environments

package

v0.4.7 Latest Latest Go to latest Published: Sep 30, 2025 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/jmpsec/osctrl

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func EnvironmentFinderID(envID uint, envs []TLSEnvironment, uuid bool) string
func EnvironmentFinderUUID(envIdentifier string, envs []TLSEnvironment) string
func GenCarveBlockSizeFlag(blockSize string) string
func GenCarverFlags(env TLSEnvironment, carverBlock string) string
func GenConfigFlags(env TLSEnvironment) string
func GenLoggerFlags(env TLSEnvironment) string
func GenQueryFlags(env TLSEnvironment) string
func GenServerCertsFlag(certificatePath string) string
func GenSingleFlag(tmplName, flagName, flagValue string) string
func IsItExpired(t time.Time) bool
func IsPlatformLinux(pCheck string) bool
func IsPlatformQuery(pQuery, pCheck string) bool
func PackageDownloadURL(env TLSEnvironment, pkg string) string
func ParseFlagTemplate(tmplName, flagTemplate string, data interface{}) string
func PrepareOneLiner(oneliner string, insecure bool, environment TLSEnvironment, target string) (string, error)
func QuickAddOneLinerPowershell(insecure bool, environment TLSEnvironment) (string, error)
func QuickAddOneLinerShell(insecure bool, environment TLSEnvironment) (string, error)
func QuickAddScript(project, script string, environment TLSEnvironment) (string, error)
func QuickRemoveOneLinerPowershell(insecure bool, environment TLSEnvironment) (string, error)
func QuickRemoveOneLinerShell(insecure bool, environment TLSEnvironment) (string, error)
func ReadExternalFile(path string) string
type ATCConf
type DecoratorConf
type EnvCache
- func NewEnvCache(envs EnvManager) *EnvCache
- func (ec *EnvCache) Close()
- func (ec *EnvCache) GetByUUID(ctx context.Context, uuid string) (TLSEnvironment, error)
- func (ec *EnvCache) InvalidateAll(ctx context.Context)
- func (ec *EnvCache) InvalidateEnv(ctx context.Context, uuid string)
- func (ec *EnvCache) UpdateEnvInCache(ctx context.Context, env TLSEnvironment)
type EnvManager
- func CreateEnvironment(backend *gorm.DB) *EnvManager
- func (environment *EnvManager) AddOptionsConf(name, option string, value interface{}) error
- func (environment *EnvManager) AddQueryPackConf(name, pName string, pack interface{}) error
- func (environment *EnvManager) AddQueryToPackConf(name, pName, qName string, query ScheduleQuery) error
- func (environment *EnvManager) AddScheduleConfQuery(name, qName string, query ScheduleQuery) error
- func (environment *EnvManager) All() ([]TLSEnvironment, error)
- func (environment *EnvManager) Create(env *TLSEnvironment) error
- func (environment *EnvManager) Delete(identifier string) error
- func (environment *EnvManager) Empty(name, hostname string) TLSEnvironment
- func (environment *EnvManager) Exists(identifier string) bool
- func (environment *EnvManager) ExpireEnroll(idEnv string) error
- func (environment *EnvManager) ExpireRemove(idEnv string) error
- func (environment *EnvManager) ExtendEnroll(idEnv string) error
- func (environment *EnvManager) ExtendRemove(idEnv string) error
- func (environment *EnvManager) GenEmptyConfiguration(indent bool) string
- func (environment *EnvManager) GenPacksEntries(configuration []byte) (PacksEntries, error)
- func (environment *EnvManager) GenSerializedConf(structured interface{}, indent bool) (string, error)
- func (environment *EnvManager) GenStructATC(configuration []byte) (ATCConf, error)
- func (environment *EnvManager) GenStructConf(configuration []byte) (OsqueryConf, error)
- func (environment *EnvManager) GenStructDecorators(configuration []byte) (DecoratorConf, error)
