environments

package
v0.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 18, 2026 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// DecoratorUsers to append osquery user as result decorator
	DecoratorUsers = "" /* 134-byte string literal not displayed */
	// DecoratorHostname to append hostnames as result decorator
	DecoratorHostname = "SELECT hostname, local_hostname FROM system_info;"
	// DecoratorLoggedInUser to append the first logged in user as result decorator
	DecoratorLoggedInUser = "SELECT user || ' (' || tty || ')' AS username FROM logged_in_users WHERE type = 'user' ORDER BY time LIMIT 1;"
	// DecoratorOsqueryVersionHash to append the osquery version and the configuration hash as result decorator
	DecoratorOsqueryVersionHash = "SELECT version AS osquery_version, config_hash FROM osquery_info WHERE config_valid = 1;"
	// DecoratorMD5Process to append the MD5 of the running osquery binary as result decorator
	DecoratorMD5Process = "SELECT md5 AS osquery_md5 FROM hash WHERE path = (SELECT path FROM processes WHERE pid = (SELECT pid FROM osquery_info));"
)
View Source 
const (
	// DefaultEnrollPath as default value for enrolling nodes
	DefaultEnrollPath string = settings.ScriptEnroll
	// DefaultLogPath as default value for logging data from nodes
	DefaultLogPath string = "log"
	// DefaultLogInterval as default interval for logging data from nodes
	DefaultLogInterval int = 600
	// DefaultConfigPath as default value for configuring nodes
	DefaultConfigPath string = "config"
	// DefaultConfigInterval as default interval for configuring nodes
	DefaultConfigInterval int = 300
	// DefaultQueryReadPath as default value for distributing on-demand queries to nodes
	DefaultQueryReadPath string = "read"
	// DefaultQueryWritePath as default value for collecting results from on-demand queries
	DefaultQueryWritePath string = "write"
	// DefaultQueryInterval as default interval for distributing on-demand queries to nodes
	DefaultQueryInterval int = 60
	// DefaultCarverInitPath as default init endpoint for the carver
	DefaultCarverInitPath string = "init"
	// DefaultCarverBlockPath as default block endpoint for the carver
	DefaultCarverBlockPath string = "block"
	// DefaultEnvironmentIcon as default icon to use for environments
	DefaultEnvironmentIcon string = "fas fa-wrench"
	// DefaultEnvironmentType as default type to use for environments
	DefaultEnvironmentType string = "osquery"
	// DefaultSecretLength as default length for secrets
	DefaultSecretLength int = 64
	// DefaultLinkExpire as default time in hours to expire enroll/remove links
	DefaultLinkExpire int = 24
	// DefaultFlagsPath
	DefaultFlagsPath string = "osctrld-flags"
	// DefaultCertPath
	DefaultCertPath string = "osctrld-cert"
	// DefaultVerifyPath
	DefaultVerifyPath string = "osctrld-verify"
	// DefaultScriptPath
	DefaultScriptPath string = "osctrld-script"
	// DefaultConfigEndpointPath
	DefaultConfigEndpointPath string = "osquery-config"
)
View Source 
const (
	// CarverBlockSizeValue to configure size in bytes for carver blocks
	CarverBlockSizeValue string = "5120000"
	// FlagGenericValue to use as generator for generic flags
	FlagGenericValue string = `--{{ .FlagName }}={{ .FlagValue }}`
	// FlagTLSServerCerts for the --tls_server_certs flag
	FlagNameTLSServerCerts string = `tls_server_certs`
	// FlagCarverBlockSize for the --carver_block_size flag
	FlagNameCarverBlockSize string = `carver_block_size`
	// FlagsConfigPlugin to configure the config plugin
	FlagsConfigPlugin string = `` /* 181-byte string literal not displayed */

	// FlagsLoggerPlugin to configure the logger plugin
	FlagsLoggerPlugin string = `` /* 173-byte string literal not displayed */

	// FlagsQueryPlugin to configure the distributed query plugin
	FlagsQueryPlugin string = `` /* 325-byte string literal not displayed */

