valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-08 02:18:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #791 from marpaia/osqueryctl-dev

Browse Source 
osqueryctl tool
This commit is contained in:
Mike Arpaia 2015-02-24 11:57:46 -08:00
commit 61e309f4e2
3 changed files with 218 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
tools/deployment/make_linux_package.sh
View File

@ -28,9 +28,14 @@ OUTPUT_PKG_PATH="$BUILD_DIR/$PACKAGE_NAME-$PACKAGE_VERSION."
# Config files # Config files
INITD_SRC="$SCRIPT_DIR/osqueryd.initd" INITD_SRC="$SCRIPT_DIR/osqueryd.initd"
INITD_DST="/etc/init.d/osqueryd" INITD_DST="/etc/init.d/osqueryd"
CTL_SRC="$SCRIPT_DIR/osqueryctl"
OSQUERY_EXAMPLE_CONFIG_SRC="$SCRIPT_DIR/osquery.example.conf" OSQUERY_EXAMPLE_CONFIG_SRC="$SCRIPT_DIR/osquery.example.conf"
OSQUERY_EXAMPLE_CONFIG_DST="/usr/share/osquery/osquery.example.conf" OSQUERY_EXAMPLE_CONFIG_DST="/usr/share/osquery/osquery.example.conf"
OSQUERY_LOG_DIR="/var/log/osquery/" OSQUERY_LOG_DIR="/var/log/osquery/"
OSQUERY_VAR_DIR="/var/osquery"
OSQUERY_ETC_DIR="/etc/osquery"
WORKING_DIR=/tmp/osquery_packaging WORKING_DIR=/tmp/osquery_packaging
INSTALL_PREFIX=$WORKING_DIR/prefix INSTALL_PREFIX=$WORKING_DIR/prefix
@ -84,10 +89,13 @@ function main() {
cp "$BUILD_DIR/osquery/osqueryi" $BINARY_INSTALL_DIR cp "$BUILD_DIR/osquery/osqueryi" $BINARY_INSTALL_DIR
cp "$BUILD_DIR/osquery/osqueryd" $BINARY_INSTALL_DIR cp "$BUILD_DIR/osquery/osqueryd" $BINARY_INSTALL_DIR
strip $BINARY_INSTALL_DIR/* strip $BINARY_INSTALL_DIR/*
cp "$CTL_SRC" $BINARY_INSTALL_DIR
# Create the prefix log dir and copy source configs # Create the prefix log dir and copy source configs
log "copying osquery configurations" log "copying osquery configurations"
mkdir -p $INSTALL_PREFIX/$OSQUERY_VAR_DIR
mkdir -p $INSTALL_PREFIX/$OSQUERY_LOG_DIR mkdir -p $INSTALL_PREFIX/$OSQUERY_LOG_DIR
mkdir -p $INSTALL_PREFIX/$OSQUERY_ETC_DIR
mkdir -p `dirname $INSTALL_PREFIX$OSQUERY_EXAMPLE_CONFIG_DST` mkdir -p `dirname $INSTALL_PREFIX$OSQUERY_EXAMPLE_CONFIG_DST`
cp $OSQUERY_EXAMPLE_CONFIG_SRC $INSTALL_PREFIX$OSQUERY_EXAMPLE_CONFIG_DST cp $OSQUERY_EXAMPLE_CONFIG_SRC $INSTALL_PREFIX$OSQUERY_EXAMPLE_CONFIG_DST

