { u, err := user.Current() if err != nil { return "", errors.Wrap(err, "failed to get current user") @@ -50,7 +50,8 @@ func securityDescriptor() (string, error) { descriptor := "D:P(A;;GA;;;" + u.Uid + ")" if isAdmin, err := isWindowsAdmin(u); err != nil { - return "", err + // do not fail, agent would end up in a loop, continue with limited permissions + log.Warnf("failed to detect admin: %w", err) } else if isAdmin { // running as SYSTEM, include Administrators group so Administrators can talk over // the named pipe to the running Elastic Agent system process From 8927ab632e882f067c9fb7ba2aeff61ce0f0a8c7 Mon Sep 17 00:00:00 2001 From: Michal Pristas Date: Tue, 18 Oct 2022 12:26:23 +0200 Subject: [PATCH 5/6] changelog --- ...permission-check-on-localized-windows.yaml | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 changelog/fragments/1666088774-Fix-admin-permission-check-on-localized-windows.yaml diff --git a/changelog/fragments/1666088774-Fix-admin-permission-check-on-localized-windows.yaml b/changelog/fragments/1666088774-Fix-admin-permission-check-on-localized-windows.yaml new file mode 100644 index 00000000000..c2b904db49d --- /dev/null +++ b/changelog/fragments/1666088774-Fix-admin-permission-check-on-localized-windows.yaml @@ -0,0 +1,31 @@ +# Kind can be one of: +# - breaking-change: a change to previously-documented behavior +# - deprecation: functionality that is being removed in a later release +# - bug-fix: fixes a problem in a previous version +# - enhancement: extends functionality but does not break or fix existing behavior +# - feature: new functionality +# - known-issue: problems that we are aware of in a given version +# - security: impacts on the security of a product or a user’s deployment. +# - upgrade: important information for someone upgrading from a prior version +# - other: does not fit into any of the other categories +kind: feature + +# Change summary; a 80ish characters long description of the change. +summary: Fix admin permission check on localized windows + +# Long description; in case the summary is not enough to describe the change +# this field accommodate a description without length limits. +#description: + +# Affected component; a word indicating the component this changeset affects. +component: + +# PR number; optional; the PR number that added the changeset. +# If not present is automatically filled by the tooling finding the PR where this changelog fragment has been added. +# NOTE: the tooling supports backports, so it's able to fill the original PR number instead of the backport PR number. +# Please provide it if you are adding a fragment for a different PR. +#pr: 1234 + +# Issue number; optional; the GitHub issue related to this changeset (either closes or is part of). +# If not present is automatically filled by the tooling with the issue linked to the PR number. +#issue: 1234 From b076f5f686d24433ccd7179df191e5224be5f04d Mon Sep 17 00:00:00 2001 From: Michal Pristas Date: Tue, 18 Oct 2022 12:46:08 +0200 Subject: [PATCH 6/6] Update 1666088774-Fix-admin-permission-check-on-localized-windows.yaml --- ...774-Fix-admin-permission-check-on-localized-windows.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/changelog/fragments/1666088774-Fix-admin-permission-check-on-localized-windows.yaml b/changelog/fragments/1666088774-Fix-admin-permission-check-on-localized-windows.yaml index c2b904db49d..93d5999f1b0 100644 --- a/changelog/fragments/1666088774-Fix-admin-permission-check-on-localized-windows.yaml +++ b/changelog/fragments/1666088774-Fix-admin-permission-check-on-localized-windows.yaml @@ -8,7 +8,7 @@ # - security: impacts on the security of a product or a user’s deployment. # - upgrade: important information for someone upgrading from a prior version # - other: does not fit into any of the other categories -kind: feature +kind: bug-fix # Change summary; a 80ish characters long description of the change. summary: Fix admin permission check on localized windows @@ -24,8 +24,8 @@ component: # If not present is automatically filled by the tooling finding the PR where this changelog fragment has been added. # NOTE: the tooling supports backports, so it's able to fill the original PR number instead of the backport PR number. # Please provide it if you are adding a fragment for a different PR. -#pr: 1234 +pr: 1552 # Issue number; optional; the GitHub issue related to this changeset (either closes or is part of). # If not present is automatically filled by the tooling with the issue linked to the PR number. -#issue: 1234 +issue: 857