[Osquery] Fix multiple minor issues (#122023)

elastic · Jan 14, 2022 · 4ee667b · 4ee667b
1 parent 41806ba
commit 4ee667b
Show file tree

Hide file tree

Showing 46 changed files with 795 additions and 494 deletions.
diff --git a/x-pack/plugins/osquery/cypress/fixtures/saved_objects/hardware_monitoring.conf b/x-pack/plugins/osquery/cypress/fixtures/saved_objects/hardware_monitoring.conf
@@ -0,0 +1,124 @@
+{
+  "queries": {
+    "acpi_tables": {
+      "query": "select * from acpi_tables;",
+      "interval": 86400,
+      "platform": "posix",
+      "version": "1.3.0",
+      "description": "General reporting and heuristics monitoring."
+    },
+    "cpuid": {
+      "query": "select feature, value, output_register, output_bit, input_eax from cpuid;",
+      "interval": 86400,
+      "version": "1.0.4",
+      "description": "General reporting and heuristics monitoring."
+    },
+    "smbios_tables": {
+      "query": "select * from smbios_tables;",
+      "interval": 86400,
+      "platform": "posix",
+      "version": "1.3.0",
+      "description": "General reporting and heuristics monitoring."
+    },
+    "nvram": {
+      "query": "select * from nvram where name not in ('backlight-level', 'SystemAudioVolumeDB', 'SystemAudioVolume');",
+      "interval": 7200,
+      "platform": "darwin",
+      "version": "1.0.2",
+      "description": "Report on crashes, alternate boots, and boot arguments."
+    },
+    "kernel_info": {
+      "query": "select * from kernel_info join hash using (path);",
+      "interval": 7200,
+      "version": "1.4.0",
+      "description": "Report the booted kernel, potential arguments, and the device."
+    },
+    "pci_devices": {
+      "query": "select * from pci_devices;",
+      "interval": 7200,
+      "platform": "posix",
+      "version": "1.0.4",
+      "description": "Report an inventory of PCI devices. Attaches and detaches will show up in hardware_events."
+    },
+    "fan_speeds": {
+      "query": "select * from fan_speed_sensors;",
+      "interval": 7200,
+      "platform": "darwin",
+      "version": "1.7.1",
+      "description": "Report current fan speeds in the target OSX system."
+    },
+    "temperatures": {
+      "query": "select * from temperature_sensors;",
+      "interval": 7200,
+      "platform": "darwin",
+      "version": "1.7.1",
+      "description": "Report current machine temperatures in the target OSX system."
+    },
+    "usb_devices": {
+      "query": "select * from usb_devices;",
+      "interval": 7200,
+      "platform": "posix",
+      "version": "1.2.0",
+      "description": "Report an inventory of USB devices. Attaches and detaches will show up in hardware_events."
+    },
+    "hardware_events": {
+      "query" : "select * from hardware_events where path <> '' or model <> '';",
+      "interval" : 7200,
+      "platform": "posix",
+      "removed": false,
+      "version" : "1.4.5",
+      "description" : "Retrieves all the hardware related events in the target OSX system.",
+      "value" : "Determine if a third party device was attached to the system."
+    },
+    "darwin_kernel_system_controls": {
+      "query": "select * from system_controls where subsystem = 'kern' and (name like '%boot%' or name like '%secure%' or name like '%single%');",
+      "interval": 7200,
+      "platform": "darwin",
+      "version": "1.4.3",
+      "description": "Double check the information reported in kernel_info and report the kernel signature."
+    },
+    "iokit_devicetree": {
+      "query": "select * from iokit_devicetree;",
+      "interval": 86400,
+      "platform": "darwin",
+      "version": "1.3.0",
+      "description": "General inventory of IOKit's devices on OS X."
+    },
+    "efi_file_hashes": {
+      "query": "select file.path, uid, gid, mode, 0 as atime, mtime, ctime, md5, sha1, sha256 from (select * from file where path like '/System/Library/CoreServices/%.efi' union select * from file where path like '/System/Library/LaunchDaemons/com.apple%efi%') file join hash using (path);",
+      "interval": 7200,
+      "removed": false,
+      "version": "1.6.1",
+      "platform": "darwin",
+      "description": "Hash files related to EFI platform updates and EFI bootloaders on primary boot partition. This does not hash bootloaders on the EFI/boot partition."
+    },
+    "kernel_extensions": {
+      "query" : "select * from kernel_extensions;",
+      "interval" : "7200",
+      "platform" : "darwin",
+      "version" : "1.4.5",
