svn commit: r386029 - in head/sysutils/osquery: . files

Sun May 10 20:59:02 UTC 2015

Author: zi
Date: Sun May 10 20:58:59 2015
New Revision: 386029
URL: https://svnweb.freebsd.org/changeset/ports/386029

Log:
  - Add users/groups table support for FreeBSD
  - Update default config file locations
  - Bump PORTREVISION

Added:
  head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_groups.cpp   (contents, props changed)
  head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_users.cpp   (contents, props changed)
Modified:
  head/sysutils/osquery/Makefile
  head/sysutils/osquery/files/patch-osquery_tables_specs_blacklist
  head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_sysctl__utils.cpp

Modified: head/sysutils/osquery/Makefile
==============================================================================

--- head/sysutils/osquery/Makefile	Sun May 10 20:38:22 2015	(r386028)
+++ head/sysutils/osquery/Makefile	Sun May 10 20:58:59 2015	(r386029)
@@ -3,6 +3,7 @@
 
 PORTNAME=	osquery
 PORTVERSION=	1.4.5
+PORTREVISION=	1
 CATEGORIES=	sysutils
 MASTER_SITES=	GH:ghc \
 		https://codeload.github.com/${PORTNAME}/third-party/tar.gz/${PORTVERSION}?dummy=/:gh
@@ -52,6 +53,12 @@ post-extract:
 	${LN} -sf ${WRKDIR}/third-party-${PORTVERSION} ${WRKSRC}/third-party
 
 post-patch:
+	${REINPLACE_CMD} -e 's|/var/osquery|/var/db/osquery|g' \
+		${WRKSRC}/osquery/core/init.cpp
+	${REINPLACE_CMD} -e 's|/var/osquery/osquery.em|/var/run/osquery.em|g' \
+		-e 's|/etc/osquery/extensions.load|${PREFIX}/etc/osquery.extensions|g' \
+		-e 's|/etc/osquery/modules.load|${PREFIX}/etc/osquery.modules|g' \
+		${WRKSRC}/osquery/extensions/extensions.cpp
 	${REINPLACE_CMD} -e 's|/var/osquery/osquery.conf|${PREFIX}/etc/osquery.conf|g' \
 		${WRKSRC}/osquery/config/plugins/filesystem.cpp
 	${REINPLACE_CMD} -e 's|/var/osquery/|/var/db/osquery/|g' \

Modified: head/sysutils/osquery/files/patch-osquery_tables_specs_blacklist
==============================================================================
--- head/sysutils/osquery/files/patch-osquery_tables_specs_blacklist	Sun May 10 20:38:22 2015	(r386028)
+++ head/sysutils/osquery/files/patch-osquery_tables_specs_blacklist	Sun May 10 20:58:59 2015	(r386029)
@@ -33,7 +33,7 @@
 +freebsd:routes
 +freebsd:system_controls
 +freebsd:usb_devices
-+freebsd:users
++#freebsd:users
 +freebsd:yara_events
 +freebsd:yara
 +freebsd:system_controls

Added: head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_groups.cpp
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_groups.cpp	Sun May 10 20:58:59 2015	(r386029)
@@ -0,0 +1,43 @@
+--- osquery/tables/system/freebsd/groups.cpp.orig	2015-05-05 00:16:41 UTC
++++ osquery/tables/system/freebsd/groups.cpp
+@@ -8,6 +8,11 @@
+  *
+  */
+ 
++#include <set>
++#include <mutex>
++
++#include <grp.h>
++
+ #include <osquery/core.h>
+ #include <osquery/tables.h>
+ 
+@@ -16,10 +21,26 @@ namespace tables {
+ 
+ std::mutex grpEnumerationMutex;
+ 
+-QueryData genGroups(QueryContext& context) {
++QueryData genGroups(QueryContext &context) {
++  std::lock_guard<std::mutex> lock(grpEnumerationMutex);
+   QueryData results;
++  struct group *grp = nullptr;
++  std::set<long> groups_in;
+ 
+-  throw std::domain_error("Table not implemented for FreeBSD");
++  setgrent();
++  while ((grp = getgrent()) != nullptr) {
++    if (std::find(groups_in.begin(), groups_in.end(), grp->gr_gid) ==
++        groups_in.end()) {
++      Row r;
++      r["gid"] = INTEGER(grp->gr_gid);
++      r["gid_signed"] = INTEGER((int32_t) grp->gr_gid);
++      r["groupname"] = TEXT(grp->gr_name);
++      results.push_back(r);
++      groups_in.insert(grp->gr_gid);
++    }
++  }
++  endgrent();
++  groups_in.clear();
+ 
+   return results;
+ }

Modified: head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_sysctl__utils.cpp
==============================================================================
--- head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_sysctl__utils.cpp	Sun May 10 20:38:22 2015	(r386028)
+++ head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_sysctl__utils.cpp	Sun May 10 20:58:59 2015	(r386029)
@@ -1,4 +1,4 @@
---- osquery/tables/system/freebsd/sysctl_utils.cpp.orig	2015-05-08 22:20:24 UTC
+--- osquery/tables/system/freebsd/sysctl_utils.cpp.orig	2015-05-10 20:45:08 UTC
 +++ osquery/tables/system/freebsd/sysctl_utils.cpp
 @@ -0,0 +1,36 @@
 +/*

Added: head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_users.cpp
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sysutils/osquery/files/patch-osquery_tables_system_freebsd_users.cpp	Sun May 10 20:58:59 2015	(r386029)
@@ -0,0 +1,49 @@
+--- osquery/tables/system/freebsd/users.cpp.orig	2015-05-05 00:16:41 UTC
++++ osquery/tables/system/freebsd/users.cpp
+@@ -8,16 +8,45 @@
+  *
+  */
+ 
++#include <set>
++#include <mutex>
++#include <vector>
++#include <string>
++
++#include <pwd.h>
++
+ #include <osquery/core.h>
+ #include <osquery/tables.h>
+ 
+ namespace osquery {
+ namespace tables {
+ 
++std::mutex pwdEnumerationMutex;
++
+ QueryData genUsers(QueryContext& context) {
++  std::lock_guard<std::mutex> lock(pwdEnumerationMutex);
+   QueryData results;
++  struct passwd *pwd = nullptr;
++  std::set<long> users_in;
+ 
+-  throw std::domain_error("Table not implemented for FreeBSD");
++  while ((pwd = getpwent()) != nullptr) {
++    if (std::find(users_in.begin(), users_in.end(), pwd->pw_uid) ==
++        users_in.end()) {
++      Row r;
++      r["uid"] = BIGINT(pwd->pw_uid);
++      r["gid"] = BIGINT(pwd->pw_gid);
++      r["uid_signed"] = BIGINT((int32_t) pwd->pw_uid);
++      r["gid_signed"] = BIGINT((int32_t) pwd->pw_gid);
++      r["username"] = TEXT(pwd->pw_name);
++      r["description"] = TEXT(pwd->pw_gecos);
++      r["directory"] = TEXT(pwd->pw_dir);
++      r["shell"] = TEXT(pwd->pw_shell);
++      results.push_back(r);
++      users_in.insert(pwd->pw_uid);
++    }
++  }
++  endpwent();
++  users_in.clear();
+ 
+   return results;
+ }
