-
Notifications
You must be signed in to change notification settings - Fork 8.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
* [Osquery] Fix multiple minor issues (#122023) (cherry picked from commit 4ee667b) # Conflicts: # x-pack/plugins/osquery/public/action_results/services/agent_status.tsx * fix * fix * fix Co-authored-by: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
- Loading branch information
1 parent
ed2437f
commit 155e067
Showing
45 changed files
with
796 additions
and
488 deletions.
There are no files selected for viewing
124 changes: 124 additions & 0 deletions
124
x-pack/plugins/osquery/cypress/fixtures/saved_objects/hardware_monitoring.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,124 @@ | ||
{ | ||
"queries": { | ||
"acpi_tables": { | ||
"query": "select * from acpi_tables;", | ||
"interval": 86400, | ||
"platform": "posix", | ||
"version": "1.3.0", | ||
"description": "General reporting and heuristics monitoring." | ||
}, | ||
"cpuid": { | ||
"query": "select feature, value, output_register, output_bit, input_eax from cpuid;", | ||
"interval": 86400, | ||
"version": "1.0.4", | ||
"description": "General reporting and heuristics monitoring." | ||
}, | ||
"smbios_tables": { | ||
"query": "select * from smbios_tables;", | ||
"interval": 86400, | ||
"platform": "posix", | ||
"version": "1.3.0", | ||
"description": "General reporting and heuristics monitoring." | ||
}, | ||
"nvram": { | ||
"query": "select * from nvram where name not in ('backlight-level', 'SystemAudioVolumeDB', 'SystemAudioVolume');", | ||
"interval": 7200, | ||
"platform": "darwin", | ||
"version": "1.0.2", | ||
"description": "Report on crashes, alternate boots, and boot arguments." | ||
}, | ||
"kernel_info": { | ||
"query": "select * from kernel_info join hash using (path);", | ||
"interval": 7200, | ||
"version": "1.4.0", | ||
"description": "Report the booted kernel, potential arguments, and the device." | ||
}, | ||
"pci_devices": { | ||
"query": "select * from pci_devices;", | ||
"interval": 7200, | ||
"platform": "posix", | ||
"version": "1.0.4", | ||
"description": "Report an inventory of PCI devices. Attaches and detaches will show up in hardware_events." | ||
}, | ||
"fan_speeds": { | ||
"query": "select * from fan_speed_sensors;", | ||
"interval": 7200, | ||
"platform": "darwin", | ||
"version": "1.7.1", | ||
"description": "Report current fan speeds in the target OSX system." | ||
}, | ||
"temperatures": { | ||
"query": "select * from temperature_sensors;", | ||
"interval": 7200, | ||
"platform": "darwin", | ||
"version": "1.7.1", | ||
"description": "Report current machine temperatures in the target OSX system." | ||
}, | ||
"usb_devices": { | ||
"query": "select * from usb_devices;", | ||
"interval": 7200, | ||
"platform": "posix", | ||
"version": "1.2.0", | ||
"description": "Report an inventory of USB devices. Attaches and detaches will show up in hardware_events." | ||
}, | ||
"hardware_events": { | ||
"query" : "select * from hardware_events where path <> '' or model <> '';", | ||
"interval" : 7200, | ||
"platform": "posix", | ||
"removed": false, | ||
"version" : "1.4.5", | ||
"description" : "Retrieves all the hardware related events in the target OSX system.", | ||
"value" : "Determine if a third party device was attached to the system." | ||
}, | ||
"darwin_kernel_system_controls": { | ||
"query": "select * from system_controls where subsystem = 'kern' and (name like '%boot%' or name like '%secure%' or name like '%single%');", | ||
"interval": 7200, | ||
"platform": "darwin", | ||
"version": "1.4.3", | ||
"description": "Double check the information reported in kernel_info and report the kernel signature." | ||
}, | ||
"iokit_devicetree": { | ||
"query": "select * from iokit_devicetree;", | ||
"interval": 86400, | ||
"platform": "darwin", | ||
"version": "1.3.0", | ||
"description": "General inventory of IOKit's devices on OS X." | ||
}, | ||
"efi_file_hashes": { | ||
"query": "select file.path, uid, gid, mode, 0 as atime, mtime, ctime, md5, sha1, sha256 from (select * from file where path like '/System/Library/CoreServices/%.efi' union select * from file where path like '/System/Library/LaunchDaemons/com.apple%efi%') file join hash using (path);", | ||
"interval": 7200, | ||
"removed": false, | ||
"version": "1.6.1", | ||
"platform": "darwin", | ||
"description": "Hash files related to EFI platform updates and EFI bootloaders on primary boot partition. This does not hash bootloaders on the EFI/boot partition." | ||
}, | ||
"kernel_extensions": { | ||
"query" : "select * from kernel_extensions;", | ||
"interval" : "7200", | ||
"platform" : "darwin", | ||
"version" : "1.4.5", | ||
"description" : "Retrieves all the information about the current kernel extensions for the target OSX system." | ||
}, | ||
"kernel_modules": { | ||
"query" : "select * from kernel_modules;", | ||
"interval" : "7200", | ||
"platform" : "linux", | ||
"version" : "1.4.5", | ||
"description" : "Retrieves all the information for the current kernel modules in the target Linux system." | ||
}, | ||
"windows_drivers": { | ||
"query" : "select * from drivers;", | ||
"interval" : "7200", | ||
"platform" : "windows", | ||
"version" : "2.2.0", | ||
