runtime

package
v0.11.18 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 12, 2021 License: MIT Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type OsqueryInstance

type OsqueryInstance struct {
	// contains filtered or unexported fields
}

OsqueryInstance is the type which represents a currently running instance of osqueryd.

func (*OsqueryInstance) Healthy

func (o *OsqueryInstance) Healthy() error

Healthy will check to determine whether or not the osquery process that is being managed by the current instantiation of this OsqueryInstance is healthy. If the instance is healthy, it returns nil.

func (*OsqueryInstance) Query

func (o *OsqueryInstance) Query(query string) ([]map[string]string, error)

type OsqueryInstanceOption

type OsqueryInstanceOption func(*OsqueryInstance)

OsqueryInstanceOption is a functional option pattern for defining how an osqueryd instance should be configured. For more information on this pattern, see the following blog post: https://dave.cheney.net/2014/10/17/functional-options-for-friendly-apis

func WithConfigPluginFlag

func WithConfigPluginFlag(plugin string) OsqueryInstanceOption

WithConfigPluginFlag is a functional option which allows the user to define which config plugin osqueryd should use to retrieve the config. If this is not defined, it is assumed that no configuration is needed and a no-op config will be used. This should only be configured once and cannot be changed once osqueryd is running.

func WithDistributedPluginFlag

func WithDistributedPluginFlag(plugin string) OsqueryInstanceOption

WithDistributedPluginFlag is a functional option which allows the user to define which distributed plugin osqueryd should use to log status and result logs. If this is not defined, logs will be logged via the application's default distributed. The distributed plugin which osquery uses can be changed at any point during the osqueryd execution lifecycle by defining the option via the config.

func WithExtensionSocketPath

func WithExtensionSocketPath(path string) OsqueryInstanceOption

WithExtensionSocketPath is a functional option which allows the user to define the path of the extension socket path that osqueryd will open to communicate with other processes.

func WithLogger

func WithLogger(logger log.Logger) OsqueryInstanceOption

WithLogger is a functional option which allows the user to pass a log.Logger to be used for logging osquery instance status.

func WithLoggerPluginFlag

func WithLoggerPluginFlag(plugin string) OsqueryInstanceOption

WithLoggerPluginFlag is a functional option which allows the user to define which logger plugin osqueryd should use to log status and result logs. If this is not defined, logs will be logged via the application's default logger. The logger plugin which osquery uses can be changed at any point during the osqueryd execution lifecycle by defining the option via the config.

func WithOsqueryExtensionPlugins

func WithOsqueryExtensionPlugins(plugins ...osquery.OsqueryPlugin) OsqueryInstanceOption

WithOsqueryExtensionPlugins is a functional option which allows the user to declare a number of osquery plugins (ie: config plugin, logger plugin, tables, etc) which can be loaded when calling LaunchOsqueryInstance. You can load as many plugins as you'd like.

func WithOsqueryFlags added in v0.11.11

func WithOsqueryFlags(flags []string) OsqueryInstanceOption

WithOsqueryFlags sets additional flags to pass to osquery

func WithOsqueryVerbose added in v0.11.3

func WithOsqueryVerbose(v bool) OsqueryInstanceOption

WithOsqueryVerbose sets whether or not osquery is in verbose mode

func WithOsquerydBinary

func WithOsquerydBinary(path string) OsqueryInstanceOption

WithOsquerydBinary is a functional option which allows the user to define the path of the osqueryd binary which will be launched. This should only be called once as only one binary will be executed. Defining the path to the osqueryd binary is optional. If it is not explicitly defined by the caller, an osqueryd binary will be looked for in the current $PATH.

func WithRootDirectory

func WithRootDirectory(path string) OsqueryInstanceOption

WithRootDirectory is a functional option which allows the user to define the path where filesystem artifacts will be stored. This may include pidfiles, RocksDB database files, etc. If this is not defined, a temporary directory will be used.

func WithStderr

func WithStderr(w io.Writer) OsqueryInstanceOption

WithStderr is a functional option which allows the user to define where the stderr of the osquery process should be directed. By default, the output will be discarded. This should only be configured once.

func WithStdout

func WithStdout(w io.Writer) OsqueryInstanceOption

WithStdout is a functional option which allows the user to define where the stdout of the osquery process should be directed. By default, the output will be discarded. This should only be configured once.

type Runner

type Runner struct {
	// contains filtered or unexported fields
}

func LaunchInstance

func LaunchInstance(opts ...OsqueryInstanceOption) (*Runner, error)

LaunchInstance will launch an instance of osqueryd via a very configurable API as defined by the various OsqueryInstanceOption functional options. The returned instance should be shut down via the Shutdown() method. For example, a more customized caller might do something like the following:

  instance, err := LaunchInstance(
    WithOsquerydBinary("/usr/local/bin/osqueryd"),
    WithRootDirectory("/var/foobar"),
    WithConfigPluginFlag("custom"),
		 WithOsqueryExtensionPlugins(
		 	 config.NewPlugin("custom", custom.GenerateConfigs),
		   logger.NewPlugin("custom", custom.LogString),
		 	 tables.NewPlugin("foobar", custom.FoobarColumns, custom.FoobarGenerate),
    ),
  )

func LaunchUnstartedInstance

func LaunchUnstartedInstance(opts ...OsqueryInstanceOption) *Runner

LaunchUnstartedInstance sets up a osqueryd instance similar to LaunchInstance, but gives the caller control over when the instance will run. Useful for controlling startup and shutdown goroutines.

func (*Runner) Healthy

func (r *Runner) Healthy() error

Healthy checks the health of the instance and returns an error describing any problem.

func (*Runner) Query

func (r *Runner) Query(query string) ([]map[string]string, error)

func (*Runner) Restart

func (r *Runner) Restart() error

Restart allows you to cleanly shutdown the current instance and launch a new instance with the same configurations.

func (*Runner) Shutdown

func (r *Runner) Shutdown() error

Shutdown instructs the runner to permanently stop the running instance (no restart will be attempted).

func (*Runner) Start

func (r *Runner) Start() error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL