Documentation
¶
Index ¶
- Constants
- func IsForeignKey(err error) bool
- func IsNotFound(err error) bool
- func RandomText(keySize int) (string, error)
- func WriteQueriesToYaml(queries []*Query) (string, error)
- type AlreadyExistsError
- type AppConfig
- type AppConfigPayload
- type AppConfigService
- type AppConfigStore
- type Auth
- type CampaignService
- type CampaignStore
- type CreateTimestamp
- type Datastore
- type DecoratorConfig
- type DistributedQueryCampaign
- type DistributedQueryCampaignTarget
- type DistributedQueryExecutionStatus
- type DistributedQueryResult
- type DistributedQueryStatus
- type Email
- type EnrollSecret
- type EnrollSecretSpec
- type FIMCategoryToPaths
- type ForeignKeyError
- type Host
- type HostExpirySettings
- type HostListOptions
- type HostService
- type HostSettings
- type HostStatus
- type HostStore
- type HostSummary
- type ImportConfig
- type ImportConfigResponse
- type ImportConfigService
- type ImportSection
- type ImportStatus
- type Invite
- type InvitePayload
- type InviteService
- type InviteStore
- type JSONLogger
- type Label
- type LabelMembershipType
- type LabelPayload
- type LabelQueryExecution
- type LabelService
- type LabelSpec
- type LabelStore
- type LabelType
- type ListOptions
- type LiveQueryStore
- type MailService
- type Mailer
- type MigrationStatus
- type ModifyAppConfigRequest
- type ModifyLabelPayload
- type NetworkInterface
- type NotFoundError
- type ObjectMetadata
- type OptionNameToValueMap
- type OptionOverrideType
- type OptionalArg
- type OptionsObject
- type OptionsOverrides
- type OptionsSpec
- type OrderDirection
- type OrgInfo
- type OsQueryConfigInt
- type OsqueryDistributedQueryResults
- type OsqueryOptionsService
- type OsqueryOptionsStore
- type OsqueryService
- type OsqueryStatus
- type Pack
- type PackContent
- type PackDetails
- type PackNameMap
- type PackNameToPackDetails
- type PackPayload
- type PackService
- type PackSpec
- type PackSpecQuery
- type PackSpecTargets
- type PackStore
- type PackTarget
- type Packs
- type PasswordResetRequest
- type PasswordResetStore
- type PermissivePackContent
- type PermissivePacks
- type PermissiveQueries
- type PermissiveQueryContent
- type Queries
- type Query
- type QueryContent
- type QueryDetails
- type QueryNameToQueryDetailsMap
- type QueryObject
- type QueryPayload
- type QueryResultStore
- type QueryService
- type QuerySpec
- type QueryStore
- type SMTPAuthMethod
- type SMTPAuthType
- type SMTPSettingsPayload
- type SSOSession
- type SSOSettings
- type SSOSettingsPayload
- type ScheduledQuery
- type ScheduledQueryPayload
- type ScheduledQueryService
- type ScheduledQueryStore
- type ServerSettings
- type Service
- type Session
- type SessionService
- type SessionStore
- type StatusService
- type Target
- type TargetMetrics
- type TargetSearchResults
- type TargetService
- type TargetStore
- type TargetType
- type Transaction
- type Transactions
- type UpdateCreateTimestamps
- type UpdateTimestamp
- type User
- type UserPayload
- type UserService
- type UserStore
- type WarningType
- type YARAConfig
Constants ¶
View Source
const ( AuthMethodNameCramMD5 = "authmethod_cram_md5" AuthMethodNameLogin = "authmethod_login" AuthMethodNamePlain = "authmethod_plain" AuthTypeNameUserNamePassword = "authtype_username_password" AuthTypeNameNone = "authtype_none" )
SMTP settings names returned from API, these map to SMTPAuthType and SMTPAuthMethod
View Source
const ( NoMigrationsCompleted = iota SomeMigrationsCompleted AllMigrationsCompleted )
View Source
const ( // StatusOnline host is active. StatusOnline = HostStatus("online") // StatusOffline no communication with host for OfflineDuration. StatusOffline = HostStatus("offline") // StatusMIA no communication with host for MIADuration. StatusMIA = HostStatus("mia") // StatusNew means the host has enrolled in the interval defined by // NewDuration. It is independent of offline and online. StatusNew = HostStatus("new") // NewDuration if a host has been created within this time period it's // considered new. NewDuration = 24 * time.Hour // OfflineDuration if a host hasn't been in communication for this period it // is considered MIA. MIADuration = 30 * 24 * time.Hour // OnlineIntervalBuffer is the additional time in seconds to add to the // online interval to avoid flapping of hosts that check in a bit later // than their expected checkin interval. OnlineIntervalBuffer = 30 )
View Source
const ( OptionsSection ImportSection = "options" PacksSection = "packs" QueriesSection = "queries" DecoratorsSection = "decorators" FilePathsSection = "file_paths" YARASigSection = "yara_signature_group" YARAFileSection = "yara_file_group" )
View Source
const ( PackDuplicate WarningType = "duplicate_pack" DifferentQuerySameName = "different_query_same_name" OptionAlreadySet = "option_already_set" OptionReadonly = "option_readonly" OptionUnknown = "option_unknown" QueryDuplicate = "duplicate_query" FIMDuplicate = "duplicate_fim" YARADuplicate = "duplicate_yara" Unsupported = "unsupported" )
View Source
const ( GlobPacks = "*" // ImportPackName is a custom pack name used for a pack we create to // hold imported scheduled queries. ImportPackName = "imported" )
View Source
const ApiVersion = "v1"
View Source
const (
AppConfigKind = "config"
)
View Source
const (
EnrollSecretKind = "enroll_secret"
)
View Source
const (
HostKind = "host"
)
View Source
const (
LabelKind = "label"
)
View Source
const (
OptionsKind = "options"
)
View Source
const (
PackKind = "pack"
)
View Source
const (
QueryKind = "query"
)
Variables ¶
This section is empty.
Functions ¶
func IsForeignKey ¶
func IsNotFound ¶
func RandomText ¶
RandomText returns a stdEncoded string of just what it says
func WriteQueriesToYaml ¶
Types ¶
type AlreadyExistsError ¶
AlreadyExists is returned when creating a datastore resource that already exists.
type AppConfig ¶
type AppConfig struct {
ID uint
OrgName string `db:"org_name"`
OrgLogoURL string `db:"org_logo_url"`
KolideServerURL string `db:"kolide_server_url"`
// SMTPConfigured is a flag that indicates if smtp has been successfully
// tested with the settings provided by an admin user.
SMTPConfigured bool `db:"smtp_configured"`
// SMTPSenderAddress is the email address that will appear in emails sent
// from Fleet
SMTPSenderAddress string `db:"smtp_sender_address"`
// SMTPServer is the host name of the SMTP server Fleet will use to send mail
SMTPServer string `db:"smtp_server"`
// SMTPPort port SMTP server will use
SMTPPort uint `db:"smtp_port"`
// SMTPAuthenticationType type of authentication for SMTP
SMTPAuthenticationType SMTPAuthType `db:"smtp_authentication_type"`
// SMTPUserName must be provided if SMTPAuthenticationType is UserNamePassword
SMTPUserName string `db:"smtp_user_name"`
// SMTPPassword must be provided if SMTPAuthenticationType is UserNamePassword
SMTPPassword string `db:"smtp_password"`
// SMTPEnableSSLTLS whether to use SSL/TLS for SMTP
SMTPEnableTLS bool `db:"smtp_enable_ssl_tls"`
// SMTPAuthenticationMethod authentication method smtp server will use
SMTPAuthenticationMethod SMTPAuthMethod `db:"smtp_authentication_method"`
// SMTPDomain optional domain for SMTP
SMTPDomain string `db:"smtp_domain"`
// SMTPVerifySSLCerts defaults to true but can be turned off if self signed
// SSL certs are used by the SMTP server
SMTPVerifySSLCerts bool `db:"smtp_verify_ssl_certs"`
// SMTPEnableStartTLS detects of TLS is enabled on mail server and starts to use it (default true)
SMTPEnableStartTLS bool `db:"smtp_enable_start_tls"`
// EntityID is a uri that identifies this service provider
EntityID string `db:"entity_id"`
// IssuerURI is the uri that identifies the identity provider
IssuerURI string `db:"issuer_uri"`
// IDPImageURL is a link to a logo or other image that is used for UX
IDPImageURL string `db:"idp_image_url"`
// Metadata contains IDP metadata XML
Metadata string `db:"metadata"`
// MetadataURL is a URL provided by the IDP which can be used to download
// metadata
MetadataURL string `db:"metadata_url"`
// IDPName is a human friendly name for the IDP
IDPName string `db:"idp_name"`
// EnableSSO flag to determine whether or not to enable SSO
EnableSSO bool `db:"enable_sso"`
// FIMInterval defines the interval when file integrity checks will occur
FIMInterval int `db:"fim_interval"`
// FIMFileAccess defines the FIMSections which will be monitored for file access events as a JSON formatted array
FIMFileAccesses string `db:"fim_file_accesses"`
// HostExpiryEnabled defines whether automatic host cleanup is enabled.