- func (environment *EnvManager) GenStructOptions(configuration []byte) (OptionsConf, error)
- func (environment *EnvManager) GenStructPacks(configuration []byte) (PacksConf, error)
- func (environment *EnvManager) GenStructSchedule(configuration []byte) (ScheduleConf, error)
- func (environment *EnvManager) GenerateFlags(env TLSEnvironment, secretPath, certPath string, ...) (string, error)
- func (environment *EnvManager) GenerateFlagsEnv(idEnv string, secretPath, certPath string, osqCfg config.OsqueryConfiguration) (string, error)
- func (environment *EnvManager) Get(identifier string) (TLSEnvironment, error)
- func (environment *EnvManager) GetByID(id uint) (TLSEnvironment, error)
- func (environment *EnvManager) GetByName(name string) (TLSEnvironment, error)
- func (environment *EnvManager) GetByUUID(uuid string) (TLSEnvironment, error)
- func (environment *EnvManager) GetMap() (MapEnvironments, error)
- func (environment *EnvManager) GetMapByID() (MapEnvByID, error)
- func (environment *EnvManager) GetMapByString() (MapEnvByString, error)
- func (environment *EnvManager) Names() ([]string, error)
- func (environment *EnvManager) NodePacksEntries(configuration []byte, platform string) (PacksEntries, error)
- func (environment *EnvManager) NodeStructSchedule(configuration []byte, platform string) (ScheduleConf, error)
- func (environment *EnvManager) NotExpireEnroll(idEnv string) error
- func (environment *EnvManager) NotExpireRemove(idEnv string) error
- func (environment *EnvManager) RefreshConfiguration(idEnv string) error
- func (environment *EnvManager) RemoveOptionsConf(name, option string) error
- func (environment *EnvManager) RemoveQueryFromPackConf(name, pName, qName string) error
- func (environment *EnvManager) RemoveQueryPackConf(name, pName string) error
- func (environment *EnvManager) RemoveScheduleConfQuery(name, qName string) error
- func (environment *EnvManager) RotateEnroll(name string) error
- func (environment *EnvManager) RotateRemove(name string) error
- func (environment *EnvManager) RotateSecret(name string) error
- func (environment *EnvManager) RotateSecrets(name string) error
- func (environment *EnvManager) UUIDs() ([]string, error)
- func (environment *EnvManager) Update(e TLSEnvironment) error
- func (environment *EnvManager) UpdateATC(idEnv, atc string) error
- func (environment *EnvManager) UpdateCertificate(idEnv, certificate string) error
- func (environment *EnvManager) UpdateConfiguration(idEnv string, cnf OsqueryConf) error
- func (environment *EnvManager) UpdateConfigurationParts(idEnv string, cnf OsqueryConf) error
- func (environment *EnvManager) UpdateDebPackage(idEnv, debpackage string) error
- func (environment *EnvManager) UpdateDecorators(idEnv, decorators string) error
- func (environment *EnvManager) UpdateFlags(idEnv, flags string) error
- func (environment *EnvManager) UpdateHostname(idEnv, hostname string) error
- func (environment *EnvManager) UpdateIntervals(name string, csecs, lsecs, qsecs int) error
- func (environment *EnvManager) UpdateMsiPackage(idEnv, msipackage string) error
- func (environment *EnvManager) UpdateOptions(idEnv, options string) error
- func (environment *EnvManager) UpdatePacks(idEnv, packs string) error
- func (environment *EnvManager) UpdatePkgPackage(idEnv, pkgpackage string) error
- func (environment *EnvManager) UpdateRpmPackage(idEnv, rpmpackage string) error
- func (environment *EnvManager) UpdateSchedule(idEnv, schedule string) error
type MapEnvByID
type MapEnvByString
type MapEnvironments
type NameUUID
type OptionsConf
type OsqueryConf
type PackEntry
type PacksConf
type PacksEntries
type ScheduleConf
type ScheduleQuery
type TLSEnvironment

