valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 18:08:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2b834a401a
osquery-1/osquery/tables/system/shell_history.cpp
Mike Arpaia fff36af0af Removing trailing whitespace
2015-05-11 23:31:13 -07:00

79 lines
2.0 KiB
C++
Raw Blame History

/*
* Copyright (c) 2014, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD-style license found in the
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*
*/
#include <string>
#include <vector>
#include <pwd.h>
#include <osquery/core.h>
#include <osquery/tables.h>
#include <osquery/filesystem.h>
#include <osquery/logger.h>
#include <osquery/sql.h>
namespace osquery {
namespace tables {
const std::vector<std::string> kShellHistoryFiles = {
".bash_history", ".zsh_history", ".zhistory", ".history",
};
void genShellHistoryForUser(const std::string& username,
const std::string& directory,
QueryData& results) {
for (const auto& hfile : kShellHistoryFiles) {
boost::filesystem::path history_file = directory;
history_file /= hfile;
std::string history_content;
if (!readFile(history_file, history_content).ok()) {
// Cannot read a specific history file.
continue;
}
for (const auto& line : split(history_content, "\n")) {
Row r;
r["username"] = username;
r["command"] = line;
r["history_file"] = history_file.string();
results.push_back(r);
}
}
}
QueryData genShellHistory(QueryContext& context) {
QueryData results;
QueryData users;
if (!getuid()) {
// No uid is available, attempt to select from all users.
users = SQL::selectAllFrom("users");
} else {
// A uid is available, select only the home directory for this user.
struct passwd* pwd = getpwuid(getuid());
if (pwd != nullptr && pwd->pw_name != nullptr) {
users = SQL::selectAllFrom(
"users", "username", EQUALS, std::string(pwd->pw_name));
}
}
// Iterate over each user
for (const auto& row : users) {
if (row.count("username") > 0 && row.count("directory") > 0) {
genShellHistoryForUser(row.at("username"), row.at("directory"), results);
}
}
return results;
}
}
}
Reference in New Issue View Git Blame Copy Permalink