HostExpiryEnabled bool `db:"host_expiry_enabled"`
// HostExpiryWindow defines a number in days after which a host will be removed if it has not communicated with Fleet.
HostExpiryWindow int `db:"host_expiry_window"`
// LiveQueryDisabled defines whether live queries are disabled.
LiveQueryDisabled bool `db:"live_query_disabled"`
// AdditionalQueries is the set of additional queries that should be run
// when collecting details from hosts.
AdditionalQueries *json.RawMessage `db:"additional_queries"`
}
AppConfig holds configuration about the Fleet application. AppConfig data can be managed by a Fleet API user.
type AppConfigPayload ¶
type AppConfigPayload struct {
OrgInfo *OrgInfo `json:"org_info"`
ServerSettings *ServerSettings `json:"server_settings"`
SMTPSettings *SMTPSettingsPayload `json:"smtp_settings"`
HostExpirySettings *HostExpirySettings `json:"host_expiry_settings"`
HostSettings *HostSettings `json:"host_settings"`
// SMTPTest is a flag that if set will cause the server to test email configuration
SMTPTest *bool `json:"smtp_test,omitempty"`
// SSOSettings single sign settings
SSOSettings *SSOSettingsPayload `json:"sso_settings"`
}
AppConfigPayload contains request/response format of the AppConfig endpoints.
type AppConfigService ¶
type AppConfigService interface {
NewAppConfig(ctx context.Context, p AppConfigPayload) (info *AppConfig, err error)
AppConfig(ctx context.Context) (info *AppConfig, err error)
ModifyAppConfig(ctx context.Context, p AppConfigPayload) (info *AppConfig, err error)
SendTestEmail(ctx context.Context, config *AppConfig) error
// ApplyEnrollSecretSpec adds and updates the enroll secrets specified in
// the spec.
ApplyEnrollSecretSpec(ctx context.Context, spec *EnrollSecretSpec) error
// GetEnrollSecretSpec gets the spec for the current enroll secrets.
GetEnrollSecretSpec(ctx context.Context) (*EnrollSecretSpec, error)
// Certificate returns the PEM encoded certificate chain for osqueryd TLS termination.
// For cases where the connection is self-signed, the server will attempt to
// connect using the InsecureSkipVerify option in tls.Config.
CertificateChain(ctx context.Context) (cert []byte, err error)
}
AppConfigService provides methods for configuring the Fleet application
type AppConfigStore ¶
type AppConfigStore interface {
NewAppConfig(info *AppConfig) (*AppConfig, error)
AppConfig() (*AppConfig, error)
SaveAppConfig(info *AppConfig) error
// VerifyEnrollSecret checks that the provided secret matches an active
// enroll secret. If it is successfully matched, the name of the secret is
// returned. Otherwise an error is returned.
VerifyEnrollSecret(secret string) (string, error)
// ApplyEnrollSecretSpec adds and updates the enroll secrets specified in
// the spec.
ApplyEnrollSecretSpec(spec *EnrollSecretSpec) error
// GetEnrollSecretSpec gets the spec for the current enroll secrets.
GetEnrollSecretSpec() (*EnrollSecretSpec, error)
}
AppConfigStore contains method for saving and retrieving application configuration
type CampaignService ¶
type CampaignService interface {
// NewDistributedQueryCampaign creates a new distributed query campaign
// with the provided query and host/label targets (specified by name).
NewDistributedQueryCampaignByNames(ctx context.Context, queryString string, hosts []string, labels []string) (*DistributedQueryCampaign, error)
// NewDistributedQueryCampaign creates a new distributed query campaign
// with the provided query and host/label targets
NewDistributedQueryCampaign(ctx context.Context, queryString string, hosts []uint, labels []uint) (*DistributedQueryCampaign, error)
// StreamCampaignResults streams updates with query results and
// expected host totals over the provided websocket. Note that the type
// signature is somewhat inconsistent due to this being a streaming API
// and not the typical go-kit RPC style.
StreamCampaignResults(ctx context.Context, conn *websocket.Conn, campaignID uint)
}
CampaignService defines the distributed query campaign related service methods
type CampaignStore ¶
type CampaignStore interface {
// NewDistributedQueryCampaign creates a new distributed query campaign
NewDistributedQueryCampaign(camp *DistributedQueryCampaign) (*DistributedQueryCampaign, error)
// DistributedQueryCampaign loads a distributed query campaign by ID
DistributedQueryCampaign(id uint) (*DistributedQueryCampaign, error)
// SaveDistributedQueryCampaign updates an existing distributed query
// campaign
SaveDistributedQueryCampaign(camp *DistributedQueryCampaign) error
// DistributedQueryCampaignTargetIDs gets the IDs of the targets for
// the query campaign of the provided ID
DistributedQueryCampaignTargetIDs(id uint) (hostIDs []uint, labelIDs []uint, err error)
// NewDistributedQueryCampaignTarget adds a new target to an existing
// distributed query campaign
NewDistributedQueryCampaignTarget(target *DistributedQueryCampaignTarget) (*DistributedQueryCampaignTarget, error)
// CleanupDistributedQueryCampaigns will clean and trim metadata for old
// distributed query campaigns. Any campaign in the QueryWaiting state will
// be moved to QueryComplete after one minute. Any campaign in the
// QueryRunning state will be moved to QueryComplete after one day. Times
// are from creation time. The now parameter makes this method easier to
// test. The return values indicate how many campaigns were expired and any error.
CleanupDistributedQueryCampaigns(now time.Time) (expired uint, err error)
}
CampaignStore defines the distributed query campaign related datastore methods
type CreateTimestamp ¶
Createable contains common timestamp fields indicating create time
type Datastore ¶
type Datastore interface {
UserStore
QueryStore
CampaignStore
PackStore
LabelStore
HostStore
TargetStore
PasswordResetStore
SessionStore
AppConfigStore
InviteStore
ScheduledQueryStore
OsqueryOptionsStore
Name() string
Drop() error
// MigrateTables creates and migrates the table schemas
MigrateTables() error
// MigrateData populates built-in data
MigrateData() error
// MigrationStatus returns nil if migrations are complete, and an error
// if migrations need to be run.
MigrationStatus() (MigrationStatus, error)
Begin() (Transaction, error)
}
Datastore combines all the interfaces in the Fleet DAL
type DecoratorConfig ¶
type DecoratorConfig struct {
Load []string `json:"load"`
Always []string `json:"always"`
/*
Interval maps a string representation of a numeric interval to a set
of decorator queries.
{
"interval": {
"3600": [
"SELECT total_seconds FROM uptime;"
]
}
}
*/
Interval map[string][]string `json:"interval"`
}
Decorator section of osquery config each section contains rows of decorator queries.
type DistributedQueryCampaign ¶
type DistributedQueryCampaign struct {
UpdateCreateTimestamps
Metrics TargetMetrics
ID uint `json:"id"`
QueryID uint `json:"query_id" db:"query_id"`
Status DistributedQueryStatus `json:"status"`
UserID uint `json:"user_id" db:"user_id"`
}
DistributedQueryCampaign is the basic metadata associated with a distributed query.
type DistributedQueryCampaignTarget ¶
type DistributedQueryCampaignTarget struct {
ID uint
Type TargetType
DistributedQueryCampaignID uint `db:"distributed_query_campaign_id"`
TargetID uint `db:"target_id"`
}
DistributedQueryCampaignTarget stores a target (host or label) for a distributed query campaign. There is a one -> many mapping of campaigns to targets.
type DistributedQueryExecutionStatus ¶
type DistributedQueryExecutionStatus int
DistributedQueryExecutionStatus is the status of a distributed query execution on a single host.
const ( ExecutionWaiting DistributedQueryExecutionStatus = iota ExecutionRequested ExecutionSucceeded ExecutionFailed )
type DistributedQueryResult ¶
type DistributedQueryResult struct {
DistributedQueryCampaignID uint `json:"distributed_query_execution_id"`
Host Host `json:"host"`
Rows []map[string]string `json:"rows"`
// osquery currently doesn't return any helpful error information,
// but we use string here instead of bool for future-proofing. Note also
// that we can't use the error interface here because something
// implementing that interface may not (un)marshal properly
Error *string `json:"error"`
}
DistributedQueryResult is the result returned from the execution of a distributed query on a single host.
type DistributedQueryStatus ¶
type DistributedQueryStatus int
DistributedQueryStatus is the lifecycle status of a distributed query campaign.
const ( QueryWaiting DistributedQueryStatus = iota QueryRunning QueryComplete )
type EnrollSecret ¶
type EnrollSecret struct {
// Name is the name assigned to the secret
Name string `json:"name" db:"name"`
// Secret is the actual secret key.
Secret string `json:"secret" db:"secret"`
// Active determines whether the secret is currently allowed to be used for
// authentication.
Active bool `json:"active" db:"active"`
// CreatedAt is the time this enroll secret was first added.
CreatedAt time.Time `json:"created_at" db:"created_at"`
}
EnrollSecret contains information about an enroll secret, name, and active status. Enroll secrets are used for osquery authentication.
type EnrollSecretSpec ¶
type EnrollSecretSpec struct {
// Secrets is the list of enroll secrets.
