mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-07 18:08:53 +00:00
commit
61e309f4e2
@ -28,9 +28,14 @@ OUTPUT_PKG_PATH="$BUILD_DIR/$PACKAGE_NAME-$PACKAGE_VERSION."
|
||||
# Config files
|
||||
INITD_SRC="$SCRIPT_DIR/osqueryd.initd"
|
||||
INITD_DST="/etc/init.d/osqueryd"
|
||||
|
||||
CTL_SRC="$SCRIPT_DIR/osqueryctl"
|
||||
|
||||
OSQUERY_EXAMPLE_CONFIG_SRC="$SCRIPT_DIR/osquery.example.conf"
|
||||
OSQUERY_EXAMPLE_CONFIG_DST="/usr/share/osquery/osquery.example.conf"
|
||||
OSQUERY_LOG_DIR="/var/log/osquery/"
|
||||
OSQUERY_VAR_DIR="/var/osquery"
|
||||
OSQUERY_ETC_DIR="/etc/osquery"
|
||||
|
||||
WORKING_DIR=/tmp/osquery_packaging
|
||||
INSTALL_PREFIX=$WORKING_DIR/prefix
|
||||
@ -84,10 +89,13 @@ function main() {
|
||||
cp "$BUILD_DIR/osquery/osqueryi" $BINARY_INSTALL_DIR
|
||||
cp "$BUILD_DIR/osquery/osqueryd" $BINARY_INSTALL_DIR
|
||||
strip $BINARY_INSTALL_DIR/*
|
||||
cp "$CTL_SRC" $BINARY_INSTALL_DIR
|
||||
|
||||
# Create the prefix log dir and copy source configs
|
||||
log "copying osquery configurations"
|
||||
mkdir -p $INSTALL_PREFIX/$OSQUERY_VAR_DIR
|
||||
mkdir -p $INSTALL_PREFIX/$OSQUERY_LOG_DIR
|
||||
mkdir -p $INSTALL_PREFIX/$OSQUERY_ETC_DIR
|
||||
mkdir -p `dirname $INSTALL_PREFIX$OSQUERY_EXAMPLE_CONFIG_DST`
|
||||
cp $OSQUERY_EXAMPLE_CONFIG_SRC $INSTALL_PREFIX$OSQUERY_EXAMPLE_CONFIG_DST
|
||||
|
||||
|
124
tools/deployment/osqueryctl
Executable file
124
tools/deployment/osqueryctl
Executable file
@ -0,0 +1,124 @@
|
||||
#!/bin/bash
|
||||
|
||||
ensure_root() {
|
||||
if [ $UID -ne 0 ]; then
|
||||
echo "User has insufficient privileges. $0 must be run as root."
|
||||
exit 4
|
||||
fi
|
||||
}
|
||||
ensure_root
|
||||
|
||||
check_config() {
|
||||
if [ ! -e $REAL_CONFIG_PATH ] ; then
|
||||
echo "No osquery config file found at $REAL_CONFIG_PATH."
|
||||
echo "See '$EXAMPLE_CONFIG_PATH' for an example config."
|
||||
exit 4
|
||||
fi
|
||||
}
|
||||
|
||||
# Use this function to detect the operating system that this
|
||||
platform() {
|
||||
local __resultvar=$1
|
||||
if [[ -f "/etc/redhat-release" ]]; then
|
||||
eval $__resultvar="centos"
|
||||
elif [[ -f "/etc/lsb-release" ]]; then
|
||||
eval $__resultvar="ubuntu"
|
||||
else
|
||||
eval $__resultvar=`uname -s | tr '[:upper:]' '[:lower:]'`
|
||||
fi
|
||||
}
|
||||
|
||||
platform OS
|
||||
|
||||
if [ $OS = "darwin" ]; then
|
||||
REAL_CONFIG_PATH="/var/osquery/osquery.conf"
|
||||
EXAMPLE_CONFIG_PATH="/var/osquery/osquery.example.conf"
|
||||
PIDFILE="/var/osquery/osquery.pid"
|
||||
LOCKFILE="/var/osquery/osquery.lock"
|
||||
EXEC="/usr/local/bin/osqueryd"
|
||||
PLIST_DOMAIN="com.facebook.osqueryd"
|
||||
PLIST_PATH="/Library/LaunchDaemons/$PLIST_DOMAIN.plist"
|
||||
LAUNCHCTL_LIST=`launchctl list | grep com.facebook.osqueryd`
|
||||
LAUNCHCTL_LIST_PID=`echo $LAUNCHCTL_LIST | awk '{ print $1 }'`
|
||||
else
|
||||
INIT_SCRIPT_PATH="/etc/init.d/osqueryd"
|
||||
if [ ! -e $INIT_SCRIPT_PATH ]; then
|
||||
echo "Cannot find the init.d script at $INIT_SCRIPT_PATH"
|
||||
exit 6
|
||||
fi
|
||||
|
||||
REAL_CONFIG_PATH="/etc/osquery/osquery.conf"
|
||||
EXAMPLE_CONFIG_PATH="/usr/share/osquery/osquery.example.conf"
|
||||
PIDFILE="/var/run/osquery.pid"
|
||||
LOCKFILE="/var/lock/subsys/osqueryd"
|
||||
EXEC="/usr/bin/osqueryd"
|
||||
fi
|
||||
PROG="osqueryd"
|
||||
|
||||
exec_with_env() {
|
||||
REAL_CONFIG_PATH=$REAL_CONFIG_PATH \
|
||||
EXAMPLE_CONFIG_PATH=$EXAMPLE_CONFIG_PATH \
|
||||
PIDFILE=$PIDFILE \
|
||||
LOCKFILE=$LOCKFILE \
|
||||
EXEC=$EXEC \
|
||||
PROG=$PROG \
|
||||
$1
|
||||
return $?
