valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 18:08:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #997 from facebook/platform_osquery_info

Browse Source 
[#989] Adding distro and version to osquery_info
This commit is contained in:
Mike Arpaia 2015-04-15 21:28:35 -07:00
commit a8506d15e8
3 changed files with 23 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
CMakeLists.txt
View File

@ -54,10 +54,13 @@ execute_process(
OUTPUT_VARIABLE PLATFORM OUTPUT_VARIABLE PLATFORM
OUTPUT_STRIP_TRAILING_WHITESPACE OUTPUT_STRIP_TRAILING_WHITESPACE
) )
list(GET PLATFORM 0 OSQUERY_BUILD_PLATFORM)
list(GET PLATFORM 1 OSQUERY_BUILD_DISTRO)
string(REPLACE "." "_" PLATFORM "${PLATFORM}") string(REPLACE "." "_" PLATFORM "${PLATFORM}")
string(TOUPPER "${PLATFORM}" PLATFORM) string(TOUPPER "${PLATFORM}" PLATFORM)
list(GET PLATFORM 0 OSQUERY_BUILD_OS) list(GET PLATFORM 0 OSQUERY_BUILD_PLATFORM_DEFINE)
list(GET PLATFORM 1 OSQUERY_BUILD_DISTRO) list(GET PLATFORM 1 OSQUERY_BUILD_DISTRO_DEFINE)
# RHEL6 uses a different gcc 4.9 runtime # RHEL6 uses a different gcc 4.9 runtime
if(${OSQUERY_BUILD_DISTRO} STREQUAL "RHEL6") if(${OSQUERY_BUILD_DISTRO} STREQUAL "RHEL6")
@ -128,8 +131,10 @@ endif()
add_definitions( add_definitions(
-DOSQUERY_BUILD_VERSION=${OSQUERY_BUILD_VERSION} -DOSQUERY_BUILD_VERSION=${OSQUERY_BUILD_VERSION}
-DOSQUERY_BUILD_SDK_VERSION=${OSQUERY_BUILD_SDK_VERSION} -DOSQUERY_BUILD_SDK_VERSION=${OSQUERY_BUILD_SDK_VERSION}
-D${OSQUERY_BUILD_OS} -DOSQUERY_BUILD_PLATFORM=${OSQUERY_BUILD_PLATFORM}
-D${OSQUERY_BUILD_OS}_${OSQUERY_BUILD_DISTRO} -DOSQUERY_BUILD_DISTRO=${OSQUERY_BUILD_DISTRO}
-D${OSQUERY_BUILD_PLATFORM_DEFINE}
-D${OSQUERY_BUILD_PLATFORM_DEFINE}_${OSQUERY_BUILD_DISTRO_DEFINE}
) )
if(APPLE) if(APPLE)

12
osquery/tables/specs/utility/osquery_info.table
View File

@ -1,11 +1,15 @@
table_name("osquery_info") table_name("osquery_info")
description("Top level information about the running version of osquery.") description("Top level information about the running version of osquery.")
schema([ schema([
Column("version", TEXT),
Column("config_md5", TEXT),
Column("config_path", TEXT),
Column("pid", INTEGER, "Process (or thread) ID"), Column("pid", INTEGER, "Process (or thread) ID"),
Column("extensions", TEXT), Column("version", TEXT, "osquery toolkit version"),
Column("config_md5", TEXT, "md5 hash of the working configuration"),
Column("config_path", TEXT,
"Optional: path to filesystem config plugin content"),
Column("extensions", TEXT, "osquery extensions status"),
Column("build_platform", TEXT, "osquery toolkit build platform"),
Column("build_distro", TEXT,
"osquery toolkit platform distribution name (os version)"),
]) ])
attributes(utility=True) attributes(utility=True)
implementation("osquery@genOsqueryInfo") implementation("osquery@genOsqueryInfo")

6
osquery/tables/utility/osquery.cpp
View File

@ -110,8 +110,8 @@ QueryData genOsqueryInfo(QueryContext& context) {
QueryData results; QueryData results;
Row r; Row r;
r["version"] = TEXT(OSQUERY_VERSION);
r["pid"] = INTEGER(getpid()); r["pid"] = INTEGER(getpid());
r["version"] = TEXT(OSQUERY_VERSION);
std::string hash_string; std::string hash_string;
auto s = Config::getMD5(hash_string); auto s = Config::getMD5(hash_string);
@ -125,6 +125,10 @@ QueryData genOsqueryInfo(QueryContext& context) {
r["config_path"] = Flag::getValue("config_path"); r["config_path"] = Flag::getValue("config_path");
r["extensions"] = r["extensions"] =
(pingExtension(FLAGS_extensions_socket).ok()) ? "active" : "inactive"; (pingExtension(FLAGS_extensions_socket).ok()) ? "active" : "inactive";
r["build_platform"] = STR(OSQUERY_BUILD_PLATFORM);
r["build_distro"] = STR(OSQUERY_BUILD_DISTRO);
results.push_back(r); results.push_back(r);
return results; return results;