Secrets []EnrollSecret `json:"secrets"`
}
EnrollSecretSpec is the fleetctl spec type for enroll secrets.
type FIMCategoryToPaths ¶
type ForeignKeyError ¶
ForeignKeyError is returned when the operation fails due to foreign key constraints.
type Host ¶
type Host struct {
UpdateCreateTimestamps
ID uint `json:"id"`
// OsqueryHostID is the key used in the request context that is
// used to retrieve host information. It is sent from osquery and may currently be
// a GUID or a Host Name, but in either case, it MUST be unique
OsqueryHostID string `json:"-" db:"osquery_host_id"`
DetailUpdateTime time.Time `json:"detail_updated_at" db:"detail_update_time"` // Time that the host details were last updated
LabelUpdateTime time.Time `json:"label_updated_at" db:"label_update_time"` // Time that the host details were last updated
SeenTime time.Time `json:"seen_time" db:"seen_time"` // Time that the host was last "seen"
NodeKey string `json:"-" db:"node_key"`
HostName string `json:"hostname" db:"host_name"` // there is a fulltext index on this field
UUID string `json:"uuid" db:"uuid"` // there is a fulltext index on this field
Platform string `json:"platform"`
OsqueryVersion string `json:"osquery_version" db:"osquery_version"`
OSVersion string `json:"os_version" db:"os_version"`
Build string `json:"build"`
PlatformLike string `json:"platform_like" db:"platform_like"`
CodeName string `json:"code_name" db:"code_name"`
Uptime time.Duration `json:"uptime"`
PhysicalMemory int64 `json:"memory" sql:"type:bigint" db:"physical_memory"`
// system_info fields
CPUType string `json:"cpu_type" db:"cpu_type"`
CPUSubtype string `json:"cpu_subtype" db:"cpu_subtype"`
CPUBrand string `json:"cpu_brand" db:"cpu_brand"`
CPUPhysicalCores int `json:"cpu_physical_cores" db:"cpu_physical_cores"`
CPULogicalCores int `json:"cpu_logical_cores" db:"cpu_logical_cores"`
HardwareVendor string `json:"hardware_vendor" db:"hardware_vendor"`
HardwareModel string `json:"hardware_model" db:"hardware_model"`
HardwareVersion string `json:"hardware_version" db:"hardware_version"`
HardwareSerial string `json:"hardware_serial" db:"hardware_serial"`
ComputerName string `json:"computer_name" db:"computer_name"`
// PrimaryNetworkInterfaceID if present indicates to primary network for the host, the details of which
// can be found in the NetworkInterfaces element with the same ip_address.
PrimaryNetworkInterfaceID *uint `json:"primary_ip_id,omitempty" db:"primary_ip_id"`
NetworkInterfaces []*NetworkInterface `json:"-" db:"-"`
PrimaryIP string `json:"primary_ip" db:"primary_ip"`
PrimaryMac string `json:"primary_mac" db:"primary_mac"`
DistributedInterval uint `json:"distributed_interval" db:"distributed_interval"`
ConfigTLSRefresh uint `json:"config_tls_refresh" db:"config_tls_refresh"`
LoggerTLSPeriod uint `json:"logger_tls_period" db:"logger_tls_period"`
Additional *json.RawMessage `json:"additional,omitempty" db:"additional"`
EnrollSecretName string `json:"enroll_secret_name" db:"enroll_secret_name"`
}
type HostExpirySettings ¶
type HostExpirySettings struct {
HostExpiryEnabled *bool `json:"host_expiry_enabled,omitempty"`
HostExpiryWindow *int `json:"host_expiry_window,omitempty"`
}
HostExpirySettings contains settings pertaining to automatic host expiry.
type HostListOptions ¶
type HostListOptions struct {
ListOptions
StatusFilter HostStatus
}
type HostService ¶
type HostService interface {
ListHosts(ctx context.Context, opt HostListOptions) (hosts []*Host, err error)
GetHost(ctx context.Context, id uint) (host *Host, err error)
GetHostSummary(ctx context.Context) (summary *HostSummary, err error)
DeleteHost(ctx context.Context, id uint) (err error)
// HostByIdentifier returns one host matching the provided identifier.
// Possible matches can be on osquery_host_identifier, node_key, UUID, or
// hostname.
HostByIdentifier(ctx context.Context, identifier string) (*Host, error)
}
type HostSettings ¶
type HostSettings struct {
AdditionalQueries *json.RawMessage `json:"additional_queries"`
}
type HostStatus ¶
type HostStatus string
type HostStore ¶
type HostStore interface {
// NewHost is deprecated and will be removed. Hosts should always be
// enrolled via EnrollHost.
NewHost(host *Host) (*Host, error)
SaveHost(host *Host) error
DeleteHost(hid uint) error
Host(id uint) (*Host, error)
EnrollHost(osqueryHostId, nodeKey, secretName string) (*Host, error)
ListHosts(opt HostListOptions) ([]*Host, error)
// AuthenticateHost authenticates and returns host metadata by node key.
// This method should not return the host "additional" information as this
// is not typically necessary for the operations performed by the osquery
// endpoints.
AuthenticateHost(nodeKey string) (*Host, error)
MarkHostSeen(host *Host, t time.Time) error
SearchHosts(query string, omit ...uint) ([]*Host, error)
// CleanupIncomingHosts deletes hosts that have enrolled but never
// updated their status details. This clears dead "incoming hosts" that
// never complete their registration.
//
// A host is considered incoming if both the hostname and
// osquery_version fields are empty. This means that multiple different
// osquery queries failed to populate details.
CleanupIncomingHosts(now time.Time) error
// GenerateHostStatusStatistics retrieves the count of online, offline,
// MIA and new hosts.
GenerateHostStatusStatistics(now time.Time) (online, offline, mia, new uint, err error)
// HostIDsByName Retrieve the IDs associated with the given hostnames
HostIDsByName(hostnames []string) ([]uint, error)
// HostByIdentifier returns one host matching the provided identifier.
// Possible matches can be on osquery_host_identifier, node_key, UUID, or
// hostname.
HostByIdentifier(identifier string) (*Host, error)
}
type HostSummary ¶
type HostSummary struct {
OnlineCount uint `json:"online_count"`
OfflineCount uint `json:"offline_count"`
MIACount uint `json:"mia_count"`
NewCount uint `json:"new_count"`
}
HostSummary is a structure which represents a data summary about the total set of hosts in the database. This structure is returned by the HostService method GetHostSummary
type ImportConfig ¶
type ImportConfig struct {
// DryRun if true an import will be attempted, and if successful will be completely rolled back
DryRun bool
// Options is a map of option name to a value which can be an int,
// bool, or string.
Options OptionNameToValueMap `json:"options"`
// Schedule is a map of query names to details
Schedule QueryNameToQueryDetailsMap `json:"schedule"`
// Packs is a map of pack names to either PackDetails, or a string
// containing a file path with a pack config. If a string, we expect
// PackDetails to be stored in ExternalPacks.
Packs PackNameMap `json:"packs"`
// FileIntegrityMonitoring file integrity monitoring information.
// See https://osquery.readthedocs.io/en/stable/deployment/file-integrity-monitoring/
FileIntegrityMonitoring FIMCategoryToPaths `json:"file_paths"`
// YARA configuration
YARA *YARAConfig `json:"yara"`
Decorators *DecoratorConfig `json:"decorators"`
// ExternalPacks are packs referenced when an item in the Packs map references
// an external file. The PackName here must match the PackName in the Packs map.
ExternalPacks PackNameToPackDetails `json:"-"`
// GlobPackNames lists pack names that are globbed.
GlobPackNames []string `json:"glob"`
}
ImportConfig is a representation of an Osquery configuration. Osquery documentation has further details. See https://osquery.readthedocs.io/en/stable/deployment/configuration/
func (*ImportConfig) CollectPacks ¶
func (ic *ImportConfig) CollectPacks() (PackNameToPackDetails, error)
CollectPacks consolidates packs, globbed packs and external packs.
type ImportConfigResponse ¶
type ImportConfigResponse struct {
ImportStatusBySection map[ImportSection]*ImportStatus `json:"import_status"`
}
ImportConfigResponse contains information about the import of an osquery configuration file.
func (*ImportConfigResponse) Status ¶
func (ic *ImportConfigResponse) Status(section ImportSection) (status *ImportStatus)
Status returns a structure that contains information about the import of a particular section of an osquery configuration file.
type ImportConfigService ¶
type ImportConfigService interface {
// ImportConfig create packs, queries, options etc based on imported
// osquery configuration.
ImportConfig(ctx context.Context, cfg *ImportConfig) (*ImportConfigResponse, error)
}
type ImportSection ¶
type ImportSection string
ImportSection is used to categorize information associated with the import of a particular section of an imported osquery configuration file.
type ImportStatus ¶
type ImportStatus struct {
// Title human readable name of the section of the import file that this
// status pertains to.
Title string `json:"title"`
// ImportCount count of items successfully imported.
ImportCount int `json:"import_count"`
// SkipCount count of items that are skipped. The reasons for the omissions
// can be found in Warnings.
SkipCount int `json:"skip_count"`
// Warnings groups categories of warnings with one or more detail messages.