124
tools/deployment/osqueryctl Executable file
View File

@ -0,0 +1,124 @@
#!/bin/bash
ensure_root() {
if [ $UID -ne 0 ]; then
echo "User has insufficient privileges. $0 must be run as root."
exit 4
fi
}
ensure_root
check_config() {
if [ ! -e $REAL_CONFIG_PATH ] ; then
echo "No osquery config file found at $REAL_CONFIG_PATH."
echo "See '$EXAMPLE_CONFIG_PATH' for an example config."
exit 4
fi
}
# Use this function to detect the operating system that this
platform() {
local __resultvar=$1
if [[ -f "/etc/redhat-release" ]]; then
eval $__resultvar="centos"
elif [[ -f "/etc/lsb-release" ]]; then
eval $__resultvar="ubuntu"
else
eval $__resultvar=`uname -s | tr '[:upper:]' '[:lower:]'`
fi
}
platform OS
if [ $OS = "darwin" ]; then
REAL_CONFIG_PATH="/var/osquery/osquery.conf"
EXAMPLE_CONFIG_PATH="/var/osquery/osquery.example.conf"
PIDFILE="/var/osquery/osquery.pid"
LOCKFILE="/var/osquery/osquery.lock"
EXEC="/usr/local/bin/osqueryd"
PLIST_DOMAIN="com.facebook.osqueryd"
PLIST_PATH="/Library/LaunchDaemons/$PLIST_DOMAIN.plist"
LAUNCHCTL_LIST=`launchctl list | grep com.facebook.osqueryd`
LAUNCHCTL_LIST_PID=`echo $LAUNCHCTL_LIST | awk '{ print $1 }'`
else
INIT_SCRIPT_PATH="/etc/init.d/osqueryd"
if [ ! -e $INIT_SCRIPT_PATH ]; then
echo "Cannot find the init.d script at $INIT_SCRIPT_PATH"
exit 6
fi
REAL_CONFIG_PATH="/etc/osquery/osquery.conf"
EXAMPLE_CONFIG_PATH="/usr/share/osquery/osquery.example.conf"
PIDFILE="/var/run/osquery.pid"
LOCKFILE="/var/lock/subsys/osqueryd"
EXEC="/usr/bin/osqueryd"
fi
PROG="osqueryd"
exec_with_env() {
REAL_CONFIG_PATH=$REAL_CONFIG_PATH \
EXAMPLE_CONFIG_PATH=$EXAMPLE_CONFIG_PATH \
PIDFILE=$PIDFILE \
LOCKFILE=$LOCKFILE \
EXEC=$EXEC \
PROG=$PROG \
$1
return $?
}
start() {
check_config
if [ $OS = "darwin" ]; then
launchctl start $PLIST_PATH
else
exec_with_env "service osqueryd start"
fi
}
stop() {
if [ $OS = "darwin" ]; then
launchctl stop $PLIST_PATH
else
exec_with_env "service osqueryd stop"
fi
}
restart() {
stop
start
}
status() {
if [ $OS = "darwin" ]; then
if [[ "$LAUNCHCTL_LIST" = "" || "$LAUNCHCTL_LIST_PID" = "-" ]]; then
echo "$PLIST_DOMAIN is not running"
else
echo "$PLIST_DOMAIN is running. pid: $LAUNCHCTL_LIST_PID"
fi
else
exec_with_env "service osqueryd status"
fi
}
case "$1" in
start)
$1
;;
stop)
$1
;;
restart)
$1
;;
status)
$1
;;
config-check)
$EXEC --config_path=$REAL_CONFIG_PATH --config_check
;;
*)
echo $"Usage: $0 {start|stop|status|restart}"
exit 2
esac
exit $?

150
tools/deployment/osqueryd.initd Normal file → Executable file
View File

@ -3,90 +3,112 @@
# osqueryd Start/Stop the osquery daemon. # osqueryd Start/Stop the osquery daemon.
# #
# chkconfig: 3345 90 60 # chkconfig: 3345 90 60
# Description: # Description:
# With osquery, you can use SQL to query low-level # With osquery, you can use SQL to query low-level
# operating system information. Under the hood, instead # operating system information. Under the hood, instead
# of querying static tables, these queries dynamically execute # of querying static tables, these queries dynamically execute
# high-performance native code. The results of the # high-performance native code. The results of the
# SQL query are transparently returned to you quickly and easily # SQL query are transparently returned to you quickly and easily
# #
### BEGIN INIT INFO ### BEGIN INIT INFO
# Provides: osquery osqueryd # Provides: osquery osqueryd
# Required-Start: $local_fs $syslog # Required-Start: $local_fs $syslog
# Required-Stop: $local_fs $syslog # Required-Stop: $local_fs $syslog
# Default-Start: 3345 # Default-Start: 3345
# Default-Stop: 90 # Default-Stop: 90
# Short-Description: run osqueryd daemon # Short-Description: run osqueryd daemon
# Description: # Description:
# With osquery, you can use SQL to query low-level # With osquery, you can use SQL to query low-level
# operating system information. Under the hood, instead # operating system information. Under the hood, instead
# of querying static tables, these queries dynamically execute # of querying static tables, these queries dynamically execute
# high-performance native code. The results of the # high-performance native code. The results of the
# SQL query are transparently returned to you quickly and easily # SQL query are transparently returned to you quickly and easily
# #
# #
### END INIT INFO ### END INIT INFO
if [ -z $RETVAL ]; then RETVAL=0; fi
if [ -z $PROG ]; then PROG="osqueryd"; fi
if [ -z $EXEC ]; then EXEC=/usr/bin/osqueryd; fi
if [ -z $REAL_CONFIG_PATH ]; then REAL_CONFIG_PATH=/etc/osquery/osquery.conf; fi
if [ -z $LOCKFILE ]; then LOCKFILE=/var/lock/osqueryd; fi
if [ -z $PIDFILE ]; then PIDFILE=/var/run/osquery.pid; fi
if [ -z $UID ]; then UID=$(id -u); fi
RETVAL=0 if [ $UID -eq 0 ] && [ -e /etc/sysconfig/$PROG ]; then
prog="osqueryd" . /etc/sysconfig/$PROG
exec=/usr/bin/osqueryd
config=/etc/osquery/osquery.conf
lockfile=/var/lock/subsys/osqueryd
pidfile=/var/run/osquery.pid
[ $UID -eq 0 ] && [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
. /etc/init.d/functions
if [ ! -e $config ] ; then
echo "No osquery config file found at $config."
echo "See '/usr/share/osquery/osquery.example.conf' for an example config."
exit 4
fi fi
if [ -e /etc/init.d/functions ]; then
. /etc/init.d/functions
fi
if [ ! -e $REAL_CONFIG_PATH ] ; then
echo "No osquery config file found at $REAL_CONFIG_PATH"
echo "See '/usr/share/osquery/osquery.example.conf' for an example config."
exit 1
fi
ensure_root() {
if [ $UID -ne 0 ] ; then
echo "User has insufficient privilege."
exit 1
fi
}
start() { start() {
if [ $UID -ne 0 ] ; then ensure_root
echo "User has insufficient privilege."
exit 4 if [ -f $PIDFILE ]; then
elif [ -f $pidfile ]; then PID=$(cat $PIDFILE)
PID=$(cat $pidfile) PROCNAME=$(ps -p $PID -o comm\=)
echo "$prog is already running: $PID" if [ "$PROCNAME" = "$PROG" ]; then
exit 4 echo "$PROG is already running: $PID"
return 1
else else
daemon $prog --config_path=$config \ # osqueryd pidfile exists but it's not running
--pidfile=$pidfile \ rm $PIDFILE
--daemonize=true
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile || failure
fi fi
fi
$PROG --config_path=$REAL_CONFIG_PATH \
--pidfile=$PIDFILE \
--daemonize=true
return $?
} }
stop() { stop() {
if [ $UID -ne 0 ] ; then ensure_root
echo "User has insufficient privilege."
exit 4 if [ ! -f $PIDFILE ] ; then
elif [ ! -s $pidfile ] ; then echo "$PROG is not running. no pidfile found."
echo $"Stopping $prog: " return 1
failure $"Stopping $prog" else
else PID=$(cat $PIDFILE)
echo -n $"Stopping $prog: " pkill -P $PID && kill -9 $PID
killproc $prog rm -f $PIDFILE
retval=$? fi
echo
[ $retval -eq 0 ] && rm -f $lockfile
rm -f $pidfile
fi
} }
restart() { restart() {
stop stop
start start
} }
get_status() { status() {
status -p $pidfile $prog if [ ! -f $PIDFILE ] ; then
echo "$PROG is not running. no pidfile found."
else
PID=$(cat $PIDFILE)
PROCNAME=$(ps -p $PID -o comm\=)
if [ "$PROCNAME" = "$PROG" ]; then
echo "$PROG is already running: $PID"
return 0
else
# osqueryd pidfile exists but it's not running
echo "$PROG is not running but a stale pidfile was found."
fi
fi
} }
case "$1" in case "$1" in
@ -100,10 +122,10 @@ case "$1" in
$1 $1
;; ;;
status) status)
get_status $1
;; ;;
*) *)
echo $"Usage: $0 {start|stop|status|restart}" echo "Usage: $0 {start|stop|status|restart}"
exit 2 exit 2
esac esac
exit $? exit $?