From bc962f25191252a8f4f23832c038f38eeb512d51 Mon Sep 17 00:00:00 2001
From: Micah-Kolide <109157253+Micah-Kolide@users.noreply.github.com>
Date: Fri, 9 Feb 2024 08:14:59 -0800
Subject: [PATCH 1/4] Add Workspace One UEM util exec and enroll status table

---
 ee/allowedcmd/cmd_linux.go                 | 6 +++++-
 pkg/osquery/table/platform_tables_linux.go | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/ee/allowedcmd/cmd_linux.go b/ee/allowedcmd/cmd_linux.go
index a1aed0ca2..55f7252ad 100644
--- a/ee/allowedcmd/cmd_linux.go
+++ b/ee/allowedcmd/cmd_linux.go
@@ -84,7 +84,7 @@ func Lsof(ctx context.Context, arg ...string) (*exec.Cmd, error) {
 }
 
 func NixEnv(ctx context.Context, arg ...string) (*exec.Cmd, error) {
-	return validatedCommand(ctx, "/nix/var/nix/profiles/default/bin/nix-env", arg...)
+	return validatedCommand(ctx, "/run/current-system/sw/bin/nix-env", arg...)
 }
 
 func Nftables(ctx context.Context, arg ...string) (*exec.Cmd, error) {
@@ -132,6 +132,10 @@ func Systemctl(ctx context.Context, arg ...string) (*exec.Cmd, error) {
 	return validatedCommand(ctx, "/usr/bin/systemctl", arg...)
 }
 
+func Ws1HubUtil(ctx context.Context, arg ...string) (*exec.Cmd, error) {
+	return validatedCommand(ctx, "/opt/vmware/ws1-hub/bin/ws1HubUtil", arg...)
+}
+
 func XdgOpen(ctx context.Context, arg ...string) (*exec.Cmd, error) {
 	return validatedCommand(ctx, "/usr/bin/xdg-open", arg...)
 }
diff --git a/pkg/osquery/table/platform_tables_linux.go b/pkg/osquery/table/platform_tables_linux.go
index e7b1d0b67..5f7ddb92b 100644
--- a/pkg/osquery/table/platform_tables_linux.go
+++ b/pkg/osquery/table/platform_tables_linux.go
@@ -49,6 +49,7 @@ func platformSpecificTables(logger log.Logger, currentOsquerydBinaryPath string)
 			allowedcmd.Lsblk, []string{"-fJp"},
 		),
 		dataflattentable.TablePluginExec(logger, "kolide_nix_upgradeable", dataflattentable.XmlType, allowedcmd.NixEnv, []string{"--query", "--installed", "-c", "--xml"}),
+		dataflattentable.TablePluginExec(logger, "kolide_wsone_uem_enroll_status", dataflattentable.JsonType, allowedcmd.Ws1HubUtil, []string{"status", "--enroll"}),
 		dataflattentable.NewExecAndParseTable(logger, "kolide_falconctl_systags", simple_array.New("systags"), allowedcmd.Falconctl, []string{"-g", "--systags"}),
 		dataflattentable.NewExecAndParseTable(logger, "kolide_apt_upgradeable", apt.Parser, allowedcmd.Apt, []string{"list", "--upgradeable"}, dataflattentable.WithIncludeStderr()),
 		dataflattentable.NewExecAndParseTable(logger, "kolide_dnf_upgradeable", dnf.Parser, allowedcmd.Dnf, []string{"check-update"}, dataflattentable.WithIncludeStderr()),

From db18d46e5570a61e7fc8ab830e9b06dc7fe294fa Mon Sep 17 00:00:00 2001
From: Micah-Kolide <109157253+Micah-Kolide@users.noreply.github.com>
Date: Fri, 9 Feb 2024 08:16:16 -0800
Subject: [PATCH 2/4] Revert nix path change

---
 ee/allowedcmd/cmd_linux.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ee/allowedcmd/cmd_linux.go b/ee/allowedcmd/cmd_linux.go
index 55f7252ad..74358dd8a 100644
--- a/ee/allowedcmd/cmd_linux.go
+++ b/ee/allowedcmd/cmd_linux.go
@@ -84,7 +84,7 @@ func Lsof(ctx context.Context, arg ...string) (*exec.Cmd, error) {
 }
 
 func NixEnv(ctx context.Context, arg ...string) (*exec.Cmd, error) {
-	return validatedCommand(ctx, "/run/current-system/sw/bin/nix-env", arg...)
+	return validatedCommand(ctx, "/nix/var/nix/profiles/default/bin/nix-env", arg...)
 }
 
 func Nftables(ctx context.Context, arg ...string) (*exec.Cmd, error) {

From ee37389dba431afd423cd5512e6cc281944b65e5 Mon Sep 17 00:00:00 2001
From: seph <seph@kolide.co>
Date: Fri, 9 Feb 2024 12:23:17 -0500
Subject: [PATCH 3/4] Update pkg/osquery/table/platform_tables_linux.go

