environments

package module
v0.0.0-...-b077842 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 10, 2025 License: MIT Imports: 12 Imported by: 4

Documentation

Index

Constants

View Source 
const (
	// DecoratorUsers to append osquery user as result decorator
	DecoratorUsers = "" /* 134-byte string literal not displayed */
	// DecoratorHostname to append hostnames as result decorator
	DecoratorHostname = "SELECT hostname, local_hostname FROM system_info;"
	// DecoratorLoggedInUser to append the first logged in user as result decorator
	DecoratorLoggedInUser = "SELECT user || ' (' || tty || ')' AS username FROM logged_in_users WHERE type = 'user' ORDER BY time LIMIT 1;"
	// DecoratorOsqueryVersionHash to append the osquery version and the configuration hash as result decorator
	DecoratorOsqueryVersionHash = "SELECT version AS osquery_version, config_hash FROM osquery_info WHERE config_valid = 1;"
	// DecoratorMD5Process to append the MD5 of the running osquery binary as result decorator
	DecoratorMD5Process = "SELECT md5 AS osquery_md5 FROM hash WHERE path = (SELECT path FROM processes WHERE pid = (SELECT pid FROM osquery_info));"
)
View Source 
const (
	// DefaultEnrollPath as default value for enrolling nodes
	DefaultEnrollPath string = settings.ScriptEnroll
	// DefaultLogPath as default value for logging data from nodes
	DefaultLogPath string = "log"
	// DefaultLogInterval as default interval for logging data from nodes
	DefaultLogInterval int = 600
	// DefaultConfigPath as default value for configuring nodes
	DefaultConfigPath string = "config"
	// DefaultConfigInterval as default interval for configuring nodes
	DefaultConfigInterval int = 300
	// DefaultQueryReadPath as default value for distributing on-demand queries to nodes
	DefaultQueryReadPath string = "read"
	// DefaultQueryWritePath as default value for collecting results from on-demand queries
	DefaultQueryWritePath string = "write"
	// DefaultQueryInterval as default interval for distributing on-demand queries to nodes
	DefaultQueryInterval int = 60
	// DefaultCarverInitPath as default init endpoint for the carver
	DefaultCarverInitPath string = "init"
	// DefaultCarverBlockPath as default block endpoint for the carver
	DefaultCarverBlockPath string = "block"
	// DefaultEnvironmentIcon as default icon to use for environments
	DefaultEnvironmentIcon string = "fas fa-wrench"
	// DefaultEnvironmentType as default type to use for environments
	DefaultEnvironmentType string = "osquery"
	// DefaultSecretLength as default length for secrets
	DefaultSecretLength int = 64
	// DefaultLinkExpire as default time in hours to expire enroll/remove links
	DefaultLinkExpire int = 24
	// DefaultFlagsPath
	DefaultFlagsPath string = "osctrld-flags"
	// DefaultCertPath
	DefaultCertPath string = "osctrld-cert"
	// DefaultVerifyPath
	DefaultVerifyPath string = "osctrld-verify"
	// DefaultScriptPath
	DefaultScriptPath string = "osctrld-script"
)
View Source 
const (
	// CarverBlockSizeValue to configure size in bytes for carver blocks
	CarverBlockSizeValue string = "5120000"
	// FlagTLSServerCerts for the --tls_server_certs flag
	FlagTLSServerCerts string = `--tls_server_certs={{ .CertFile }}`
	// FlagCarverBlockSize for the --carver_block_size flag
	FlagCarverBlockSize string = `--carver_block_size={{ .BlockSize }}`
	// FlagsTemplate to generate flags for enrolling nodes
	FlagsTemplate string = `` /* 1154-byte string literal not displayed */