	// FlagsCarverPlugin to configure the carver plugin
	FlagsCarverPlugin string = `` /* 249-byte string literal not displayed */

	// FlagsTemplate to generate flags for enrolling nodes
	FlagsTemplate string = `` /* 329-byte string literal not displayed */

)
View Source 
const (
	// EmptyFlagSecret to use as placeholder for the secret file
	EmptyFlagSecret string = "__SECRET_FILE__"
	// EmptyFlagCert to use as placeholder for the certificate file
	EmptyFlagCert string = "__CERT_FILE__"
)
View Source 
const (
	// InsecureShellTLS for insecure TLS connections in shell oneliners
	InsecureShellTLS = "k"
	// InsecurePowershellTLS for insecure TLS connections in powershell onliners
	InsecurePowershellTLS = "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true};"
)
View Source 
const (
	// ShellTarget for shell extension
	ShellTarget = ".sh"
	// PowershellTarget for powershell extension
	PowershellTarget = ".ps1"
	// EnrollTarget for enroll target
	EnrollTarget = settings.ScriptEnroll
	// RemoveTarget for remove target
	RemoveTarget = settings.ScriptRemove
	// EnrollShell for enroll shell
	EnrollShell = EnrollTarget + ShellTarget
	// RemoveShell for remove shell
	RemoveShell = RemoveTarget + ShellTarget
	// EnrollPowershell for enroll powershell
	EnrollPowershell = EnrollTarget + PowershellTarget
	// RemovePowershell for remove powershell
	RemovePowershell = RemoveTarget + PowershellTarget
	// TemplateAddShell for template name
	TemplateAddShell = "quick-add" + ShellTarget
	// TemplateRemoveShell for template name
	TemplateRemoveShell = "quick-remove" + ShellTarget
	// TemplateAddPowershell for template name
	TemplateAddPowershell = "quick-add" + PowershellTarget
	// TemplateRemovePowershell for template name
	TemplateRemovePowershell = "quick-remove" + PowershellTarget
)
View Source 
const QuickAddScriptPowershell = `` /* 10393-byte string literal not displayed */

QuickAddScriptPowershell to keep the raw template for the quick add powershell script

View Source 
const QuickAddScriptShell = `` /* 6490-byte string literal not displayed */

QuickAddScriptShell to keep the raw template for the quick add shell script

View Source 
const QuickRemoveScriptPowershell = `` /* 2615-byte string literal not displayed */

QuickRemoveScriptPowershell to keep the raw template for the quick remove powershell script

View Source 
const QuickRemoveScriptShell = `` /* 3037-byte string literal not displayed */

QuickRemoveScriptShell to keep the raw template for the quick remove shell script

Variables

This section is empty.

Functions

func EnvNameFilter added in v0.5.0 

func EnvNameFilter(s string) bool

EnvNameFilter - Helper to filter the environment name to prevent unsanitized input

func EnvTypeFilter added in v0.5.0 

func EnvTypeFilter(s string) bool

EnvTypeFilter - Helper to filter the environment type to prevent unsanitized input

func EnvUUIDFilter added in v0.5.0 

func EnvUUIDFilter(s string) bool

EnvUUIDFilter - Helper to filter the environment uuid to prevent unsanitized input

func EnvironmentFinderID added in v0.4.7 

func EnvironmentFinderID(envID uint, envs []TLSEnvironment, uuid bool) string

EnvironmentFinderID to find the environment and return its name based on the environment ID

func EnvironmentFinderUUID added in v0.4.7 

func EnvironmentFinderUUID(envIdentifier string, envs []TLSEnvironment) string

EnvironmentFinderUUID to find the environment and return its name based on the environment UUID