+      "description" : "Retrieves all the information about the current kernel extensions for the target OSX system."
+    },
+    "kernel_modules": {
+      "query" : "select * from kernel_modules;",
+      "interval" : "7200",
+      "platform" : "linux",
+      "version" : "1.4.5",
+      "description" : "Retrieves all the information for the current kernel modules in the target Linux system."
+    },
+    "windows_drivers": {
+      "query" : "select * from drivers;",
+      "interval" : "7200",
+      "platform" : "windows",
+      "version" : "2.2.0",
+      "description" : "Retrieves all the information for the current windows drivers in the target Windows system."
+    },
+    "device_nodes": {
+      "query": "select file.path, uid, gid, mode, 0 as atime, mtime, ctime, block_size, type from file where directory = '/dev/';",
+      "interval": "7200",
+      "platform": "posix",
+      "version": "1.6.0",
+      "description": "Inventory all 'device' nodes in /dev/."
+    }
+  }
+}
diff --git a/x-pack/plugins/osquery/cypress/fixtures/saved_objects/hardware_monitoring.ndjson b/x-pack/plugins/osquery/cypress/fixtures/saved_objects/hardware_monitoring.ndjson
@@ -0,0 +1 @@
+{"attributes":{"created_at":"2021-12-29T09:23:21.137Z","created_by":"elastic","enabled":true,"name":"hardware-monitoring","queries":[{"id":"acpi_tables","interval":86400,"platform":"darwin,linux","query":"select * from acpi_tables;","version":"1.3.0"},{"id":"cpuid","interval":86400,"query":"select feature, value, output_register, output_bit, input_eax from cpuid;","version":"1.0.4"},{"id":"smbios_tables","interval":86400,"platform":"darwin,linux","query":"select * from smbios_tables;","version":"1.3.0"},{"id":"nvram","interval":7200,"platform":"darwin","query":"select * from nvram where name not in ('backlight-level', 'SystemAudioVolumeDB', 'SystemAudioVolume');","version":"1.0.2"},{"id":"kernel_info","interval":7200,"query":"select * from kernel_info join hash using (path);","version":"1.4.0"},{"id":"pci_devices","interval":7200,"platform":"darwin,linux","query":"select * from pci_devices;","version":"1.0.4"},{"id":"fan_speeds","interval":7200,"platform":"darwin","query":"select * from fan_speed_sensors;","version":"1.7.1"},{"id":"temperatures","interval":7200,"platform":"darwin","query":"select * from temperature_sensors;","version":"1.7.1"},{"id":"usb_devices","interval":7200,"platform":"darwin,linux","query":"select * from usb_devices;","version":"1.2.0"},{"id":"hardware_events","interval":7200,"platform":"darwin,linux","query":"select * from hardware_events where path <> '' or model <> '';","version":"1.4.5"},{"id":"darwin_kernel_system_controls","interval":7200,"platform":"darwin","query":"select * from system_controls where subsystem = 'kern' and (name like '%boot%' or name like '%secure%' or name like '%single%');","version":"1.4.3"},{"id":"iokit_devicetree","interval":86400,"platform":"darwin","query":"select * from iokit_devicetree;","version":"1.3.0"},{"id":"efi_file_hashes","interval":7200,"platform":"darwin","query":"select file.path, uid, gid, mode, 0 as atime, mtime, ctime, md5, sha1, sha256 from (select * from file where path like '/System/Library/CoreServices/%.efi' union select * from file where path like '/System/Library/LaunchDaemons/com.apple%efi%') file join hash using (path);","version":"1.6.1"},{"id":"kernel_extensions","interval":7200,"platform":"darwin","query":"select * from kernel_extensions;","version":"1.4.5"},{"id":"kernel_modules","interval":7200,"platform":"linux","query":"select * from kernel_modules;","version":"1.4.5"},{"id":"windows_drivers","interval":7200,"platform":"windows","query":"select * from drivers;","version":"2.2.0"},{"id":"device_nodes","interval":7200,"platform":"darwin,linux","query":"select file.path, uid, gid, mode, 0 as atime, mtime, ctime, block_size, type from file where directory = '/dev/';","version":"1.6.0"}],"updated_at":"2021-12-29T09:23:21.137Z","updated_by":"elastic"},"coreMigrationVersion":"8.1.0","id":"f70e1920-6888-11ec-9276-97ce5eb54433","references":[],"type":"osquery-pack","updated_at":"2021-12-29T09:23:21.147Z","version":"WzI4NDMxLDJd"}
diff --git a/x-pack/plugins/osquery/cypress/fixtures/saved_objects/saved_query.ndjson b/x-pack/plugins/osquery/cypress/fixtures/saved_objects/saved_query.ndjson
@@ -9,12 +9,6 @@
         "value": {
           "field": "hours"
         }
-      },
-      {
-        "key": "message",
-        "value": {
-          "field": "seconds"
-        }
       }
     ],
     "id": "Saved-Query-Id",

diff --git a/x-pack/plugins/osquery/cypress/integration/superuser/add_integration.spec.ts b/x-pack/plugins/osquery/cypress/integration/superuser/add_integration.spec.ts
@@ -9,19 +9,115 @@ import { FLEET_AGENT_POLICIES } from '../../tasks/navigation';
 import { addIntegration } from '../../tasks/integrations';
 
 import { login } from '../../tasks/login';
+// import { findAndClickButton, findFormFieldByRowsLabelAndType } from '../../tasks/live_query';
+import { ArchiverMethod, runKbnArchiverScript } from '../../tasks/archiver';
 
 describe('Super User - Add Integration', () => {
   const integration = 'Osquery Manager';
+  before(() => {
+    runKbnArchiverScript(ArchiverMethod.LOAD, 'saved_query');
+  });
   beforeEach(() => {
     login();
   });
 
-  it('should display Osquery integration in the Policies list once installed ', () => {
+  after(() => {
+    runKbnArchiverScript(ArchiverMethod.UNLOAD, 'saved_query');
+  });
+
+  // it('should add the old integration and be able to upgrade it', () => {
+  //   cy.visit(OLD_OSQUERY_MANAGER);
+  //   cy.contains(integration).click();
+  //   addIntegration();
+  //   cy.contains('osquery_manager-1');
+  //   cy.visit('app/fleet/policies');
+  //   cy.contains(/^Default Fleet Server policy$/).click();
+  //   cy.contains('Actions').click();
+  //   cy.contains('View policy').click();
+  //   cy.contains('name: osquery_manager-1');
+  //   cy.contains(`version: 0.7.4`);
+  //   cy.contains('Close').click();
+  //   cy.contains(/^Osquery Manager$/).click();
+  //   cy.contains(/^Settings$/).click();
+  //   cy.contains(/^Upgrade to latest version$/).click();
+  //   closeModalIfVisible();
+  //   cy.contains('Updated Osquery Manager and upgraded policies', { timeout: 60000 });
+  //   cy.visit('app/fleet/policies');
+  //   cy.contains(/^Default Fleet Server policy$/).click();
+  //   cy.contains('Actions').click();
+  //   cy.contains('View policy').click();
+  //   cy.contains('name: osquery_manager-1');
+  //   cy.contains(`version: 0.8.1`);
+  //   cy.visit('app/integrations/detail/osquery_manager/policies');
+  //   cy.contains('Loading integration policies').should('exist');
+  //   cy.contains('Loading integration policies').should('not.exist');
+  //   cy.getBySel('integrationPolicyTable')
+  //     .get('.euiTableRow', { timeout: 60000 })
+  //     .should('have.lengthOf.above', 0);
+  //   cy.get('.euiTableCellContent').get('.euiPopover__anchor').get(`[aria-label="Open"]`).click();
+  //   cy.contains(/^Delete integration$/).click();
+  //   closeModalIfVisible();
+  //   cy.contains(/^Settings$/).click();
+  //   cy.contains(/^Uninstall Osquery Manager$/).click();
+  //   closeModalIfVisible();
+  //   cy.contains(/^Successfully uninstalled Osquery Manager$/);
+  // });
+
+  it('add integration', () => {
     cy.visit(FLEET_AGENT_POLICIES);
     cy.contains('Default Fleet Server policy').click();
     cy.contains('Add integration').click();
     cy.contains(integration).click();
     addIntegration();
     cy.contains('osquery_manager-');
   });
+  // it('should have integration and packs copied when upgrading integration', () => {
+  //   const packageName = 'osquery_manager';
+  //   const oldVersion = '0.7.4';
+  //   const newVersion = '0.8.1';
+  //
+  //   cy.visit(`app/integrations/detail/${packageName}-${oldVersion}/overview`);
+  //   cy.contains('Add Osquery Manager').click();
+  //   cy.contains('Save and continue').click();
+  //   cy.contains('Add Elastic Agent later').click();
+  //   cy.contains('Upgrade');
+  //   cy.contains('Default policy').click();
