Update Windows Defend Support (#4201)

* Only install Defend on Windows kernels newer than 6, i.e. Windows 10 / Server 2016 and newer. * add runtime prevention for deprecated Windows versions; change Platform.major Platform.mior to int to match go-sysinfo * fix bad merge --------- Co-authored-by: Leszek Kubik <39905449+intxgo@users.noreply.github.com>
elastic · Mar 27, 2024 · c082acc · c082acc
1 parent 972546a
commit c082acc
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 12 deletions.
diff --git a/docs/component-specs.md b/docs/component-specs.md
@@ -90,7 +90,7 @@ The variables that can be accessed by a condition are:
 - `runtime.native_arch`: the machine CPU architecture, either `"amd64"` or `"arm64"`.
 - `runtime.platform`: a string combining the OS and architecture, e.g. `"windows/amd64"`, `"darwin/arm64"`.
 - `runtime.family`: OS family, e.g. `"debian"`, `"redhat"`, `"windows"`, `"darwin"`
-- `runtime.major`, `runtime.minor`: the operating system version. Note that these are strings not integers, so they must be converted in order to use numeric comparison. For example to check if the OS major version is at most 12, use `number(runtime.major) <= 12`.
+- `runtime.major`, `runtime.minor`: the operating system version.
 - `user.root`: true if Agent is being run with root / administrator permissions.
 - `install.in_default`: true if the Agent is installed in the default location or has been installed via deb or rpm.
 

diff --git a/pkg/component/component_test.go b/pkg/component/component_test.go
@@ -420,8 +420,8 @@ func TestToComponents(t *testing.T) {
 					GOOS: Linux,
 				},
 				Family: "redhat",
-				Major:  "7",
-				Minor:  "2",
+				Major:  7,
+				Minor:  2,
 			},
 			Policy: map[string]interface{}{
 				"outputs": map[string]interface{}{
@@ -1985,8 +1985,8 @@ func TestPreventionsAreValid(t *testing.T) {
 			"arch":        "arch",
 			"native_arch": "native_arch",
 			"family":      "family",
-			"major":       "major",
-			"minor":       "minor",
+			"major":       1,
+			"minor":       2,
 		},
 		"user": map[string]interface{}{
 			"root": false,

diff --git a/pkg/component/platforms.go b/pkg/component/platforms.go
@@ -7,7 +7,6 @@ package component
 import (
 	"fmt"
 	goruntime "runtime"
-	"strconv"
 	"strings"
 
 	"github.com/elastic/go-sysinfo"
@@ -105,8 +104,8 @@ type PlatformDetail struct {
 
 	NativeArch string
 	Family     string
-	Major      string
-	Minor      string
+	Major      int
+	Minor      int
 }
 
 // PlatformModifier can modify the platform details before the runtime specifications are loaded.
@@ -138,8 +137,8 @@ func LoadPlatformDetail(modifiers ...PlatformModifier) (PlatformDetail, error) {
 		},
 		NativeArch: nativeArch,
 		Family:     os.Family,
-		Major:      strconv.Itoa(os.Major),
-		Minor:      strconv.Itoa(os.Minor),
+		Major:      os.Major,
+		Minor:      os.Minor,
 	}
 	for _, modifier := range modifiers {
 		detail = modifier(detail)

diff --git a/specs/endpoint-security.spec.yml b/specs/endpoint-security.spec.yml
@@ -14,7 +14,7 @@ inputs:
       - UPGRADE
     runtime:
       preventions:
-        - condition: ${runtime.arch} == 'arm64' and ${runtime.family} == 'redhat' and ${runtime.major} == '7'
+        - condition: ${runtime.arch} == 'arm64' and ${runtime.family} == 'redhat' and ${runtime.major} == 7
           message: "Elastic Defend doesn't support RHEL7 on arm64"
         - condition: ${user.root} == false
           message: "Elastic Defend requires Elastic Agent be running as root"
@@ -79,6 +79,8 @@ inputs:
           message: "Elastic Defend requires Elastic Agent be installed at the default installation path"
         - condition: ${runtime.native_arch} != '' and ${runtime.native_arch} != 'amd64'
           message: "Elastic Defend cannot be installed on Windows running on non-AMD64 CPU"
+        - condition: ${runtime.major} <= 6
+          message: "Elastic Defend requires Windows 10 / Server 2016 or newer."
     service:
       cport: 6788
       log:
@@ -93,7 +95,7 @@ inputs:
     proxied_actions: *proxied_actions
     runtime:
       preventions:
-        - condition: ${runtime.arch} == 'arm64' and ${runtime.family} == 'redhat' and ${runtime.major} == '7'
+        - condition: ${runtime.arch} == 'arm64' and ${runtime.family} == 'redhat' and ${runtime.major} == 7
           message: "No support for RHEL7 on arm64"
         - condition: ${user.root} == false
           message: "Elastic Agent must be running as root"