func GenCarveBlockSizeFlag 

func GenCarveBlockSizeFlag(blockSize string) string

GenCarveBlockSizeFlag to generate the --carver_block_size flag

func GenCarverFlags added in v0.4.7 

func GenCarverFlags(env TLSEnvironment, carverBlock string) string

GenCarverFlags to generate carver flags

func GenConfigFlags added in v0.4.7 

func GenConfigFlags(env TLSEnvironment) string

GenConfigFlags to generate config flags

func GenLoggerFlags added in v0.4.7 

func GenLoggerFlags(env TLSEnvironment) string

GenLoggerFlags to generate logger flags

func GenQueryFlags added in v0.4.7 

func GenQueryFlags(env TLSEnvironment) string

GenQueryFlags to generate query flags

func GenServerCertsFlag 

func GenServerCertsFlag(certificatePath string) string

GenServerCertsFlag to generate the --tls_server_certs flag

func GenSingleFlag 

func GenSingleFlag(tmplName, flagName, flagValue string) string

GenSingleFlag to generate a generic flag to be used by osquery

func HostnameFilter added in v0.5.0 

func HostnameFilter(s string) bool

HostnameFilter - Helper to filter the hostname to prevent unsanitized input

func IconFilter added in v0.5.0 

func IconFilter(s string) bool

IconFilter - Helper to filter the icon name to prevent unsanitized input

func IsItExpired 

func IsItExpired(t time.Time) bool

IsItExpired to determine if a time has expired, which makes it in the past

func IsPlatformLinux 

func IsPlatformLinux(pCheck string) bool

IsPlatformLinux to know if a linux is going to trigger a query

func IsPlatformQuery 

func IsPlatformQuery(pQuery, pCheck string) bool

IsPlatformQuery to know if a plaform is going to trigger a query

func PackageDownloadURL 

func PackageDownloadURL(env TLSEnvironment, pkg string) string

PackageDownloadURL to get the download URL for a package

func ParseFlagTemplate 

func ParseFlagTemplate(tmplName, flagTemplate string, data interface{}) string

ParseFlagTemplate to parse a flag template

func PrepareOneLiner 

func PrepareOneLiner(oneliner string, insecure bool, environment TLSEnvironment, target string) (string, error)

PrepareOneLiner generic to generate one-liners

func QuickAddOneLinerPowershell 

func QuickAddOneLinerPowershell(insecure bool, environment TLSEnvironment) (string, error)

QuickAddOneLinerPowershell to get the quick add one-liner for Windows nodes

func QuickAddOneLinerShell 

func QuickAddOneLinerShell(insecure bool, environment TLSEnvironment) (string, error)

QuickAddOneLinerShell to get the quick add one-liner for Linux/OSX nodes

func QuickAddScript 

func QuickAddScript(project, script string, environment TLSEnvironment) (string, error)

QuickAddScript to get a quick add script for a environment

func QuickRemoveOneLinerPowershell 

func QuickRemoveOneLinerPowershell(insecure bool, environment TLSEnvironment) (string, error)

QuickRemoveOneLinerPowershell to get the quick remove one-liner for Windows nodes

func QuickRemoveOneLinerShell 

func QuickRemoveOneLinerShell(insecure bool, environment TLSEnvironment) (string, error)

QuickRemoveOneLinerShell to get the quick remove one-liner for Linux/OSX nodes

func ReadExternalFile 

func ReadExternalFile(path string) string

ReadExternalFile to read an external file and return contents

func VerifyEnvFilters added in v0.5.0 

func VerifyEnvFilters(name, icon, sType, hostname string) bool

VerifyEnvFilters to verify all filters for an environment

Types

type ATCConf 

type ATCConf map[string]interface{}

ATCConf to hold all the auto table construction in the configuration https://osquery.readthedocs.io/en/stable/deployment/configuration/#automatic-table-construction

type DecoratorConf 

type DecoratorConf struct {
	Load     []string    `json:"load,omitempty"`
	Always   []string    `json:"always,omitempty"`
	Interval interface{} `json:"interval,omitempty"`
}

DecoratorConf to hold the osquery decorators https://osquery.readthedocs.io/en/stable/deployment/configuration/#decorator-queries

type EnvCache added in v0.4.5 

type EnvCache struct {
	// contains filtered or unexported fields
}

EnvCache provides cached access to TLS environments

func NewEnvCache added in v0.4.5 

func NewEnvCache(envs EnvManager) *EnvCache

NewEnvCache creates a new environment cache

func (*EnvCache) Close added in v0.4.5 

func (ec *EnvCache) Close()

