Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mark appropriate linux integrations as requiring root. #8647

Closed
Tracked by #8642
norrietaylor opened this issue Dec 4, 2023 · 7 comments · Fixed by #8917
Closed
Tracked by #8642

Mark appropriate linux integrations as requiring root. #8647

norrietaylor opened this issue Dec 4, 2023 · 7 comments · Fixed by #8917

Comments

@norrietaylor
Copy link
Member

norrietaylor commented Dec 4, 2023
edited

Linux packages that require root to execute should be marked accordingly. An example can be found here

This includes:

  • system_audit (auditbeat)
  • fim (auditbeat)
  • auditd_manager (auditbeat)
  • network_traffic (packetbeat)
  • and maybe cloud_defend (I am not sure if we need root once the appropriate capabilities are exposed)
@norrietaylor norrietaylor mentioned this issue Dec 4, 2023
Open
@norrietaylor norrietaylor changed the title Mark auditbeat and cloud_defend integrations as requiring root. Mark appropriate linux integrations as requiring root. Dec 4, 2023
@epixa
Copy link

epixa commented Dec 5, 2023

@norrietaylor Does osquery need root?

@norrietaylor
Copy link
Member Author

@norrietaylor Does osquery need root?

Good question. I would assume it does. @aleksmaus Can you give a more definitive answer?

@aleksmaus
Copy link
Member

@norrietaylor Does osquery need root?

Good question. I would assume it does. @aleksmaus Can you give a more definitive answer?

Yes, it needs root.
You could run it as non-root but some functionality will not available.

pkoutsovasilis added a commit that referenced this issue Jan 17, 2024
@pkoutsovasilis
feat [#8647]: mark linux integrations requiring root
6dcb006
pkoutsovasilis added a commit that referenced this issue Jan 17, 2024
@pkoutsovasilis
feat [#8647]: mark linux integrations requiring root
f3876d2
@pkoutsovasilis pkoutsovasilis mentioned this issue Jan 17, 2024
Merged
pkoutsovasilis added a commit that referenced this issue Jan 24, 2024
@pkoutsovasilis
doc [#8647]: update changelog of auditd_manager, fim, network_traffic…
87571e2 
…, and system_audit
pkoutsovasilis added a commit that referenced this issue Jan 24, 2024
@pkoutsovasilis
fix [#8647]: remove redundant non-root mark of cloud-defend package
d140644
pkoutsovasilis added a commit that referenced this issue Jan 25, 2024
@pkoutsovasilis
fix [#8647]: properly introduce root marking with bumping the version…
c110ae1 
… of the package
pkoutsovasilis added a commit that referenced this issue Mar 26, 2024
@pkoutsovasilis
feat [#8647]: mark linux integrations requiring root
435f240
pkoutsovasilis added a commit that referenced this issue Mar 26, 2024
@pkoutsovasilis
feat [#8647]: mark linux integrations requiring root (#8917)
16b2650
@elasticmachine
Copy link

Package auditd_manager - 1.16.3 containing this change is available at https://epr.elastic.co/search?package=auditd_manager

@elasticmachine
Copy link

Package fim - 1.14.2 containing this change is available at https://epr.elastic.co/search?package=fim

@elasticmachine
Copy link

Package network_traffic - 1.30.1 containing this change is available at https://epr.elastic.co/search?package=network_traffic

@elasticmachine
Copy link

Package system_audit - 1.10.2 containing this change is available at https://epr.elastic.co/search?package=system_audit

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat [#8647]: mark linux integrations requiring root elastic/integrations
4 participants
@epixa @aleksmaus @elasticmachine @norrietaylor