Warnings map[WarningType][]string `json:"warnings"`
// Messages contains an entry for each import attempt.
Messages []string `json:"messages"`
}
ImportStatus contains information pertaining to the import of a section of an osquery configuration file.
func (*ImportStatus) Message ¶
func (is *ImportStatus) Message(fmtMsg string, args ...interface{})
Message is used to add a general message to ImportStatus, usually indicating what was changed in a successful import.
func (*ImportStatus) Warning ¶
func (is *ImportStatus) Warning(warnType WarningType, fmtMsg string, fmtArgs ...interface{})
Warning is used to add a warning message to ImportStatus.
type Invite ¶
type Invite struct {
UpdateCreateTimestamps
ID uint `json:"id"`
InvitedBy uint `json:"invited_by" db:"invited_by"`
Email string `json:"email"`
Admin bool `json:"admin"`
Name string `json:"name"`
Position string `json:"position,omitempty"`
Token string `json:"-"`
SSOEnabled bool `json:"sso_enabled" db:"sso_enabled"`
}
Invite represents an invitation for a user to join Fleet.
type InvitePayload ¶
type InvitePayload struct {
InvitedBy *uint `json:"invited_by"`
Email *string
Admin *bool
Name *string
Position *string
SSOEnabled *bool `json:"sso_enabled"`
}
InvitePayload contains fields required to create a new user invite.
type InviteService ¶
type InviteService interface {
// InviteNewUser creates an invite for a new user to join Fleet.
InviteNewUser(ctx context.Context, payload InvitePayload) (invite *Invite, err error)
// DeleteInvite removes an invite.
DeleteInvite(ctx context.Context, id uint) (err error)
// Invites returns a list of all invites.
ListInvites(ctx context.Context, opt ListOptions) (invites []*Invite, err error)
// VerifyInvite verifies that an invite exists and that it matches the
// invite token.
VerifyInvite(ctx context.Context, token string) (invite *Invite, err error)
}
InviteService contains methods for a service which deals with user invites.
type InviteStore ¶
type InviteStore interface {
// NewInvite creates and stores a new invitation in a DB.
NewInvite(i *Invite) (*Invite, error)
// Invites lists all invites in the datastore.
ListInvites(opt ListOptions) ([]*Invite, error)
// Invite retrieves an invite by it's ID.
Invite(id uint) (*Invite, error)
// InviteByEmail retrieves an invite for a specific email address.
InviteByEmail(email string) (*Invite, error)
// InviteByToken retrieves and invite using the token string.
InviteByToken(token string) (*Invite, error)
// SaveInvite saves an invitation in the datastore.
SaveInvite(i *Invite) error
// DeleteInvite deletes an invitation.
DeleteInvite(id uint) error
}
InviteStore contains the methods for managing user invites in a datastore.
type JSONLogger ¶
type JSONLogger interface {
// Write writes the JSON log entries to the appropriate destination,
// returning any errors that occurred.
Write(ctx context.Context, logs []json.RawMessage) error
}
JSONLogger defines an interface for loggers that can write JSON to various output sources.
type Label ¶
type Label struct {
UpdateCreateTimestamps
ID uint `json:"id"`
Name string `json:"name"`
Description string `json:"description"`
Query string `json:"query"`
Platform string `json:"platform"`
LabelType LabelType `json:"label_type" db:"label_type"`
LabelMembershipType LabelMembershipType `json:"label_membership_type" db:"label_membership_type"`
HostCount int `json:"host_count" db:"host_count"`
}
type LabelMembershipType ¶
type LabelMembershipType uint
LabelMembershipType sets how the membership of the label is determined.
const ( // LabelTypeDynamic indicates that the label is populated dynamically (by // the execution of a label query). LabelMembershipTypeDynamic LabelMembershipType = iota // LabelTypeManual indicates that the label is populated manually. LabelMembershipTypeManual )
func (LabelMembershipType) MarshalJSON ¶
func (t LabelMembershipType) MarshalJSON() ([]byte, error)
func (*LabelMembershipType) UnmarshalJSON ¶
func (t *LabelMembershipType) UnmarshalJSON(b []byte) error
type LabelPayload ¶
type LabelQueryExecution ¶
type LabelService ¶
type LabelService interface {
// ApplyLabelSpecs applies a list of LabelSpecs to the datastore,
// creating and updating labels as necessary.
ApplyLabelSpecs(ctx context.Context, specs []*LabelSpec) error
// GetLabelSpecs returns all of the stored LabelSpecs.
GetLabelSpecs(ctx context.Context) ([]*LabelSpec, error)
// GetLabelSpec gets the spec for the label with the given name.
GetLabelSpec(ctx context.Context, name string) (*LabelSpec, error)
NewLabel(ctx context.Context, p LabelPayload) (label *Label, err error)
ModifyLabel(ctx context.Context, id uint, payload ModifyLabelPayload) (*Label, error)
ListLabels(ctx context.Context, opt ListOptions) (labels []*Label, err error)
GetLabel(ctx context.Context, id uint) (label *Label, err error)
DeleteLabel(ctx context.Context, name string) (err error)
// DeleteLabelByID is for backwards compatibility with the UI
DeleteLabelByID(ctx context.Context, id uint) (err error)
// ListHostsInLabel returns a slice of hosts in the label with the
// given ID.
ListHostsInLabel(ctx context.Context, lid uint, opt ListOptions) ([]Host, error)
// LabelsForHost returns the labels that the given host is in.
ListLabelsForHost(ctx context.Context, hid uint) ([]Label, error)
// HostIDsForLabel returns ids of hosts that belong to the label identified
// by lid
HostIDsForLabel(lid uint) ([]uint, error)
}
type LabelSpec ¶
type LabelSpec struct {
ID uint
Name string `json:"name"`
Description string `json:"description"`
Query string `json:"query"`
Platform string `json:"platform,omitempty"`
LabelType LabelType `json:"label_type,omitempty" db:"label_type"`
LabelMembershipType LabelMembershipType `json:"label_membership_type" db:"label_membership_type"`
Hosts []string `json:"hosts,omitempty"`
}
type LabelStore ¶
type LabelStore interface {
// ApplyLabelSpecs applies a list of LabelSpecs to the datastore,
// creating and updating labels as necessary.
ApplyLabelSpecs(specs []*LabelSpec) error
// GetLabelSpecs returns all of the stored LabelSpecs.
GetLabelSpecs() ([]*LabelSpec, error)
// GetLabelSpec returns the spec for the named label.
GetLabelSpec(name string) (*LabelSpec, error)
// Label methods
NewLabel(Label *Label, opts ...OptionalArg) (*Label, error)
SaveLabel(label *Label) (*Label, error)
DeleteLabel(name string) error
Label(lid uint) (*Label, error)
ListLabels(opt ListOptions) ([]*Label, error)
// LabelQueriesForHost returns the label queries that should be executed
// for the given host. The cutoff is the minimum timestamp a query
// execution should have to be considered "fresh". Executions that are
// not fresh will be repeated. Results are returned in a map of label
// id -> query
LabelQueriesForHost(host *Host, cutoff time.Time) (map[string]string, error)
// RecordLabelQueryExecutions saves the results of label queries. The
// results map is a map of label id -> whether or not the label
// matches. The time parameter is the timestamp to save with the query
// execution.
RecordLabelQueryExecutions(host *Host, results map[uint]bool, t time.Time) error
// LabelsForHost returns the labels that the given host is in.
ListLabelsForHost(hid uint) ([]Label, error)
// ListHostsInLabel returns a slice of hosts in the label with the
// given ID.
ListHostsInLabel(lid uint, opt ListOptions) ([]Host, error)
// ListUniqueHostsInLabels returns a slice of all of the hosts in the
// given label IDs. A host will only appear once in the results even if
// it is in multiple of the provided labels.
ListUniqueHostsInLabels(labels []uint) ([]Host, error)
SearchLabels(query string, omit ...uint) ([]Label, error)
// LabelIDsByName Retrieve the IDs associated with the given labels
LabelIDsByName(labels []string) ([]uint, error)
}
type LabelType ¶
type LabelType uint
LabelType is used to catagorize the kind of label
func (LabelType) MarshalJSON ¶
func (*LabelType) UnmarshalJSON ¶
type ListOptions ¶
type ListOptions struct {
// Which page to return (must be positive integer)
Page uint
// How many results per page (must be positive integer, 0 indicates
// unlimited)
PerPage uint
// Key to use for ordering
OrderKey string
// Direction of ordering
OrderDirection OrderDirection
}
ListOptions defines options related to paging and ordering to be used when listing objects
type LiveQueryStore ¶
type LiveQueryStore interface {
// RunQuery starts a query with the given name and SQL, targeting the
// provided host IDs.
RunQuery(name, sql string, hostIDs []uint) error
// StopQuery stops a running query with the given name. Hosts will no longer
// receive the query after StopQuery has been called.
StopQuery(name string) error
// QueriesForHost returns the active queries for the given host ID. The
// return value maps from query name to SQL.
QueriesForHost(hostID uint) (map[string]string, error)
// QueryCompletedByHost marks the query with the given name as completed by the
// given host. After calling QueryCompleted, that query will no longer be
// sent to the host.
