pyrox.dev / nixpkgs
lol
fork atom

osquery: init at 2.5.2

Charles Strahan 53426f6c 29d2fe4a

+318
unified split
+1
nixos/modules/module-list.nix
··· 350 350 ./services/monitoring/munin.nix 351 351 ./services/monitoring/nagios.nix 352 352 ./services/monitoring/netdata.nix 353 + ./services/monitoring/osquery.nix 353 354 ./services/monitoring/prometheus/default.nix 354 355 ./services/monitoring/prometheus/alertmanager.nix 355 356 ./services/monitoring/prometheus/blackbox-exporter.nix
+91
nixos/modules/services/monitoring/osquery.nix
··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with builtins; 4 + with lib; 5 + 6 + let 7 + cfg = config.services.osquery; 8 + 9 + in 10 + 11 + { 12 + 13 + options = { 14 + 15 + services.osquery = { 16 + 17 + enable = mkEnableOption "osquery"; 18 + 19 + loggerPath = mkOption { 20 + type = types.path; 21 + description = "Base directory used for logging."; 22 + default = "/var/log/osquery"; 23 + }; 24 + 25 + pidfile = mkOption { 26 + type = types.path; 27 + description = "Path used for pid file."; 28 + default = "/var/osquery/osqueryd.pidfile"; 29 + }; 30 + 31 + utc = mkOption { 32 + type = types.bool; 33 + description = "Attempt to convert all UNIX calendar times to UTC."; 34 + default = true; 35 + }; 36 + 37 + databasePath = mkOption { 38 + type = types.path; 39 + description = "Path used for database file."; 40 + default = "/var/osquery/osquery.db"; 41 + }; 42 + 43 + extraConfig = mkOption { 44 + type = types.attrs // { 45 + merge = loc: foldl' (res: def: recursiveUpdate res def.value) {}; 46 + }; 47 + description = "Extra config to be recursively merged into the JSON config file."; 48 + default = { }; 49 + }; 50 + }; 51 + 52 + }; 53 + 54 + config = mkIf cfg.enable { 55 + 56 + environment.systemPackages = [ pkgs.osquery ]; 57 + 58 + environment.etc."osquery/osquery.conf".text = toJSON ( 59 + recursiveUpdate { 60 + options = { 61 + config_plugin = "filesystem"; 62 + logger_plugin = "filesystem"; 63 + logger_path = cfg.loggerPath; 64 + database_path = cfg.databasePath; 65 + utc = cfg.utc; 66 + }; 67 + } cfg.extraConfig 68 + ); 69 + 70 + systemd.services.osqueryd = { 71 + description = "The osquery Daemon"; 72 + after = [ "network.target" "syslog.service" ]; 73 + wantedBy = [ "multi-user.target" ]; 74 + path = [ pkgs.osquery ]; 75 + preStart = '' 76 + mkdir -p ${escapeShellArg cfg.loggerPath} 77 + mkdir -p "$(dirname ${escapeShellArg cfg.pidfile})" 78 + mkdir -p "$(dirname ${escapeShellArg cfg.databasePath})" 79 + ''; 80 + serviceConfig = { 81 + TimeoutStartSec = 0; 82 + ExecStart = "${pkgs.osquery}/bin/osqueryd --logger_path ${escapeShellArg cfg.loggerPath} --pidfile ${escapeShellArg cfg.pidfile} --database_path ${escapeShellArg cfg.databasePath}"; 83 + KillMode = "process"; 84 + KillSignal = "SIGTERM"; 85 + Restart = "on-failure"; 86 + }; 87 + }; 88 + 89 + }; 90 + 91 + }
+76
pkgs/tools/system/osquery/default.nix