)
View Source 
const (
	// EmptyFlagSecret to use as placeholder for the secret file
	EmptyFlagSecret string = "__SECRET_FILE__"
	// EmptyFlagCert to use as placeholder for the certificate file
	EmptyFlagCert string = "__CERT_FILE__"
)
View Source 
const (
	// InsecureShellTLS for insecure TLS connections in shell oneliners
	InsecureShellTLS = "k"
	// InsecurePowershellTLS for insecure TLS connections in powershell onliners
	InsecurePowershellTLS = "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true};"
)
View Source 
const (
	// ShellTarget for shell extension
	ShellTarget = ".sh"
	// PowershellTarget for powershell extension
	PowershellTarget = ".ps1"
	// EnrollTarget for enroll target
	EnrollTarget = settings.ScriptEnroll
	// RemoveTarget for remove target
	RemoveTarget = settings.ScriptRemove
	// EnrollShell for enroll shell
	EnrollShell = EnrollTarget + ShellTarget
	// RemoveShell for remove shell
	RemoveShell = RemoveTarget + ShellTarget
	// EnrollPowershell for enroll powershell
	EnrollPowershell = EnrollTarget + PowershellTarget
	// RemovePowershell for remove powershell
	RemovePowershell = RemoveTarget + PowershellTarget
	// TemplateAddShell for template name
	TemplateAddShell = "quick-add" + ShellTarget
	// TemplateRemoveShell for template name
	TemplateRemoveShell = "quick-remove" + ShellTarget
	// TemplateAddPowershell for template name
	TemplateAddPowershell = "quick-add" + PowershellTarget
	// TemplateRemovePowershell for template name
	TemplateRemovePowershell = "quick-remove" + PowershellTarget
)
View Source 
const QuickAddScriptPowershell = `` /* 10393-byte string literal not displayed */

QuickAddScriptPowershell to keep the raw template for the quick add powershell script

View Source 
const QuickAddScriptShell = `` /* 6540-byte string literal not displayed */

QuickAddScriptShell to keep the raw template for the quick add shell script

View Source 
const QuickRemoveScriptPowershell = `` /* 2615-byte string literal not displayed */

QuickRemoveScriptPowershell to keep the raw template for the quick remove powershell script

View Source 
const QuickRemoveScriptShell = `` /* 3037-byte string literal not displayed */

QuickRemoveScriptShell to keep the raw template for the quick remove shell script

Variables

This section is empty.

Functions

func EnvironmentFinder 

func EnvironmentFinder(envID uint, envs []TLSEnvironment) string

EnvironmentFinder to find the environment and return its name based on the environment ID

func GenCarveBlockSizeFlag 

func GenCarveBlockSizeFlag(blockSize string) string

GenCarveBlockSizeFlag to generate the --carver_block_size flag

func GenGenericFlag 

func GenGenericFlag(flagName, flagConst string, data interface{}) string

GenGenericFlag to generate a generic flag to be used by osquery

func GenServerCertsFlag 

func GenServerCertsFlag(certificatePath string) string

GenServerCertsFlag to generate the --tls_server_certs flag

func IsItExpired 

func IsItExpired(t time.Time) bool

IsItExpired to determine if a time has expired, which makes it in the past

func IsPlatformLinux 

func IsPlatformLinux(pCheck string) bool

IsPlatformLinux to know if a linux is going to trigger a query

func IsPlatformQuery 

func IsPlatformQuery(pQuery, pCheck string) bool

IsPlatformQuery to know if a plaform is going to trigger a query

func PackageDownloadURL 

func PackageDownloadURL(env TLSEnvironment, pkg string) string

PackageDownloadURL to get the download URL for a package

func PrepareOneLiner 

func PrepareOneLiner(oneliner string, insecure bool, environment TLSEnvironment, target string) (string, error)

PrepareOneLiner generic to generate one-liners

func QuickAddOneLinerPowershell 

func QuickAddOneLinerPowershell(insecure bool, environment TLSEnvironment) (string, error)

QuickAddOneLinerPowershell to get the quick add one-liner for Windows nodes

func QuickAddOneLinerShell 

func QuickAddOneLinerShell(insecure bool, environment TLSEnvironment) (string, error)