+  //   cy.get('tr')
+  //     .should('contain', 'osquery_manager-2')
+  //     .and('contain', 'Osquery Manager')
+  //     .and('contain', `v${oldVersion}`);
+  //   cy.contains('Actions').click();
+  //   cy.contains('View policy').click();
+  //   cy.contains('name: osquery_manager-2');
+  //   cy.contains(`version: ${oldVersion}`);
+  //   cy.contains('Close').click();
+  //   navigateTo('app/osquery/packs');
+  //   findAndClickButton('Add pack');
+  //   findFormFieldByRowsLabelAndType('Name', 'Integration');
+  //   findFormFieldByRowsLabelAndType('Scheduled agent policies (optional)', '{downArrow} {enter}');
+  //   findAndClickButton('Add query');
+  //   cy.react('EuiComboBox', { props: { placeholder: 'Search for saved queries' } })
+  //     .click()
+  //     .type('{downArrow} {enter}');
+  //   cy.contains(/^Save$/).click();
+  //   cy.contains(/^Save pack$/).click();
+  //   cy.visit('app/fleet/policies');
+  //   cy.contains('Default policy').click();
+  //   cy.contains('Upgrade').click();
+  //   cy.contains(/^Advanced$/).click();
+  //   cy.contains('"Integration":');
+  //   cy.contains(/^Upgrade integration$/).click();
+  //   cy.contains(/^osquery_manager-2$/).click();
+  //   cy.contains(/^Advanced$/).click();
+  //   cy.contains('"Integration":');
+  //   cy.contains('Cancel').click();
+  //   cy.get('tr')
+  //     .should('contain', 'osquery_manager-2')
+  //     .and('contain', 'Osquery Manager')
+  //     .and('contain', `v${newVersion}`);
+  //   cy.contains('Actions').click();
+  //   cy.contains('View policy').click();
+  //   cy.contains('name: osquery_manager-2');
+  //   cy.contains(`version: ${newVersion}`);
+  // });
 });
diff --git a/x-pack/plugins/osquery/cypress/integration/superuser/delete_all_ecs_mappings.spec.ts b/x-pack/plugins/osquery/cypress/integration/superuser/delete_all_ecs_mappings.spec.ts
@@ -0,0 +1,47 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { navigateTo } from '../../tasks/navigation';
+import { login } from '../../tasks/login';
+import { ArchiverMethod, runKbnArchiverScript } from '../../tasks/archiver';
+
+describe('SuperUser - Delete ECS Mappings', () => {
+  const SAVED_QUERY_ID = 'Saved-Query-Id';
+
+  before(() => {
+    runKbnArchiverScript(ArchiverMethod.LOAD, 'saved_query');
+  });
+  beforeEach(() => {
+    login();
+    navigateTo('/app/osquery/saved_queries');
+  });
+
+  after(() => {
+    runKbnArchiverScript(ArchiverMethod.UNLOAD, 'saved_query');
+  });
+
+  it('to click the edit button and edit pack', () => {
+    cy.react('CustomItemAction', {
+      props: { index: 1, item: { attributes: { id: SAVED_QUERY_ID } } },
+    }).click();
+    cy.contains('Custom key/value pairs. e.g. {"application":"foo-bar","env":"production"}').should(
+      'exist'
+    );
+    cy.contains('Hours of uptime').should('exist');
+    cy.react('EuiButtonIcon', { props: { id: 'labels-trash' } }).click();
+    cy.react('EuiButton').contains('Update query').click();
+    cy.wait(1000);
+
+    cy.react('CustomItemAction', {
+      props: { index: 1, item: { attributes: { id: SAVED_QUERY_ID } } },
+    }).click();
+    cy.contains('Custom key/value pairs. e.g. {"application":"foo-bar","env":"production"}').should(
+      'not.exist'
+    );
+    cy.contains('Hours of uptime').should('not.exist');
+  });
+});
diff --git a/x-pack/plugins/osquery/cypress/integration/superuser/live_query.spec.ts b/x-pack/plugins/osquery/cypress/integration/superuser/live_query.spec.ts
@@ -30,10 +30,10 @@ describe('Super User - Live Query', () => {
 