··· 1 + { stdenv, lib, fetchFromGitHub, pkgconfig, cmake, pythonPackages 2 + , udev, audit, aws-sdk-cpp, cryptsetup, lvm2, libgcrypt, libarchive 3 + , libgpgerror, libuuid, iptables, apt, dpkg, lzma, lz4, bzip2, rpm 4 + , beecrypt, augeas, libxml2, sleuthkit, yara, lldpd, google-gflags 5 + , thrift, boost, rocksdb_lite, cpp-netlib, glog, gbenchmark, snappy 6 + , openssl, linenoise-ng, file, doxygen, devicemapper 7 + }: 8 + 9 + let 10 + thirdparty = fetchFromGitHub { 11 + owner = "osquery"; 12 + repo = "third-party"; 13 + rev = "6919841175b2c9cb2dee8986e0cfe49191ecb868"; 14 + sha256 = "1kjxrky586jd1b2z1vs9cm7x1dxw51cizpys9kddiarapc2ih65j"; 15 + }; 16 + 17 + in 18 + 19 + stdenv.mkDerivation rec { 20 + name = "osquery-${version}"; 21 + version = "2.5.2"; 22 + 23 + # this is what `osquery --help` will show as the version. 24 + OSQUERY_BUILD_VERSION = version; 25 + 26 + src = fetchFromGitHub { 27 + owner = "facebook"; 28 + repo = "osquery"; 29 + rev = version; 30 + sha256 = "16isplk66qpvhrf041l0lxb4z6k7wwd1sg7kpsw2q6kivkxpnk3z"; 31 + }; 32 + 33 + patches = [ ./misc.patch ] ++ lib.optional stdenv.isLinux ./platform-nixos.patch; 34 + 35 + nativeBuildInputs = [ 36 + pkgconfig cmake pythonPackages.python pythonPackages.jinja2 37 + ]; 38 + 39 + buildInputs = [ 40 + udev audit 41 + 42 + (aws-sdk-cpp.override { 43 + apis = [ "firehose" "kinesis" "sts" ]; 44 + customMemoryManagement = false; 45 + }) 46 + 47 + lvm2 libgcrypt libarchive libgpgerror libuuid iptables.dev apt dpkg 48 + lzma lz4 bzip2 rpm beecrypt augeas libxml2 sleuthkit 49 + yara lldpd google-gflags thrift boost 50 + cpp-netlib glog gbenchmark snappy openssl linenoise-ng 51 + file doxygen devicemapper cryptsetup 52 + 53 + # need to be consistent about the malloc implementation 54 + (rocksdb_lite.override { jemalloc = null; gperftools = null; }) 55 + ]; 56 + 57 + preConfigure = '' 58 + export NIX_CFLAGS_COMPILE="-I${libxml2.dev}/include/libxml2 $NIX_CFLAGS_COMPILE" 59 + 60 + cmakeFlagsArray+=( 61 + -DCMAKE_LIBRARY_PATH=${cryptsetup}/lib 62 + -DCMAKE_VERBOSE_MAKEFILE=ON 63 + ) 64 + 65 + cp -r ${thirdparty}/* third-party 66 + chmod +w -R third-party 67 + ''; 68 + 69 + meta = with lib; { 70 + description = "SQL powered operating system instrumentation, monitoring, and analytics"; 71 + homepage = "https://osquery.io/"; 72 + license = licenses.bsd3; 73 + platforms = platforms.linux; 74 + maintainers = with maintainers; [ cstrahan ]; 75 + }; 76 + }
+126
pkgs/tools/system/osquery/misc.patch
··· 1 + diff --git a/CMakeLists.txt b/CMakeLists.txt 2 + index a976a46d..73a95575 100644 3 + --- a/CMakeLists.txt 4 + +++ b/CMakeLists.txt 5 + @@ -125,14 +125,13 @@ else() 6 + set(CXX_COMPILE_FLAGS "${CXX_COMPILE_FLAGS} -std=c++14 -stdlib=libc++") 7 + else() 8 + set(LINUX TRUE) 9 + - set(CXX_COMPILE_FLAGS "${CXX_COMPILE_FLAGS} -std=c++14 -stdlib=libstdc++") 10 + + set(CXX_COMPILE_FLAGS "${CXX_COMPILE_FLAGS} -std=c++14") 11 + endif() 12 + set(POSIX TRUE) 13 + endif() 14 + 15 + if(POSIX) 16 + add_compile_options( 17 + - -Qunused-arguments 18 + -Wstrict-aliasing 19 + -Wno-missing-field-initializers 20 + -Wno-unused-local-typedef 21 + @@ -154,7 +153,6 @@ if(POSIX) 22 + ) 23 + if(NOT FREEBSD) 24 + add_compile_options( 25 + - -Werror=shadow 26 + -fvisibility=hidden 27 + -fvisibility-inlines-hidden 28 + ) 29 + @@ -439,6 +437,8 @@ endif() 30 + 31 + if(APPLE) 32 + LOG_PLATFORM("OS X") 33 + +elseif(OSQUERY_BUILD_PLATFORM STREQUAL "nixos") 34 + + LOG_PLATFORM("NixOS") 35 + elseif(OSQUERY_BUILD_PLATFORM STREQUAL "debian") 36 + LOG_PLATFORM("Debian") 37 + elseif(OSQUERY_BUILD_PLATFORM STREQUAL "ubuntu") 38 + diff --git a/include/osquery/core.h b/include/osquery/core.h 39 + index b597edee..b0628037 100644 40 + --- a/include/osquery/core.h 41 + +++ b/include/osquery/core.h 42 + @@ -15,8 +15,9 @@ 43 + #include <string> 44 + #include <vector> 45 + 46 + -#if defined(__APPLE__) || defined(__FreeBSD__) 47 + +#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__linux__) 48 + #include <boost/thread/shared_mutex.hpp> 49 + +#include <boost/thread/recursive_mutex.hpp> 50 + #else 51 + #include <shared_mutex> 52 + #endif 53 + @@ -188,7 +189,7 @@ inline bool isPlatform(PlatformType a, const PlatformType& t = kPlatformType) { 54 + return (static_cast<int>(t) & static_cast<int>(a)) != 0; 55 + } 56 + 57 + -#if defined(__APPLE__) || defined(__FreeBSD__) 58 + +#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__linux__) 59 + #define MUTEX_IMPL boost 60 + #else 61 + #define MUTEX_IMPL std 62 + @@ -204,10 +205,10 @@ using WriteLock = MUTEX_IMPL::unique_lock<Mutex>; 63 + using ReadLock = MUTEX_IMPL::shared_lock<Mutex>; 64 + 65 + /// Helper alias for defining recursive mutexes. 66 + -using RecursiveMutex = std::recursive_mutex; 67 + +using RecursiveMutex = MUTEX_IMPL::recursive_mutex; 68 + 69 + /// Helper alias for write locking a recursive mutex. 70 + -using RecursiveLock = std::lock_guard<std::recursive_mutex>; 71 + +using RecursiveLock = MUTEX_IMPL::lock_guard<MUTEX_IMPL::recursive_mutex>; 72 + } 73 + 74 + /** 75 + diff --git a/osquery/CMakeLists.txt b/osquery/CMakeLists.txt 76 + index 77913d31..c833c289 100644 77 + --- a/osquery/CMakeLists.txt 78 + +++ b/osquery/CMakeLists.txt 79 + @@ -157,6 +157,7 @@ ADD_OSQUERY_LINK_ADDITIONAL("cppnetlib-client-connections${WO_KEY}") 80 + ADD_OSQUERY_LINK_CORE("glog${WO_KEY}") 81 + 82 + if(POSIX) 83 + + ADD_OSQUERY_LINK_ADDITIONAL("benchmark") 84 + ADD_OSQUERY_LINK_ADDITIONAL("snappy") 85 + ADD_OSQUERY_LINK_ADDITIONAL("ssl") 86 + ADD_OSQUERY_LINK_ADDITIONAL("crypto") 87 + @@ -336,13 +337,6 @@ if(NOT OSQUERY_BUILD_SDK_ONLY) 88 + 89 + install(DIRECTORY "${CMAKE_SOURCE_DIR}/packs/" 90 + DESTINATION "${CMAKE_INSTALL_PREFIX}/share/osquery/packs" COMPONENT main) 91 + - if(APPLE) 92 + - install(FILES "${CMAKE_SOURCE_DIR}/tools/deployment/com.facebook.osqueryd.plist" 93 + - DESTINATION "${CMAKE_INSTALL_PREFIX}/share/osquery/" COMPONENT main) 94 + - else() 95 + - install(PROGRAMS "${CMAKE_SOURCE_DIR}/tools/deployment/osqueryd.initd" 96 + - DESTINATION "/etc/init.d/" RENAME "osqueryd" COMPONENT main) 97 + - endif() 98 + endif() 99 + 100 + if(NOT SKIP_TESTS) 101 + diff --git a/osquery/tables/system/linux/tests/md_tables_tests.cpp b/osquery/tables/system/linux/tests/md_tables_tests.cpp 102 + index 126be362..119d361d 100644 103 + --- a/osquery/tables/system/linux/tests/md_tables_tests.cpp 104 + +++ b/osquery/tables/system/linux/tests/md_tables_tests.cpp 105 + @@ -72,7 +72,7 @@ void GetDrivesForArrayTestHarness(std::string arrayName, 106 + EXPECT_CALL(md, getArrayInfo(arrayDevPath, _)) 107 + .WillOnce(DoAll(SetArgReferee<1>(arrayInfo), Return(true))); 108 + 109 + - Sequence::Sequence s1; 110 + + Sequence s1; 111 + for (int i = 0; i < MD_SB_DISKS; i++) { 112 + mdu_disk_info_t diskInfo; 113 + diskInfo.number = i; 114 + diff --git a/specs/windows/services.table b/specs/windows/services.table 115 + index 4ac24ee9..657d8b99 100644 116 + --- a/specs/windows/services.table 117 + +++ b/specs/windows/services.table 118 + @@ -12,7 +12,7 @@ schema([ 119 + Column("path", TEXT, "Path to Service Executable"), 120 + Column("module_path", TEXT, "Path to ServiceDll"), 121 + Column("description", TEXT, "Service Description"), 122 + - Column("user_account", TEXT, "The name of the account that the service process will be logged on as when it runs. This name can be of the form Domain\UserName. If the account belongs to the built-in domain, the name can be of the form .\UserName."), 123 + + Column("user_account", TEXT, "The name of the account that the service process will be logged on as when it runs. This name can be of the form Domain\\UserName. If the account belongs to the built-in domain, the name can be of the form .\\UserName."), 124 + ]) 125 + implementation("system/windows/services@genServices") 126 + examples([
+22
pkgs/tools/system/osquery/platform-nixos.patch
··· 1 + diff --git a/tools/get_platform.py b/tools/get_platform.py 2 + index 3dd34516..f53ca83a 100644 3 + --- a/tools/get_platform.py 4 + +++ b/tools/get_platform.py 5 + @@ -26,6 +26,8 @@ DEBIAN_VERSION = "/etc/debian_version" 6 + GENTOO_RELEASE = "/etc/gentoo-release" 7 + 8 + def _platform(): 9 + + return ("nixos", "nixos") 10 + + 11 + osType, _, _, _, _, _ = platform.uname() 12 + 13 + if osType == "Windows": 14 + @@ -75,6 +77,8 @@ def _platform(): 15 + return (None, osType.lower()) 16 + 17 + def _distro(osType): 18 + + return "unknown_version" 19 + + 20 + def getRedhatDistroVersion(pattern): 21 + with open(SYSTEM_RELEASE, "r") as fd: 22 + contents = fd.read()
+2
pkgs/top-level/all-packages.nix
··· 15340 15340 15341 15341 osmo = callPackage ../applications/office/osmo { }; 15342 15342 15343 + osquery = callPackage ../tools/system/osquery { }; 15344 + 15343 15345 palemoon = callPackage ../applications/networking/browsers/palemoon { 15344 15346 # https://forum.palemoon.org/viewtopic.php?f=57&t=15296#p111146 15345 15347 stdenv = overrideCC stdenv gcc49;