2015-01-12 22:56:47 +00:00
|
|
|
#!/bin/sh
|
|
|
|
#
|
|
|
|
# osqueryd Start/Stop the osquery daemon.
|
|
|
|
#
|
2015-04-02 20:47:47 +00:00
|
|
|
# chkconfig: 345 90 60
|
2015-01-22 18:57:22 +00:00
|
|
|
# Description:
|
|
|
|
# With osquery, you can use SQL to query low-level
|
|
|
|
# operating system information. Under the hood, instead
|
|
|
|
# of querying static tables, these queries dynamically execute
|
|
|
|
# high-performance native code. The results of the
|
|
|
|
# SQL query are transparently returned to you quickly and easily
|
|
|
|
#
|
2015-01-12 22:56:47 +00:00
|
|
|
### BEGIN INIT INFO
|
2015-01-22 18:57:22 +00:00
|
|
|
# Provides: osquery osqueryd
|
2015-01-12 22:56:47 +00:00
|
|
|
# Required-Start: $local_fs $syslog
|
|
|
|
# Required-Stop: $local_fs $syslog
|
2015-04-02 20:47:47 +00:00
|
|
|
# Default-Start: 345
|
2015-01-12 22:56:47 +00:00
|
|
|
# Default-Stop: 90
|
|
|
|
# Short-Description: run osqueryd daemon
|
2015-01-22 18:57:22 +00:00
|
|
|
# Description:
|
|
|
|
# With osquery, you can use SQL to query low-level
|
|
|
|
# operating system information. Under the hood, instead
|
|
|
|
# of querying static tables, these queries dynamically execute
|
|
|
|
# high-performance native code. The results of the
|
|
|
|
# SQL query are transparently returned to you quickly and easily
|
|
|
|
#
|
|
|
|
#
|
2015-01-12 22:56:47 +00:00
|
|
|
### END INIT INFO
|
|
|
|
|
2015-01-22 18:57:22 +00:00
|
|
|
if [ -z $RETVAL ]; then RETVAL=0; fi
|
|
|
|
if [ -z $PROG ]; then PROG="osqueryd"; fi
|
|
|
|
if [ -z $EXEC ]; then EXEC=/usr/bin/osqueryd; fi
|
2015-03-16 18:59:04 +00:00
|
|
|
if [ -z $FLAGS_PATH ]; then FLAGS_PATH=/etc/osquery/osquery.flags; fi
|
2015-01-22 18:57:22 +00:00
|
|
|
if [ -z $REAL_CONFIG_PATH ]; then REAL_CONFIG_PATH=/etc/osquery/osquery.conf; fi
|
|
|
|
if [ -z $LOCKFILE ]; then LOCKFILE=/var/lock/osqueryd; fi
|
2015-03-16 18:59:04 +00:00
|
|
|
if [ -z $PIDFILE ]; then PIDFILE=/var/run/osqueryd.pid; fi
|
2015-01-22 18:57:22 +00:00
|
|
|
if [ -z $UID ]; then UID=$(id -u); fi
|
2015-01-12 22:56:47 +00:00
|
|
|
|
2015-01-22 18:57:22 +00:00
|
|
|
if [ $UID -eq 0 ] && [ -e /etc/sysconfig/$PROG ]; then
|
|
|
|
. /etc/sysconfig/$PROG
|
|
|
|
fi
|
2015-01-12 22:56:47 +00:00
|
|
|
|
2015-01-22 18:57:22 +00:00
|
|
|
if [ -e /etc/init.d/functions ]; then
|
|
|
|
. /etc/init.d/functions
|
|
|
|
fi
|
2015-01-12 22:56:47 +00:00
|
|
|
|
2015-03-16 18:59:04 +00:00
|
|
|
if [ ! -e $FLAGS_PATH ] && [ ! -e $REAL_CONFIG_PATH ]; then
|
|
|
|
echo "No config file found at $REAL_CONFIG_PATH"
|
|
|
|
echo "Additionally, no flags file or config override found at $FLAGS_PATH"
|
2015-01-22 18:57:22 +00:00
|
|
|
echo "See '/usr/share/osquery/osquery.example.conf' for an example config."
|
|
|
|
exit 1
|
2015-01-13 00:25:38 +00:00
|
|
|
fi
|
2015-01-12 22:56:47 +00:00
|
|
|
|
2015-01-22 18:57:22 +00:00
|
|
|
ensure_root() {
|
|
|
|
if [ $UID -ne 0 ] ; then
|
|
|
|
echo "User has insufficient privilege."
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2015-01-12 22:56:47 +00:00
|
|
|
start() {
|
2015-01-22 18:57:22 +00:00
|
|
|
ensure_root
|
|
|
|
|
2015-03-16 18:59:04 +00:00
|
|
|
ARGS=""
|
2015-01-22 18:57:22 +00:00
|
|
|
if [ -f $PIDFILE ]; then
|
|
|
|
PID=$(cat $PIDFILE)
|
|
|
|
PROCNAME=$(ps -p $PID -o comm\=)
|
|
|
|
if [ "$PROCNAME" = "$PROG" ]; then
|
2015-03-19 23:34:35 +00:00
|
|
|
return 0
|
2015-01-12 22:56:47 +00:00
|
|
|
else
|
2015-01-22 18:57:22 +00:00
|
|
|
# osqueryd pidfile exists but it's not running
|
|
|
|
rm $PIDFILE
|
2015-01-12 22:56:47 +00:00
|
|
|
fi
|
2015-01-22 18:57:22 +00:00
|
|
|
fi
|
|
|
|
|
2015-03-16 18:59:04 +00:00
|
|
|
if [ -e $FLAGS_PATH ]; then ARGS="$ARGS --flagfile=$FLAGS_PATH"; fi
|
|
|
|
if [ -e $REAL_CONFIG_PATH ]; then ARGS="$ARGS --config_path=$REAL_CONFIG_PATH"; fi
|
|
|
|
|
|
|
|
$PROG $ARGS \
|
2015-01-22 18:57:22 +00:00
|
|
|
--pidfile=$PIDFILE \
|
|
|
|
--daemonize=true
|
|
|
|
return $?
|
2015-01-12 22:56:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
stop() {
|
2015-01-22 18:57:22 +00:00
|
|
|
ensure_root
|
|
|
|
|
|
|
|
if [ ! -f $PIDFILE ] ; then
|
2015-03-19 23:34:35 +00:00
|
|
|
return 0
|
2015-01-22 18:57:22 +00:00
|
|
|
else
|
|
|
|
PID=$(cat $PIDFILE)
|
|
|
|
pkill -P $PID && kill -9 $PID
|
|
|
|
rm -f $PIDFILE
|
|
|
|
fi
|
2015-01-12 22:56:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
restart() {
|
2015-01-22 18:57:22 +00:00
|
|
|
stop
|
|
|
|
start
|
2015-01-12 22:56:47 +00:00
|
|
|
}
|
|
|
|
|
2015-01-22 18:57:22 +00:00
|
|
|
status() {
|
|
|
|
if [ ! -f $PIDFILE ] ; then
|
|
|
|
echo "$PROG is not running. no pidfile found."
|
|
|
|
else
|
|
|
|
PID=$(cat $PIDFILE)
|
|
|
|
PROCNAME=$(ps -p $PID -o comm\=)
|
|
|
|
if [ "$PROCNAME" = "$PROG" ]; then
|
|
|
|
echo "$PROG is already running: $PID"
|
|
|
|
return 0
|
|
|
|
else
|
|
|
|
# osqueryd pidfile exists but it's not running
|
|
|
|
echo "$PROG is not running but a stale pidfile was found."
|
|
|
|
fi
|
|
|
|
fi
|
2015-01-12 22:56:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
case "$1" in
|
|
|
|
start)
|
|
|
|
$1
|
|
|
|
;;
|
|
|
|
stop)
|
|
|
|
$1
|
|
|
|
;;
|
|
|
|
restart)
|
|
|
|
$1
|
|
|
|
;;
|
|
|
|
status)
|
2015-01-22 18:57:22 +00:00
|
|
|
$1
|
2015-01-12 22:56:47 +00:00
|
|
|
;;
|
|
|
|
*)
|
2015-01-22 18:57:22 +00:00
|
|
|
echo "Usage: $0 {start|stop|status|restart}"
|
2015-01-12 22:56:47 +00:00
|
|
|
exit 2
|
|
|
|
esac
|
|
|
|
exit $?
|