Change install dir to Program Files

[amitkanfer]

This PR mitigates a security issue described here.

• Bumps the .NET version to the current LTS (6.0.319)
• MSI installers to stop using C:\ProgramData

[amitkanfer]

Before this PR, command line example:

"C:\Program Files\Elastic\Beats\8.11.0\filebeat\filebeat.exe"  --path.home "C:\Program Files\Elastic\Beats\8.11.0\filebeat" --path.config "C:\ProgramData\Elastic\Beats\filebeat" --path.data "C:\ProgramData\Elastic\Beats\filebeat\data" --path.logs "C:\ProgramData\Elastic\Beats\filebeat\logs" -E logging.files.redirect_stderr=true

With this PR:

"C:\Program Files\Elastic\Beats\8.11.0\filebeat\filebeat.exe"  --path.home "C:\Program Files\Elastic\Beats\8.11.0\filebeat" --path.config "C:\Program Files\Elastic\Beats\8.11.0\filebeat" --path.data "C:\Program Files\Elastic\Beats\8.11.0\filebeat" --path.logs "C:\Program Files\Elastic\Beats\8.11.0\filebeat" -E logging.files.redirect_stderr=true

@cmacknz , few questions:

• Note the difference with the command lines. logs and data are to the installed folder. Is that OK?
• Original logic renamed the config file to .example.yml. Not sure why. This logic also prevented the service from starting (as there wasn't filebeat.yml), not sure if this was the intent. Should we keep this logic? Code is here
• Pending on the answer for the previous question, we should change the logic that open file explorer at the end of the MSI flow

With this PR, on my local machine, all files are copied to the Program Files folder, the service is installed, and if i click Start / Stop everything works well.

[Sxderp]

So. We just stumbled upon this as 8.12 has been released. This is a big breaking change, especially for organizations that use some sort of provisioning process (SaltStack). Yet there is NO mention of it in the changelogs.

https://www.elastic.co/guide/en/beats/libbeat/current/release-notes-8.12.0.html

The security issue also seems to be hidden so we don't even know what the problem is. I've never heard of ProgramData being a security issue, so this just seems.. confusing?

[amitkanfer]

@Sxderp hello 👋 Can you please share a bit way this a breaking change for you? what processes you have in place exactly and how this change has an impact on them? (i have my assumptions, but just want to make sure we address your use-case)

+1 on the release notes, we'll get those updated ASAP

[Sxderp]

We use Salt to deploy our filebeat / metricbeat configurations.

1. Salt installs the programs via chocolatey.
2. Salt deploys the configuration file to C:\ProgramData\Elastic\Beats*
3. Salt starts the installed services.

Now that C:\ProgramData is no longer used the services are not picking up the configuration and are just crashing. I should also note that this also broke our existing installs. The config files from C:\ProgramData were not migrated and our hosts are crashing with config files not found.

The new paths also make it /very/ difficult to deploy the configuration en-mass. The beats use the version numbers within their paths. In order to deploy the configuration we now need to know the exact version that is being installed and dynamically update the filepath. That adds another layer of headache trying to do that during orchestration.

I'm also not thrilled with the idea that configurations may break on every new upgrade. As I said, the configurations were not migrated to C:\Program Files. If a new version of filebeat is installed, with a new version path, are we going to lose the configuration from the previous version?

Can we get a reason on why C:\ProgramData is considered "insecure"? It's used by many programs and even Microsoft.

[amitkanfer]

@Sxderp thanks for the continued feedback. We placed a PR to allow users to override the INSTALLDIR, so for example, this should work: msiexec /i winlogbeat-8.12.1-windows-x86_64.msi INSTALLDIR="c:\Program Files\Elastic\Beats\winlogbeat

And then you won't have the version in the path. Can you confirm this will work for you?

[Sxderp]

That should work for us, assuming it's for all the beats and not just winlogbeat. Having an unversioned install location as the default would be better.

[obi-juan-syn]

would it be possible to add where we can point the installer to our own custom config path folder of our choosing during install? this way, any config management of said configs should be a breeze, even if the version exists in the PROGRAMFILES install path

i.e. CONFIGDIR=c:\somewhere\secret

[amitkanfer]

would it be possible to add where we can point the installer to our own custom config path folder of our choosing during install? this way, any config management of said configs should be a breeze, even if the version exists in the PROGRAMFILES install path

i.e. CONFIGDIR=c:\somewhere\secret

yes, it's here: https://github.com/elastic/elastic-stack-installers?tab=readme-ov-file#installing-to-a-custom-location