QueryCompletedByHost(name string, hostID uint) error
}
LiveQueryStore defines an interface for storing and retrieving the status of live queries in the Fleet system.
type MailService ¶
type Mailer ¶
Mailer is an email campaign Types which implement the Campaign interface can be marshalled into an email body
type MigrationStatus ¶
type MigrationStatus int
type ModifyAppConfigRequest ¶
type ModifyAppConfigRequest struct {
// TestSMTP is this is set to true, the SMTP configuration will be tested
// with the results of the test returned to caller. No config changes
// will be applied.
TestSMTP bool `json:"test_smtp"`
AppConfig AppConfig `json:"app_config"`
}
ModifyAppConfigRequest contains application configuration information sent from front end and used to change app config elements.
type ModifyLabelPayload ¶
type ModifyLabelPayload struct {
Name *string `json:"name"`
Description *string `json:"description"`
}
ModifyLabelPayload is used to change editable fields for a Label
type NetworkInterface ¶
type NetworkInterface struct {
UpdateCreateTimestamps
ID uint `json:"id"`
// HostID foreign key establishes one host to many NetworkInterface relationship
HostID uint `json:"-" db:"host_id"`
Interface string `json:"interface"`
IPAddress string `json:"address" db:"ip_address"`
Mask string `json:"mask"`
Broadcast string `json:"broadcast"`
PointToPoint string `json:"point_to_point" db:"point_to_point"`
MAC string `json:"mac"`
Type int `json:"type"`
MTU int `json:"mtu"`
Metric int `json:"metric"`
IPackets int64 `json:"ipackets"`
OPackets int64 `json:"opackets"`
IBytes int64 `json:"ibytes"`
OBytes int64 `json:"obytes"`
IErrors int64 `json:"ierrors"`
OErrors int64 `json:"oerrors"`
LastChange int64 `json:"last_change" db:"last_change"`
}
type NotFoundError ¶
NotFoundError is returned when the datastore resource cannot be found.
type ObjectMetadata ¶
type OptionNameToValueMap ¶
type OptionNameToValueMap map[string]interface{}
type OptionOverrideType ¶
type OptionOverrideType int
OptionOverrideType is used to designate which override type a given set of options is used for. Currently the only supported override type is by platform.
const ( // OptionOverrideTypeDefault indicates that this is the default config // (provided to hosts when there is no override set for them). OptionOverrideTypeDefault OptionOverrideType = iota // OptionOverrideTypePlatform indicates that this is a // platform-specific config override (with precedence over the default // config). OptionOverrideTypePlatform )
type OptionalArg ¶
type OptionalArg func() interface{}
func HasTransaction ¶
func HasTransaction(tx Transaction) OptionalArg
type OptionsObject ¶
type OptionsObject struct {
ObjectMetadata
Spec OptionsSpec `json:"spec"`
}
type OptionsOverrides ¶
type OptionsOverrides struct {
Platforms map[string]json.RawMessage `json:"platforms,omitempty"`
}
type OptionsSpec ¶
type OptionsSpec struct {
Config json.RawMessage `json:"config"`
Overrides OptionsOverrides `json:"overrides,omitempty"`
}
type OrderDirection ¶
type OrderDirection int
const ( OrderAscending OrderDirection = iota OrderDescending )
type OrgInfo ¶
type OrgInfo struct {
OrgName *string `json:"org_name,omitempty"`
OrgLogoURL *string `json:"org_logo_url,omitempty"`
}
OrgInfo contains general info about the organization using Fleet.
type OsQueryConfigInt ¶
type OsQueryConfigInt uint
OsQueryConfigInt is provided becase integers in the osquery config file may be represented as strings in the json. If we know a particular field is supposed to be an Integer, we convert from string to int if we can.
func (*OsQueryConfigInt) UnmarshalJSON ¶
func (c *OsQueryConfigInt) UnmarshalJSON(b []byte) error
type OsqueryDistributedQueryResults ¶
OsqueryDistributedQueryResults represents the format of the results of an osquery distributed query.
type OsqueryOptionsService ¶
type OsqueryOptionsService interface {
ApplyOptionsSpec(ctx context.Context, spec *OptionsSpec) error
GetOptionsSpec(ctx context.Context) (*OptionsSpec, error)
}
type OsqueryOptionsStore ¶
type OsqueryOptionsStore interface {
ApplyOptions(options *OptionsSpec) error
GetOptions() (*OptionsSpec, error)
OptionsForPlatform(platform string) (json.RawMessage, error)
}
type OsqueryService ¶
type OsqueryService interface {
EnrollAgent(ctx context.Context, enrollSecret, hostIdentifier string, hostDetails map[string](map[string]string)) (nodeKey string, err error)
AuthenticateHost(ctx context.Context, nodeKey string) (host *Host, err error)
GetClientConfig(ctx context.Context) (config map[string]interface{}, err error)
// GetDistributedQueries retrieves the distributed queries to run for
// the host in the provided context. These may be detail queries, label
// queries, or user-initiated distributed queries. A map from query
// name to query is returned. To enable the osquery "accelerated
// checkins" feature, a positive integer (number of seconds to activate
// for) should be returned. Returning 0 for this will not activate the
// feature.
GetDistributedQueries(ctx context.Context) (queries map[string]string, accelerate uint, err error)
SubmitDistributedQueryResults(ctx context.Context, results OsqueryDistributedQueryResults, statuses map[string]OsqueryStatus) (err error)
SubmitStatusLogs(ctx context.Context, logs []json.RawMessage) (err error)
SubmitResultLogs(ctx context.Context, logs []json.RawMessage) (err error)
}
type OsqueryStatus ¶
type OsqueryStatus int
OsqueryStatus represents osquery status codes (0 = success, nonzero = failure)
const ( // StatusOK is the success code returned by osquery StatusOK OsqueryStatus = 0 )
type Pack ¶
type Pack struct {
UpdateCreateTimestamps
ID uint `json:"id"`
Name string `json:"name"`
Description string `json:"description"`
Platform string `json:"platform"`
Disabled bool `json:"disabled"`
}
Pack is the structure which represents an osquery query pack.
type PackContent ¶
type PackContent struct {
Platform string `json:"platform,omitempty"`
Version string `json:"version,omitempty"`
Shard uint `json:"shard,omitempty"`
Discovery []string `json:"discovery,omitempty"`
Queries Queries `json:"queries"`
}
PackContent is the format of an osquery query pack.
type PackDetails ¶
type PackDetails struct {
Queries QueryNameToQueryDetailsMap `json:"queries"`
Shard *OsQueryConfigInt `json:"shard"`
Version *string `json:"version"`
Platform string `json:"platform"`
Discovery []string `json:"discovery"`
}
PackDetails represents the "packs" section of an osquery configuration file.
type PackNameMap ¶
type PackNameMap map[string]interface{}
func (PackNameMap) UnmarshalJSON ¶
func (pnm PackNameMap) UnmarshalJSON(b []byte) error
UnmarshalJSON custom unmarshaling for PackNameMap will determine whether the pack section of an osquery config file refers to a file path, or pack details. Pack details are unmarshalled into into PackDetails structure as opposed to nested map[string]interface{}
type PackNameToPackDetails ¶
type PackNameToPackDetails map[string]PackDetails
type PackPayload ¶
type PackPayload struct {
Name *string `json:"name"`
Description *string `json:"description"`
Platform *string `json:"platform"`
Disabled *bool `json:"disabled"`
HostIDs *[]uint `json:"host_ids"`
LabelIDs *[]uint `json:"label_ids"`
}
PackPayload is the struct which is used to create/update packs.
type PackService ¶
type PackService interface {
// ApplyPackSpecs applies a list of PackSpecs to the datastore,
// creating and updating packs as necessary.
ApplyPackSpecs(ctx context.Context, specs []*PackSpec) error
// GetPackSpecs returns all of the stored PackSpecs.
GetPackSpecs(ctx context.Context) ([]*PackSpec, error)
// GetPackSpec gets the spec for the pack with the given name.
GetPackSpec(ctx context.Context, name string) (*PackSpec, error)
// NewPack creates a new pack in the datastore.
NewPack(ctx context.Context, p PackPayload) (pack *Pack, err error)
// ModifyPack modifies an existing pack in the datastore.
ModifyPack(ctx context.Context, id uint, p PackPayload) (pack *Pack, err error)
// ListPacks lists all packs in the application.
ListPacks(ctx context.Context, opt ListOptions) (packs []*Pack, err error)
// GetPack retrieves a pack by ID.
GetPack(ctx context.Context, id uint) (pack *Pack, err error)
// DeletePack deletes a pack record from the datastore.
DeletePack(ctx context.Context, name string) (err error)
// DeletePackByID is for backwards compatibility with the UI
DeletePackByID(ctx context.Context, id uint) (err error)
// AddLabelToPack adds an existing label to an existing pack, both by ID.
AddLabelToPack(ctx context.Context, lid, pid uint) (err error)
// RemoveLabelFromPack removes an existing label from it's association with
// an existing pack, both by ID.
RemoveLabelFromPack(ctx context.Context, lid, pid uint) (err error)
// ListLabelsForPack lists all labels that are associated with a pack.