|
||||
}
|
||||
|
||||
start() {
|
||||
check_config
|
||||
if [ $OS = "darwin" ]; then
|
||||
launchctl start $PLIST_PATH
|
||||
else
|
||||
exec_with_env "service osqueryd start"
|
||||
fi
|
||||
}
|
||||
|
||||
stop() {
|
||||
if [ $OS = "darwin" ]; then
|
||||
launchctl stop $PLIST_PATH
|
||||
else
|
||||
exec_with_env "service osqueryd stop"
|
||||
fi
|
||||
}
|
||||
|
||||
restart() {
|
||||
stop
|
||||
start
|
||||
}
|
||||
|
||||
status() {
|
||||
if [ $OS = "darwin" ]; then
|
||||
if [[ "$LAUNCHCTL_LIST" = "" || "$LAUNCHCTL_LIST_PID" = "-" ]]; then
|
||||
echo "$PLIST_DOMAIN is not running"
|
||||
else
|
||||
echo "$PLIST_DOMAIN is running. pid: $LAUNCHCTL_LIST_PID"
|
||||
fi
|
||||
else
|
||||
exec_with_env "service osqueryd status"
|
||||
fi
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
$1
|
||||
;;
|
||||
stop)
|
||||
$1
|
||||
;;
|
||||
restart)
|
||||
$1
|
||||
;;
|
||||
status)
|
||||
$1
|
||||
;;
|
||||
config-check)
|
||||
$EXEC --config_path=$REAL_CONFIG_PATH --config_check
|
||||
;;
|
||||
*)
|
||||
echo $"Usage: $0 {start|stop|status|restart}"
|
||||
exit 2
|
||||
|
||||
esac
|
||||
exit $?
|
150
tools/deployment/osqueryd.initd
Normal file → Executable file
150
tools/deployment/osqueryd.initd
Normal file → Executable file
@ -3,90 +3,112 @@
|
||||
# osqueryd Start/Stop the osquery daemon.
|
||||
#
|
||||
# chkconfig: 3345 90 60
|
||||
# Description:
|
||||
# With osquery, you can use SQL to query low-level
|
||||
# operating system information. Under the hood, instead
|
||||
# of querying static tables, these queries dynamically execute
|
||||
# high-performance native code. The results of the
|
||||
# SQL query are transparently returned to you quickly and easily
|
||||
#
|
||||
# Description:
|
||||
# With osquery, you can use SQL to query low-level
|
||||
# operating system information. Under the hood, instead
|
||||
# of querying static tables, these queries dynamically execute
|
||||
# high-performance native code. The results of the
|
||||
# SQL query are transparently returned to you quickly and easily
|
||||
#
|
||||
### BEGIN INIT INFO
|
||||
# Provides: osquery osqueryd
|
||||
# Provides: osquery osqueryd
|
||||
# Required-Start: $local_fs $syslog
|
||||
# Required-Stop: $local_fs $syslog
|
||||
# Default-Start: 3345
|
||||
# Default-Stop: 90
|
||||
# Short-Description: run osqueryd daemon
|
||||
# Description:
|
||||
# With osquery, you can use SQL to query low-level
|
||||
# operating system information. Under the hood, instead
|
||||
# of querying static tables, these queries dynamically execute
|
||||
# high-performance native code. The results of the
|
||||
# SQL query are transparently returned to you quickly and easily
|
||||
#
|
||||
#
|
||||
# Description:
|
||||
# With osquery, you can use SQL to query low-level
|
||||
# operating system information. Under the hood, instead
|
||||
# of querying static tables, these queries dynamically execute
|
||||
# high-performance native code. The results of the
|
||||
# SQL query are transparently returned to you quickly and easily
|
||||
#
|
||||
#
|
||||
### END INIT INFO
|
||||
|
||||
if [ -z $RETVAL ]; then RETVAL=0; fi
|
||||
if [ -z $PROG ]; then PROG="osqueryd"; fi
|
||||
if [ -z $EXEC ]; then EXEC=/usr/bin/osqueryd; fi
|
||||
if [ -z $REAL_CONFIG_PATH ]; then REAL_CONFIG_PATH=/etc/osquery/osquery.conf; fi
|
||||
if [ -z $LOCKFILE ]; then LOCKFILE=/var/lock/osqueryd; fi
|
||||
if [ -z $PIDFILE ]; then PIDFILE=/var/run/osquery.pid; fi
|
||||
if [ -z $UID ]; then UID=$(id -u); fi
|
||||
|
||||
RETVAL=0
|
||||
prog="osqueryd"
|
||||
exec=/usr/bin/osqueryd
|
||||
config=/etc/osquery/osquery.conf
|
||||
lockfile=/var/lock/subsys/osqueryd
|
||||
pidfile=/var/run/osquery.pid
|
||||
|
||||
[ $UID -eq 0 ] && [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
|
||||
|
||||
. /etc/init.d/functions
|
||||
|
||||
if [ ! -e $config ] ; then
|
||||
echo "No osquery config file found at $config."
