Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Auditbeat] Package: Improve dpkg parsing #12325

Merged
merged 3 commits into from
May 30, 2019
Merged

[Auditbeat] Package: Improve dpkg parsing #12325

merged 3 commits into from
May 30, 2019

Conversation

cwurm
Copy link
Contributor

@cwurm cwurm commented May 28, 2019

Improves parsing of the dpkg status file in two ways:

  1. Adds system.audit.package.url from the Homepage field.
  2. Fixes a bug where when the status file does not end in a newline the last package will not be reported. I'm not sure if this bug can be encountered in the wild (dpkg seems to add a newline to the status file), but I encountered it with the test file so I'd rather make it work.

Also adds a test dpkg status file and a unit test reading it.

@cwurm cwurm requested a review from a team as a code owner May 28, 2019 22:26
@elasticmachine
Copy link
Collaborator

Pinging @elastic/secops

@cwurm cwurm merged commit 36ee4f5 into elastic:master May 30, 2019
@cwurm cwurm deleted the package_improve_dpkg branch May 30, 2019 20:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees
No one assigned
Labels
Auditbeat review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cwurm @elasticmachine @andrewkroh