Constants ¶

View Source

const (
	// DecoratorUsers to append osquery user as result decorator
	DecoratorUsers = "" /* 134-byte string literal not displayed */
	// DecoratorHostname to append hostnames as result decorator
	DecoratorHostname = "SELECT hostname, local_hostname FROM system_info;"
	// DecoratorLoggedInUser to append the first logged in user as result decorator
	DecoratorLoggedInUser = "SELECT user || ' (' || tty || ')' AS username FROM logged_in_users WHERE type = 'user' ORDER BY time LIMIT 1;"
	// DecoratorOsqueryVersionHash to append the osquery version and the configuration hash as result decorator
	DecoratorOsqueryVersionHash = "SELECT version AS osquery_version, config_hash FROM osquery_info WHERE config_valid = 1;"
	// DecoratorMD5Process to append the MD5 of the running osquery binary as result decorator
	DecoratorMD5Process = "SELECT md5 AS osquery_md5 FROM hash WHERE path = (SELECT path FROM processes WHERE pid = (SELECT pid FROM osquery_info));"
)

View Source

const (
	// DefaultEnrollPath as default value for enrolling nodes
	DefaultEnrollPath string = settings.ScriptEnroll
	// DefaultLogPath as default value for logging data from nodes
	DefaultLogPath string = "log"
	// DefaultLogInterval as default interval for logging data from nodes
	DefaultLogInterval int = 600
	// DefaultConfigPath as default value for configuring nodes
	DefaultConfigPath string = "config"
	// DefaultConfigInterval as default interval for configuring nodes
	DefaultConfigInterval int = 300
	// DefaultQueryReadPath as default value for distributing on-demand queries to nodes
	DefaultQueryReadPath string = "read"
	// DefaultQueryWritePath as default value for collecting results from on-demand queries
	DefaultQueryWritePath string = "write"
	// DefaultQueryInterval as default interval for distributing on-demand queries to nodes
	DefaultQueryInterval int = 60
	// DefaultCarverInitPath as default init endpoint for the carver
	DefaultCarverInitPath string = "init"
	// DefaultCarverBlockPath as default block endpoint for the carver
	DefaultCarverBlockPath string = "block"
	// DefaultEnvironmentIcon as default icon to use for environments
	DefaultEnvironmentIcon string = "fas fa-wrench"
	// DefaultEnvironmentType as default type to use for environments
	DefaultEnvironmentType string = "osquery"
	// DefaultSecretLength as default length for secrets
	DefaultSecretLength int = 64
	// DefaultLinkExpire as default time in hours to expire enroll/remove links
	DefaultLinkExpire int = 24
	// DefaultFlagsPath
	DefaultFlagsPath string = "osctrld-flags"
	// DefaultCertPath
	DefaultCertPath string = "osctrld-cert"
	// DefaultVerifyPath
	DefaultVerifyPath string = "osctrld-verify"
	// DefaultScriptPath
	DefaultScriptPath string = "osctrld-script"
)

View Source

const (
	// CarverBlockSizeValue to configure size in bytes for carver blocks
	CarverBlockSizeValue string = "5120000"
	// FlagGenericValue to use as generator for generic flags
	FlagGenericValue string = `--{{ .FlagName }}={{ .FlagValue }}`
	// FlagTLSServerCerts for the --tls_server_certs flag
	FlagNameTLSServerCerts string = `tls_server_certs`
	// FlagCarverBlockSize for the --carver_block_size flag
	FlagNameCarverBlockSize string = `carver_block_size`
	// FlagsConfigPlugin to configure the config plugin
	FlagsConfigPlugin string = `` /* 181-byte string literal not displayed */

	// FlagsLoggerPlugin to configure the logger plugin
	FlagsLoggerPlugin string = `` /* 173-byte string literal not displayed */

	// FlagsQueryPlugin to configure the distributed query plugin
	FlagsQueryPlugin string = `` /* 325-byte string literal not displayed */

	// FlagsCarverPlugin to configure the carver plugin
	FlagsCarverPlugin string = `` /* 249-byte string literal not displayed */

	// FlagsTemplate to generate flags for enrolling nodes
	FlagsTemplate string = `` /* 329-byte string literal not displayed */

)

View Source

const (
	// EmptyFlagSecret to use as placeholder for the secret file
	EmptyFlagSecret string = "__SECRET_FILE__"
	// EmptyFlagCert to use as placeholder for the certificate file
	EmptyFlagCert string = "__CERT_FILE__"
)

View Source

const (
	// InsecureShellTLS for insecure TLS connections in shell oneliners
	InsecureShellTLS = "k"
	// InsecurePowershellTLS for insecure TLS connections in powershell onliners
	InsecurePowershellTLS = "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true};"
)

View Source

const (
	// ShellTarget for shell extension
	ShellTarget = ".sh"
	// PowershellTarget for powershell extension
	PowershellTarget = ".ps1"
	// EnrollTarget for enroll target
	EnrollTarget = settings.ScriptEnroll
	// RemoveTarget for remove target
	RemoveTarget = settings.ScriptRemove
	// EnrollShell for enroll shell
	EnrollShell = EnrollTarget + ShellTarget
	// RemoveShell for remove shell
	RemoveShell = RemoveTarget + ShellTarget
	// EnrollPowershell for enroll powershell
	EnrollPowershell = EnrollTarget + PowershellTarget
	// RemovePowershell for remove powershell
	RemovePowershell = RemoveTarget + PowershellTarget
	// TemplateAddShell for template name
	TemplateAddShell = "quick-add" + ShellTarget
	// TemplateRemoveShell for template name
	TemplateRemoveShell = "quick-remove" + ShellTarget
	// TemplateAddPowershell for template name
	TemplateAddPowershell = "quick-add" + PowershellTarget
	// TemplateRemovePowershell for template name
	TemplateRemovePowershell = "quick-remove" + PowershellTarget
)

View Source

const QuickAddScriptPowershell = `` /* 10393-byte string literal not displayed */

QuickAddScriptPowershell to keep the raw template for the quick add powershell script

View Source

const QuickAddScriptShell = `` /* 6540-byte string literal not displayed */

QuickAddScriptShell to keep the raw template for the quick add shell script

View Source

const QuickRemoveScriptPowershell = `` /* 2615-byte string literal not displayed */

QuickRemoveScriptPowershell to keep the raw template for the quick remove powershell script

View Source

const QuickRemoveScriptShell = `` /* 3037-byte string literal not displayed */

QuickRemoveScriptShell to keep the raw template for the quick remove shell script

Variables ¶

This section is empty.

