valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-06 17:45:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Towards building on FreeBSD/ports

Browse Source
This commit is contained in:
Teddy Reed 2015-05-06 21:58:23 -07:00
parent a64270f324
commit c7b9114975
14 changed files with 199 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CMake/CMakeLibs.cmake
View File

@ -105,7 +105,9 @@ endmacro(ADD_OSQUERY_EXTENSION)
macro(ADD_OSQUERY_MODULE TARGET)
add_library(${TARGET} SHARED ${ARGN})
target_link_libraries(${TARGET} dl)
if(NOT FREEBSD)
target_link_libraries(${TARGET} dl)
endif()
add_dependencies(${TARGET} libglog libosquery)
if(APPLE)
target_link_libraries(${TARGET} "-undefined dynamic_lookup")

94
CMakeLists.txt
View File

@ -1,7 +1,18 @@
cmake_minimum_required(VERSION 2.8.12)
set(CMAKE_C_COMPILER "clang")
set(CMAKE_CXX_COMPILER "clang++")
if(NOT DEFINED ENV{CC})
set(CMAKE_C_COMPILER "clang")
else()
set(CMAKE_C_COMPILER "$ENV{CC}")
message("-- Overriding C compiler from clang to $ENV{CC}")
endif()
if(NOT DEFINED ENV{CXX})
set(CMAKE_CXX_COMPILER "clang++")
else()
set(CMAKE_CXX_COMPILER "$ENV{CXX}")
message("-- Overriding CXX compiler from clang++ to $ENV{CXX}")
endif()
add_compile_options(
-Wall
-Wextra
@ -22,33 +33,6 @@ add_compile_options(
)
set(CXX_COMPILE_FLAGS "")
# Set non-C compile flags and whole-loading linker flags.
# osquery needs ALL symbols in the libraries it includes for relaxed ctors
# late-loading modules and SQLite introspection utilities.
if(APPLE)
set(APPLE_MIN_ABI "10.9")
set(CXX_COMPILE_FLAGS "${CXX_COMPILE_FLAGS} -std=c++11 -stdlib=libc++")
set(CXX_COMPILE_FLAGS "${CXX_COMPILE_FLAGS} -mmacosx-version-min=${APPLE_MIN_ABI}")
set(OS_WHOLELINK_PRE "-Wl,-force_load")
set(OS_WHOLELINK_POST "")
# Special compile flags for Objective-C++
set(OBJCXX_COMPILE_FLAGS
"-x objective-c++ -fobjc-arc -Wno-c++11-extensions -mmacosx-version-min=${APPLE_MIN_ABI}")
elseif(${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD")
set(FREEBSD TRUE)
set(LINUX FALSE)
set(CXX_COMPILE_FLAGS "${CXX_COMPILE_FLAGS} -std=c++11 -stdlib=libc++")
set(OS_WHOLELINK_PRE "")
set(OS_WHOLELINK_POST "")
else()
set(FREEBSD FALSE)
set(LINUX TRUE)
# Do not use the shared linker flags for modules.
set(CXX_COMPILE_FLAGS "${CXX_COMPILE_FLAGS} -std=c++11")
set(OS_WHOLELINK_PRE "-Wl,-whole-archive")
set(OS_WHOLELINK_POST "-Wl,-no-whole-archive")
endif()
# Use osquery language to set platform/os
execute_process(
COMMAND "${CMAKE_SOURCE_DIR}/tools/provision.sh" get_platform
@ -64,6 +48,33 @@ string(TOUPPER "${PLATFORM}" PLATFORM)
list(GET PLATFORM 0 OSQUERY_BUILD_PLATFORM_DEFINE)
list(GET PLATFORM 1 OSQUERY_BUILD_DISTRO_DEFINE)
# Set non-C compile flags and whole-loading linker flags.
# osquery needs ALL symbols in the libraries it includes for relaxed ctors
# late-loading modules and SQLite introspection utilities.
if(APPLE)
set(APPLE_MIN_ABI "10.9")
set(CXX_COMPILE_FLAGS "${CXX_COMPILE_FLAGS} -std=c++11 -stdlib=libc++")
set(CXX_COMPILE_FLAGS "${CXX_COMPILE_FLAGS} -mmacosx-version-min=${APPLE_MIN_ABI}")
set(OS_WHOLELINK_PRE "-Wl,-force_load")
set(OS_WHOLELINK_POST "")
# Special compile flags for Objective-C++
set(OBJCXX_COMPILE_FLAGS
"-x objective-c++ -fobjc-arc -Wno-c++11-extensions -mmacosx-version-min=${APPLE_MIN_ABI}")
else()
set(CXX_COMPILE_FLAGS "${CXX_COMPILE_FLAGS} -std=c++11")
set(OS_WHOLELINK_PRE "-Wl,-whole-archive")
set(OS_WHOLELINK_POST "-Wl,-no-whole-archive")
# Set CMAKE variables depending on platform, to know which tables and what
# component-specific globbing is needed.
if(${OSQUERY_BUILD_PLATFORM} STREQUAL "freebsd")
set(FREEBSD TRUE)
set(LINUX FALSE)
else()
set(LINUX TRUE)
set(FREEBSD FALSE)
endif()
endif()
# RHEL6 uses a different gcc 4.9 runtime
if(${OSQUERY_BUILD_DISTRO} STREQUAL "rhel6")
set(GCC_RUNTIME "/opt/rh/devtoolset-3/root/usr/")
@ -118,7 +129,7 @@ endif()
# Finished setting compiler/compiler flags.
project(OSQUERY)
# Make sure deps were built before compiling (else show warning)
# Make sure deps were built before compiling (else show warning).
execute_process(
COMMAND "${CMAKE_SOURCE_DIR}/tools/provision.sh" check "${CMAKE_BINARY_DIR}"
WORKING_DIRECTORY "${CMAKE_SOURCE_DIR}"
@ -128,16 +139,23 @@ execute_process(
)
string(ASCII 27 Esc)
if(OSQUERY_DEPS_CHECK)
message(WARNING "${Esc}[31m${OSQUERY_DEPS_MESSAGE}${Esc}[m")
message("-- ${Esc}[31m${OSQUERY_DEPS_MESSAGE}${Esc}[m")
endif()
# Generate version from git
execute_process(
COMMAND git describe --tags HEAD --always
WORKING_DIRECTORY "${CMAKE_SOURCE_DIR}"
OUTPUT_VARIABLE OSQUERY_BUILD_VERSION
OUTPUT_STRIP_TRAILING_WHITESPACE
)
# Discover build version from an environment variable or from the git checkout.
if(DEFINED ENV{OSQUERY_BUILD_VERSION})
set(OSQUERY_BUILD_VERSION "$ENV{OSQUERY_BUILD_VERSION}")
else()
# Generate version from git
execute_process(
COMMAND git describe --tags HEAD --always
WORKING_DIRECTORY "${CMAKE_SOURCE_DIR}"
OUTPUT_VARIABLE OSQUERY_BUILD_VERSION
OUTPUT_STRIP_TRAILING_WHITESPACE
)
endif()
# Discover the SDK version from an environment variable or the build version.
if(DEFINED ENV{SDK_VERSION})
set(OSQUERY_BUILD_SDK_VERSION "${ENV{SDK_VERSION}}")
else()