"description" : "Retrieves all the information for the current windows drivers in the target Windows system." | ||
}, | ||
"device_nodes": { | ||
"query": "select file.path, uid, gid, mode, 0 as atime, mtime, ctime, block_size, type from file where directory = '/dev/';", | ||
"interval": "7200", | ||
"platform": "posix", | ||
"version": "1.6.0", | ||
"description": "Inventory all 'device' nodes in /dev/." | ||
} | ||
} | ||
} |
1 change: 1 addition & 0 deletions
1
x-pack/plugins/osquery/cypress/fixtures/saved_objects/hardware_monitoring.ndjson
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{"attributes":{"created_at":"2021-12-29T09:23:21.137Z","created_by":"elastic","enabled":true,"name":"hardware-monitoring","queries":[{"id":"acpi_tables","interval":86400,"platform":"darwin,linux","query":"select * from acpi_tables;","version":"1.3.0"},{"id":"cpuid","interval":86400,"query":"select feature, value, output_register, output_bit, input_eax from cpuid;","version":"1.0.4"},{"id":"smbios_tables","interval":86400,"platform":"darwin,linux","query":"select * from smbios_tables;","version":"1.3.0"},{"id":"nvram","interval":7200,"platform":"darwin","query":"select * from nvram where name not in ('backlight-level', 'SystemAudioVolumeDB', 'SystemAudioVolume');","version":"1.0.2"},{"id":"kernel_info","interval":7200,"query":"select * from kernel_info join hash using (path);","version":"1.4.0"},{"id":"pci_devices","interval":7200,"platform":"darwin,linux","query":"select * from pci_devices;","version":"1.0.4"},{"id":"fan_speeds","interval":7200,"platform":"darwin","query":"select * from fan_speed_sensors;","version":"1.7.1"},{"id":"temperatures","interval":7200,"platform":"darwin","query":"select * from temperature_sensors;","version":"1.7.1"},{"id":"usb_devices","interval":7200,"platform":"darwin,linux","query":"select * from usb_devices;","version":"1.2.0"},{"id":"hardware_events","interval":7200,"platform":"darwin,linux","query":"select * from hardware_events where path <> '' or model <> '';","version":"1.4.5"},{"id":"darwin_kernel_system_controls","interval":7200,"platform":"darwin","query":"select * from system_controls where subsystem = 'kern' and (name like '%boot%' or name like '%secure%' or name like '%single%');","version":"1.4.3"},{"id":"iokit_devicetree","interval":86400,"platform":"darwin","query":"select * from iokit_devicetree;","version":"1.3.0"},{"id":"efi_file_hashes","interval":7200,"platform":"darwin","query":"select file.path, uid, gid, mode, 0 as atime, mtime, ctime, md5, sha1, sha256 from (select * from file where path like '/System/Library/CoreServices/%.efi' union select * from file where path like '/System/Library/LaunchDaemons/com.apple%efi%') file join hash using (path);","version":"1.6.1"},{"id":"kernel_extensions","interval":7200,"platform":"darwin","query":"select * from kernel_extensions;","version":"1.4.5"},{"id":"kernel_modules","interval":7200,"platform":"linux","query":"select * from kernel_modules;","version":"1.4.5"},{"id":"windows_drivers","interval":7200,"platform":"windows","query":"select * from drivers;","version":"2.2.0"},{"id":"device_nodes","interval":7200,"platform":"darwin,linux","query":"select file.path, uid, gid, mode, 0 as atime, mtime, ctime, block_size, type from file where directory = '/dev/';","version":"1.6.0"}],"updated_at":"2021-12-29T09:23:21.137Z","updated_by":"elastic"},"coreMigrationVersion":"8.1.0","id":"f70e1920-6888-11ec-9276-97ce5eb54433","references":[],"type":"osquery-pack","updated_at":"2021-12-29T09:23:21.147Z","version":"WzI4NDMxLDJd"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
47 changes: 47 additions & 0 deletions
47
x-pack/plugins/osquery/cypress/integration/superuser/delete_all_ecs_mappings.spec.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { navigateTo } from '../../tasks/navigation'; | ||
import { login } from '../../tasks/login'; | ||
import { ArchiverMethod, runKbnArchiverScript } from '../../tasks/archiver'; | ||
|
||
describe('SuperUser - Delete ECS Mappings', () => { | ||
const SAVED_QUERY_ID = 'Saved-Query-Id'; | ||
|
||
before(() => { | ||
runKbnArchiverScript(ArchiverMethod.LOAD, 'saved_query'); | ||
}); | ||
beforeEach(() => { | ||
login(); | ||
navigateTo('/app/osquery/saved_queries'); | ||
}); | ||
|
||
after(() => { | ||
runKbnArchiverScript(ArchiverMethod.UNLOAD, 'saved_query'); | ||
}); | ||
|
||
it('to click the edit button and edit pack', () => { | ||
cy.react('CustomItemAction', { | ||
props: { index: 1, item: { attributes: { id: SAVED_QUERY_ID } } }, | ||
}).click(); | ||
cy.contains('Custom key/value pairs. e.g. {"application":"foo-bar","env":"production"}').should( | ||
'exist' | ||
); | ||
cy.contains('Hours of uptime').should('exist'); | ||
cy.react('EuiButtonIcon', { props: { id: 'labels-trash' } }).click(); | ||
cy.react('EuiButton').contains('Update query').click(); | ||
cy.wait(1000); | ||
|
||
cy.react('CustomItemAction', { | ||
props: { index: 1, item: { attributes: { id: SAVED_QUERY_ID } } }, | ||
}).click(); | ||
cy.contains('Custom key/value pairs. e.g. {"application":"foo-bar","env":"production"}').should( | ||
'not.exist' | ||
); | ||
cy.contains('Hours of uptime').should('not.exist'); | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.