Functions ¶

func EnvironmentFinderID ¶ added in v0.4.7

func EnvironmentFinderID(envID uint, envs []TLSEnvironment, uuid bool) string

EnvironmentFinderID to find the environment and return its name based on the environment ID

func EnvironmentFinderUUID ¶ added in v0.4.7

func EnvironmentFinderUUID(envIdentifier string, envs []TLSEnvironment) string

EnvironmentFinderUUID to find the environment and return its name based on the environment UUID

func GenCarveBlockSizeFlag ¶

func GenCarveBlockSizeFlag(blockSize string) string

GenCarveBlockSizeFlag to generate the --carver_block_size flag

func GenCarverFlags ¶ added in v0.4.7

func GenCarverFlags(env TLSEnvironment, carverBlock string) string

GenCarverFlags to generate carver flags

func GenConfigFlags ¶ added in v0.4.7

func GenConfigFlags(env TLSEnvironment) string

GenConfigFlags to generate config flags

func GenLoggerFlags ¶ added in v0.4.7

func GenLoggerFlags(env TLSEnvironment) string

GenLoggerFlags to generate logger flags

func GenQueryFlags ¶ added in v0.4.7

func GenQueryFlags(env TLSEnvironment) string

GenQueryFlags to generate query flags

func GenServerCertsFlag ¶

func GenServerCertsFlag(certificatePath string) string

GenServerCertsFlag to generate the --tls_server_certs flag

func GenSingleFlag ¶

func GenSingleFlag(tmplName, flagName, flagValue string) string

GenSingleFlag to generate a generic flag to be used by osquery

func IsItExpired ¶

func IsItExpired(t time.Time) bool

IsItExpired to determine if a time has expired, which makes it in the past

func IsPlatformLinux ¶

func IsPlatformLinux(pCheck string) bool

IsPlatformLinux to know if a linux is going to trigger a query

func IsPlatformQuery ¶

func IsPlatformQuery(pQuery, pCheck string) bool

IsPlatformQuery to know if a plaform is going to trigger a query

func PackageDownloadURL ¶

func PackageDownloadURL(env TLSEnvironment, pkg string) string

PackageDownloadURL to get the download URL for a package

func ParseFlagTemplate ¶

func ParseFlagTemplate(tmplName, flagTemplate string, data interface{}) string

ParseFlagTemplate to parse a flag template

func PrepareOneLiner ¶

func PrepareOneLiner(oneliner string, insecure bool, environment TLSEnvironment, target string) (string, error)

PrepareOneLiner generic to generate one-liners

func QuickAddOneLinerPowershell ¶

func QuickAddOneLinerPowershell(insecure bool, environment TLSEnvironment) (string, error)

QuickAddOneLinerPowershell to get the quick add one-liner for Windows nodes

func QuickAddOneLinerShell ¶

func QuickAddOneLinerShell(insecure bool, environment TLSEnvironment) (string, error)

QuickAddOneLinerShell to get the quick add one-liner for Linux/OSX nodes

func QuickAddScript ¶

func QuickAddScript(project, script string, environment TLSEnvironment) (string, error)

QuickAddScript to get a quick add script for a environment

func QuickRemoveOneLinerPowershell ¶

func QuickRemoveOneLinerPowershell(insecure bool, environment TLSEnvironment) (string, error)

QuickRemoveOneLinerPowershell to get the quick remove one-liner for Windows nodes

func QuickRemoveOneLinerShell ¶

func QuickRemoveOneLinerShell(insecure bool, environment TLSEnvironment) (string, error)

QuickRemoveOneLinerShell to get the quick remove one-liner for Linux/OSX nodes

func ReadExternalFile ¶

func ReadExternalFile(path string) string

ReadExternalFile to read an external file and return contents

Types ¶

type ATCConf ¶

type ATCConf map[string]interface{}

ATCConf to hold all the auto table construction in the configuration https://osquery.readthedocs.io/en/stable/deployment/configuration/#automatic-table-construction

type DecoratorConf ¶

type DecoratorConf struct {
	Load     []string    `json:"load,omitempty"`
	Always   []string    `json:"always,omitempty"`
	Interval interface{} `json:"interval,omitempty"`
}