Close stops the cleanup goroutine and releases resources

func (*EnvCache) GetByUUID added in v0.4.5 

func (ec *EnvCache) GetByUUID(ctx context.Context, uuid string) (TLSEnvironment, error)

GetByUUID retrieves an environment by UUID, using cache when available

func (*EnvCache) InvalidateAll added in v0.4.5 

func (ec *EnvCache) InvalidateAll(ctx context.Context)

InvalidateAll clears the entire cache. Used on bulk operations or after operator-driven secret rotations.

func (*EnvCache) InvalidateEnv added in v0.4.5 

func (ec *EnvCache) InvalidateEnv(ctx context.Context, uuid string)

InvalidateEnv removes a specific environment from the cache. Callers that mutate env rows in the same process SHOULD invoke this so the next request refetches the row without waiting for the TTL.

func (*EnvCache) UpdateEnvInCache added in v0.4.5 

func (ec *EnvCache) UpdateEnvInCache(ctx context.Context, env TLSEnvironment)

UpdateEnvInCache updates an environment in the cache

type EnvManager added in v0.4.5 

type EnvManager struct {
	DB *gorm.DB
}

EnvManager keeps all TLS Environments

func CreateEnvironment 

func CreateEnvironment(backend *gorm.DB) *EnvManager

CreateEnvironment to initialize the environment struct and tables

func (*EnvManager) AddOptionsConf added in v0.4.5 

func (environment *EnvManager) AddOptionsConf(name, option string, value interface{}) error

AddOptionsConf to add an osquery option to the configuration

func (*EnvManager) AddQueryPackConf added in v0.4.5 

func (environment *EnvManager) AddQueryPackConf(name, pName string, pack interface{}) error

AddQueryPackConf to add a new query pack to the osquery configuration

func (*EnvManager) AddQueryToPackConf added in v0.4.5 

func (environment *EnvManager) AddQueryToPackConf(name, pName, qName string, query ScheduleQuery) error

AddQueryToPackConf to add a new query to an existing pack in the osquery configuration

func (*EnvManager) AddScheduleConfQuery added in v0.4.5 

func (environment *EnvManager) AddScheduleConfQuery(name, qName string, query ScheduleQuery) error

AddScheduleConfQuery to add a new query to the osquery schedule

func (*EnvManager) All added in v0.4.5 

func (environment *EnvManager) All() ([]TLSEnvironment, error)

All gets all TLS Environment

func (*EnvManager) Create added in v0.4.5 

func (environment *EnvManager) Create(env *TLSEnvironment) error

Create new TLS Environment

func (*EnvManager) Delete added in v0.4.5 

func (environment *EnvManager) Delete(identifier string) error

Delete TLS Environment by name or UUID

func (*EnvManager) Empty added in v0.4.5 

func (environment *EnvManager) Empty(name, hostname string) TLSEnvironment

Empty generates an empty TLSEnvironment with default values

func (*EnvManager) Exists added in v0.4.5 

func (environment *EnvManager) Exists(identifier string) bool

Exists checks if TLS Environment exists already by name OR uuid (polymorphic). Prefer ExistsByUUID / ExistsByName when the caller knows which axis to check — the polymorphic variant can confuse a UUID-collision check with a name match and vice versa, which leaked information across axes in EnvActionsHandler. (Cluster-4 review item — see ExistsByUUID below.)

func (*EnvManager) ExistsByName added in v0.5.2 

func (environment *EnvManager) ExistsByName(name string) bool

ExistsByName checks if a TLS Environment exists by name only. (Companion to ExistsByUUID — provided for symmetry; callers preferring the polymorphic Exists() can keep using it.)

func (*EnvManager) ExistsByUUID added in v0.5.2 

func (environment *EnvManager) ExistsByUUID(uuid string) bool

ExistsByUUID checks if a TLS Environment exists by UUID only. Use this when validating a client-supplied UUID for collision before creating a new environment, or for unambiguous delete-by-UUID semantics.