QuickAddOneLinerShell to get the quick add one-liner for Linux/OSX nodes

func QuickAddScript 

func QuickAddScript(project, script string, environment TLSEnvironment) (string, error)

QuickAddScript to get a quick add script for a environment

func QuickRemoveOneLinerPowershell 

func QuickRemoveOneLinerPowershell(insecure bool, environment TLSEnvironment) (string, error)

QuickRemoveOneLinerPowershell to get the quick remove one-liner for Windows nodes

func QuickRemoveOneLinerShell 

func QuickRemoveOneLinerShell(insecure bool, environment TLSEnvironment) (string, error)

QuickRemoveOneLinerShell to get the quick remove one-liner for Linux/OSX nodes

func ReadExternalFile 

func ReadExternalFile(path string) string

ReadExternalFile to read an external file and return contents

Types

type ATCConf 

type ATCConf map[string]interface{}

ATCConf to hold all the auto table construction in the configuration https://osquery.readthedocs.io/en/stable/deployment/configuration/#automatic-table-construction

type DecoratorConf 

type DecoratorConf struct {
	Load     []string    `json:"load,omitempty"`
	Always   []string    `json:"always,omitempty"`
	Interval interface{} `json:"interval,omitempty"`
}

DecoratorConf to hold the osquery decorators https://osquery.readthedocs.io/en/stable/deployment/configuration/#decorator-queries

type Environment 

type Environment struct {
	DB *gorm.DB
}

Environment keeps all TLS Environments

func CreateEnvironment 

func CreateEnvironment(backend *gorm.DB) *Environment

CreateEnvironment to initialize the environment struct and tables

func (*Environment) AddOptionsConf 

func (environment *Environment) AddOptionsConf(name, option string, value interface{}) error

AddOptionsConf to add an osquery option to the configuration

func (*Environment) AddQueryPackConf 

func (environment *Environment) AddQueryPackConf(name, pName string, pack interface{}) error

AddQueryPackConf to add a new query pack to the osquery configuration

func (*Environment) AddQueryToPackConf 

func (environment *Environment) AddQueryToPackConf(name, pName, qName string, query ScheduleQuery) error

AddQueryToPackConf to add a new query to an existing pack in the osquery configuration

func (*Environment) AddScheduleConfQuery 

func (environment *Environment) AddScheduleConfQuery(name, qName string, query ScheduleQuery) error

AddScheduleConfQuery to add a new query to the osquery schedule

func (*Environment) All 

func (environment *Environment) All() ([]TLSEnvironment, error)

All gets all TLS Environment

func (*Environment) ChangeDebugHTTP 

func (environment *Environment) ChangeDebugHTTP(idEnv string, value bool) error

ChangeDebugHTTP to change the value of DebugHTTP for an environment

func (*Environment) Create 

func (environment *Environment) Create(env TLSEnvironment) error

Create new TLS Environment

func (*Environment) DebugHTTP 

func (environment *Environment) DebugHTTP(name string) bool

DebugHTTP to check if the environment has enabled debugging for HTTP

func (*Environment) Delete 

func (environment *Environment) Delete(identifier string) error

Delete TLS Environment by name or UUID

func (*Environment) Empty 

func (environment *Environment) Empty(name, hostname string) TLSEnvironment

Empty generates an empty TLSEnvironment with default values

func (*Environment) Exists 

func (environment *Environment) Exists(identifier string) bool

Exists checks if TLS Environment exists already

func (*Environment) ExpireEnroll 

func (environment *Environment) ExpireEnroll(idEnv string) error

ExpireEnroll to expire the enroll in an environment

func (*Environment) ExpireRemove 

func (environment *Environment) ExpireRemove(idEnv string) error

ExpireRemove to expire the remove in an environment

func (*Environment) ExtendEnroll 

func (environment *Environment) ExtendEnroll(idEnv string) error

ExtendEnroll to extend the enroll in an environment

func (*Environment) ExtendRemove 

func (environment *Environment) ExtendRemove(idEnv string) error

ExtendRemove to extend the remove in an environment

func (*Environment) GenEmptyConfiguration 

func (environment *Environment) GenEmptyConfiguration(indent bool) string

GenEmptyConfiguration to generate a serialized string with an empty configuration

func (*Environment) GenPacksEntries 

func (environment *Environment) GenPacksEntries(configuration []byte) (PacksEntries, error)

