forked from macadmins/osquery-extension
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
71 lines (61 loc) · 2.57 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package main
import (
"flag"
"log"
"runtime"
"time"
osquery "github.com/kolide/osquery-go"
"github.com/kolide/osquery-go/plugin/table"
"github.com/macadmins/osquery-extension/tables/chromeuserprofiles"
"github.com/macadmins/osquery-extension/tables/filevaultusers"
"github.com/macadmins/osquery-extension/tables/mdm"
"github.com/macadmins/osquery-extension/tables/munki"
"github.com/macadmins/osquery-extension/tables/puppet"
"github.com/macadmins/osquery-extension/tables/unifiedlog"
)
func main() {
var (
flSocketPath = flag.String("socket", "", "")
flTimeout = flag.Int("timeout", 0, "")
_ = flag.Int("interval", 0, "")
_ = flag.Bool("verbose", false, "")
)
flag.Parse()
// allow for osqueryd to create the socket path otherwise it will error
time.Sleep(3 * time.Second)
server, err := osquery.NewExtensionManagerServer(
"macadmins_extension",
*flSocketPath,
osquery.ServerTimeout(time.Duration(*flTimeout)*time.Second),
)
if err != nil {
log.Fatalf("Error creating extension: %s\n", err)
}
// Create and register a new table plugin with the server.
// Adding a new table? Add it to the list and the loop below will handle
// the registration for you.
plugins := []osquery.OsqueryPlugin{
table.NewPlugin("puppet_info", puppet.PuppetInfoColumns(), puppet.PuppetInfoGenerate),
table.NewPlugin("puppet_logs", puppet.PuppetLogsColumns(), puppet.PuppetLogsGenerate),
table.NewPlugin("puppet_state", puppet.PuppetStateColumns(), puppet.PuppetStateGenerate),
table.NewPlugin("google_chrome_profiles", chromeuserprofiles.GoogleChromeProfilesColumns(), chromeuserprofiles.GoogleChromeProfilesGenerate),
}
// Platform specific tables
// if runtime.GOOS == "windows" {
// If there were windows only tables, they would go here
// }
if runtime.GOOS == "darwin" {
plugins = append(plugins, table.NewPlugin("munki_info", munki.MunkiInfoColumns(), munki.MunkiInfoGenerate))
plugins = append(plugins, table.NewPlugin("munki_installs", munki.MunkiInstallsColumns(), munki.MunkiInstallsGenerate))
plugins = append(plugins, table.NewPlugin("mdm", mdm.MDMInfoColumns(), mdm.MDMInfoGenerate))
plugins = append(plugins, table.NewPlugin("filevault_users", filevaultusers.FileVaultUsersColumns(), filevaultusers.FileVaultUsersGenerate))
plugins = append(plugins, table.NewPlugin("unified_log", unifiedlog.UnifiedLogColumns(), unifiedlog.UnifiedLogGenerate))
}
for _, p := range plugins {
server.RegisterPlugin(p)
}
// Start the server. It will run forever unless an error bubbles up.
if err := server.Run(); err != nil {
log.Fatalln(err)
}
}