func (*EnvManager) ExistsGet added in v0.4.8 

func (environment *EnvManager) ExistsGet(identifier string) (bool, TLSEnvironment)

ExistsGet checks if TLS Environment exists already and returns it

func (*EnvManager) ExpireEnroll added in v0.4.5 

func (environment *EnvManager) ExpireEnroll(idEnv string) error

ExpireEnroll to expire the enroll in an environment

func (*EnvManager) ExpireRemove added in v0.4.5 

func (environment *EnvManager) ExpireRemove(idEnv string) error

ExpireRemove to expire the remove in an environment

func (*EnvManager) ExtendEnroll added in v0.4.5 

func (environment *EnvManager) ExtendEnroll(idEnv string) error

ExtendEnroll to extend the enroll in an environment

func (*EnvManager) ExtendRemove added in v0.4.5 

func (environment *EnvManager) ExtendRemove(idEnv string) error

ExtendRemove to extend the remove in an environment

func (*EnvManager) GenEmptyConfiguration added in v0.4.5 

func (environment *EnvManager) GenEmptyConfiguration(indent bool) string

GenEmptyConfiguration to generate a serialized string with an empty configuration

func (*EnvManager) GenPacksEntries added in v0.4.5 

func (environment *EnvManager) GenPacksEntries(configuration []byte) (PacksEntries, error)

GenPacksEntries to generate packs parsed struct from the serialized string

func (*EnvManager) GenSerializedConf added in v0.4.5 

func (environment *EnvManager) GenSerializedConf(structured interface{}, indent bool) (string, error)

GenSerializedConf to generate a serialized osquery configuration from the structured data

func (*EnvManager) GenStructATC added in v0.4.5 

func (environment *EnvManager) GenStructATC(configuration []byte) (ATCConf, error)

GenStructATC to generate ATC from the serialized string

func (*EnvManager) GenStructConf added in v0.4.5 

func (environment *EnvManager) GenStructConf(configuration []byte) (OsqueryConf, error)

GenStructConf to generate the components from the osquery configuration

func (*EnvManager) GenStructDecorators added in v0.4.5 

func (environment *EnvManager) GenStructDecorators(configuration []byte) (DecoratorConf, error)

GenStructDecorators to generate decorators from the serialized string

func (*EnvManager) GenStructOptions added in v0.4.5 

func (environment *EnvManager) GenStructOptions(configuration []byte) (OptionsConf, error)

GenStructOptions to generate options from the serialized string

func (*EnvManager) GenStructPacks added in v0.4.5 

func (environment *EnvManager) GenStructPacks(configuration []byte) (PacksConf, error)

GenStructPacks to generate packs from the serialized string

func (*EnvManager) GenStructSchedule added in v0.4.5 

func (environment *EnvManager) GenStructSchedule(configuration []byte) (ScheduleConf, error)

GenStructSchedule to generate schedule from the serialized string

func (*EnvManager) GenerateFlags added in v0.4.5 

func (environment *EnvManager) GenerateFlags(env TLSEnvironment, secretPath, certPath string, osqCfg config.YAMLConfigurationOsquery) (string, error)

GenerateFlags to generate flags

func (*EnvManager) GenerateFlagsEnv added in v0.4.5 

func (environment *EnvManager) GenerateFlagsEnv(idEnv string, secretPath, certPath string, osqCfg config.YAMLConfigurationOsquery) (string, error)

GenerateFlagsEnv to generate flags by environment name

func (*EnvManager) Get added in v0.4.5 

func (environment *EnvManager) Get(identifier string) (TLSEnvironment, error)

Get TLS Environment by name or UUID

func (*EnvManager) GetByID added in v0.4.5 

func (environment *EnvManager) GetByID(id uint) (TLSEnvironment, error)

Get TLS Environment by ID

func (*EnvManager) GetByName added in v0.4.5 

func (environment *EnvManager) GetByName(name string) (TLSEnvironment, error)