GenPacksEntries to generate packs parsed struct from the serialized string

func (*Environment) GenSerializedConf 

func (environment *Environment) GenSerializedConf(structured interface{}, indent bool) (string, error)

GenSerializedConf to generate a serialized osquery configuration from the structured data

func (*Environment) GenStructATC 

func (environment *Environment) GenStructATC(configuration []byte) (ATCConf, error)

GenStructATC to generate ATC from the serialized string

func (*Environment) GenStructConf 

func (environment *Environment) GenStructConf(configuration []byte) (OsqueryConf, error)

GenStructConf to generate the components from the osquery configuration

func (*Environment) GenStructDecorators 

func (environment *Environment) GenStructDecorators(configuration []byte) (DecoratorConf, error)

GenStructDecorators to generate decorators from the serialized string

func (*Environment) GenStructOptions 

func (environment *Environment) GenStructOptions(configuration []byte) (OptionsConf, error)

GenStructOptions to generate options from the serialized string

func (*Environment) GenStructPacks 

func (environment *Environment) GenStructPacks(configuration []byte) (PacksConf, error)

GenStructPacks to generate packs from the serialized string

func (*Environment) GenStructSchedule 

func (environment *Environment) GenStructSchedule(configuration []byte) (ScheduleConf, error)

GenStructSchedule to generate schedule from the serialized string

func (*Environment) GenerateFlags 

func (environment *Environment) GenerateFlags(env TLSEnvironment, secretPath, certPath string) (string, error)

GenerateFlags to generate flags

func (*Environment) GenerateFlagsEnv 

func (environment *Environment) GenerateFlagsEnv(idEnv string, secretPath, certPath string) (string, error)

GenerateFlagsEnv to generate flags by environment name

func (*Environment) Get 

func (environment *Environment) Get(identifier string) (TLSEnvironment, error)

Get TLS Environment by name or UUID

func (*Environment) GetByID 

func (environment *Environment) GetByID(id uint) (TLSEnvironment, error)

Get TLS Environment by ID

func (*Environment) GetByName 

func (environment *Environment) GetByName(name string) (TLSEnvironment, error)

Get TLS Environment by Name

func (*Environment) GetByUUID 

func (environment *Environment) GetByUUID(uuid string) (TLSEnvironment, error)

Get TLS Environment by UUID

func (*Environment) GetMap 

func (environment *Environment) GetMap() (MapEnvironments, error)

GetMap returns the map of environments by name and UUID

func (*Environment) Names 

func (environment *Environment) Names() ([]string, error)

Names gets just all TLS Environment names

func (*Environment) NodePacksEntries 

func (environment *Environment) NodePacksEntries(configuration []byte, platform string) (PacksEntries, error)

NodePacksEntries to generate packs parsed struct that applies to a platform from the serialized string

func (*Environment) NodeStructSchedule 

func (environment *Environment) NodeStructSchedule(configuration []byte, platform string) (ScheduleConf, error)

