From 91e7a9a7147cc4b6d9da0d1f6e778bcfa345d1f6 Mon Sep 17 00:00:00 2001 From: Zack Olson Date: Wed, 31 Jan 2024 16:23:23 -0500 Subject: [PATCH] add nftables allowedCommand and exec table (#1570) --- ee/allowedcmd/cmd_linux.go | 4 ++++ pkg/osquery/table/platform_tables_linux.go | 1 + 2 files changed, 5 insertions(+) diff --git a/ee/allowedcmd/cmd_linux.go b/ee/allowedcmd/cmd_linux.go index 914988669..a1aed0ca2 100644 --- a/ee/allowedcmd/cmd_linux.go +++ b/ee/allowedcmd/cmd_linux.go @@ -87,6 +87,10 @@ func NixEnv(ctx context.Context, arg ...string) (*exec.Cmd, error) { return validatedCommand(ctx, "/nix/var/nix/profiles/default/bin/nix-env", arg...) } +func Nftables(ctx context.Context, arg ...string) (*exec.Cmd, error) { + return validatedCommand(ctx, "/usr/sbin/nft", arg...) +} + func Nmcli(ctx context.Context, arg ...string) (*exec.Cmd, error) { return validatedCommand(ctx, "/usr/bin/nmcli", arg...) } diff --git a/pkg/osquery/table/platform_tables_linux.go b/pkg/osquery/table/platform_tables_linux.go index d52de7672..e7b1d0b67 100644 --- a/pkg/osquery/table/platform_tables_linux.go +++ b/pkg/osquery/table/platform_tables_linux.go @@ -58,6 +58,7 @@ func platformSpecificTables(logger log.Logger, currentOsquerydBinaryPath string) dataflattentable.NewExecAndParseTable(logger, "kolide_pacman_upgradeable", pacman_upgradeable.Parser, allowedcmd.Pacman, []string{"-Qu"}, dataflattentable.WithIncludeStderr()), dataflattentable.NewExecAndParseTable(logger, "kolide_rpm_version_info", rpm.Parser, allowedcmd.Rpm, []string{"-qai"}, dataflattentable.WithIncludeStderr()), dataflattentable.NewExecAndParseTable(logger, "kolide_carbonblack_repcli_status", repcli.Parser, allowedcmd.Repcli, []string{"status"}, dataflattentable.WithIncludeStderr()), + dataflattentable.TablePluginExec(logger, "kolide_nftables", dataflattentable.JsonType, allowedcmd.Nftables, []string{"-jat", "list", "ruleset"}), // -j (json) -a (show object handles) -t (terse, omit set contents) zfs.ZfsPropertiesPlugin(logger), zfs.ZpoolPropertiesPlugin(logger), }