|
||||
echo "See '/usr/share/osquery/osquery.example.conf' for an example config."
|
||||
exit 4
|
||||
if [ $UID -eq 0 ] && [ -e /etc/sysconfig/$PROG ]; then
|
||||
. /etc/sysconfig/$PROG
|
||||
fi
|
||||
|
||||
if [ -e /etc/init.d/functions ]; then
|
||||
. /etc/init.d/functions
|
||||
fi
|
||||
|
||||
if [ ! -e $REAL_CONFIG_PATH ] ; then
|
||||
echo "No osquery config file found at $REAL_CONFIG_PATH"
|
||||
echo "See '/usr/share/osquery/osquery.example.conf' for an example config."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
ensure_root() {
|
||||
if [ $UID -ne 0 ] ; then
|
||||
echo "User has insufficient privilege."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
start() {
|
||||
if [ $UID -ne 0 ] ; then
|
||||
echo "User has insufficient privilege."
|
||||
exit 4
|
||||
elif [ -f $pidfile ]; then
|
||||
PID=$(cat $pidfile)
|
||||
echo "$prog is already running: $PID"
|
||||
exit 4
|
||||
ensure_root
|
||||
|
||||
if [ -f $PIDFILE ]; then
|
||||
PID=$(cat $PIDFILE)
|
||||
PROCNAME=$(ps -p $PID -o comm\=)
|
||||
if [ "$PROCNAME" = "$PROG" ]; then
|
||||
echo "$PROG is already running: $PID"
|
||||
return 1
|
||||
else
|
||||
daemon $prog --config_path=$config \
|
||||
--pidfile=$pidfile \
|
||||
--daemonize=true
|
||||
retval=$?
|
||||
echo
|
||||
[ $retval -eq 0 ] && touch $lockfile || failure
|
||||
# osqueryd pidfile exists but it's not running
|
||||
rm $PIDFILE
|
||||
fi
|
||||
fi
|
||||
|
||||
$PROG --config_path=$REAL_CONFIG_PATH \
|
||||
--pidfile=$PIDFILE \
|
||||
--daemonize=true
|
||||
return $?
|
||||
}
|
||||
|
||||
stop() {
|
||||
if [ $UID -ne 0 ] ; then
|
||||
echo "User has insufficient privilege."
|
||||
exit 4
|
||||
elif [ ! -s $pidfile ] ; then
|
||||
echo $"Stopping $prog: "
|
||||
failure $"Stopping $prog"
|
||||
else
|
||||
echo -n $"Stopping $prog: "
|
||||
killproc $prog
|
||||
retval=$?
|
||||
echo
|
||||
[ $retval -eq 0 ] && rm -f $lockfile
|
||||
rm -f $pidfile
|
||||
fi
|
||||
ensure_root
|
||||
|
||||
if [ ! -f $PIDFILE ] ; then
|
||||
echo "$PROG is not running. no pidfile found."
|
||||
return 1
|
||||
else
|
||||
PID=$(cat $PIDFILE)
|
||||
pkill -P $PID && kill -9 $PID
|
||||
rm -f $PIDFILE
|
||||
fi
|
||||
}
|
||||
|
||||
restart() {
|
||||
stop
|
||||
start
|
||||
stop
|
||||
start
|
||||
}
|
||||
|
||||
get_status() {
|
||||
status -p $pidfile $prog
|
||||
status() {
|
||||
if [ ! -f $PIDFILE ] ; then
|
||||
echo "$PROG is not running. no pidfile found."
|
||||
else
|
||||
PID=$(cat $PIDFILE)
|
||||
PROCNAME=$(ps -p $PID -o comm\=)
|
||||
if [ "$PROCNAME" = "$PROG" ]; then
|
||||
echo "$PROG is already running: $PID"
|
||||
return 0
|
||||
else
|
||||
# osqueryd pidfile exists but it's not running
|
||||
echo "$PROG is not running but a stale pidfile was found."
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
@ -100,10 +122,10 @@ case "$1" in
|
||||
$1
|
||||
;;
|
||||
status)
|
||||
get_status
|
||||
$1
|
||||
;;
|
||||
*)
|
||||
echo $"Usage: $0 {start|stop|status|restart}"
|
||||
echo "Usage: $0 {start|stop|status|restart}"
|
||||
exit 2
|
||||
esac
|
||||
exit $?
|
||||
|
Loading…
Reference in New Issue
Block a user