osquery

Documentation

Overview

package osquery implements a runtime for osqueryd.

Index

• func FleetFlags(fleetURL *url.URL) []string
• func WithDataPath(path string) func(*Runner) error
• func WithEnv(env []string) func(*Runner) error
• func WithFlags(flags []string) func(*Runner) error
• func WithLogPath(path string) func(*Runner) error
• func WithShell() func(*Runner) error
• type Runner
  • func NewRunner(path string, options ...func(*Runner) error) (*Runner, error)
  • func (r *Runner) Execute() error
  • func (r *Runner) Interrupt(err error)

Functions

func FleetFlags

func FleetFlags(fleetURL *url.URL) []string

FleetFlags is the set of flags to pass to osquery when connecting to Fleet.

func WithDataPath

func WithDataPath(path string) func(*Runner) error

func WithEnv

func WithEnv(env []string) func(*Runner) error

WithEnv adds additional environment variables to the osqueryd invocation. Inputs should be in the form "KEY=VAL".

func WithFlags

func WithFlags(flags []string) func(*Runner) error

WithFlags adds additional flags to the osqueryd invocation.

func WithLogPath

func WithLogPath(path string) func(*Runner) error

func WithShell

func WithShell() func(*Runner) error

WithShell adds the -S flag to run an osqueryi shell.

Types

type Runner

type Runner struct {
	// contains filtered or unexported fields
}

Runner is a specialized runner for osquery. It is designed with Execute and Interrupt functions to be compatible with oklog/run.

func NewRunner

func NewRunner(path string, options ...func(*Runner) error) (*Runner, error)

NewRunner creates a new osquery runner given the provided functional options.

func (*Runner) Execute

func (r *Runner) Execute() error

Execute begins running osqueryd and returns when the process exits. The process may not be restarted after exit. Instead create a new one with NewRunner.

func (*Runner) Interrupt

func (r *Runner) Interrupt(err error)

Runner interrupts the running osquery process.