2023-02-22 19:05:36 +00:00
|
|
|
// sntp_request allows querying SNTP servers to get the timestamp
|
|
|
|
|
// and clock offset from a NTP server (in millisecond precision).
|
|
|
|
|
package sntp_request
|
Add table implementation to query SNTP servers (#9312)
This may be needed for CIS 2.3.2.2 check:
```
Correct date and time settings are required for authentication protocols, file creation,
modification dates and log entries. Ensure that time on the computer is within
acceptable limits. Truly accurate time is measured within milliseconds. For this audit, a
drift under four and a half minutes passes the control check. Since Kerberos is one of
the important features of macOS integration into Directory systems, the guidance here
is to warn you before there could be an impact to operations. From the perspective of
accurate time, this check is not strict, so it may be too great for your organization. Your
organization can adjust to a smaller offset value as needed.
```
#9239
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- ~[ ] Added/updated tests~
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-01-16 15:31:02 +00:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"errors"
|
|
|
|
|
"strconv"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/beevik/ntp"
|
|
|
|
|
"github.com/osquery/osquery-go/plugin/table"
|
|
|
|
|
)
|
|
|
|
|
|
2023-02-22 19:05:36 +00:00
|
|
|
func Columns() []table.ColumnDefinition {
|
Add table implementation to query SNTP servers (#9312)
This may be needed for CIS 2.3.2.2 check:
```
Correct date and time settings are required for authentication protocols, file creation,
modification dates and log entries. Ensure that time on the computer is within
acceptable limits. Truly accurate time is measured within milliseconds. For this audit, a
drift under four and a half minutes passes the control check. Since Kerberos is one of
the important features of macOS integration into Directory systems, the guidance here
is to warn you before there could be an impact to operations. From the perspective of
accurate time, this check is not strict, so it may be too great for your organization. Your
organization can adjust to a smaller offset value as needed.
```
#9239
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- ~[ ] Added/updated tests~
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-01-16 15:31:02 +00:00
|
|
|
return []table.ColumnDefinition{
|
|
|
|
|
table.TextColumn("server"),
|
|
|
|
|
|
|
|
|
|
table.BigIntColumn("timestamp_ms"),
|
|
|
|
|
table.BigIntColumn("clock_offset_ms"),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-22 19:05:36 +00:00
|
|
|
func GenerateFunc(_ context.Context, queryContext table.QueryContext) ([]map[string]string, error) {
|
Add table implementation to query SNTP servers (#9312)
This may be needed for CIS 2.3.2.2 check:
```
Correct date and time settings are required for authentication protocols, file creation,
modification dates and log entries. Ensure that time on the computer is within
acceptable limits. Truly accurate time is measured within milliseconds. For this audit, a
drift under four and a half minutes passes the control check. Since Kerberos is one of
the important features of macOS integration into Directory systems, the guidance here
is to warn you before there could be an impact to operations. From the perspective of
accurate time, this check is not strict, so it may be too great for your organization. Your
organization can adjust to a smaller offset value as needed.
```
#9239
- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- ~[ ] Added/updated tests~
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-01-16 15:31:02 +00:00
|
|
|
server := ""
|
|
|
|
|
if constraints, ok := queryContext.Constraints["server"]; ok {
|
|
|
|
|
for _, constraint := range constraints.Constraints {
|
|
|
|
|
if constraint.Operator == table.OperatorEquals {
|
|
|
|
|
server = constraint.Expression
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if server == "" {
|
|
|
|
|
return nil, errors.New("missing SNTP server column constraint; e.g. WHERE server = 'my.sntp.server'")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
options := ntp.QueryOptions{
|
|
|
|
|
Timeout: 30 * time.Second,
|
|
|
|
|
}
|
|
|
|
|
response, err := ntp.QueryWithOptions(server, options)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return []map[string]string{{
|
|
|
|
|
"server": server,
|
|
|
|
|
|
|
|
|
|
"timestamp_ms": strconv.FormatInt(response.Time.UnixMilli(), 10),
|
|
|
|
|
"clock_offset_ms": strconv.FormatInt(response.ClockOffset.Milliseconds(), 10),
|
|
|
|
|
}}, nil
|
|
|
|
|
}
|