2017-12-19 00:04:06 +00:00
|
|
|
/**
|
2016-02-11 19:48:58 +00:00
|
|
|
* Copyright (c) 2014-present, Facebook, Inc.
|
2015-09-07 18:09:06 +00:00
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
2017-12-19 00:04:06 +00:00
|
|
|
* This source code is licensed under both the Apache 2.0 license (found in the
|
|
|
|
|
* LICENSE file in the root directory of this source tree) and the GPLv2 (found
|
|
|
|
|
* in the COPYING file in the root directory of this source tree).
|
|
|
|
|
* You may select, at your option, one of the above-listed licenses.
|
2015-09-07 18:09:06 +00:00
|
|
|
*/
|
|
|
|
|
|
2018-08-02 15:57:02 +00:00
|
|
|
#include <chrono>
|
|
|
|
|
|
2016-09-12 23:53:42 +00:00
|
|
|
#include <osquery/database.h>
|
2016-02-12 06:19:49 +00:00
|
|
|
#include <osquery/distributed.h>
|
2016-03-12 09:23:09 +00:00
|
|
|
#include <osquery/flags.h>
|
2016-09-12 23:53:42 +00:00
|
|
|
#include <osquery/system.h>
|
2016-02-12 06:19:49 +00:00
|
|
|
|
2018-09-21 18:54:31 +00:00
|
|
|
#include <osquery/utils/system/time.h>
|
|
|
|
|
#include <osquery/dispatcher/distributed_runner.h>
|
|
|
|
|
#include <osquery/utils/conversions/tryto.h>
|
2015-09-07 18:09:06 +00:00
|
|
|
|
|
|
|
|
namespace osquery {
|
|
|
|
|
|
|
|
|
|
FLAG(uint64,
|
2015-10-02 18:33:50 +00:00
|
|
|
distributed_interval,
|
2015-09-07 18:09:06 +00:00
|
|
|
60,
|
2015-10-02 18:33:50 +00:00
|
|
|
"Seconds between polling for new queries (default 60)")
|
2015-09-07 18:09:06 +00:00
|
|
|
|
2015-10-02 18:33:50 +00:00
|
|
|
DECLARE_bool(disable_distributed);
|
2015-09-07 18:09:06 +00:00
|
|
|
DECLARE_string(distributed_plugin);
|
|
|
|
|
|
2016-09-12 23:53:42 +00:00
|
|
|
const size_t kDistributedAccelerationInterval = 5;
|
|
|
|
|
|
2015-09-07 18:09:06 +00:00
|
|
|
void DistributedRunner::start() {
|
|
|
|
|
auto dist = Distributed();
|
2016-03-12 09:23:09 +00:00
|
|
|
while (!interrupted()) {
|
2015-09-07 18:09:06 +00:00
|
|
|
dist.pullUpdates();
|
|
|
|
|
if (dist.getPendingQueryCount() > 0) {
|
|
|
|
|
dist.runQueries();
|
|
|
|
|
}
|
2016-11-04 06:54:55 +00:00
|
|
|
|
2016-09-12 23:53:42 +00:00
|
|
|
std::string str_acu = "0";
|
|
|
|
|
Status database = getDatabaseValue(
|
|
|
|
|
kPersistentSettings, "distributed_accelerate_checkins_expire", str_acu);
|
2018-09-07 14:48:15 +00:00
|
|
|
auto const accelerate_checkins_expire_exp =
|
|
|
|
|
tryTo<unsigned long int>(str_acu, 10);
|
|
|
|
|
if (!database.ok() || accelerate_checkins_expire_exp.isError() ||
|
|
|
|
|
getUnixTime() > accelerate_checkins_expire_exp.get()) {
|
2018-08-02 15:57:02 +00:00
|
|
|
pause(std::chrono::seconds(FLAGS_distributed_interval));
|
2016-09-12 23:53:42 +00:00
|
|
|
} else {
|
2018-08-02 15:57:02 +00:00
|
|
|
pause(std::chrono::seconds(kDistributedAccelerationInterval));
|
2016-09-12 23:53:42 +00:00
|
|
|
}
|
2015-09-07 18:09:06 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Status startDistributed() {
|
2016-10-22 07:27:04 +00:00
|
|
|
if (!FLAGS_disable_distributed) {
|
2015-09-07 18:09:06 +00:00
|
|
|
Dispatcher::addService(std::make_shared<DistributedRunner>());
|
|
|
|
|
return Status(0, "OK");
|
|
|
|
|
} else {
|
|
|
|
|
return Status(1, "Distributed query service not enabled.");
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-06-18 13:24:20 +00:00
|
|
|
} // namespace osquery
|