ListLabelsForPack(ctx context.Context, pid uint) (labels []*Label, err error)
// AddHostToPack adds an existing host to an existing pack, both by ID.
AddHostToPack(ctx context.Context, hid, pid uint) (err error)
// RemoveHostFromPack removes an existing host from it's association with
// an existing pack, both by ID.
RemoveHostFromPack(ctx context.Context, hid, pid uint) (err error)
// ListPacksForHost lists the packs that a host should execute.
ListPacksForHost(ctx context.Context, hid uint) (packs []*Pack, err error)
// ListHostsInPack lists the IDs of all hosts that are associated with a pack,
// both through labels and manual associations.
ListHostsInPack(ctx context.Context, pid uint, opt ListOptions) (hosts []uint, err error)
// ListExplicitHostsInPack lists the IDs of hosts that have been manually associated
// with a query pack.
ListExplicitHostsInPack(ctx context.Context, pid uint, opt ListOptions) (hosts []uint, err error)
}
PackService is the service interface for managing query packs.
type PackSpec ¶
type PackSpec struct {
ID uint `json:"id,omitempty"`
Name string `json:"name"`
Description string `json:"description,omitempty"`
Platform string `json:"platform,omitempty"`
Disabled bool `json:"disabled"`
Targets PackSpecTargets `json:"targets,omitempty"`
Queries []PackSpecQuery `json:"queries,omitempty"`
}
type PackSpecQuery ¶
type PackSpecQuery struct {
QueryName string `json:"query" db:"query_name"`
Name string `json:"name"`
Description string `json:"description"`
Interval uint `json:"interval"`
Snapshot *bool `json:"snapshot,omitempty"`
Removed *bool `json:"removed,omitempty"`
Shard *uint `json:"shard,omitempty"`
Platform *string `json:"platform,omitempty"`
Version *string `json:"version,omitempty"`
}
type PackSpecTargets ¶
type PackSpecTargets struct {
Labels []string `json:"labels"`
}
type PackStore ¶
type PackStore interface {
// ApplyPackSpecs applies a list of PackSpecs to the datastore,
// creating and updating packs as necessary.
ApplyPackSpecs(specs []*PackSpec) error
// GetPackSpecs returns all of the stored PackSpecs.
GetPackSpecs() ([]*PackSpec, error)
// GetPackSpec returns the spec for the named pack.
GetPackSpec(name string) (*PackSpec, error)
// NewPack creates a new pack in the datastore.
NewPack(pack *Pack, opts ...OptionalArg) (*Pack, error)
// SavePack updates an existing pack in the datastore.
SavePack(pack *Pack) error
// DeletePack deletes a pack record from the datastore.
DeletePack(name string) error
// Pack retrieves a pack from the datastore by ID.
Pack(pid uint) (*Pack, error)
// ListPacks lists all packs in the datastore.
ListPacks(opt ListOptions) ([]*Pack, error)
// PackByName fetches pack if it exists, if the pack
// exists the bool return value is true
PackByName(name string, opts ...OptionalArg) (*Pack, bool, error)
// AddLabelToPack adds an existing label to an existing pack, both by ID.
AddLabelToPack(lid, pid uint, opts ...OptionalArg) error
// RemoveLabelFromPack removes an existing label from it's association with
// an existing pack, both by ID.
RemoveLabelFromPack(lid, pid uint) error
// ListLabelsForPack lists all labels that are associated with a pack.
ListLabelsForPack(pid uint) ([]*Label, error)
// AddHostToPack adds an existing host to an existing pack, both by ID.
AddHostToPack(hid uint, pid uint) error
// RemoveHostFromPack removes an existing host from it's association with
// an existing pack, both by ID.
RemoveHostFromPack(hid uint, pid uint) error
// ListPacksForHost lists the packs that a host should execute.
ListPacksForHost(hid uint) (packs []*Pack, err error)
// ListHostsInPack lists the IDs of all hosts that are associated with a pack
// through labels.
ListHostsInPack(pid uint, opt ListOptions) ([]uint, error)
// ListExplicitHostsInPack lists the IDs of hosts that have been manually
// associated with a query pack.
ListExplicitHostsInPack(pid uint, opt ListOptions) ([]uint, error)
}
PackStore is the datastore interface for managing query packs.
type PackTarget ¶
PackTarget associates a pack with either a host or a label
type Packs ¶
type Packs map[string]PackContent
Packs is a helper which represents the format of a list of osquery query packs.
type PasswordResetRequest ¶
type PasswordResetRequest struct {
UpdateCreateTimestamps
ID uint
ExpiresAt time.Time `db:"expires_at"`
UserID uint `db:"user_id"`
Token string
}
PasswordResetRequest represents a database table for Password Reset Requests
type PasswordResetStore ¶
type PasswordResetStore interface {
NewPasswordResetRequest(req *PasswordResetRequest) (*PasswordResetRequest, error)
SavePasswordResetRequest(req *PasswordResetRequest) error
DeletePasswordResetRequest(req *PasswordResetRequest) error
DeletePasswordResetRequestsForUser(userID uint) error
FindPassswordResetByID(id uint) (*PasswordResetRequest, error)
FindPassswordResetsByUserID(id uint) ([]*PasswordResetRequest, error)
FindPassswordResetByToken(token string) (*PasswordResetRequest, error)
FindPassswordResetByTokenAndUserID(token string, id uint) (*PasswordResetRequest, error)
}
PasswordResetStore manages password resets in the Datastore
type PermissivePackContent ¶
type PermissivePackContent struct {
Platform string `json:"platform,omitempty"`
Version string `json:"version,omitempty"`
Shard uint `json:"shard,omitempty"`
Discovery []string `json:"discovery,omitempty"`
Queries PermissiveQueries `json:"queries"`
}
type PermissivePacks ¶
type PermissivePacks map[string]PermissivePackContent
type PermissiveQueries ¶
type PermissiveQueries map[string]PermissiveQueryContent
type PermissiveQueryContent ¶
type PermissiveQueryContent struct {
QueryContent
Interval interface{} `json:"interval"`
}
type Queries ¶
type Queries map[string]QueryContent
Queries is a helper which represents the format of a set of queries in a pack.
type Query ¶
type Query struct {
UpdateCreateTimestamps
ID uint `json:"id"`
Name string `json:"name"`
Description string `json:"description"`
Query string `json:"query"`
Saved bool `json:"saved"`
AuthorID *uint `json:"author_id" db:"author_id"`
// AuthorName is retrieved with a join to the users table in the MySQL
// backend (using AuthorID)
AuthorName string `json:"author_name" db:"author_name"`
// Packs is loaded when retrieving queries, but is stored in a join
// table in the MySQL backend.
Packs []Pack `json:"packs" db:"-"`
}
func LoadQueriesFromYaml ¶
type QueryContent ¶
type QueryContent struct {
Query string `json:"query"`
Description string `json:"description,omitempty"`
Interval uint `json:"interval"`
Platform *string `json:"platform,omitempty"`
Version *string `json:"version,omitempty"`
Snapshot *bool `json:"snapshot,omitempty"`
Removed *bool `json:"removed,omitempty"`
Shard *uint `json:"shard,omitempty"`
}
QueryContent is the format of a query stanza in an osquery configuration.
type QueryDetails ¶
type QueryDetails struct {
Query string `json:"query"`
Interval OsQueryConfigInt `json:"interval"`
// Optional fields
Removed *bool `json:"removed"`
Platform *string `json:"platform"`
Version *string `json:"version"`
Shard *OsQueryConfigInt `json:"shard"`
Snapshot *bool `json:"snapshot"`
}
QueryDetails represents the query objects used in the packs and the schedule section of an osquery configuration.
type QueryNameToQueryDetailsMap ¶
type QueryNameToQueryDetailsMap map[string]QueryDetails
type QueryObject ¶
type QueryObject struct {
ObjectMetadata
Spec QuerySpec `json:"spec"`
}
type QueryPayload ¶
type QueryResultStore ¶
type QueryResultStore interface {
// WriteResult writes a distributed query result submitted by an
// osqueryd client
WriteResult(result DistributedQueryResult) error
// ReadChannel returns a channel to be read for incoming distributed
// query results. Channel values should be either
// DistributedQueryResult or error
ReadChannel(ctx context.Context, query DistributedQueryCampaign) (<-chan interface{}, error)
// HealthCheck returns nil if the store is functioning properly, or an
// error describing the problem.
HealthCheck() error
}
QueryResultStore defines functions for sending and receiving distributed query results over a pub/sub system. It is implemented by structs in package pubsub.
type QueryService ¶
type QueryService interface {
// ApplyQuerySpecs applies a list of queries (creating or updating
// them as necessary)
ApplyQuerySpecs(ctx context.Context, specs []*QuerySpec) error
// GetQuerySpecs gets the YAML file representing all the stored queries.
GetQuerySpecs(ctx context.Context) ([]*QuerySpec, error)
// GetQuerySpec gets the spec for the query with the given name.
GetQuerySpec(ctx context.Context, name string) (*QuerySpec, error)
// ListQueries returns a list of saved queries. Note only saved queries
// should be returned (those that are created for distributed queries
// but not saved should not be returned).
