2014-07-31 00:35:19 +00:00
|
|
|
// Copyright 2004-present Facebook. All Rights Reserved.
|
|
|
|
|
|
|
|
|
|
#ifndef OSQUERY_CONFIG_H
|
|
|
|
|
#define OSQUERY_CONFIG_H
|
|
|
|
|
|
|
|
|
|
#include <future>
|
|
|
|
|
#include <memory>
|
|
|
|
|
#include <mutex>
|
|
|
|
|
#include <string>
|
|
|
|
|
#include <utility>
|
|
|
|
|
#include <vector>
|
|
|
|
|
|
2014-08-05 23:13:55 +00:00
|
|
|
#include "osquery/status.h"
|
2014-07-31 00:35:19 +00:00
|
|
|
|
2014-08-15 07:25:30 +00:00
|
|
|
namespace osquery {
|
|
|
|
|
namespace config {
|
2014-07-31 00:35:19 +00:00
|
|
|
|
|
|
|
|
// OsqueryScheduledQuery represents the relevant parameters of a scheduled query
|
|
|
|
|
struct OsqueryScheduledQuery {
|
|
|
|
|
// name represents the "name" of a query
|
|
|
|
|
std::string name;
|
|
|
|
|
|
|
|
|
|
// query represents the actual SQL query
|
|
|
|
|
std::string query;
|
|
|
|
|
|
|
|
|
|
// interval represents how often the query should be executed, in minutes
|
|
|
|
|
int interval;
|
|
|
|
|
|
|
|
|
|
// equals operator
|
|
|
|
|
bool operator==(const OsqueryScheduledQuery& comp) const {
|
2014-08-15 07:25:30 +00:00
|
|
|
return (comp.name == name) && (comp.query == query) &&
|
2014-07-31 00:35:19 +00:00
|
|
|
(comp.interval == interval);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// not equals operator
|
|
|
|
|
bool operator!=(const OsqueryScheduledQuery& comp) const {
|
|
|
|
|
return !(*this == comp);
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// typedef so that we can say OsqueryScheduledQuery instead of
|
|
|
|
|
// struct OsqueryScheduledQuery
|
|
|
|
|
typedef struct OsqueryScheduledQuery OsqueryScheduledQuery;
|
|
|
|
|
|
|
|
|
|
// scheduledQueries_t is a typedef for a vector of OsqueryScheduledQuery's. This
|
|
|
|
|
// is just here for the sake of conciseness
|
|
|
|
|
typedef std::vector<OsqueryScheduledQuery> scheduledQueries_t;
|
|
|
|
|
|
|
|
|
|
// OsqueryConfig is a native representation of osquery configuration data
|
|
|
|
|
struct OsqueryConfig {
|
|
|
|
|
// scheduledQueries is a vector of all of the queries that are scheduled to
|
|
|
|
|
// execute
|
|
|
|
|
scheduledQueries_t scheduledQueries;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// kDefaultConfigRetriever is a string which represents the default retriever
|
|
|
|
|
// to be used in the event that one is not specified via flags
|
|
|
|
|
extern const std::string kDefaultConfigRetriever;
|
|
|
|
|
|
|
|
|
|
// Config is a singleton that exposes accessors to osquery's configuration data
|
|
|
|
|
class Config {
|
2014-08-15 07:25:30 +00:00
|
|
|
public:
|
2014-07-31 00:35:19 +00:00
|
|
|
// getInstance returns a singleton instance of Config.
|
|
|
|
|
static std::shared_ptr<Config> getInstance();
|
|
|
|
|
|
|
|
|
|
// getScheduledQueries returns a vector of OsqueryScheduledQuery's which
|
|
|
|
|
// represent the queries that are to be executed
|
|
|
|
|
scheduledQueries_t getScheduledQueries();
|
2014-08-15 07:25:30 +00:00
|
|
|
|
|
|
|
|
private:
|
2014-07-31 00:35:19 +00:00
|
|
|
// since instances of Config should only be created via getInstance(),
|
|
|
|
|
// Config's constructor is private
|
|
|
|
|
Config();
|
|
|
|
|
|
|
|
|
|
// genConfig() is a symbol that is satisfied by the config plugin that gets
|
|
|
|
|
// compiled with osquery
|
2014-08-05 23:13:55 +00:00
|
|
|
static osquery::Status genConfig(OsqueryConfig& conf);
|
2014-08-15 07:25:30 +00:00
|
|
|
|
|
|
|
|
private:
|
2014-07-31 00:35:19 +00:00
|
|
|
// cfg_ is the private member that stores the raw osquery config data in a
|
|
|
|
|
// native format
|
|
|
|
|
OsqueryConfig cfg_;
|
|
|
|
|
};
|
2014-08-15 07:25:30 +00:00
|
|
|
}
|
|
|
|
|
}
|
2014-07-31 00:35:19 +00:00
|
|
|
|
|
|
|
|
#endif /* OSQUERY_CONFIG_H */
|
