Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Auditbeat] Fix process metricset when not root #9497

Merged
merged 3 commits into from
Dec 14, 2018
Merged

[Auditbeat] Fix process metricset when not root #9497

merged 3 commits into from
Dec 14, 2018

Conversation

cwurm
Copy link
Contributor

@cwurm cwurm commented Dec 11, 2018

The process metricset did not behave very well when being run as a user other than root. It would try to read the private process information of all processes on a system, and output the resulting permission errors.

This changes it to catch permission errors to allow running it as any user. It will only report on processes that are readable.

This should also allow re-enabling the unit and system test that were failing in CI.

@elasticmachine
Copy link
Collaborator

Pinging @elastic/secops

webmat
webmat approved these changes Dec 12, 2018
View reviewed changes
Copy link
Contributor

@webmat webmat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Straightforward, love it.

x-pack/auditbeat/module/system/process/process.go
ms.log.Warnf("Failed to load process information for PID %d as non-root user. "+
"Will suppress further errors of this kind. Error: %v", pid, err)

// Only warn once at the start of Auditbeat.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❤️

@cwurm cwurm merged commit 9a680f7 into elastic:feature-auditbeat-host Dec 14, 2018
cwurm pushed a commit to cwurm/beats that referenced this pull request Dec 16, 2018
[Auditbeat] Fix process metricset when not root (elastic#9497)
6f5f20f 
Allow the `process` metricset to run as any user by catching permission errors when trying to read other user's private process information.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh left review comments

@webmat webmat webmat approved these changes

Assignees
No one assigned
Labels
Auditbeat review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@cwurm @elasticmachine @webmat @andrewkroh