ListQueries(ctx context.Context, opt ListOptions) ([]*Query, error)
GetQuery(ctx context.Context, id uint) (*Query, error)
NewQuery(ctx context.Context, p QueryPayload) (*Query, error)
ModifyQuery(ctx context.Context, id uint, p QueryPayload) (*Query, error)
DeleteQuery(ctx context.Context, name string) error
// For backwards compatibility with UI
DeleteQueryByID(ctx context.Context, id uint) error
// DeleteQueries deletes the existing query objects with the provided IDs.
// The number of deleted queries is returned along with any error.
DeleteQueries(ctx context.Context, ids []uint) (uint, error)
}
type QueryStore ¶
type QueryStore interface {
// ApplyQueries applies a list of queries (likely from a yaml file) to
// the datastore. Existing queries are updated, and new queries are
// created.
ApplyQueries(authorID uint, queries []*Query) error
// NewQuery creates a new query object in thie datastore. The returned
// query should have the ID updated.
NewQuery(query *Query, opts ...OptionalArg) (*Query, error)
// SaveQuery saves changes to an existing query object.
SaveQuery(query *Query) error
// DeleteQuery deletes an existing query object.
DeleteQuery(name string) error
// DeleteQueries deletes the existing query objects with the provided IDs.
// The number of deleted queries is returned along with any error.
DeleteQueries(ids []uint) (uint, error)
// Query returns the query associated with the provided ID. Associated
// packs should also be loaded.
Query(id uint) (*Query, error)
// ListQueries returns a list of queries with the provided sorting and
// paging options. Associated packs should also be loaded.
ListQueries(opt ListOptions) ([]*Query, error)
// QueryByName looks up a query by name.
QueryByName(name string, opts ...OptionalArg) (*Query, error)
}
type SMTPAuthMethod ¶
type SMTPAuthMethod int
const ( AuthMethodPlain SMTPAuthMethod = iota AuthMethodCramMD5 AuthMethodLogin )
func (SMTPAuthMethod) String ¶
func (m SMTPAuthMethod) String() string
type SMTPAuthType ¶
type SMTPAuthType int
const ( AuthTypeUserNamePassword SMTPAuthType = iota AuthTypeNone )
func (SMTPAuthType) String ¶
func (a SMTPAuthType) String() string
type SMTPSettingsPayload ¶
type SMTPSettingsPayload struct {
// SMTPEnabled indicates whether the user has selected that SMTP is
// enabled in the UI.
SMTPEnabled *bool `json:"enable_smtp"`
// SMTPConfigured is a flag that indicates if smtp has been successfully
// tested with the settings provided by an admin user.
SMTPConfigured *bool `json:"configured"`
// SMTPSenderAddress is the email address that will appear in emails sent
// from Fleet
SMTPSenderAddress *string `json:"sender_address"`
// SMTPServer is the host name of the SMTP server Fleet will use to send mail
SMTPServer *string `json:"server"`
// SMTPPort port SMTP server will use
SMTPPort *uint `json:"port"`
// SMTPAuthenticationType type of authentication for SMTP
SMTPAuthenticationType *string `json:"authentication_type"`
// SMTPUserName must be provided if SMTPAuthenticationType is UserNamePassword
SMTPUserName *string `json:"user_name"`
// SMTPPassword must be provided if SMTPAuthenticationType is UserNamePassword
SMTPPassword *string `json:"password"`
// SMTPEnableSSLTLS whether to use SSL/TLS for SMTP
SMTPEnableTLS *bool `json:"enable_ssl_tls"`
// SMTPAuthenticationMethod authentication method smtp server will use
SMTPAuthenticationMethod *string `json:"authentication_method"`
// SMTPDomain optional domain for SMTP
SMTPDomain *string `json:"domain"`
// SMTPVerifySSLCerts defaults to true but can be turned off if self signed
// SSL certs are used by the SMTP server
SMTPVerifySSLCerts *bool `json:"verify_ssl_certs"`
// SMTPEnableStartTLS detects of TLS is enabled on mail server and starts to use it (default true)
SMTPEnableStartTLS *bool `json:"enable_start_tls"`
}
SMTPSettingsPayload is part of the AppConfigPayload which defines the wire representation of the app config endpoints
type SSOSession ¶
type SSOSettings ¶
type SSOSettings struct {
// IDPName is a human readable name for the IDP
IDPName string `json:"idp_name"`
// IDPImageURL https link to a logo image for the IDP.
IDPImageURL string `json:"idp_image_url"`
// SSOEnabled true if single sign on is enabled.
SSOEnabled bool `json:"sso_enabled"`
}
SSOSettings SSO information used prior to authentication.
type SSOSettingsPayload ¶
type SSOSettingsPayload struct {
// EntityID is a uri that identifies this service provider
EntityID *string `json:"entity_id"`
// IssuerURI is the uri that identifies the identity provider
IssuerURI *string `json:"issuer_uri"`
// IDPImageURL is a link to a logo or other image that is used for UX
IDPImageURL *string `json:"idp_image_url"`
// Metadata contains IDP metadata XML
Metadata *string `json:"metadata"`
// MetadataURL is a URL provided by the IDP which can be used to download
// metadata
MetadataURL *string `json:"metadata_url"`
// IDPName is a human friendly name for the IDP
IDPName *string `json:"idp_name"`
// EnableSSO flag to determine whether or not to enable SSO
EnableSSO *bool `json:"enable_sso"`
}
SSOSettingsPayload wire format for SSO settings
type ScheduledQuery ¶
type ScheduledQuery struct {
UpdateCreateTimestamps
ID uint `json:"id"`
PackID uint `json:"pack_id" db:"pack_id"`
Name string `json:"name"`
QueryID uint `json:"query_id" db:"query_id"`
QueryName string `json:"query_name" db:"query_name"`
Query string `json:"query"` // populated via a join on queries
Description string `json:"description,omitempty"`
Interval uint `json:"interval"`
Snapshot *bool `json:"snapshot"`
Removed *bool `json:"removed"`
Platform *string `json:"platform,omitempty"`
Version *string `json:"version,omitempty"`
Shard *uint `json:"shard"`
}
type ScheduledQueryPayload ¶
type ScheduledQueryService ¶
type ScheduledQueryService interface {
GetScheduledQueriesInPack(ctx context.Context, id uint, opts ListOptions) (queries []*ScheduledQuery, err error)
GetScheduledQuery(ctx context.Context, id uint) (query *ScheduledQuery, err error)
ScheduleQuery(ctx context.Context, sq *ScheduledQuery) (query *ScheduledQuery, err error)
DeleteScheduledQuery(ctx context.Context, id uint) (err error)
ModifyScheduledQuery(ctx context.Context, id uint, p ScheduledQueryPayload) (query *ScheduledQuery, err error)
}
type ScheduledQueryStore ¶
type ScheduledQueryStore interface {
ListScheduledQueriesInPack(id uint, opts ListOptions) ([]*ScheduledQuery, error)
NewScheduledQuery(sq *ScheduledQuery, opts ...OptionalArg) (*ScheduledQuery, error)
SaveScheduledQuery(sq *ScheduledQuery) (*ScheduledQuery, error)
DeleteScheduledQuery(id uint) error
ScheduledQuery(id uint) (*ScheduledQuery, error)
}
type ServerSettings ¶
type ServerSettings struct {
KolideServerURL *string `json:"kolide_server_url,omitempty"`
LiveQueryDisabled *bool `json:"live_query_disabled,omitempty"`
}
ServerSettings contains general settings about the kolide App.
type Service ¶
type Service interface {
UserService
SessionService
PackService
LabelService
QueryService
CampaignService
OsqueryService
OsqueryOptionsService
HostService
AppConfigService
InviteService
TargetService
ScheduledQueryService
StatusService
}
service a interface stub
type Session ¶
type Session struct {
CreateTimestamp
ID uint
AccessedAt time.Time `db:"accessed_at"`
UserID uint `db:"user_id"`
Key string
}
Session is the model object which represents what an active session is
type SessionService ¶
type SessionService interface {
// InitiateSSO is used to initiate an SSO session and returns a URL that
// can be used in a redirect to the IDP.
// Arguments: redirectURL is the URL of the protected resource that the user
// was trying to access when they were promted to log in.
InitiateSSO(ctx context.Context, redirectURL string) (string, error)
// CallbackSSO handles the IDP response. The original URL the viewer attempted
// to access is returned from this function so we can redirect back to the front end and
// load the page the viewer originally attempted to access when prompted for login.
