osquery-1/tools/deployment/osqueryd.initd
2018-07-03 12:00:56 -04:00

164 lines
4.1 KiB
Bash
Executable File

#!/bin/sh
#
# osqueryd Start/Stop the osquery daemon.
#
# chkconfig: 345 90 60
# Description:
# With osquery, you can use SQL to query low-level
# operating system information. Under the hood, instead
# of querying static tables, these queries dynamically execute
# high-performance native code. The results of the
# SQL query are transparently returned to you quickly and easily
#
### BEGIN INIT INFO
# Provides: osquery osqueryd
# Required-Start: $local_fs $syslog
# Required-Stop: $local_fs $syslog
# Default-Start: 3 4 5
# Default-Stop: 0 1 6
# Short-Description: run osqueryd daemon
# Description:
# With osquery, you can use SQL to query low-level
# operating system information. Under the hood, instead
# of querying static tables, these queries dynamically execute
# high-performance native code. The results of the
# SQL query are transparently returned to you quickly and easily
#
#
### END INIT INFO
if [ -z $RETVAL ]; then RETVAL=0; fi
if [ -z $PROG ]; then PROG="osqueryd"; fi
if [ -z $EXEC ]; then EXEC=/usr/bin/osqueryd; fi
if [ -z $FLAGS_PATH ]; then FLAGS_PATH=/etc/osquery/osquery.flags; fi
if [ -z $REAL_CONFIG_PATH ]; then REAL_CONFIG_PATH=/etc/osquery/osquery.conf; fi
if [ -z $LOCKFILE ]; then LOCKFILE=/var/lock/osqueryd; fi
if [ -z $PIDFILE ]; then PIDFILE=/var/run/osqueryd.pidfile; fi
if [ -z $OLD_PIDFILE ]; then OLD_PIDFILE=/var/run/osqueryd.pid; fi
if [ -z $UID ]; then UID=$(id -u); fi
if [ $UID -eq 0 ] && [ -e /etc/sysconfig/$PROG ]; then
. /etc/sysconfig/$PROG
fi
if [ -e /etc/init.d/functions ]; then
. /etc/init.d/functions
fi
if [ ! -e $FLAGS_PATH ] && [ ! -e $REAL_CONFIG_PATH ]; then
echo "No config file found at $REAL_CONFIG_PATH"
echo "Additionally, no flags file or config override found at $FLAGS_PATH"
echo "See '/usr/share/osquery/osquery.example.conf' for an example config."
RETVAL=1
fi
move_pidfile() {
if [ -f $OLD_PIDFILE ]; then
# Support for deprecated pidfile location.
mv $OLD_PIDFILE $PIDFILE
fi
}
ensure_root() {
if [ $UID -ne 0 ] ; then
echo "User has insufficient privilege."
RETVAL=1
fi
}
start() {
ensure_root
move_pidfile
ARGS=""
if [ -f $PIDFILE ]; then
PID=$(cat $PIDFILE)
PROCNAME=$(ps -p $PID -o comm\=)
if [ "$PROCNAME" = "$PROG" ]; then
return 0
else
# osqueryd pidfile exists but it's not running
rm $PIDFILE
fi
fi
if [ -e $FLAGS_PATH ]; then ARGS="$ARGS --flagfile=$FLAGS_PATH"; fi
if [ -e $REAL_CONFIG_PATH ]; then ARGS="$ARGS --config_path=$REAL_CONFIG_PATH"; fi
$EXEC $ARGS \
--pidfile=$PIDFILE \
--daemonize=true
RETVAL=$?
}
stop() {
ensure_root
move_pidfile
if [ ! -f $PIDFILE ] ; then
RETVAL=0
else
PID=$(cat $PIDFILE)
# Terminate the daemon and watchers
pkill -g $PID
# Allow the event threads to tear down
( while kill -0 $PID >/dev/null 2>&1; do sleep 0.2; done ) & DPID=$!
# If the event threads are still running after 5 seconds, kill them
( sleep 5 && pkill -9 -g $PID && kill -9 $DPID ) 2>/dev/null & WPID=$!
if wait $DPID 2>/dev/null; then
pkill -9 -P $WPID
wait $WPID
fi
rm -f $PIDFILE
fi
}
restart() {
stop
start
}
status() {
if [ -f $PIDFILE ]; then
PID=$(cat $PIDFILE)
PROCNAME=$(ps -p $PID -o comm\=)
if [ "$PROCNAME" = "$PROG" ]; then
echo "$PROG is already running: $PID"
RETVAL=0
else
# osqueryd pidfile exists but it's not running
echo "$PROG is not running but a stale pidfile was found."
RETVAL=7
fi
elif [ -f $OLD_PIDFILE ]; then
PID=$(cat $OLD_PIDFILE)
PROCNAME=$(ps -p $PID -o comm\=)
if [ "$PROCNAME" = "$PROG" ]; then
echo "$PROG is already running (old pidfile): $PID"
RETVAL=0
else
# osqueryd pidfile exists but it's not running
echo "$PROG is not running but a stale old pidfile was found."
RETVAL=7
fi
else
echo "$PROG is not running. no pidfile found."
RETVAL=7
fi
}
usage() {
echo "Usage: $0 {start|stop|status|restart}"
RETVAL=2
}
case "$1" in
start) start ;;
stop) stop ;;
restart) restart ;;
status) status ;;
*) usage ;;
esac
exit ${RETVAL}