NodeStructSchedule to generate schedule that applies to a platform from the serialized string

func (*Environment) NotExpireEnroll 

func (environment *Environment) NotExpireEnroll(idEnv string) error

NotExpireEnroll to mark the enroll in an environment as not expiring

func (*Environment) NotExpireRemove 

func (environment *Environment) NotExpireRemove(idEnv string) error

NotExpireRemove to mark the remove in an environment as not expiring

func (*Environment) RefreshConfiguration 

func (environment *Environment) RefreshConfiguration(idEnv string) error

RefreshConfiguration to take all parts and put them together in the configuration

func (*Environment) RemoveOptionsConf 

func (environment *Environment) RemoveOptionsConf(name, option string) error

RemoveOptionsConf to remove an osquery option from the configuration

func (*Environment) RemoveQueryFromPackConf 

func (environment *Environment) RemoveQueryFromPackConf(name, pName, qName string) error

RemoveQueryFromPackConf to remove a query from an existing query pack in the osquery configuration

func (*Environment) RemoveQueryPackConf 

func (environment *Environment) RemoveQueryPackConf(name, pName string) error

RemoveQueryPackConf to add a new query pack to the osquery configuration

func (*Environment) RemoveScheduleConfQuery 

func (environment *Environment) RemoveScheduleConfQuery(name, qName string) error

RemoveScheduleConfQuery to remove a query from the osquery schedule

func (*Environment) RotateEnroll 

func (environment *Environment) RotateEnroll(name string) error

RotateEnrollPath to replace SecretPath for enrolling in an environment

func (*Environment) RotateRemove 

func (environment *Environment) RotateRemove(name string) error

RotateRemove to replace Secret and SecretPath for enrolling in an environment

func (*Environment) RotateSecret 

func (environment *Environment) RotateSecret(name string) error

RotateSecret to replace the current Secret for an environment

func (*Environment) RotateSecrets 

func (environment *Environment) RotateSecrets(name string) error

RotateSecrets to replace Secret and SecretPath for an environment

func (*Environment) UUIDs 

func (environment *Environment) UUIDs() ([]string, error)

UUIDs gets just all TLS Environment UUIDs

func (*Environment) Update 

func (environment *Environment) Update(e TLSEnvironment) error

Update TLS Environment

func (*Environment) UpdateATC 

func (environment *Environment) UpdateATC(idEnv, atc string) error

UpdateATC to update ATC for an environment

func (*Environment) UpdateCertificate 

func (environment *Environment) UpdateCertificate(idEnv, certificate string) error

UpdateCertificate to update decorators for an environment

func (*Environment) UpdateConfiguration 

func (environment *Environment) UpdateConfiguration(idEnv string, cnf OsqueryConf) error

UpdateConfiguration to update configuration for an environment

func (*Environment) UpdateConfigurationParts 

func (environment *Environment) UpdateConfigurationParts(idEnv string, cnf OsqueryConf) error

UpdateConfigurationParts to update all the configuration parts for an environment

func (*Environment) UpdateDebPackage 

func (environment *Environment) UpdateDebPackage(idEnv, debpackage string) error

UpdateDebPackage to update DEB package for an environment

func (*Environment) UpdateDecorators 

func (environment *Environment) UpdateDecorators(idEnv, decorators string) error

UpdateDecorators to update decorators for an environment

func (*Environment) UpdateFlags 

func (environment *Environment) UpdateFlags(idEnv, flags string) error

UpdateFlags to update flags for an environment

func (*Environment) UpdateHostname 

func (environment *Environment) UpdateHostname(idEnv, hostname string) error

UpdateHostname to update hostname for an environment

func (*Environment) UpdateIntervals 

func (environment *Environment) UpdateIntervals(name string, csecs, lsecs, qsecs int) error

