mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-09 02:36:46 +00:00
6558f605ff
This implements the following tables on FreeBSD: process_envs process_memory_map process_open_files process_open_sockets processes All the heavy lifting is done with libprocstat(3). All the tables follow the same general principle. Use the common function, getProcesses() in procstat.cpp, to get the processes and then generate the rows for each process returned. There is also a procstatCleanup() function commonly used across all the tables. The one thing I am not able to test is the process_open_sockets table on an IPv6 machine.
77 lines
1.6 KiB
C++
77 lines
1.6 KiB
C++
/*
|
|
* Copyright (c) 2014, Facebook, Inc.
|
|
* All rights reserved.
|
|
*
|
|
* This source code is licensed under the BSD-style license found in the
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
*
|
|
*/
|
|
|
|
#include <stdlib.h>
|
|
#include <unistd.h>
|
|
|
|
#include <sys/user.h>
|
|
#include <sys/queue.h>
|
|
#include <libprocstat.h>
|
|
|
|
#include <osquery/core.h>
|
|
#include <osquery/logger.h>
|
|
#include <osquery/tables.h>
|
|
#include <osquery/filesystem.h>
|
|
|
|
#include "osquery/tables/system/freebsd/procstat.h"
|
|
|
|
namespace osquery {
|
|
namespace tables {
|
|
|
|
void genDescriptors(struct procstat* pstat,
|
|
struct kinfo_proc* proc,
|
|
QueryData& results) {
|
|
|
|
Row r;
|
|
struct filestat_list* files = nullptr;
|
|
struct filestat* file = nullptr;
|
|
|
|
files = procstat_getfiles(pstat, proc, 0);
|
|
if (files == nullptr) {
|
|
return;
|
|
}
|
|
|
|
STAILQ_FOREACH(file, files, next) {
|
|
// Skip files that aren't "open" (no fd).
|
|
if (file->fs_fd == -1) {
|
|
continue;
|
|
}
|
|
|
|
r["pid"] = INTEGER(proc->ki_pid);
|
|
if (file->fs_path == nullptr) {
|
|
r["path"] = TEXT("");
|
|
} else {
|
|
r["path"] = TEXT(file->fs_path);
|
|
}
|
|
r["fd"] = BIGINT(file->fs_fd);
|
|
|
|
results.push_back(r);
|
|
}
|
|
|
|
procstat_freefiles(pstat, files);
|
|
}
|
|
|
|
QueryData genOpenFiles(QueryContext& context) {
|
|
QueryData results;
|
|
struct kinfo_proc* procs = nullptr;
|
|
struct procstat* pstat = nullptr;
|
|
|
|
auto cnt = getProcesses(context, &pstat, &procs);
|
|
|
|
for (size_t i = 0; i < cnt; i++) {
|
|
genDescriptors(pstat, &procs[i], results);
|
|
}
|
|
|
|
procstatCleanup(pstat, procs);
|
|
return results;
|
|
}
|
|
}
|
|
}
|