empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1440584d06
fleet/frontend/interfaces/osquery_table.ts
Jacob Shandling 1daf6f02c6 Revert "Merge front-end changes into 7765 Master Dev branch (#12905)" 
This reverts commit 7bff7447b0.
2023-07-27 13:32:24 -07:00

177 lines
4.0 KiB
TypeScript
Raw Blame History

import PropTypes from "prop-types";
import { OsqueryPlatform } from "./platform";
export default PropTypes.shape({
columns: PropTypes.arrayOf(
PropTypes.shape({
description: PropTypes.string,
name: PropTypes.string,
type: PropTypes.string,
})
),
description: PropTypes.string,
name: PropTypes.string,
platform: PropTypes.string,
});
export type ColumnType =
| "integer"
| "bigint"
| "double"
| "text"
| "unsigned_bigint";
export interface IQueryTableColumn {
name: string;
description: string;
type: ColumnType;
hidden: boolean;
required: boolean;
index: boolean;
platforms?: OsqueryPlatform[];
requires_user_context?: boolean;
}
export interface IOsQueryTable {
name: string;
description: string;
url: string;
platforms: OsqueryPlatform[];
evented: boolean;
cacheable: boolean;
columns: IQueryTableColumn[];
examples?: string;
notes?: string;
hidden?: boolean;
}
// Also used for testing
export const DEFAULT_OSQUERY_TABLE: IOsQueryTable = {
name: "users",
description:
"Local user accounts (including domain accounts that have logged on locally (Windows)).",
url: "https://github.com/osquery/osquery/blob/master/specs/users.table",
platforms: ["darwin", "linux", "windows", "chrome"],
evented: false,
cacheable: false,
columns: [
{
name: "uid",
description: "User ID",
type: "bigint",
hidden: false,
required: false,
index: false,
},
{
name: "gid",
description: "Group ID (unsigned)",
type: "bigint",
hidden: false,
required: false,
index: false,
platforms: ["macOS", "Windows", "Linux"],
},
{
name: "uid_signed",
description: "User ID as int64 signed (Apple)",
type: "bigint",
hidden: false,
required: false,
index: false,
platforms: ["macOS", "Windows", "Linux"],
},
{
name: "gid_signed",
description: "Default group ID as int64 signed (Apple)",
type: "bigint",
hidden: false,
required: false,
index: false,
platforms: ["macOS", "Windows", "Linux"],
},
{
name: "username",
description: "Username",
type: "text",
hidden: false,
required: false,
index: false,
},
{
name: "description",
description: "Optional user description",
type: "text",
hidden: false,
required: false,
index: false,
platforms: ["macOS", "Windows", "Linux"],
},
{
name: "directory",
description: "User's home directory",
type: "text",
hidden: false,
required: false,
index: false,
platforms: ["macOS", "Windows", "Linux"],
},
{
name: "shell",
description: "User's configured default shell",
type: "text",
hidden: false,
required: false,
index: false,
platforms: ["macOS", "Windows", "Linux"],
},
{
name: "uuid",
description: "User's UUID (Apple) or SID (Windows)",
type: "text",
hidden: false,
required: false,
index: false,
},
{
name: "type",
description:
"Whether the account is roaming (domain), local, or a system profile",
type: "text",
hidden: true,
required: false,
index: false,
platforms: ["Windows"],
},
{
name: "is_hidden",
description: "IsHidden attribute set in OpenDirectory",
type: "integer",
hidden: false,
required: false,
index: false,
platforms: ["macOS"],
},
{
name: "pid_with_namespace",
description: "Pids that contain a namespace",
type: "integer",
hidden: true,
required: false,
index: false,
},
{
name: "email",
description: "Email",
type: "text",
hidden: false,
required: false,
index: false,
platforms: ["chrome"],
},
],
notes: "",
examples:
"List users that have interactive access via a shell that isn't false.\n```\nSELECT * FROM users WHERE shell!='/usr/bin/false';\n```",
};
Reference in New Issue View Git Blame Copy Permalink