UpdateIntervals to update intervals for an environment

func (*Environment) UpdateMsiPackage 

func (environment *Environment) UpdateMsiPackage(idEnv, msipackage string) error

UpdateMsiPackage to update MSI package for an environment

func (*Environment) UpdateOptions 

func (environment *Environment) UpdateOptions(idEnv, options string) error

UpdateOptions to update options for an environment

func (*Environment) UpdatePacks 

func (environment *Environment) UpdatePacks(idEnv, packs string) error

UpdatePacks to update packs for an environment

func (*Environment) UpdatePkgPackage 

func (environment *Environment) UpdatePkgPackage(idEnv, pkgpackage string) error

UpdatePkgPackage to update PKG package for an environment

func (*Environment) UpdateRpmPackage 

func (environment *Environment) UpdateRpmPackage(idEnv, rpmpackage string) error

UpdateRpmPackage to update RPM package for an environment

func (*Environment) UpdateSchedule 

func (environment *Environment) UpdateSchedule(idEnv, schedule string) error

UpdateSchedule to update schedule for an environment

type MapEnvironments 

type MapEnvironments map[string]TLSEnvironment

MapEnvironments to hold the TLS environments by name and UUID

type OptionsConf 

type OptionsConf map[string]interface{}

OptionsConf for each part of the configuration

type OsqueryConf 

type OsqueryConf struct {
	Options    OptionsConf   `json:"options"`
	Schedule   ScheduleConf  `json:"schedule"`
	Packs      PacksConf     `json:"packs"`
	Decorators DecoratorConf `json:"decorators"`
	ATC        ATCConf       `json:"auto_table_construction"`
}

OsqueryConf to hold the structure for the configuration https://osquery.readthedocs.io/en/stable/deployment/configuration/#configuration-specification

type PackEntry 

type PackEntry struct {
	Queries   map[string]ScheduleQuery `json:"queries,omitempty"`
	Platform  string                   `json:"platform,omitempty"`
	Shard     json.Number              `json:"shard,omitempty"`
	Version   string                   `json:"version,omitempty"`
	Discovery []string                 `json:"discovery,omitempty"`
}

PackEntry to hold the struct for a single pack

type PacksConf 

type PacksConf map[string]interface{}

PacksConf to hold all the packs in the configuration https://osquery.readthedocs.io/en/stable/deployment/configuration/#packs

type PacksEntries 

type PacksEntries map[string]PackEntry

PacksEntries to hold all the parsed non-local packs

type ScheduleConf 

type ScheduleConf map[string]ScheduleQuery

ScheduleConf to hold all the schedule https://osquery.readthedocs.io/en/stable/deployment/configuration/#schedule

type ScheduleQuery 

type ScheduleQuery struct {
	Query    string      `json:"query,omitempty"`
	Interval json.Number `json:"interval,omitempty"`
	Removed  bool        `json:"removed,omitempty"`
	Snapshot bool        `json:"snapshot,omitempty"`
	Platform string      `json:"platform,omitempty"`
	Version  string      `json:"version,omitempty"`
	Shard    json.Number `json:"shard,omitempty"`
	Denylist bool        `json:"denylist,omitempty"`
}

ScheduleQuery to hold the scheduled queries in the configuration https://osquery.readthedocs.io/en/stable/deployment/configuration/#schedule

type TLSEnvironment 

type TLSEnvironment struct {
	gorm.Model
	UUID             string `gorm:"index"`
	Name             string
	Hostname         string
	Secret           string
	EnrollSecretPath string
	EnrollExpire     time.Time
	RemoveSecretPath string
	RemoveExpire     time.Time
	Type             string
	DebPackage       string
	RpmPackage       string
	MsiPackage       string
	PkgPackage       string
	DebugHTTP        bool
	Icon             string
	Options          string
	Schedule         string
	Packs            string
	Decorators       string
	ATC              string
	Configuration    string
	Flags            string
	Certificate      string
	ConfigTLS        bool
	ConfigInterval   int
	LoggingTLS       bool
	LogInterval      int
	QueryTLS         bool
	QueryInterval    int
	CarvesTLS        bool
	EnrollPath       string
	LogPath          string
	ConfigPath       string
	QueryReadPath    string
	QueryWritePath   string
	CarverInitPath   string
	CarverBlockPath  string
	AcceptEnrolls    bool
	UserID           uint
}

TLSEnvironment to hold each of the TLS environment

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.