valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 18:08:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix for mount table interacting with direct autofs. (#5635)

Browse Source
This commit is contained in:
@emptymonkey 2019-08-05 19:23:34 -07:00 committed by Teddy Reed
parent 2c0da99016
commit f1cd3e1d86
1 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
osquery/tables/system/linux/mounts.cpp
View File

@ -9,6 +9,8 @@
#include <mntent.h>
#include <sys/vfs.h>
#include <set>
#include <osquery/core.h>
#include <osquery/filesystem/filesystem.h>
#include <osquery/tables.h>
@ -17,6 +19,10 @@
namespace osquery {
namespace tables {
std::set<std::string> kMountStatBlacklist = {
"autofs",
};
QueryData genMounts(QueryContext& context) {
QueryData results;
@ -29,20 +35,23 @@ QueryData genMounts(QueryContext& context) {
while ((ent = getmntent(mounts))) {
Row r;
r["type"] = std::string(ent->mnt_type);
r["device"] = std::string(ent->mnt_fsname);
r["device_alias"] = canonicalize_file_name(ent->mnt_fsname);
r["path"] = std::string(ent->mnt_dir);
r["type"] = std::string(ent->mnt_type);
r["flags"] = std::string(ent->mnt_opts);
struct statfs st;
if (!statfs(ent->mnt_dir, &st)) {
r["blocks_size"] = BIGINT(st.f_bsize);
r["blocks"] = BIGINT(st.f_blocks);
r["blocks_free"] = BIGINT(st.f_bfree);
r["blocks_available"] = BIGINT(st.f_bavail);
r["inodes"] = BIGINT(st.f_files);
r["inodes_free"] = BIGINT(st.f_ffree);
// Check type against blacklist before running statfs.
if (kMountStatBlacklist.find(r["type"]) == kMountStatBlacklist.end()) {
struct statfs st;
if (!statfs(ent->mnt_dir, &st)) {
r["blocks_size"] = BIGINT(st.f_bsize);
r["blocks"] = BIGINT(st.f_blocks);
r["blocks_free"] = BIGINT(st.f_bfree);
r["blocks_available"] = BIGINT(st.f_bavail);
r["inodes"] = BIGINT(st.f_files);
r["inodes_free"] = BIGINT(st.f_ffree);
}
}
results.push_back(std::move(r));