Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add configuration for seccomp #344

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions manifests/config.pp
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@
'processors' => $filebeat::processors,
'monitoring' => $filebeat::monitoring,
'setup' => $setup,
'seccomp.enabled' => $filebeat::seccomp_enable,
})
# Add the 'xpack' section if supported (version >= 6.1.0) and not undef
if $filebeat::xpack and versioncmp($filebeat::package_ensure, '6.1.0') >= 0 {
Expand Down
2 changes: 2 additions & 0 deletions manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@
# @param monitoring [Hash] The monitoring section of the configuration file.
# @param inputs [Hash] or [Array] Inputs that will be created. Commonly used to create inputs using hiera
# @param setup [Hash] setup that will be created. Commonly used to create setup using hiera
# @param seccomp_enable [Boolean] enable or disable seccomp. Default is enabled on Linux.
# proxy_address [String] Proxy server to use for downloading files
# @param xpack [Hash] Configuration items to export internal stats to a monitoring Elasticsearch cluster
# @param extra_validate_options [String] Extra command line options to pass to the configuration validation command
Expand Down Expand Up @@ -114,6 +115,7 @@
Optional[Hash] $monitoring = undef,
Variant[Hash, Array] $inputs = {},
Hash $setup = {},
Boolean $seccomp_enable = $filebeat::params::seccomp_enable,
Array $modules = [],
Optional[Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]] $proxy_address = undef, # lint:ignore:140chars
Stdlib::Absolutepath $filebeat_path = $filebeat::params::filebeat_path,
Expand Down
7 changes: 6 additions & 1 deletion manifests/params.pp
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@
# These parameters are ignored if/until tarball installs are supported in Linux
$tmp_dir = '/tmp'
$install_dir = undef
$seccomp_enable = true
case $facts['os']['family'] {
'RedHat': {
$service_provider = 'systemd'
Expand All @@ -115,6 +116,7 @@
$service_provider = undef
$install_dir = undef
$url_arch = undef
$seccomp_enable = false
}

'FreeBSD': {
Expand All @@ -130,6 +132,7 @@
$service_provider = undef
$install_dir = undef
$url_arch = undef
$seccomp_enable = false
}

'OpenBSD': {
Expand All @@ -140,11 +143,12 @@
$config_file_group = 'wheel'
$config_dir_owner = 'root'
$config_dir_group = 'wheel'
$modules_dir = '/etc/filebeat/modules.d'
$modules_dir = '/etc/filebeat/modules.d'
$tmp_dir = '/tmp'
$service_provider = undef
$install_dir = undef
$url_arch = undef
$seccomp_enable = false
}

'Windows' : {
Expand All @@ -159,6 +163,7 @@
$install_dir = 'C:/Program Files'
$tmp_dir = 'C:/Windows/Temp'
$service_provider = undef
$seccomp_enable = false
$url_arch = $facts['os']['architecture'] ? {
'x86' => 'x86',
'x64' => 'x86_64',
Expand Down