mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-07 01:55:20 +00:00
fe70a514af
Summary: This introduces two new (Windows-only) columns to the `logged_in_users` table: * `sid` corresponds to the logged in user's security identifier, used to uniquely identify the user and their permissions on the local system. * `registry_hive` corresponds to the user's HKU registry hive, used to look up per-user configuration information. I've updated the integration tests to test for these columns on Windows only. Please let me know if there's anything else I can do! Pull Request resolved: https://github.com/facebook/osquery/pull/5454 Differential Revision: D14195466 Pulled By: fmanco fbshipit-source-id: def9c362fac1b5a68b68f826916daafee224295b
17 lines
612 B
Plaintext
17 lines
612 B
Plaintext
table_name("logged_in_users")
|
|
description("Users with an active shell on the system.")
|
|
schema([
|
|
Column("type", TEXT, "Login type"),
|
|
Column("user", TEXT, "User login name"),
|
|
Column("tty", TEXT, "Device name"),
|
|
Column("host", TEXT, "Remote hostname"),
|
|
Column("time", INTEGER, "Time entry was made"),
|
|
Column("pid", INTEGER, "Process (or thread) ID"),
|
|
])
|
|
extended_schema(WINDOWS, [
|
|
Column("sid", TEXT, "The user's unique security identifier"),
|
|
Column("registry_hive", TEXT, "HKEY_USERS registry hive"),
|
|
])
|
|
attributes(cacheable=True)
|
|
implementation("logged_in_users@genLoggedInUsers")
|