272 lines
8.5 KiB
Go
272 lines
8.5 KiB
Go
|
// Licensed to Elasticsearch B.V. under one or more contributor
|
||
|
// license agreements. See the NOTICE file distributed with
|
||
|
// this work for additional information regarding copyright
|
||
|
// ownership. Elasticsearch B.V. licenses this file to you under
|
||
|
// the Apache License, Version 2.0 (the "License"); you may
|
||
|
// not use this file except in compliance with the License.
|
||
|
// You may obtain a copy of the License at
|
||
|
//
|
||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||
|
//
|
||
|
// Unless required by applicable law or agreed to in writing,
|
||
|
// software distributed under the License is distributed on an
|
||
|
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||
|
// KIND, either express or implied. See the License for the
|
||
|
// specific language governing permissions and limitations
|
||
|
// under the License.
|
||
|
|
||
|
// +build mage
|
||
|
|
||
|
package main
|
||
|
|
||
|
import (
|
||
|
"context"
|
||
|
"fmt"
|
||
|
"regexp"
|
||
|
"time"
|
||
|
|
||
|
"github.com/magefile/mage/mg"
|
||
|
"github.com/magefile/mage/sh"
|
||
|
"github.com/pkg/errors"
|
||
|
|
||
|
"github.com/elastic/beats/dev-tools/mage"
|
||
|
)
|
||
|
|
||
|
func init() {
|
||
|
mage.BeatDescription = "Audit the activities of users and processes on your system."
|
||
|
}
|
||
|
|
||
|
// Build builds the Beat binary.
|
||
|
func Build() error {
|
||
|
return mage.Build(mage.DefaultBuildArgs())
|
||
|
}
|
||
|
|
||
|
// GolangCrossBuild build the Beat binary inside of the golang-builder.
|
||
|
// Do not use directly, use crossBuild instead.
|
||
|
func GolangCrossBuild() error {
|
||
|
return mage.GolangCrossBuild(mage.DefaultGolangCrossBuildArgs())
|
||
|
}
|
||
|
|
||
|
// BuildGoDaemon builds the go-daemon binary (use crossBuildGoDaemon).
|
||
|
func BuildGoDaemon() error {
|
||
|
return mage.BuildGoDaemon()
|
||
|
}
|
||
|
|
||
|
// CrossBuild cross-builds the beat for all target platforms.
|
||
|
func CrossBuild() error {
|
||
|
return mage.CrossBuild()
|
||
|
}
|
||
|
|
||
|
// CrossBuildXPack cross-builds the beat with XPack for all target platforms.
|
||
|
func CrossBuildXPack() error {
|
||
|
return mage.CrossBuildXPack()
|
||
|
}
|
||
|
|
||
|
// CrossBuildGoDaemon cross-builds the go-daemon binary using Docker.
|
||
|
func CrossBuildGoDaemon() error {
|
||
|
return mage.CrossBuildGoDaemon()
|
||
|
}
|
||
|
|
||
|
// Clean cleans all generated files and build artifacts.
|
||
|
func Clean() error {
|
||
|
return mage.Clean()
|
||
|
}
|
||
|
|
||
|
// Package packages the Beat for distribution.
|
||
|
// Use SNAPSHOT=true to build snapshots.
|
||
|
// Use PLATFORMS to control the target platforms.
|
||
|
func Package() {
|
||
|
start := time.Now()
|
||
|
defer func() { fmt.Println("package ran for", time.Since(start)) }()
|
||
|
|
||
|
mage.UseElasticBeatPackaging()
|
||
|
customizePackaging()
|
||
|
|
||
|
mg.Deps(Update)
|
||
|
mg.Deps(makeConfigTemplates, CrossBuild, CrossBuildXPack, CrossBuildGoDaemon)
|
||
|
mg.SerialDeps(mage.Package, TestPackages)
|
||
|
}
|
||
|
|
||
|
// TestPackages tests the generated packages (i.e. file modes, owners, groups).
|
||
|
func TestPackages() error {
|
||
|
return mage.TestPackages()
|
||
|
}
|
||
|
|
||
|
// Update updates the generated files (aka make update).
|
||
|
func Update() error {
|
||
|
return sh.Run("make", "update")
|
||
|
}
|
||
|
|
||
|
// Fields generates a fields.yml for the Beat.
|
||
|
func Fields() error {
|
||
|
return mage.GenerateFieldsYAML("module")
|
||
|
}
|
||
|
|
||
|
// GoTestUnit executes the Go unit tests.
|
||
|
// Use TEST_COVERAGE=true to enable code coverage profiling.
|
||
|
// Use RACE_DETECTOR=true to enable the race detector.
|
||
|
func GoTestUnit(ctx context.Context) error {
|
||
|
return mage.GoTest(ctx, mage.DefaultGoTestUnitArgs())
|
||
|
}
|
||
|
|
||
|
// GoTestIntegration executes the Go integration tests.
|
||
|
// Use TEST_COVERAGE=true to enable code coverage profiling.
|
||
|
// Use RACE_DETECTOR=true to enable the race detector.
|
||
|
func GoTestIntegration(ctx context.Context) error {
|
||
|
return mage.GoTest(ctx, mage.DefaultGoTestIntegrationArgs())
|
||
|
}
|
||
|
|
||
|
// -----------------------------------------------------------------------------
|
||
|
// Customizations specific to Auditbeat.
|
||
|
// - Config files are Go templates.
|
||
|
|
||
|
const (
|
||
|
configTemplateGlob = "module/*/_meta/config*.yml.tmpl"
|
||
|
shortConfigTemplate = "build/auditbeat.yml.tmpl"
|
||
|
referenceConfigTemplate = "build/auditbeat.reference.yml.tmpl"
|
||
|
)
|
||
|
|
||
|
func makeConfigTemplates() error {
|
||
|
configFiles, err := mage.FindFiles(configTemplateGlob)
|
||
|
if err != nil {
|
||
|
return errors.Wrap(err, "failed to find config templates")
|
||
|
}
|
||
|
|
||
|
var shortIn []string
|
||
|
shortIn = append(shortIn, "_meta/common.p1.yml")
|
||
|
shortIn = append(shortIn, configFiles...)
|
||
|
shortIn = append(shortIn, "_meta/common.p2.yml")
|
||
|
shortIn = append(shortIn, "../libbeat/_meta/config.yml")
|
||
|
if !mage.IsUpToDate(shortConfigTemplate, shortIn...) {
|
||
|
fmt.Println(">> Building", shortConfigTemplate)
|
||
|
mage.MustFileConcat(shortConfigTemplate, 0600, shortIn...)
|
||
|
mage.MustFindReplace(shortConfigTemplate, regexp.MustCompile("beatname"), "{{.BeatName}}")
|
||
|
mage.MustFindReplace(shortConfigTemplate, regexp.MustCompile("beat-index-prefix"), "{{.BeatIndexPrefix}}")
|
||
|
}
|
||
|
|
||
|
var referenceIn []string
|
||
|
referenceIn = append(referenceIn, "_meta/common.reference.yml")
|
||
|
referenceIn = append(referenceIn, configFiles...)
|
||
|
referenceIn = append(referenceIn, "../libbeat/_meta/config.reference.yml")
|
||
|
if !mage.IsUpToDate(referenceConfigTemplate, referenceIn...) {
|
||
|
fmt.Println(">> Building", referenceConfigTemplate)
|
||
|
mage.MustFileConcat(referenceConfigTemplate, 0644, referenceIn...)
|
||
|
mage.MustFindReplace(referenceConfigTemplate, regexp.MustCompile("beatname"), "{{.BeatName}}")
|
||
|
mage.MustFindReplace(referenceConfigTemplate, regexp.MustCompile("beat-index-prefix"), "{{.BeatIndexPrefix}}")
|
||
|
}
|
||
|
|
||
|
return nil
|
||
|
}
|
||
|
|
||
|
// customizePackaging modifies the package specs to use templated config files
|
||
|
// instead of the defaults.
|
||
|
//
|
||
|
// Customizations specific to Auditbeat:
|
||
|
// - Include audit.rules.d directory in packages.
|
||
|
func customizePackaging() {
|
||
|
var (
|
||
|
shortConfig = mage.PackageFile{
|
||
|
Mode: 0600,
|
||
|
Source: "{{.PackageDir}}/auditbeat.yml",
|
||
|
Dep: generateShortConfig,
|
||
|
Config: true,
|
||
|
}
|
||
|
referenceConfig = mage.PackageFile{
|
||
|
Mode: 0644,
|
||
|
Source: "{{.PackageDir}}/auditbeat.reference.yml",
|
||
|
Dep: generateReferenceConfig,
|
||
|
}
|
||
|
)
|
||
|
|
||
|
archiveRulesDir := "audit.rules.d"
|
||
|
linuxPkgRulesDir := "/etc/{{.BeatName}}/audit.rules.d"
|
||
|
rulesSrcDir := "module/auditd/_meta/audit.rules.d"
|
||
|
sampleRules := mage.PackageFile{
|
||
|
Mode: 0644,
|
||
|
Source: rulesSrcDir,
|
||
|
Dep: func(spec mage.PackageSpec) error {
|
||
|
if spec.OS == "linux" {
|
||
|
params := map[string]interface{}{
|
||
|
"ArchBits": archBits,
|
||
|
}
|
||
|
rulesFile := spec.MustExpand(rulesSrcDir+"/sample-rules-linux-{{call .ArchBits .GOARCH}}bit.conf", params)
|
||
|
if err := mage.Copy(rulesFile, spec.MustExpand("{{.PackageDir}}/audit.rules.d/sample-rules.conf.disabled")); err != nil {
|
||
|
return errors.Wrap(err, "failed to copy sample rules")
|
||
|
}
|
||
|
}
|
||
|
return nil
|
||
|
},
|
||
|
}
|
||
|
|
||
|
for _, args := range mage.Packages {
|
||
|
pkgType := args.Types[0]
|
||
|
switch pkgType {
|
||
|
case mage.TarGz, mage.Zip:
|
||
|
args.Spec.ReplaceFile("{{.BeatName}}.yml", shortConfig)
|
||
|
args.Spec.ReplaceFile("{{.BeatName}}.reference.yml", referenceConfig)
|
||
|
case mage.Deb, mage.RPM, mage.DMG:
|
||
|
args.Spec.ReplaceFile("/etc/{{.BeatName}}/{{.BeatName}}.yml", shortConfig)
|
||
|
args.Spec.ReplaceFile("/etc/{{.BeatName}}/{{.BeatName}}.reference.yml", referenceConfig)
|
||
|
default:
|
||
|
panic(errors.Errorf("unhandled package type: %v", pkgType))
|
||
|
}
|
||
|
if args.OS == "linux" {
|
||
|
rulesDest := archiveRulesDir
|
||
|
if pkgType != mage.TarGz {
|
||
|
rulesDest = linuxPkgRulesDir
|
||
|
}
|
||
|
args.Spec.Files[rulesDest] = sampleRules
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func generateReferenceConfig(spec mage.PackageSpec) error {
|
||
|
params := map[string]interface{}{
|
||
|
"Reference": true,
|
||
|
"ArchBits": archBits,
|
||
|
}
|
||
|
return spec.ExpandFile(referenceConfigTemplate,
|
||
|
"{{.PackageDir}}/auditbeat.reference.yml", params)
|
||
|
}
|
||
|
|
||
|
func generateShortConfig(spec mage.PackageSpec) error {
|
||
|
params := map[string]interface{}{
|
||
|
"Reference": false,
|
||
|
"ArchBits": archBits,
|
||
|
}
|
||
|
return spec.ExpandFile(shortConfigTemplate,
|
||
|
"{{.PackageDir}}/auditbeat.yml", params)
|
||
|
}
|
||
|
|
||
|
// archBits returns the number of bit width of the GOARCH architecture value.
|
||
|
// This function is used by the auditd module configuration templates to
|
||
|
// generate architecture specific audit rules.
|
||
|
func archBits(goarch string) int {
|
||
|
switch goarch {
|
||
|
case "386", "arm":
|
||
|
return 32
|
||
|
default:
|
||
|
return 64
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// Configs generates the auditbeat.yml and auditbeat.reference.yml config files.
|
||
|
// Set DEV_OS and DEV_ARCH to change the target host for the generated configs.
|
||
|
// Defaults to linux/amd64.
|
||
|
func Configs() {
|
||
|
mg.Deps(makeConfigTemplates)
|
||
|
|
||
|
params := map[string]interface{}{
|
||
|
"GOOS": mage.EnvOr("DEV_OS", "linux"),
|
||
|
"GOARCH": mage.EnvOr("DEV_ARCH", "amd64"),
|
||
|
"ArchBits": archBits,
|
||
|
"Reference": false,
|
||
|
}
|
||
|
fmt.Printf(">> Building auditbeat.yml for %v/%v\n", params["GOOS"], params["GOARCH"])
|
||
|
mage.MustExpandFile(shortConfigTemplate, "auditbeat.yml", params)
|
||
|
|
||
|
params["Reference"] = true
|
||
|
fmt.Printf(">> Building auditbeat.reference.yml for %v/%v\n", params["GOOS"], params["GOARCH"])
|
||
|
mage.MustExpandFile(referenceConfigTemplate, "auditbeat.reference.yml", params)
|
||
|
}
|