osquery-1/osquery/tables/system/linux/disk_encryption.cpp
2015-08-28 16:50:44 -07:00

94 lines
2.3 KiB
C++

/*
* Copyright (c) 2014, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD-style license found in the
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*
*/
#include <unistd.h>
#include <osquery/core.h>
#include <osquery/logger.h>
#include <osquery/tables.h>
#include <osquery/sql.h>
extern "C" {
#include <libcryptsetup.h>
}
namespace osquery {
namespace tables {
void genFDEStatusForBlockDevice(const std::string &name,
const std::string &uuid,
QueryData &results) {
Row r;
r["name"] = name;
r["uuid"] = uuid;
struct crypt_device *cd = nullptr;
struct crypt_active_device cad;
crypt_status_info ci;
std::string type;
std::string cipher;
std::string cipher_mode;
ci = crypt_status(cd, name.c_str());
switch (ci) {
case CRYPT_ACTIVE:
case CRYPT_BUSY:
r["encrypted"] = "1";
int crypt_init;
#if defined(CENTOS_CENTOS6) || defined(RHEL_RHEL6)
crypt_init = crypt_init_by_name(&cd, name.c_str());
#else
crypt_init =
crypt_init_by_name_and_header(&cd, name.c_str(), nullptr);
#endif
if (crypt_init < 0) {
VLOG(1) << "Unable to initialize crypt device for " << name;
crypt_free(cd);
break;
}
type = crypt_get_type(cd);
if (crypt_get_active_device(cd, name.c_str(), &cad) < 0) {
VLOG(1) << "Unable to get active device for " << name;
crypt_free(cd);
break;
}
cipher = crypt_get_cipher(cd);
cipher_mode = crypt_get_cipher_mode(cd);
r["type"] = type + "-" + cipher + "-" + cipher_mode;
break;
default:
r["encrypted"] = "0";
}
results.push_back(r);
}
QueryData genFDEStatus(QueryContext &context) {
QueryData results;
if (getuid() || geteuid()) {
VLOG(1) << "Not running as root, disk encryption status not available";
return results;
}
auto block_devices = SQL::selectAllFrom("block_devices");
for (const auto &row : block_devices) {
const auto name = (row.count("name") > 0) ? row.at("name") : "";
const auto uuid = (row.count("uuid") > 0) ? row.at("uuid") : "";
genFDEStatusForBlockDevice(name, uuid, results);
}
return results;
}
}
}