Get TLS Environment by Name

func (*EnvManager) GetByUUID added in v0.4.5 

func (environment *EnvManager) GetByUUID(uuid string) (TLSEnvironment, error)

Get TLS Environment by UUID

func (*EnvManager) GetMap added in v0.4.5 

func (environment *EnvManager) GetMap() (MapEnvironments, error)

GetMap returns the map of environments by name and UUID

func (*EnvManager) GetMapByID added in v0.4.5 

func (environment *EnvManager) GetMapByID() (MapEnvByID, error)

GetMapByID returns a smaller map of environments by ID

func (*EnvManager) GetMapByString added in v0.4.5 

func (environment *EnvManager) GetMapByString() (MapEnvByString, error)

GetMapByString returns a smaller map of environments by string (name and UUID)

func (*EnvManager) Names added in v0.4.5 

func (environment *EnvManager) Names() ([]string, error)

Names gets just all TLS Environment names

func (*EnvManager) NodePacksEntries added in v0.4.5 

func (environment *EnvManager) NodePacksEntries(configuration []byte, platform string) (PacksEntries, error)

NodePacksEntries to generate packs parsed struct that applies to a platform from the serialized string

func (*EnvManager) NodeStructSchedule added in v0.4.5 

func (environment *EnvManager) NodeStructSchedule(configuration []byte, platform string) (ScheduleConf, error)

NodeStructSchedule to generate schedule that applies to a platform from the serialized string

func (*EnvManager) NotExpireEnroll added in v0.4.5 

func (environment *EnvManager) NotExpireEnroll(idEnv string) error

NotExpireEnroll to mark the enroll in an environment as not expiring

func (*EnvManager) NotExpireRemove added in v0.4.5 

func (environment *EnvManager) NotExpireRemove(idEnv string) error

NotExpireRemove to mark the remove in an environment as not expiring

func (*EnvManager) RefreshConfiguration added in v0.4.5 

func (environment *EnvManager) RefreshConfiguration(idEnv string) error

RefreshConfiguration to take all parts and put them together in the configuration

func (*EnvManager) RemoveOptionsConf added in v0.4.5 

func (environment *EnvManager) RemoveOptionsConf(name, option string) error

RemoveOptionsConf to remove an osquery option from the configuration

func (*EnvManager) RemoveQueryFromPackConf added in v0.4.5 

func (environment *EnvManager) RemoveQueryFromPackConf(name, pName, qName string) error

RemoveQueryFromPackConf to remove a query from an existing query pack in the osquery configuration

func (*EnvManager) RemoveQueryPackConf added in v0.4.5 

func (environment *EnvManager) RemoveQueryPackConf(name, pName string) error

RemoveQueryPackConf to add a new query pack to the osquery configuration

func (*EnvManager) RemoveScheduleConfQuery added in v0.4.5 

func (environment *EnvManager) RemoveScheduleConfQuery(name, qName string) error

RemoveScheduleConfQuery to remove a query from the osquery schedule

func (*EnvManager) RotateEnroll added in v0.4.5 

func (environment *EnvManager) RotateEnroll(name string) error

RotateEnrollPath to replace SecretPath for enrolling in an environment

func (*EnvManager) RotateRemove added in v0.4.5 

func (environment *EnvManager) RotateRemove(name string) error

RotateRemove to replace Secret and SecretPath for enrolling in an environment

func (*EnvManager) RotateSecret added in v0.4.5 

func (environment *EnvManager) RotateSecret(name string) error

RotateSecret to replace the current Secret for an environment

func (*EnvManager) RotateSecrets added in v0.4.5 

func (environment *EnvManager) RotateSecrets(name string) error

RotateSecrets to replace Secret and SecretPath for an environment

func (*EnvManager) UUIDs added in v0.4.5 

func (environment *EnvManager) UUIDs() ([]string, error)