6
include/osquery/core.h
View File

@ -30,7 +30,11 @@
// clang-format on
#ifndef __constructor__
#define __constructor__ __attribute__((constructor))
#define __registry_constructor__ __attribute__((constructor(101)))
#define __plugin_constructor__ __attribute__((constructor(102)))
#else
#define __registry_constructor__ __attribute__((__constructor__(101)))
#define __plugin_constructor__ __attribute__((__constructor__(102)))
#endif
/// A configuration error is catastrophic and should exit the watcher.

32
include/osquery/registry.h
View File

@ -41,11 +41,11 @@ namespace osquery {
* @param type A typename that derives from Plugin.
* @param name A string identifier for the registry.
*/
#define CREATE_REGISTRY(type, name) \
namespace registry { \
__constructor__ static void type##Registry() { \
Registry::create<type>(name); \
} \
#define CREATE_REGISTRY(type, name) \
namespace registry { \
__registry_constructor__ static void type##Registry() { \
Registry::create<type>(name); \
} \
}
/**
@ -56,11 +56,11 @@ namespace osquery {
* @param type A typename that derives from Plugin.
* @param name A string identifier for the registry.
*/
#define CREATE_LAZY_REGISTRY(type, name) \
namespace registry { \
__constructor__ static void type##Registry() { \
Registry::create<type>(name, true); \
} \
#define CREATE_LAZY_REGISTRY(type, name) \
namespace registry { \
__registry_constructor__ static void type##Registry() { \
Registry::create<type>(name, true); \
} \
}
/**
@ -75,15 +75,15 @@ namespace osquery {
* @param registry The string name for the registry.
* @param name A string identifier for this registry item.
*/
#define REGISTER(type, registry, name) \
__constructor__ static void type##RegistryItem() { \
Registry::add<type>(registry, name); \
#define REGISTER(type, registry, name) \
__plugin_constructor__ static void type##RegistryItem() { \
Registry::add<type>(registry, name); \
}
/// The same as REGISTER but prevents the plugin item from being broadcasted.
#define REGISTER_INTERNAL(type, registry, name) \
__constructor__ static void type##RegistryItem() { \
Registry::add<type>(registry, name, true); \
#define REGISTER_INTERNAL(type, registry, name) \
__plugin_constructor__ static void type##RegistryItem() { \
Registry::add<type>(registry, name, true); \
}
/**