---
 pkg/osquery/table/platform_tables_linux.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/osquery/table/platform_tables_linux.go b/pkg/osquery/table/platform_tables_linux.go
index 5f7ddb92b..4d0d6136c 100644
--- a/pkg/osquery/table/platform_tables_linux.go
+++ b/pkg/osquery/table/platform_tables_linux.go
@@ -49,7 +49,10 @@ func platformSpecificTables(logger log.Logger, currentOsquerydBinaryPath string)
 			allowedcmd.Lsblk, []string{"-fJp"},
 		),
 		dataflattentable.TablePluginExec(logger, "kolide_nix_upgradeable", dataflattentable.XmlType, allowedcmd.NixEnv, []string{"--query", "--installed", "-c", "--xml"}),
-		dataflattentable.TablePluginExec(logger, "kolide_wsone_uem_enroll_status", dataflattentable.JsonType, allowedcmd.Ws1HubUtil, []string{"status", "--enroll"}),
+		dataflattentable.TablePluginExec(logger, "kolide_wsone_uem_status_enroll", dataflattentable.JsonType, allowedcmd.Ws1HubUtil, []string{"status", "--enroll"}),
+		dataflattentable.TablePluginExec(logger, "kolide_wsone_uem_status_dependency", dataflattentable.JsonType, allowedcmd.Ws1HubUtil, []string{"status", "--dependency"}),
+		dataflattentable.TablePluginExec(logger, "kolide_wsone_uem_status_ profile", dataflattentable.JsonType, allowedcmd.Ws1HubUtil, []string{"status", "--profile"}),
+
 		dataflattentable.NewExecAndParseTable(logger, "kolide_falconctl_systags", simple_array.New("systags"), allowedcmd.Falconctl, []string{"-g", "--systags"}),
 		dataflattentable.NewExecAndParseTable(logger, "kolide_apt_upgradeable", apt.Parser, allowedcmd.Apt, []string{"list", "--upgradeable"}, dataflattentable.WithIncludeStderr()),
 		dataflattentable.NewExecAndParseTable(logger, "kolide_dnf_upgradeable", dnf.Parser, allowedcmd.Dnf, []string{"check-update"}, dataflattentable.WithIncludeStderr()),

From eede7bd2b69567bdf3af6ae23d50d119f361d6fb Mon Sep 17 00:00:00 2001
From: seph <seph@kolide.co>
Date: Fri, 9 Feb 2024 12:24:17 -0500
Subject: [PATCH 4/4] Update pkg/osquery/table/platform_tables_linux.go

---
 pkg/osquery/table/platform_tables_linux.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/pkg/osquery/table/platform_tables_linux.go b/pkg/osquery/table/platform_tables_linux.go
index 4d0d6136c..113fa4528 100644
--- a/pkg/osquery/table/platform_tables_linux.go
+++ b/pkg/osquery/table/platform_tables_linux.go
@@ -51,8 +51,7 @@ func platformSpecificTables(logger log.Logger, currentOsquerydBinaryPath string)
 		dataflattentable.TablePluginExec(logger, "kolide_nix_upgradeable", dataflattentable.XmlType, allowedcmd.NixEnv, []string{"--query", "--installed", "-c", "--xml"}),
 		dataflattentable.TablePluginExec(logger, "kolide_wsone_uem_status_enroll", dataflattentable.JsonType, allowedcmd.Ws1HubUtil, []string{"status", "--enroll"}),
 		dataflattentable.TablePluginExec(logger, "kolide_wsone_uem_status_dependency", dataflattentable.JsonType, allowedcmd.Ws1HubUtil, []string{"status", "--dependency"}),
-		dataflattentable.TablePluginExec(logger, "kolide_wsone_uem_status_ profile", dataflattentable.JsonType, allowedcmd.Ws1HubUtil, []string{"status", "--profile"}),
-
+		dataflattentable.TablePluginExec(logger, "kolide_wsone_uem_status_profile", dataflattentable.JsonType, allowedcmd.Ws1HubUtil, []string{"status", "--profile"}),
 		dataflattentable.NewExecAndParseTable(logger, "kolide_falconctl_systags", simple_array.New("systags"), allowedcmd.Falconctl, []string{"-g", "--systags"}),
 		dataflattentable.NewExecAndParseTable(logger, "kolide_apt_upgradeable", apt.Parser, allowedcmd.Apt, []string{"list", "--upgradeable"}, dataflattentable.WithIncludeStderr()),
 		dataflattentable.NewExecAndParseTable(logger, "kolide_dnf_upgradeable", dnf.Parser, allowedcmd.Dnf, []string{"check-update"}, dataflattentable.WithIncludeStderr()),