Introduce two new host identifier options (#2944)

2024-11-06 09:35:20 +00:00 · 2017-01-27 18:56:50 -07:00 · 2017-01-27 18:56:50 -07:00 · 2ad1d8839f
commit 2ad1d8839f
parent 88d9ae8a3d
5 changed files with 69 additions and 12 deletions
--- a/docs/wiki/installation/cli-flags.md
+++ b/docs/wiki/installation/cli-flags.md
@ -298,11 +298,13 @@ Log scheduled results as events.

 `--host_identifier=hostname`

-Field used to identify the host running osquery: **hostname**, **uuid**.
+Field used to identify the host running osquery: **hostname**, **uuid**, **ephemeral**, **instance**.

-Select either **hostname** or **uuid** for the host identifier.
-DHCP may assign variable hostnames, if this is the case, select UUID for a
-consistent logging label.
+DHCP may assign variable hostnames, if this is the case, you may need a consistent logging label. Three options are available to you:
+
+- `uuid` uses the platform (DMTF) host UUID, fetched at process start.
+- `instance` uses an instance-unique UUID generated at process start, persisted in the backing store.
+- `ephemeral` uses an instance-unique UUID generated at process start, not persisted.

 `--verbose=false`

--- a/include/osquery/system.h
+++ b/include/osquery/system.h
@ -266,6 +266,22 @@ class DropPrivileges : private boost::noncopyable {
 */
 std::string getHostname();

+/**
+ * @brief Getter for an instance uuid
+ *
+ * @return ok on success and ident is set to the instance uuid, otherwise
+ * failure.
+ */
+Status getInstanceUUID(std::string& ident);
+
+/**
+ * @brief Getter for an ephemeral uuid
+ *
+ * @return ok on success and ident is set to the ephemeral uuid, otherwise
+ * failure.
+ */
+Status getEphemeralUUID(std::string& ident);
+
 /**
 * @brief Getter for a host's uuid.
 *
--- a/osquery/core/system.cpp
+++ b/osquery/core/system.cpp
@ -73,7 +73,8 @@ CLI_FLAG(bool,
 FLAG(string,
     host_identifier,
     "hostname",
-     "Field used to identify the host running osquery (hostname, uuid)");
+     "Field used to identify the host running osquery (hostname, uuid, "
+     "instance, ephemeral)");

 FLAG(bool, utc, true, "Convert all UNIX times to UTC");

@ -151,6 +152,29 @@ std::string generateHostUUID() {
  return generateNewUUID();
 }

+Status getInstanceUUID(std::string& ident) {
+  // Lookup the instance identifier (UUID) previously generated and stored.
+  auto status =
+      getDatabaseValue(kPersistentSettings, "instance_uuid_v1", ident);
+  if (ident.size() == 0) {
+    // There was no UUID stored in the database, generate one and store it.
+    ident = osquery::generateNewUUID();
+    VLOG(1) << "Using UUID " << ident << " as host identifier";
+    return setDatabaseValue(kPersistentSettings, "instance_uuid_v1", ident);
+  }
+
+  return status;
+}
+
+Status getEphemeralUUID(std::string& ident) {
+  if (ident.size() == 0) {
+    ident = osquery::generateNewUUID();
+  }
+  VLOG(1) << "Using UUID " << ident << " as host identifier";
+
+  return Status(0, "OK");
+}
+
 Status getHostUUID(std::string& ident) {
  // Lookup the host identifier (UUID) previously generated and stored.
  auto status = getDatabaseValue(kPersistentSettings, "host_uuid_v3", ident);
@ -165,15 +189,22 @@ Status getHostUUID(std::string& ident) {
 }

 std::string getHostIdentifier() {
-  if (FLAGS_host_identifier != "uuid") {
-    // use the hostname as the default machine identifier
-    return osquery::getHostname();
-  }
-
-  // Generate a identifier/UUID for this application launch, and persist.
  static std::string ident;
+
  if (ident.size() == 0) {
-    getHostUUID(ident);
+    if (FLAGS_host_identifier == "uuid") {
+      getHostUUID(ident);
+    } else if (FLAGS_host_identifier == "instance") {
+      getInstanceUUID(ident);
+    } else if (FLAGS_host_identifier == "ephemeral") {
+      getEphemeralUUID(ident);
+    } else {
+      // assuming the default of "hostname" as the machine identifier
+      // intentionally not set to `ident` because the hostname may change
+      // throughout the life of the process and we always want to be using the
+      // most current hostname
+      return osquery::getHostname();
+    }
  }
  return ident;
 }
--- a/osquery/tables/utility/osquery.cpp
+++ b/osquery/tables/utility/osquery.cpp
@ -229,6 +229,12 @@ QueryData genOsqueryInfo(QueryContext& context) {
    r["watcher"] = "-1";
  }

+  std::string uuid;
+  r["uuid"] = (getHostUUID(uuid)) ? uuid : "";
+
+  std::string instance;
+  r["instance_id"] = (getInstanceUUID(instance)) ? instance : "";
+
  results.push_back(r);
  return results;
 }
--- a/specs/utility/osquery_info.table
+++ b/specs/utility/osquery_info.table
@ -2,6 +2,8 @@ table_name("osquery_info")
 description("Top level information about the running version of osquery.")
 schema([
    Column("pid", INTEGER, "Process (or thread/handle) ID"),
+    Column("uuid", TEXT, "Unique ID provided by the system"),
+    Column("instance_id", TEXT, "Unique, long-lived ID per instance of osquery"),
    Column("version", TEXT, "osquery toolkit version"),
    Column("config_hash", TEXT, "Hash of the working configuration state"),
    Column("config_valid", INTEGER, "1 if the config was loaded and considered valid, else 0"),