5
osquery/main/run.cpp
View File

@ -10,10 +10,9 @@
#include <errno.h>
#include <gflags/gflags.h>
#include <osquery/core.h>
#include <osquery/events.h>
#include <osquery/flags.h>
#include <osquery/logger.h>
#include <osquery/sql.h>
@ -27,7 +26,7 @@ int main(int argc, char* argv[]) {
// Let gflags parse the non-help options/flags.
GFLAGS_NAMESPACE::ParseCommandLineFlags(&argc, &argv, false);
GFLAGS_NAMESPACE::InitGoogleLogging(argv[0]);
google::InitGoogleLogging(argv[0]);
if (FLAGS_query == "") {
fprintf(stderr, "Usage: %s --query=\"query\"\n", argv[0]);

24
osquery/tables/CMakeLists.txt
View File

@ -59,12 +59,10 @@ else()
ADD_OSQUERY_LINK(FALSE "uuid")
endif()
if(NOT FREEBSD)
file(GLOB OSQUERY_CROSS_TABLES "[!u]*/*.cpp")
ADD_OSQUERY_LIBRARY(FALSE osquery_tables
${OSQUERY_CROSS_TABLES}
)
endif()
file(GLOB OSQUERY_CROSS_TABLES "[!ue]*/*.cpp")
ADD_OSQUERY_LIBRARY(FALSE osquery_tables
${OSQUERY_CROSS_TABLES}
)
file(GLOB OSQUERY_CROSS_TABLES_TESTS "[!u]*/tests/*.cpp")
ADD_OSQUERY_TABLE_TEST(${OSQUERY_CROSS_TABLES_TESTS})
@ -74,10 +72,12 @@ ADD_OSQUERY_LIBRARY(TRUE osquery_tables_utility
${OSQUERY_UTILITY_TABLES}
)
file(GLOB OSQUERY_UTILS "utils/*.cpp")
ADD_OSQUERY_LIBRARY(FALSE osquery_utils
${OSQUERY_UTILS}
)
if(NOT FREEBSD)
file(GLOB OSQUERY_UTILS "utils/*.cpp")
ADD_OSQUERY_LIBRARY(FALSE osquery_utils
${OSQUERY_UTILS}
)
file(GLOB OSQUERY_UTILS_TESTS "utils/tests/*.cpp")
ADD_OSQUERY_TEST(FALSE ${OSQUERY_UTILS_TESTS})
file(GLOB OSQUERY_UTILS_TESTS "utils/tests/*.cpp")
ADD_OSQUERY_TEST(FALSE ${OSQUERY_UTILS_TESTS})
endif()

3
osquery/tables/networking/interfaces.cpp
View File

@ -124,7 +124,8 @@ QueryData genInterfaceAddresses(QueryContext &context) {
}
for (if_addr = if_addrs; if_addr != nullptr; if_addr = if_addr->ifa_next) {
if (if_addr->ifa_addr->sa_family == AF_INET || if_addr->ifa_addr->sa_family == AF_INET6) {
if (if_addr->ifa_addr->sa_family == AF_INET ||
if_addr->ifa_addr->sa_family == AF_INET6) {
genAddressesFromAddr(if_addr, results);
}
}

6
osquery/tables/networking/utils.h
View File

@ -19,10 +19,10 @@ namespace osquery {
namespace tables {
// Define AF_INTERFACE as the alias for interface details.
#ifdef __APPLE__
#define AF_INTERFACE AF_LINK
#else
#ifdef __linux__
#define AF_INTERFACE AF_PACKET
#else
#define AF_INTERFACE AF_LINK
#endif
// Return a string representation for an IPv4/IPv6 struct.