DecoratorConf to hold the osquery decorators https://osquery.readthedocs.io/en/stable/deployment/configuration/#decorator-queries

type EnvCache ¶ added in v0.4.7

type EnvCache struct {
	// contains filtered or unexported fields
}

EnvCache provides cached access to TLS environments

func NewEnvCache ¶ added in v0.4.7

func NewEnvCache(envs EnvManager) *EnvCache

NewEnvCache creates a new environment cache

func (*EnvCache) Close ¶ added in v0.4.7

func (ec *EnvCache) Close()

Close stops the cleanup goroutine and releases resources

func (*EnvCache) GetByUUID ¶ added in v0.4.7

func (ec *EnvCache) GetByUUID(ctx context.Context, uuid string) (TLSEnvironment, error)

GetByUUID retrieves an environment by UUID, using cache when available

func (*EnvCache) InvalidateAll ¶ added in v0.4.7

func (ec *EnvCache) InvalidateAll(ctx context.Context)

InvalidateAll clears the entire cache

func (*EnvCache) InvalidateEnv ¶ added in v0.4.7

func (ec *EnvCache) InvalidateEnv(ctx context.Context, uuid string)

InvalidateEnv removes a specific environment from the cache

func (*EnvCache) UpdateEnvInCache ¶ added in v0.4.7

func (ec *EnvCache) UpdateEnvInCache(ctx context.Context, env TLSEnvironment)

UpdateEnvInCache updates an environment in the cache

type EnvManager ¶ added in v0.4.7

type EnvManager struct {
	DB *gorm.DB
}

EnvManager keeps all TLS Environments

func CreateEnvironment ¶

func CreateEnvironment(backend *gorm.DB) *EnvManager

CreateEnvironment to initialize the environment struct and tables

func (*EnvManager) AddOptionsConf ¶ added in v0.4.7

func (environment *EnvManager) AddOptionsConf(name, option string, value interface{}) error

AddOptionsConf to add an osquery option to the configuration

func (*EnvManager) AddQueryPackConf ¶ added in v0.4.7

func (environment *EnvManager) AddQueryPackConf(name, pName string, pack interface{}) error

AddQueryPackConf to add a new query pack to the osquery configuration

func (*EnvManager) AddQueryToPackConf ¶ added in v0.4.7

func (environment *EnvManager) AddQueryToPackConf(name, pName, qName string, query ScheduleQuery) error

AddQueryToPackConf to add a new query to an existing pack in the osquery configuration

func (*EnvManager) AddScheduleConfQuery ¶ added in v0.4.7

func (environment *EnvManager) AddScheduleConfQuery(name, qName string, query ScheduleQuery) error

AddScheduleConfQuery to add a new query to the osquery schedule

func (*EnvManager) All ¶ added in v0.4.7

func (environment *EnvManager) All() ([]TLSEnvironment, error)

All gets all TLS Environment

func (*EnvManager) Create ¶ added in v0.4.7

func (environment *EnvManager) Create(env *TLSEnvironment) error

Create new TLS Environment

func (*EnvManager) Delete ¶ added in v0.4.7

func (environment *EnvManager) Delete(identifier string) error

Delete TLS Environment by name or UUID

func (*EnvManager) Empty ¶ added in v0.4.7

func (environment *EnvManager) Empty(name, hostname string) TLSEnvironment

Empty generates an empty TLSEnvironment with default values

func (*EnvManager) Exists ¶ added in v0.4.7

func (environment *EnvManager) Exists(identifier string) bool

Exists checks if TLS Environment exists already

func (*EnvManager) ExpireEnroll ¶ added in v0.4.7

func (environment *EnvManager) ExpireEnroll(idEnv string) error

ExpireEnroll to expire the enroll in an environment

func (*EnvManager) ExpireRemove ¶ added in v0.4.7

func (environment *EnvManager) ExpireRemove(idEnv string) error

ExpireRemove to expire the remove in an environment

func (*EnvManager) ExtendEnroll ¶ added in v0.4.7

func (environment *EnvManager) ExtendEnroll(idEnv string) error

ExtendEnroll to extend the enroll in an environment

func (*EnvManager) ExtendRemove ¶ added in v0.4.7

func (environment *EnvManager) ExtendRemove(idEnv string) error

ExtendRemove to extend the remove in an environment

func (*EnvManager) GenEmptyConfiguration ¶ added in v0.4.7

func (environment *EnvManager) GenEmptyConfiguration(indent bool) string

GenEmptyConfiguration to generate a serialized string with an empty configuration

func (*EnvManager) GenPacksEntries ¶ added in v0.4.7

func (environment *EnvManager) GenPacksEntries(configuration []byte) (PacksEntries, error)