UUIDs gets just all TLS Environment UUIDs

func (*EnvManager) Update added in v0.4.5 

func (environment *EnvManager) Update(e TLSEnvironment) error

Update TLS Environment

func (*EnvManager) UpdateATC added in v0.4.5 

func (environment *EnvManager) UpdateATC(idEnv, atc string) error

UpdateATC to update ATC for an environment

func (*EnvManager) UpdateCertificate added in v0.4.5 

func (environment *EnvManager) UpdateCertificate(idEnv, certificate string) error

UpdateCertificate to update decorators for an environment

func (*EnvManager) UpdateConfiguration added in v0.4.5 

func (environment *EnvManager) UpdateConfiguration(idEnv string, cnf OsqueryConf) error

UpdateConfiguration to update configuration for an environment

func (*EnvManager) UpdateConfigurationParts added in v0.4.5 

func (environment *EnvManager) UpdateConfigurationParts(idEnv string, cnf OsqueryConf) error

UpdateConfigurationParts to update all the configuration parts for an environment

func (*EnvManager) UpdateDebPackage added in v0.4.5 

func (environment *EnvManager) UpdateDebPackage(idEnv, debpackage string) error

UpdateDebPackage to update DEB package for an environment

func (*EnvManager) UpdateDecorators added in v0.4.5 

func (environment *EnvManager) UpdateDecorators(idEnv, decorators string) error

UpdateDecorators to update decorators for an environment

func (*EnvManager) UpdateFlags added in v0.4.5 

func (environment *EnvManager) UpdateFlags(idEnv, flags string) error

UpdateFlags to update flags for an environment

func (*EnvManager) UpdateHostname added in v0.4.5 

func (environment *EnvManager) UpdateHostname(idEnv, hostname string) error

UpdateHostname to update hostname for an environment

func (*EnvManager) UpdateIntervals added in v0.4.5 

func (environment *EnvManager) UpdateIntervals(name string, csecs, lsecs, qsecs int) error

UpdateIntervals to update intervals for an environment

func (*EnvManager) UpdateMsiPackage added in v0.4.5 

func (environment *EnvManager) UpdateMsiPackage(idEnv, msipackage string) error

UpdateMsiPackage to update MSI package for an environment

func (*EnvManager) UpdateOptions added in v0.4.5 

func (environment *EnvManager) UpdateOptions(idEnv, options string) error

UpdateOptions to update options for an environment

func (*EnvManager) UpdatePacks added in v0.4.5 

func (environment *EnvManager) UpdatePacks(idEnv, packs string) error

UpdatePacks to update packs for an environment

func (*EnvManager) UpdatePkgPackage added in v0.4.5 

func (environment *EnvManager) UpdatePkgPackage(idEnv, pkgpackage string) error

UpdatePkgPackage to update PKG package for an environment

func (*EnvManager) UpdateRpmPackage added in v0.4.5 

func (environment *EnvManager) UpdateRpmPackage(idEnv, rpmpackage string) error

UpdateRpmPackage to update RPM package for an environment

func (*EnvManager) UpdateSchedule added in v0.4.5 

func (environment *EnvManager) UpdateSchedule(idEnv, schedule string) error

UpdateSchedule to update schedule for an environment

type MapEnvByID 

type MapEnvByID map[uint]NameUUID

MapEnvByID to hold the environments name and UUID by ID

type MapEnvByString 

type MapEnvByString map[string]NameUUID

MapEnvByString to hold the environments name and UUID by string

type MapEnvironments 

type MapEnvironments map[string]TLSEnvironment

MapEnvironments to hold the TLS environments by name and UUID

type NameUUID 

type NameUUID struct {
	Name string
	UUID string
	ID   uint
}

NameUUID to just hold the environment name and UUID

type OptionsConf 

type OptionsConf map[string]interface{}

OptionsConf for each part of the configuration

type OsqueryConf 

type OsqueryConf struct {
	Options    OptionsConf   `json:"options"`
	Schedule   ScheduleConf  `json:"schedule"`
	Packs      PacksConf     `json:"packs"`
	Decorators DecoratorConf `json:"decorators"`
	ATC        ATCConf       `json:"auto_table_construction"`
}

