-
Notifications
You must be signed in to change notification settings - Fork 33
/
Copy pathmain.go
121 lines (107 loc) · 5.04 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
package main
import (
"context"
"flag"
"log"
"runtime"
"time"
"github.com/macadmins/osquery-extension/tables/alt_system_info"
"github.com/macadmins/osquery-extension/tables/chromeuserprofiles"
"github.com/macadmins/osquery-extension/tables/fileline"
"github.com/macadmins/osquery-extension/tables/filevaultusers"
macosprofiles "github.com/macadmins/osquery-extension/tables/macos_profiles"
"github.com/macadmins/osquery-extension/tables/macosrsr"
"github.com/macadmins/osquery-extension/tables/mdm"
"github.com/macadmins/osquery-extension/tables/munki"
"github.com/macadmins/osquery-extension/tables/networkquality"
"github.com/macadmins/osquery-extension/tables/pendingappleupdates"
"github.com/macadmins/osquery-extension/tables/puppet"
"github.com/macadmins/osquery-extension/tables/sofa"
"github.com/macadmins/osquery-extension/tables/unifiedlog"
"github.com/macadmins/osquery-extension/tables/wifi_network"
"github.com/macadmins/osquery-extension/tables/authdb"
osquery "github.com/osquery/osquery-go"
"github.com/osquery/osquery-go/plugin/table"
)
var Version = "0"
func main() {
var (
flSocketPath = flag.String("socket", "", "")
flTimeout = flag.Int("timeout", 0, "")
_ = flag.Int("interval", 0, "")
_ = flag.Bool("verbose", false, "")
)
flag.Parse()
// allow for osqueryd to create the socket path otherwise it will error
time.Sleep(3 * time.Second)
if Version == "" {
panic("Version not set")
}
useragent := sofa.BuildUserAgent(Version)
sofaOpts := []sofa.Option{
sofa.WithUserAgent(useragent),
}
server, err := osquery.NewExtensionManagerServer(
"macadmins_extension",
*flSocketPath,
osquery.ServerTimeout(time.Duration(*flTimeout)*time.Second),
)
if err != nil {
log.Fatalf("Error creating extension: %s\n", err)
}
// Create and register a new table plugin with the server.
// Adding a new table? Add it to the list and the loop below will handle
// the registration for you.
plugins := []osquery.OsqueryPlugin{
table.NewPlugin("puppet_info", puppet.PuppetInfoColumns(), puppet.PuppetInfoGenerate),
table.NewPlugin("puppet_logs", puppet.PuppetLogsColumns(), puppet.PuppetLogsGenerate),
table.NewPlugin("puppet_state", puppet.PuppetStateColumns(), puppet.PuppetStateGenerate),
table.NewPlugin("puppet_facts", puppet.PuppetFactsColumns(), puppet.PuppetFactsGenerate),
table.NewPlugin("google_chrome_profiles", chromeuserprofiles.GoogleChromeProfilesColumns(), chromeuserprofiles.GoogleChromeProfilesGenerate),
table.NewPlugin("file_lines", fileline.FileLineColumns(), fileline.FileLineGenerate),
}
// Platform specific tables
// if runtime.GOOS == "windows" {
// If there were windows only tables, they would go here
// }
if runtime.GOOS == "darwin" {
darwinPlugins := []osquery.OsqueryPlugin{
table.NewPlugin("filevault_users", filevaultusers.FileVaultUsersColumns(), filevaultusers.FileVaultUsersGenerate),
table.NewPlugin("macos_profiles", macosprofiles.MacOSProfilesColumns(), macosprofiles.MacOSProfilesGenerate),
table.NewPlugin("mdm", mdm.MDMInfoColumns(), mdm.MDMInfoGenerate),
table.NewPlugin("munki_info", munki.MunkiInfoColumns(), munki.MunkiInfoGenerate),
table.NewPlugin("munki_installs", munki.MunkiInstallsColumns(), munki.MunkiInstallsGenerate),
table.NewPlugin("network_quality", networkquality.NetworkQualityColumns(), networkquality.NetworkQualityGenerate),
table.NewPlugin("pending_apple_updates", pendingappleupdates.PendingAppleUpdatesColumns(), pendingappleupdates.PendingAppleUpdatesGenerate),
table.NewPlugin("macadmins_unified_log", unifiedlog.UnifiedLogColumns(), unifiedlog.UnifiedLogGenerate),
table.NewPlugin("macos_rsr", macosrsr.MacOSRsrColumns(), macosrsr.MacOSRsrGenerate),
table.NewPlugin("sofa_security_release_info", sofa.SofaSecurityReleaseInfoColumns(), func(ctx context.Context, queryContext table.QueryContext) ([]map[string]string, error) {
return sofa.SofaSecurityReleaseInfoGenerate(ctx, queryContext, *flSocketPath, sofaOpts...)
}),
table.NewPlugin("sofa_unpatched_cves", sofa.SofaUnpatchedCVEsColumns(), func(ctx context.Context, queryContext table.QueryContext) ([]map[string]string, error) {
return sofa.SofaUnpatchedCVEsGenerate(ctx, queryContext, *flSocketPath, sofaOpts...)
}),
table.NewPlugin("authdb", authdb.AuthDBColumns(), authdb.AuthDBGenerate),
table.NewPlugin(
"wifi_network",
wifi_network.WifiNetworkColumns(),
func(ctx context.Context, queryContext table.QueryContext) ([]map[string]string, error) {
return wifi_network.WifiNetworkGenerate(ctx, queryContext, *flSocketPath)
},
),
table.NewPlugin("alt_system_info", alt_system_info.AltSystemInfoColumns(),
func(ctx context.Context, queryContext table.QueryContext) ([]map[string]string, error) {
return alt_system_info.AltSystemInfoGenerate(ctx, queryContext, *flSocketPath)
},
),
}
plugins = append(plugins, darwinPlugins...)
}
for _, p := range plugins {
server.RegisterPlugin(p)
}
// Start the server. It will run forever unless an error bubbles up.
if err := server.Run(); err != nil {
log.Fatalln(err)
}
}