CallbackSSO(ctx context.Context, auth Auth) (*SSOSession, error)
// SSOSettings returns non sensitive single sign on information used before
// authentication
SSOSettings(ctx context.Context) (*SSOSettings, error)
Login(ctx context.Context, username, password string) (user *User, token string, err error)
Logout(ctx context.Context) (err error)
DestroySession(ctx context.Context) (err error)
GetInfoAboutSessionsForUser(ctx context.Context, id uint) (sessions []*Session, err error)
DeleteSessionsForUser(ctx context.Context, id uint) (err error)
GetInfoAboutSession(ctx context.Context, id uint) (session *Session, err error)
GetSessionByKey(ctx context.Context, key string) (session *Session, err error)
DeleteSession(ctx context.Context, id uint) (err error)
}
type SessionStore ¶
type SessionStore interface {
// Given a session key, find and return a session object or an error if one
// could not be found for the given key
SessionByKey(key string) (*Session, error)
// Given a session id, find and return a session object or an error if one
// could not be found for the given id
SessionByID(id uint) (*Session, error)
// Find all of the active sessions for a given user
ListSessionsForUser(id uint) ([]*Session, error)
// Store a new session struct
NewSession(session *Session) (*Session, error)
// Destroy the currently tracked session
DestroySession(session *Session) error
// Destroy all of the sessions for a given user
DestroyAllSessionsForUser(id uint) error
// Mark the currently tracked session as access to extend expiration
MarkSessionAccessed(session *Session) error
}
SessionStore is the abstract interface that all session backends must conform to.
type StatusService ¶
type StatusService interface {
// StatusResultStore returns nil if the result store is functioning
// correctly, or an error indicating the problem.
StatusResultStore(ctx context.Context) error
// StatusLiveQuery returns nil if live queries are enabled, or an
// error indicating the problem.
StatusLiveQuery(ctx context.Context) error
}
type Target ¶
type Target struct {
Type TargetType
TargetID uint
}
type TargetMetrics ¶
type TargetMetrics struct {
// TotalHosts is the total hosts in any status. It should equal
// OnlineHosts + OfflineHosts + MissingInActionHosts.
TotalHosts uint `db:"total"`
// OnlineHosts is the count of hosts that have checked in within their
// expected checkin interval (based on the configuration interval
// values, see Host.Status()).
OnlineHosts uint `db:"online"`
// OfflineHosts is the count of hosts that have not checked in within
// their expected interval.
OfflineHosts uint `db:"offline"`
// MissingInActionHosts is the count of hosts that have not checked in
// within the last 30 days.
MissingInActionHosts uint `db:"mia"`
// NewHosts is the count of hosts that have enrolled in the last 24
// hours.
NewHosts uint `db:"new"`
}
TargetMetrics contains information about the online status of a set of hosts.
type TargetSearchResults ¶
type TargetService ¶
type TargetService interface {
// SearchTargets will accept a search query, a slice of IDs of hosts to omit,
// and a slice of IDs of labels to omit, and it will return a set of targets
// (hosts and label) which match the supplied search query.
SearchTargets(ctx context.Context, query string, selectedHostIDs []uint, selectedLabelIDs []uint) (*TargetSearchResults, error)
// CountHostsInTargets returns the metrics of the hosts in the provided
// label and explicit host IDs.
CountHostsInTargets(ctx context.Context, hostIDs []uint, labelIDs []uint) (*TargetMetrics, error)
}
type TargetStore ¶
type TargetStore interface {
// CountHostsInTargets returns the metrics of the hosts in the provided
// label and explicit host IDs.
CountHostsInTargets(hostIDs, labelIDs []uint, now time.Time) (TargetMetrics, error)
// HostIDsInTargets returns the host IDs of the hosts in the provided label
// and explicit host IDs. The returned host IDs should be sorted in
// ascending order.
HostIDsInTargets(hostIDs, labelIDs []uint) ([]uint, error)
}
type Transaction ¶
type Transactions ¶
type Transactions interface {
Begin() (Transaction, error)
}
type UpdateCreateTimestamps ¶
type UpdateCreateTimestamps struct {
CreateTimestamp
UpdateTimestamp
}
type UpdateTimestamp ¶
UpdateTimestamp contains a timestamp that is set whenever an entity is changed
type User ¶
type User struct {
UpdateCreateTimestamps
ID uint `json:"id"`
Username string `json:"username"`
Password []byte `json:"-"`
Salt string `json:"-"`
Name string `json:"name"`
Email string `json:"email"`
Admin bool `json:"admin"`
Enabled bool `json:"enabled"`
AdminForcedPasswordReset bool `json:"force_password_reset" db:"admin_forced_password_reset"`
GravatarURL string `json:"gravatar_url" db:"gravatar_url"`
Position string `json:"position,omitempty"` // job role
// SSOEnabled if true, the single siqn on is used to log in
SSOEnabled bool `json:"sso_enabled" db:"sso_enabled"`
}
User is the model struct which represents a kolide user
func (*User) ValidatePassword ¶
ValidatePassword accepts a potential password for a given user and attempts to validate it against the hash stored in the database after joining the supplied password with the stored password salt
type UserPayload ¶
type UserPayload struct {
Username *string `json:"username,omitempty"`
Name *string `json:"name,omitempty"`
Email *string `json:"email,omitempty"`
Admin *bool `json:"admin,omitempty"`
Enabled *bool `json:"enabled,omitempty"`
Password *string `json:"password,omitempty"`
GravatarURL *string `json:"gravatar_url,omitempty"`
Position *string `json:"position,omitempty"`
InviteToken *string `json:"invite_token,omitempty"`
SSOInvite *bool `json:"sso_invite,omitempty"`
SSOEnabled *bool `json:"sso_enabled,omitempty"`
}
UserPayload is used to modify an existing user
type UserService ¶
type UserService interface {
// NewUser creates a new User from a request Payload.
NewUser(ctx context.Context, p UserPayload) (user *User, err error)
// NewAdminCreatedUser allows an admin to create a new user without
// first creating and validating invite tokens.
NewAdminCreatedUser(ctx context.Context, p UserPayload) (user *User, err error)
// User returns a valid User given a User ID.
User(ctx context.Context, id uint) (user *User, err error)
// AuthenticatedUser returns the current user from the viewer context.
AuthenticatedUser(ctx context.Context) (user *User, err error)
// ListUsers returns all users.
ListUsers(ctx context.Context, opt ListOptions) (users []*User, err error)
// ChangePassword validates the existing password, and sets the new
// password. User is retrieved from the viewer context.
ChangePassword(ctx context.Context, oldPass, newPass string) error
// RequestPasswordReset generates a password reset request for the user
// specified by email. The request results in a token emailed to the
// user.
RequestPasswordReset(ctx context.Context, email string) (err error)
// RequirePasswordReset requires a password reset for the user
// specified by ID (if require is true). It deletes all of the user's
// sessions, and requires that their password be reset upon the next
// login. Setting require to false will take a user out of this state.
// The updated user is returned.
RequirePasswordReset(ctx context.Context, uid uint, require bool) (*User, error)
// PerformRequiredPasswordReset resets a password for a user that is in
// the required reset state. It must be called with the logged in
// viewer context of that user.
PerformRequiredPasswordReset(ctx context.Context, password string) (*User, error)
// ResetPassword validates the provided password reset token and
// updates the user's password.
ResetPassword(ctx context.Context, token, password string) (err error)
// ModifyUser updates a user's parameters given a UserPayload.
ModifyUser(ctx context.Context, userID uint, p UserPayload) (user *User, err error)
// ChangeUserAdmin is used to modify the admin state of the user identified by id.
ChangeUserAdmin(ctx context.Context, id uint, isAdmin bool) (*User, error)
// ChangeUserEnabled is used to enable/disable the user identified by id.
ChangeUserEnabled(ctx context.Context, id uint, isEnabled bool) (*User, error)
// ChangeUserEmail is used to confirm new email address and if confirmed,
// write the new email address to user.
ChangeUserEmail(ctx context.Context, token string) (string, error)
}
UserService contains methods for managing a Fleet User.
type UserStore ¶
type UserStore interface {
NewUser(user *User) (*User, error)
User(username string) (*User, error)
ListUsers(opt ListOptions) ([]*User, error)
UserByEmail(email string) (*User, error)
UserByID(id uint) (*User, error)
SaveUser(user *User) error
// PendingEmailChange creates a record with a pending email change for a user identified
// by uid. The change record is keyed by a unique token. The token is emailed to the user
// with a link that they can use to confirm the change.
PendingEmailChange(userID uint, newEmail, token string) error
// ConfirmPendingEmailChange will confirm new email address identified by token is valid.
// The new email will be written to user record. userID is the ID of the
// user whose e-mail is being changed.
ConfirmPendingEmailChange(userID uint, token string) (string, error)
}
UserStore contains methods for managing users in a datastore
type WarningType ¶
type WarningType string
WarningType is used to group associated warnings for options, packs etc when importing on osquery configuration file.
type YARAConfig ¶
type YARAConfig struct {
Signatures map[string][]string `json:"signatures"`
FilePaths map[string][]string `json:"file_paths"`
}
YARAConfig yara configuration maps keys to lists of files. See https://osquery.readthedocs.io/en/stable/deployment/yara/
Source Files
¶
- app.go
- campaigns.go
- datastore.go
- emails.go
- fleetctl.go
- hosts.go
- import_config.go
- import_config_unmarshaler.go
- invites.go
- labels.go
- live_query_store.go
- logging.go
- meta.go
- network_interfaces.go
- osquery.go
- osquery_options.go
- packs.go
- queries.go
- query_results.go
- scheduled_queries.go
- service.go
- sessions.go
- status.go
- targets.go
- traits.go
- transactions.go
- users.go
Click to show internal directories.
Click to hide internal directories.