OsqueryConf to hold the structure for the configuration https://osquery.readthedocs.io/en/stable/deployment/configuration/#configuration-specification

type PackEntry 

type PackEntry struct {
	Queries   map[string]ScheduleQuery `json:"queries,omitempty"`
	Platform  string                   `json:"platform,omitempty"`
	Shard     json.Number              `json:"shard,omitempty"`
	Version   string                   `json:"version,omitempty"`
	Discovery []string                 `json:"discovery,omitempty"`
}

PackEntry to hold the struct for a single pack

type PacksConf 

type PacksConf map[string]interface{}

PacksConf to hold all the packs in the configuration https://osquery.readthedocs.io/en/stable/deployment/configuration/#packs

type PacksEntries 

type PacksEntries map[string]PackEntry

PacksEntries to hold all the parsed non-local packs

type ScheduleConf 

type ScheduleConf map[string]ScheduleQuery

ScheduleConf to hold all the schedule https://osquery.readthedocs.io/en/stable/deployment/configuration/#schedule

type ScheduleQuery 

type ScheduleQuery struct {
	Query    string      `json:"query,omitempty"`
	Interval json.Number `json:"interval,omitempty"`
	Removed  bool        `json:"removed,omitempty"`
	Snapshot bool        `json:"snapshot,omitempty"`
	Platform string      `json:"platform,omitempty"`
	Version  string      `json:"version,omitempty"`
	Shard    json.Number `json:"shard,omitempty"`
	Denylist bool        `json:"denylist,omitempty"`
}

ScheduleQuery to hold the scheduled queries in the configuration https://osquery.readthedocs.io/en/stable/deployment/configuration/#schedule

type TLSEnvironment 

type TLSEnvironment struct {
	ID               uint           `gorm:"primarykey" json:"id"`
	CreatedAt        time.Time      `json:"created_at"`
	UpdatedAt        time.Time      `json:"updated_at"`
	DeletedAt        gorm.DeletedAt `gorm:"index" json:"-"`
	UUID             string         `gorm:"index" json:"uuid"`
	Name             string         `gorm:"uniqueIndex:idx_tls_environments_name" json:"name"`
	Hostname         string         `json:"hostname"`
	Secret           string         `json:"secret"`
	EnrollSecretPath string         `json:"enroll_secret_path"`
	EnrollExpire     time.Time      `json:"enroll_expire"`
	RemoveSecretPath string         `json:"remove_secret_path"`
	RemoveExpire     time.Time      `json:"remove_expire"`
	Type             string         `json:"type"`
	DebPackage       string         `json:"deb_package"`
	RpmPackage       string         `json:"rpm_package"`
	MsiPackage       string         `json:"msi_package"`
	PkgPackage       string         `json:"pkg_package"`
	DebugHTTP        bool           `json:"debug_http"`
	Icon             string         `json:"icon"`
	Options          string         `json:"options"`
	Schedule         string         `json:"schedule"`
	Packs            string         `json:"packs"`
	Decorators       string         `json:"decorators"`
	ATC              string         `json:"atc"`
	Configuration    string         `json:"configuration"`
	Flags            string         `json:"flags"`
	Certificate      string         `json:"certificate"`
	ConfigTLS        bool           `json:"config_tls"`
	ConfigInterval   int            `json:"config_interval"`
	LoggingTLS       bool           `json:"logging_tls"`
	LogInterval      int            `json:"log_interval"`
	QueryTLS         bool           `json:"query_tls"`
	QueryInterval    int            `json:"query_interval"`
	CarvesTLS        bool           `json:"carves_tls"`
	EnrollPath       string         `json:"enroll_path"`
	LogPath          string         `json:"log_path"`
	ConfigPath       string         `json:"config_path"`
	QueryReadPath    string         `json:"query_read_path"`
	QueryWritePath   string         `json:"query_write_path"`
	CarverInitPath   string         `json:"carver_init_path"`
	CarverBlockPath  string         `json:"carver_block_path"`
	AcceptEnrolls    bool           `json:"accept_enrolls"`
	UserID           uint           `json:"user_id"`
}

TLSEnvironment to hold each of the TLS environment

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.