osquery-1/osquery/main/daemon.cpp

/*
 *  Copyright (c) 2014, Facebook, Inc.
 *  All rights reserved.
 *
 *  This source code is licensed under the BSD-style license found in the
 *  LICENSE file in the root directory of this source tree. An additional grant
 *  of patent rights can be found in the PATENTS file in the same directory.
 *
 */

#include <boost/thread.hpp>

#include <osquery/config.h>
#include <osquery/core.h>
#include <osquery/events.h>
#include <osquery/logger.h>
#include <osquery/scheduler.h>

#include "osquery/core/watcher.h"

const std::string kWatcherWorkerName = "osqueryd-worker";

#ifndef __APPLE__
namespace osquery {
DEFINE_osquery_flag(bool, daemonize, false, "Run as daemon (osqueryd only).");
}
#endif

namespace osquery {
DEFINE_osquery_flag(bool,
                    config_check,
                    false,
                    "Check the format and accessibility of the daemon");

DEFINE_osquery_flag(bool,
                    disable_watchdog,
                    false,
                    "Do not use a userland watchdog process.");
}

int main(int argc, char* argv[]) {
  osquery::initOsquery(argc, argv, osquery::OSQUERY_TOOL_DAEMON);

  if (osquery::FLAGS_config_check) {
    auto s = osquery::Config::checkConfig();
    if (!s.ok()) {
      std::cerr << "Error reading config: " << s.toString() << "\n";
    }
    return s.getCode();
  }

#ifndef __APPLE__
  // OSX uses launchd to daemonize.
  if (osquery::FLAGS_daemonize) {
    if (daemon(0, 0) == -1) {
      ::exit(EXIT_FAILURE);
    }
  }
#endif

  auto pid_status = osquery::createPidFile();
  if (!pid_status.ok()) {
    LOG(ERROR) << "Could not start osqueryd: " << pid_status.toString();
    ::exit(EXIT_FAILURE);
  }

  try {
    osquery::DBHandle::getInstance();
  } catch (std::exception& e) {
    LOG(ERROR) << "osqueryd failed to start: " << e.what();
    ::exit(EXIT_FAILURE);
  }

  if (!osquery::FLAGS_disable_watchdog) {
    // When a watcher is used, the current watcher will fork into a worker.
    osquery::initWorkerWatcher(kWatcherWorkerName, argc, argv);
  }

  LOG(INFO) << "Listing all plugins";

  LOG(INFO) << "Logger plugins:";
  for (const auto& name : osquery::Registry::names("logger")) {
    LOG(INFO) << "  - " << name;
  }

  LOG(INFO) << "Config plugins:";
  for (const auto& name : osquery::Registry::names("config")) {
    LOG(INFO) << "  - " << name;
  }

  LOG(INFO) << "Event Publishers:";
  for (const auto& name : osquery::Registry::names("event_publisher")) {
    LOG(INFO) << "  - " << name;
  }

  LOG(INFO) << "Event Subscribers:";
  for (const auto& name : osquery::Registry::names("event_subscriber")) {
    LOG(INFO) << "  - " << name;
  }

  // Start event threads.
  osquery::EventFactory::delay();

  boost::thread scheduler_thread(osquery::initializeScheduler);
  scheduler_thread.join();

  // Finally shutdown.
  osquery::shutdownOsquery();

  return 0;
}
Updating the license comment to be the correct open source header As per t5494224, all of the license headers in osquery needed to be updated to reflect the correct open source header style. 2014-12-18 18:50:47 +00:00			`/*`
			`* Copyright (c) 2014, Facebook, Inc.`
			`* All rights reserved.`
			`*`
			`* This source code is licensed under the BSD-style license found in the`
config-check command in osqueryd This addresses #585 2015-01-21 20:56:25 +00:00			`* LICENSE file in the root directory of this source tree. An additional grant`
Updating the license comment to be the correct open source header As per t5494224, all of the license headers in osquery needed to be updated to reflect the correct open source header style. 2014-12-18 18:50:47 +00:00			`* of patent rights can be found in the PATENTS file in the same directory.`
			`*`
			`*/`
config-check command in osqueryd This addresses #585 2015-01-21 20:56:25 +00:00
Initial commit 2014-07-31 00:35:19 +00:00			`#include <boost/thread.hpp>`

Codemod to improve include search paths 2014-12-03 23:14:02 +00:00			`#include <osquery/config.h>`
			`#include <osquery/core.h>`
			`#include <osquery/events.h>`
Isolate glog include and depend on libglog for #652 2015-01-21 21:36:55 +00:00			`#include <osquery/logger.h>`
Codemod to improve include search paths 2014-12-03 23:14:02 +00:00			`#include <osquery/scheduler.h>`
Initial commit 2014-07-31 00:35:19 +00:00
Adding a watcher/worker model for osqueryd 2015-01-26 08:02:02 +00:00			`#include "osquery/core/watcher.h"`

			`const std::string kWatcherWorkerName = "osqueryd-worker";`

Add --daemonize option to osqueryd 2015-01-05 03:27:04 +00:00			`#ifndef __APPLE__`
			`namespace osquery {`
			`DEFINE_osquery_flag(bool, daemonize, false, "Run as daemon (osqueryd only).");`
			`}`
			`#endif`

config-check command in osqueryd This addresses #585 2015-01-21 20:56:25 +00:00			`namespace osquery {`
			`DEFINE_osquery_flag(bool,`
			`config_check,`
			`false,`
			`"Check the format and accessibility of the daemon");`
Adding a watcher/worker model for osqueryd 2015-01-26 08:02:02 +00:00
			`DEFINE_osquery_flag(bool,`
			`disable_watchdog,`
			`false,`
			`"Do not use a userland watchdog process.");`
config-check command in osqueryd This addresses #585 2015-01-21 20:56:25 +00:00			`}`

clang-format 2014-08-30 11:06:21 +00:00			`int main(int argc, char* argv[]) {`
Refector shell flags/versioning 2014-11-09 04:27:28 +00:00			`osquery::initOsquery(argc, argv, osquery::OSQUERY_TOOL_DAEMON);`
Initial commit 2014-07-31 00:35:19 +00:00
config-check command in osqueryd This addresses #585 2015-01-21 20:56:25 +00:00			`if (osquery::FLAGS_config_check) {`
			`auto s = osquery::Config::checkConfig();`
			`if (!s.ok()) {`
			`std::cerr << "Error reading config: " << s.toString() << "\n";`
			`}`
			`return s.getCode();`
			`}`

Add --daemonize option to osqueryd 2015-01-05 03:27:04 +00:00			`#ifndef __APPLE__`
			`// OSX uses launchd to daemonize.`
			`if (osquery::FLAGS_daemonize) {`
			`if (daemon(0, 0) == -1) {`
			`::exit(EXIT_FAILURE);`
			`}`
			`}`
			`#endif`

pidfile for osqueryd close #442 2014-11-18 02:42:36 +00:00			`auto pid_status = osquery::createPidFile();`
			`if (!pid_status.ok()) {`
Provide example config, improve pid check 2015-01-07 23:22:50 +00:00			`LOG(ERROR) << "Could not start osqueryd: " << pid_status.toString();`
Change exit(-1) to exit(EXIT_FAILURE) 2014-12-08 18:40:10 +00:00			`::exit(EXIT_FAILURE);`
pidfile for osqueryd close #442 2014-11-18 02:42:36 +00:00			`}`

Clean flags usage in daemon/shell and dbhandle 2014-10-27 18:55:28 +00:00			`try {`
			`osquery::DBHandle::getInstance();`
			`} catch (std::exception& e) {`
			`LOG(ERROR) << "osqueryd failed to start: " << e.what();`
Add --daemonize option to osqueryd 2015-01-05 03:27:04 +00:00			`::exit(EXIT_FAILURE);`
Clean flags usage in daemon/shell and dbhandle 2014-10-27 18:55:28 +00:00			`}`

Adding a watcher/worker model for osqueryd 2015-01-26 08:02:02 +00:00			`if (!osquery::FLAGS_disable_watchdog) {`
			`// When a watcher is used, the current watcher will fork into a worker.`
			`osquery::initWorkerWatcher(kWatcherWorkerName, argc, argv);`
			`}`

Adding LaunchDaemon and flagfile to the repo/package 2014-08-21 21:35:51 +00:00			`LOG(INFO) << "Listing all plugins";`

			`LOG(INFO) << "Logger plugins:";`
Minor registry documentation, using macros for create/add 2015-01-31 08:25:51 +00:00			`for (const auto& name : osquery::Registry::names("logger")) {`
Towards a new registry 2015-01-30 18:44:25 +00:00			`LOG(INFO) << " - " << name;`
Adding LaunchDaemon and flagfile to the repo/package 2014-08-21 21:35:51 +00:00			`}`

			`LOG(INFO) << "Config plugins:";`
Minor registry documentation, using macros for create/add 2015-01-31 08:25:51 +00:00			`for (const auto& name : osquery::Registry::names("config")) {`
Towards a new registry 2015-01-30 18:44:25 +00:00			`LOG(INFO) << " - " << name;`
Adding LaunchDaemon and flagfile to the repo/package 2014-08-21 21:35:51 +00:00			`}`

Refector shell flags/versioning 2014-11-09 04:27:28 +00:00			`LOG(INFO) << "Event Publishers:";`
Update daemon.cpp 2015-02-03 22:27:17 +00:00			`for (const auto& name : osquery::Registry::names("event_publisher")) {`
Towards a new registry 2015-01-30 18:44:25 +00:00			`LOG(INFO) << " - " << name;`
[events] Registry integration 2014-09-24 18:25:05 +00:00			`}`

Refector shell flags/versioning 2014-11-09 04:27:28 +00:00			`LOG(INFO) << "Event Subscribers:";`
Update daemon.cpp 2015-02-03 22:27:17 +00:00			`for (const auto& name : osquery::Registry::names("event_subscriber")) {`
Towards a new registry 2015-01-30 18:44:25 +00:00			`LOG(INFO) << " - " << name;`
[events] Registry integration 2014-09-24 18:25:05 +00:00			`}`

Remove EventFactory::deregister... in favor of ::end 2015-02-01 08:35:44 +00:00			`// Start event threads.`
[events] EventType threads for each run loop 2014-09-23 01:35:12 +00:00			`osquery::EventFactory::delay();`
Initial commit 2014-07-31 00:35:19 +00:00
[events] EventType threads for each run loop 2014-09-23 01:35:12 +00:00			`boost::thread scheduler_thread(osquery::initializeScheduler);`
Initial commit 2014-07-31 00:35:19 +00:00			`scheduler_thread.join();`

Remove EventFactory::deregister... in favor of ::end 2015-02-01 08:35:44 +00:00			`// Finally shutdown.`
			`osquery::shutdownOsquery();`
[events] EventType threads for each run loop 2014-09-23 01:35:12 +00:00
Initial commit 2014-07-31 00:35:19 +00:00			`return 0;`
			`}`