GenPacksEntries to generate packs parsed struct from the serialized string

func (*EnvManager) GenSerializedConf ¶ added in v0.4.7

func (environment *EnvManager) GenSerializedConf(structured interface{}, indent bool) (string, error)

GenSerializedConf to generate a serialized osquery configuration from the structured data

func (*EnvManager) GenStructATC ¶ added in v0.4.7

func (environment *EnvManager) GenStructATC(configuration []byte) (ATCConf, error)

GenStructATC to generate ATC from the serialized string

func (*EnvManager) GenStructConf ¶ added in v0.4.7

func (environment *EnvManager) GenStructConf(configuration []byte) (OsqueryConf, error)

GenStructConf to generate the components from the osquery configuration

func (*EnvManager) GenStructDecorators ¶ added in v0.4.7

func (environment *EnvManager) GenStructDecorators(configuration []byte) (DecoratorConf, error)

GenStructDecorators to generate decorators from the serialized string

func (*EnvManager) GenStructOptions ¶ added in v0.4.7

func (environment *EnvManager) GenStructOptions(configuration []byte) (OptionsConf, error)

GenStructOptions to generate options from the serialized string

func (*EnvManager) GenStructPacks ¶ added in v0.4.7

func (environment *EnvManager) GenStructPacks(configuration []byte) (PacksConf, error)

GenStructPacks to generate packs from the serialized string

func (*EnvManager) GenStructSchedule ¶ added in v0.4.7

func (environment *EnvManager) GenStructSchedule(configuration []byte) (ScheduleConf, error)

GenStructSchedule to generate schedule from the serialized string

func (*EnvManager) GenerateFlags ¶ added in v0.4.7

func (environment *EnvManager) GenerateFlags(env TLSEnvironment, secretPath, certPath string, osqCfg config.OsqueryConfiguration) (string, error)

GenerateFlags to generate flags

func (*EnvManager) GenerateFlagsEnv ¶ added in v0.4.7

func (environment *EnvManager) GenerateFlagsEnv(idEnv string, secretPath, certPath string, osqCfg config.OsqueryConfiguration) (string, error)

GenerateFlagsEnv to generate flags by environment name

func (*EnvManager) Get ¶ added in v0.4.7

func (environment *EnvManager) Get(identifier string) (TLSEnvironment, error)

Get TLS Environment by name or UUID

func (*EnvManager) GetByID ¶ added in v0.4.7

func (environment *EnvManager) GetByID(id uint) (TLSEnvironment, error)

Get TLS Environment by ID

func (*EnvManager) GetByName ¶ added in v0.4.7

func (environment *EnvManager) GetByName(name string) (TLSEnvironment, error)

Get TLS Environment by Name

func (*EnvManager) GetByUUID ¶ added in v0.4.7

func (environment *EnvManager) GetByUUID(uuid string) (TLSEnvironment, error)

Get TLS Environment by UUID

func (*EnvManager) GetMap ¶ added in v0.4.7

func (environment *EnvManager) GetMap() (MapEnvironments, error)

GetMap returns the map of environments by name and UUID

func (*EnvManager) GetMapByID ¶ added in v0.4.7

func (environment *EnvManager) GetMapByID() (MapEnvByID, error)

GetMapByID returns a smaller map of environments by ID

func (*EnvManager) GetMapByString ¶ added in v0.4.7

func (environment *EnvManager) GetMapByString() (MapEnvByString, error)

GetMapByString returns a smaller map of environments by string (name and UUID)

func (*EnvManager) Names ¶ added in v0.4.7

func (environment *EnvManager) Names() ([]string, error)

Names gets just all TLS Environment names

func (*EnvManager) NodePacksEntries ¶ added in v0.4.7

func (environment *EnvManager) NodePacksEntries(configuration []byte, platform string) (PacksEntries, error)

NodePacksEntries to generate packs parsed struct that applies to a platform from the serialized string

func (*EnvManager) NodeStructSchedule ¶ added in v0.4.7

func (environment *EnvManager) NodeStructSchedule(configuration []byte, platform string) (ScheduleConf, error)