34
osquery/tables/specs/blacklist
View File

@ -1,4 +1,36 @@
# osquery/tables/specs/blacklist
# Usage: add table spec names to this list to prevent table generation
# Example: add tables that are not yet ready for release
# Example: add a platform:table_name, which is not yet ready
freebsd:acpi_tables
freebsd:arp_cache
freebsd:block_devices
freebsd:chrome_extensions
freebsd:disk_encryption
freebsd:file_events
freebsd:firefox_addons
freebsd:groups
freebsd:hardware_events
#freebsd:interface_addresses
#freebsd:interface_details
freebsd:kernel_info
freebsd:last
#freebsd:listening_ports
freebsd:mounts
freebsd:opera_extensions
freebsd:os_version
freebsd:passwd_changes
freebsd:pci_devices
freebsd:process_envs
freebsd:process_memory_map
freebsd:process_open_files
freebsd:process_open_sockets
freebsd:processes
freebsd:routes
freebsd:system_controls
freebsd:usb_devices
freebsd:users
freebsd:yara_events
freebsd:yara
freebsd:system_controls
freebsd:smbios_tables

36
osquery/tables/system/freebsd/sysctl_utils.cpp Normal file
View File

@ -0,0 +1,36 @@
/*
* Copyright (c) 2014, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD-style license found in the
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*
*/
//#include <sys/sysctl.h>
#include <osquery/filesystem.h>
#include <osquery/tables.h>
#include "osquery/tables/system/sysctl_utils.h"
namespace osquery {
namespace tables {
void genControlInfo(int* oid,
size_t oid_size,
QueryData& results,
const std::map<std::string, std::string>& config) {
}
void genControlInfoFromName(const std::string& name, QueryData& results,
const std::map<std::string, std::string>& config) {
}
void genAllControls(QueryData& results,
const std::map<std::string, std::string>& config,
const std::string& subsystem) {
}
}
}

26
tools/codegen/gentable.py
View File

@ -30,9 +30,15 @@ TEMPLATES = {}
# Temporary reserved column names
RESERVED = ["n", "index"]
# Set the platform in osquery-language
if sys.platform in ["freebsd10"]:
PLATFORM = "freebsd"
elif sys.platform in ["linux", "linux2"]:
PLATFORM = "linux"
else:
PLATFORM = sys.platform
# Supported SQL types for spec
class DataType(object):
def __init__(self, affinity, cpp_type="std::string"):
@ -79,6 +85,8 @@ def is_blacklisted(table_name, path=None, blacklist=None):
"""Allow blacklisting by tablename."""
if blacklist is None:
specs_path = os.path.dirname(os.path.dirname(path))
if os.path.basename(specs_path) == "tables":
specs_path += "/specs"
blacklist_path = os.path.join(specs_path, "blacklist")
if not os.path.exists(blacklist_path):
return False
@ -91,9 +99,19 @@ def is_blacklisted(table_name, path=None, blacklist=None):
except:
# Blacklist is not readable.
return False
# table_name based blacklisting!
return table_name in blacklist if blacklist else False
if not blacklist:
return False
# table_name based blacklisting!
for item in blacklist:
item = item.split(":")
# If this item is restricted to a platform and the platform
# and table name match
if len(item) > 1 and PLATFORM == item[0] and table_name == item[1]:
return True
elif len(item) == 1 and table_name == item[0]:
return True
return False
def setup_templates(path):
tables_path = os.path.dirname(os.path.dirname(path))

1
tools/provision/freebsd.sh
View File

@ -12,6 +12,7 @@ function main_freebsd() {
package git
package python
package py27-pip
package snappy
package rocksdb
package thrift
package thrift-cpp

6
tools/provision/lib.sh
View File

@ -73,7 +73,11 @@ function install_rocksdb() {
CLANG_INCLUDE="-I/usr/lib/clang/$CLANG_VERSION/include"
fi
pushd rocksdb-rocksdb-3.10.2
make static_lib CFLAGS="$CLANG_INCLUDE $CFLAGS"
if [[ $OS = "freebsd" ]]; then
CC=cc CXX=c++ gmake static_lib CFLAGS="$CLANG_INCLUDE $CFLAGS"
else
make static_lib CFLAGS="$CLANG_INCLUDE $CFLAGS"
fi
popd
fi
sudo cp rocksdb-rocksdb-3.10.2/librocksdb.a /usr/local/lib

4
tools/tests/test_extensions.py
View File

@ -364,9 +364,11 @@ if __name__ == "__main__":
thrift_path = test_base.ARGS.build + "/generated/gen-py"
try:
sys.path.append(thrift_path)
sys.path.append(thrift_path + "/osquery")
from osquery import *
except ImportError:
except ImportError as e:
print ("Cannot import osquery thrift API from %s" % (thrift_path))
print ("Exception: %s" % (str(e)))
print ("You must first run: make")
exit(1)