2014-12-18 18:50:47 +00:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2014, Facebook, Inc.
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This source code is licensed under the BSD-style license found in the
|
|
|
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
|
|
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
|
|
|
*
|
|
|
|
|
*/
|
2014-08-02 03:46:22 +00:00
|
|
|
|
|
|
|
|
#include <vector>
|
|
|
|
|
#include <string>
|
|
|
|
|
|
2014-08-06 22:55:46 +00:00
|
|
|
#include <boost/algorithm/string/join.hpp>
|
2014-08-04 21:12:06 +00:00
|
|
|
#include <boost/algorithm/string/predicate.hpp>
|
|
|
|
|
|
2014-12-03 23:14:02 +00:00
|
|
|
#include <osquery/core.h>
|
|
|
|
|
#include <osquery/filesystem.h>
|
2015-01-21 21:36:55 +00:00
|
|
|
#include <osquery/logger.h>
|
|
|
|
|
#include <osquery/tables.h>
|
2014-08-04 21:12:06 +00:00
|
|
|
|
2014-08-15 07:25:30 +00:00
|
|
|
namespace osquery {
|
|
|
|
|
namespace tables {
|
2014-08-02 03:46:22 +00:00
|
|
|
|
|
|
|
|
QueryData parseEtcHostsContent(const std::string& content) {
|
|
|
|
|
QueryData results;
|
2014-08-04 21:12:06 +00:00
|
|
|
|
2014-08-04 23:08:49 +00:00
|
|
|
for (const auto& i : split(content, "\n")) {
|
|
|
|
|
auto line = split(i);
|
2014-08-04 21:12:06 +00:00
|
|
|
if (line.size() == 0 || boost::starts_with(line[0], "#")) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
Row r;
|
|
|
|
|
r["address"] = line[0];
|
2014-08-04 23:08:49 +00:00
|
|
|
if (line.size() > 1) {
|
|
|
|
|
std::vector<std::string> hostnames;
|
|
|
|
|
for (int i = 1; i < line.size(); ++i) {
|
|
|
|
|
hostnames.push_back(line[i]);
|
|
|
|
|
}
|
2014-08-06 22:55:46 +00:00
|
|
|
r["hostnames"] = boost::algorithm::join(hostnames, " ");
|
2014-08-04 23:08:49 +00:00
|
|
|
}
|
2014-08-04 21:12:06 +00:00
|
|
|
results.push_back(r);
|
|
|
|
|
}
|
2014-08-02 03:46:22 +00:00
|
|
|
|
|
|
|
|
return results;
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-26 00:28:10 +00:00
|
|
|
QueryData genEtcHosts(QueryContext& context) {
|
2014-08-07 20:14:06 +00:00
|
|
|
std::string content;
|
2014-09-15 18:47:52 +00:00
|
|
|
auto s = osquery::readFile("/etc/hosts", content);
|
2014-08-07 20:14:06 +00:00
|
|
|
if (s.ok()) {
|
|
|
|
|
return parseEtcHostsContent(content);
|
|
|
|
|
} else {
|
|
|
|
|
LOG(ERROR) << "Error reading /etc/hosts: " << s.toString();
|
|
|
|
|
return {};
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-08-15 07:25:30 +00:00
|
|
|
}
|
|
|
|
|
}
|