NodeStructSchedule to generate schedule that applies to a platform from the serialized string

func (*EnvManager) NotExpireEnroll ¶ added in v0.4.7

func (environment *EnvManager) NotExpireEnroll(idEnv string) error

NotExpireEnroll to mark the enroll in an environment as not expiring

func (*EnvManager) NotExpireRemove ¶ added in v0.4.7

func (environment *EnvManager) NotExpireRemove(idEnv string) error

NotExpireRemove to mark the remove in an environment as not expiring

func (*EnvManager) RefreshConfiguration ¶ added in v0.4.7

func (environment *EnvManager) RefreshConfiguration(idEnv string) error

RefreshConfiguration to take all parts and put them together in the configuration

func (*EnvManager) RemoveOptionsConf ¶ added in v0.4.7

func (environment *EnvManager) RemoveOptionsConf(name, option string) error

RemoveOptionsConf to remove an osquery option from the configuration

func (*EnvManager) RemoveQueryFromPackConf ¶ added in v0.4.7

func (environment *EnvManager) RemoveQueryFromPackConf(name, pName, qName string) error

RemoveQueryFromPackConf to remove a query from an existing query pack in the osquery configuration

func (*EnvManager) RemoveQueryPackConf ¶ added in v0.4.7

func (environment *EnvManager) RemoveQueryPackConf(name, pName string) error

RemoveQueryPackConf to add a new query pack to the osquery configuration

func (*EnvManager) RemoveScheduleConfQuery ¶ added in v0.4.7

func (environment *EnvManager) RemoveScheduleConfQuery(name, qName string) error

RemoveScheduleConfQuery to remove a query from the osquery schedule

func (*EnvManager) RotateEnroll ¶ added in v0.4.7

func (environment *EnvManager) RotateEnroll(name string) error

RotateEnrollPath to replace SecretPath for enrolling in an environment

func (*EnvManager) RotateRemove ¶ added in v0.4.7

func (environment *EnvManager) RotateRemove(name string) error

RotateRemove to replace Secret and SecretPath for enrolling in an environment

func (*EnvManager) RotateSecret ¶ added in v0.4.7

func (environment *EnvManager) RotateSecret(name string) error

RotateSecret to replace the current Secret for an environment

func (*EnvManager) RotateSecrets ¶ added in v0.4.7

func (environment *EnvManager) RotateSecrets(name string) error

RotateSecrets to replace Secret and SecretPath for an environment

func (*EnvManager) UUIDs ¶ added in v0.4.7

func (environment *EnvManager) UUIDs() ([]string, error)

UUIDs gets just all TLS Environment UUIDs

func (*EnvManager) Update ¶ added in v0.4.7

func (environment *EnvManager) Update(e TLSEnvironment) error

Update TLS Environment

func (*EnvManager) UpdateATC ¶ added in v0.4.7

func (environment *EnvManager) UpdateATC(idEnv, atc string) error

UpdateATC to update ATC for an environment

func (*EnvManager) UpdateCertificate ¶ added in v0.4.7

func (environment *EnvManager) UpdateCertificate(idEnv, certificate string) error

UpdateCertificate to update decorators for an environment

func (*EnvManager) UpdateConfiguration ¶ added in v0.4.7

func (environment *EnvManager) UpdateConfiguration(idEnv string, cnf OsqueryConf) error

UpdateConfiguration to update configuration for an environment

func (*EnvManager) UpdateConfigurationParts ¶ added in v0.4.7

func (environment *EnvManager) UpdateConfigurationParts(idEnv string, cnf OsqueryConf) error

UpdateConfigurationParts to update all the configuration parts for an environment

func (*EnvManager) UpdateDebPackage ¶ added in v0.4.7

func (environment *EnvManager) UpdateDebPackage(idEnv, debpackage string) error

UpdateDebPackage to update DEB package for an environment

func (*EnvManager) UpdateDecorators ¶ added in v0.4.7

func (environment *EnvManager) UpdateDecorators(idEnv, decorators string) error

UpdateDecorators to update decorators for an environment

func (*EnvManager) UpdateFlags ¶ added in v0.4.7

func (environment *EnvManager) UpdateFlags(idEnv, flags string) error

UpdateFlags to update flags for an environment

func (*EnvManager) UpdateHostname ¶ added in v0.4.7

func (environment *EnvManager) UpdateHostname(idEnv, hostname string) error

UpdateHostname to update hostname for an environment

func (*EnvManager) UpdateIntervals ¶ added in v0.4.7

func (environment *EnvManager) UpdateIntervals(name string, csecs, lsecs, qsecs int) error

