osquery-1/osquery/tables/networking/etc_hosts.cpp

62 lines
1.4 KiB
C++
Raw Normal View History

/*
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD-style license found in the
2015-05-12 06:31:13 +00:00
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*
*/
#include <vector>
#include <string>
2014-08-06 22:55:46 +00:00
#include <boost/algorithm/string/join.hpp>
2014-08-04 21:12:06 +00:00
#include <boost/algorithm/string/predicate.hpp>
#include <osquery/core.h>
#include <osquery/filesystem.h>
#include <osquery/logger.h>
#include <osquery/tables.h>
2014-08-04 21:12:06 +00:00
2014-08-15 07:25:30 +00:00
namespace osquery {
namespace tables {
QueryData parseEtcHostsContent(const std::string& content) {
QueryData results;
2014-08-04 21:12:06 +00:00
2014-08-04 23:08:49 +00:00
for (const auto& i : split(content, "\n")) {
auto line = split(i);
2014-08-04 21:12:06 +00:00
if (line.size() == 0 || boost::starts_with(line[0], "#")) {
continue;
}
Row r;
r["address"] = line[0];
2014-08-04 23:08:49 +00:00
if (line.size() > 1) {
std::vector<std::string> hostnames;
for (size_t i = 1; i < line.size(); ++i) {
if (boost::starts_with(line[i], "#")) {
break;
}
2014-08-04 23:08:49 +00:00
hostnames.push_back(line[i]);
}
2014-08-06 22:55:46 +00:00
r["hostnames"] = boost::algorithm::join(hostnames, " ");
2014-08-04 23:08:49 +00:00
}
2014-08-04 21:12:06 +00:00
results.push_back(r);
}
return results;
}
QueryData genEtcHosts(QueryContext& context) {
2014-08-07 20:14:06 +00:00
std::string content;
auto s = osquery::forensicReadFile("/etc/hosts", content);
2014-08-07 20:14:06 +00:00
if (s.ok()) {
return parseEtcHostsContent(content);
} else {
return {};
}
}
2014-08-15 07:25:30 +00:00
}
}