     checkResults();
     cy.react('EuiDataGridHeaderCellWrapper', {
-      props: { id: 'osquery.days', index: 1 },
+      props: { id: 'osquery.days.number', index: 1 },
     });
     cy.react('EuiDataGridHeaderCellWrapper', {
-      props: { id: 'osquery.hours', index: 2 },
+      props: { id: 'osquery.hours.number', index: 2 },
     });
 
     cy.react('EuiAccordion', { props: { buttonContent: 'Advanced' } }).click();
@@ -46,7 +46,7 @@ describe('Super User - Live Query', () => {
       props: { id: 'message', index: 1 },
     });
     cy.react('EuiDataGridHeaderCellWrapper', {
-      props: { id: 'osquery.days', index: 2 },
+      props: { id: 'osquery.days.number', index: 2 },
     }).react('EuiIconIndexMapping');
   });
 });
diff --git a/x-pack/plugins/osquery/cypress/integration/superuser/metrics.spec.ts b/x-pack/plugins/osquery/cypress/integration/superuser/metrics.spec.ts
@@ -23,30 +23,30 @@ describe('Super User - Metrics', () => {
   });
 
   it('should be able to run the query', () => {
-    cy.get('[data-test-subj="toggleNavButton"]').click();
+    cy.getBySel('toggleNavButton').click();
     cy.contains('Metrics').click();
 
     cy.wait(1000);
 
-    cy.get('[data-test-subj="nodeContainer"]').click();
+    cy.getBySel('nodeContainer').click();
     cy.contains('Osquery').click();
     inputQuery('select * from uptime;');
 
     submitQuery();
     checkResults();
   });
   it('should be able to run the previously saved query', () => {
-    cy.get('[data-test-subj="toggleNavButton"]').click();
-    cy.get('[data-test-subj="collapsibleNavAppLink"').contains('Metrics').click();
+    cy.getBySel('toggleNavButton').click();
+    cy.getBySel('collapsibleNavAppLink').contains('Metrics').click();
 
     cy.wait(500);
-    cy.get('[data-test-subj="nodeContainer"]').click();
+    cy.getBySel('nodeContainer').click();
     cy.contains('Osquery').click();
 
-    cy.get('[data-test-subj="comboBoxInput"]').first().click();
+    cy.getBySel('comboBoxInput').first().click();
     cy.wait(500);
     cy.get('div[role=listBox]').should('have.lengthOf.above', 0);
-    cy.get('[data-test-subj="comboBoxInput"]').first().type('{downArrow}{enter}');
+    cy.getBySel('comboBoxInput').first().type('{downArrow}{enter}');
 
     submitQuery();
     checkResults();