UpdateIntervals to update intervals for an environment

func (*EnvManager) UpdateMsiPackage ¶ added in v0.4.7

func (environment *EnvManager) UpdateMsiPackage(idEnv, msipackage string) error

UpdateMsiPackage to update MSI package for an environment

func (*EnvManager) UpdateOptions ¶ added in v0.4.7

func (environment *EnvManager) UpdateOptions(idEnv, options string) error

UpdateOptions to update options for an environment

func (*EnvManager) UpdatePacks ¶ added in v0.4.7

func (environment *EnvManager) UpdatePacks(idEnv, packs string) error

UpdatePacks to update packs for an environment

func (*EnvManager) UpdatePkgPackage ¶ added in v0.4.7

func (environment *EnvManager) UpdatePkgPackage(idEnv, pkgpackage string) error

UpdatePkgPackage to update PKG package for an environment

func (*EnvManager) UpdateRpmPackage ¶ added in v0.4.7

func (environment *EnvManager) UpdateRpmPackage(idEnv, rpmpackage string) error

UpdateRpmPackage to update RPM package for an environment

func (*EnvManager) UpdateSchedule ¶ added in v0.4.7

func (environment *EnvManager) UpdateSchedule(idEnv, schedule string) error

UpdateSchedule to update schedule for an environment

type MapEnvByID ¶

type MapEnvByID map[uint]NameUUID

MapEnvByID to hold the environments name and UUID by ID

type MapEnvByString ¶

type MapEnvByString map[string]NameUUID

MapEnvByString to hold the environments name and UUID by string

type MapEnvironments ¶

type MapEnvironments map[string]TLSEnvironment

MapEnvironments to hold the TLS environments by name and UUID

type NameUUID ¶

type NameUUID struct {
	Name string
	UUID string
	ID   uint
}

NameUUID to just hold the environment name and UUID

type OptionsConf ¶

type OptionsConf map[string]interface{}

OptionsConf for each part of the configuration

type OsqueryConf ¶

type OsqueryConf struct {
	Options    OptionsConf   `json:"options"`
	Schedule   ScheduleConf  `json:"schedule"`
	Packs      PacksConf     `json:"packs"`
	Decorators DecoratorConf `json:"decorators"`
	ATC        ATCConf       `json:"auto_table_construction"`
}

OsqueryConf to hold the structure for the configuration https://osquery.readthedocs.io/en/stable/deployment/configuration/#configuration-specification

type PackEntry ¶

type PackEntry struct {
	Queries   map[string]ScheduleQuery `json:"queries,omitempty"`
	Platform  string                   `json:"platform,omitempty"`
	Shard     json.Number              `json:"shard,omitempty"`
	Version   string                   `json:"version,omitempty"`
	Discovery []string                 `json:"discovery,omitempty"`
}

PackEntry to hold the struct for a single pack

type PacksConf ¶

type PacksConf map[string]interface{}

PacksConf to hold all the packs in the configuration https://osquery.readthedocs.io/en/stable/deployment/configuration/#packs

type PacksEntries ¶

type PacksEntries map[string]PackEntry

PacksEntries to hold all the parsed non-local packs

type ScheduleConf ¶

type ScheduleConf map[string]ScheduleQuery

ScheduleConf to hold all the schedule https://osquery.readthedocs.io/en/stable/deployment/configuration/#schedule

type ScheduleQuery ¶

type ScheduleQuery struct {
	Query    string      `json:"query,omitempty"`
	Interval json.Number `json:"interval,omitempty"`
	Removed  bool        `json:"removed,omitempty"`
	Snapshot bool        `json:"snapshot,omitempty"`
	Platform string      `json:"platform,omitempty"`
	Version  string      `json:"version,omitempty"`
	Shard    json.Number `json:"shard,omitempty"`
	Denylist bool        `json:"denylist,omitempty"`
}

ScheduleQuery to hold the scheduled queries in the configuration https://osquery.readthedocs.io/en/stable/deployment/configuration/#schedule

type TLSEnvironment ¶

type TLSEnvironment struct {
	gorm.Model
	UUID             string `gorm:"index"`
	Name             string
	Hostname         string
	Secret           string
	EnrollSecretPath string
	EnrollExpire     time.Time
	RemoveSecretPath string
	RemoveExpire     time.Time
	Type             string
	DebPackage       string
	RpmPackage       string
	MsiPackage       string
	PkgPackage       string
	DebugHTTP        bool
	Icon             string
	Options          string
	Schedule         string
	Packs            string
	Decorators       string
	ATC              string
	Configuration    string
	Flags            string
	Certificate      string
	ConfigTLS        bool
	ConfigInterval   int
	LoggingTLS       bool
	LogInterval      int
	QueryTLS         bool
	QueryInterval    int
	CarvesTLS        bool
	EnrollPath       string
	LogPath          string
	ConfigPath       string
	QueryReadPath    string
	QueryWritePath   string
	CarverInitPath   string
	CarverBlockPath  string
	AcceptEnrolls    bool
	UserID           uint
}

TLSEnvironment to hold each of the TLS environment

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL