From bebc76237a6fa985119ab6ab92aae0b241fb9b5c Mon Sep 17 00:00:00 2001 From: Sangwan Kwon Date: Fri, 24 Apr 2020 15:14:32 +0900 Subject: [PATCH] Remove system --- src/osquery/core/CMakeLists.txt | 3 - src/osquery/core/init.cpp | 238 ----------- src/osquery/core/posix/initializer.cpp | 20 - src/osquery/core/system.cpp | 435 -------------------- src/osquery/core/tests/query_tests.cpp | 1 - src/osquery/core/tests/system_test.cpp | 29 -- src/osquery/core/tests/tables_tests.cpp | 1 - src/osquery/include/osquery/system.h | 301 -------------- src/osquery/logger/logger.cpp | 1 - src/osquery/main/main.cpp | 60 --- src/osquery/main/main.h | 37 -- src/osquery/main/posix/main.cpp | 31 -- src/osquery/sql/sql.cpp | 6 - src/osquery/sql/tests/sql.cpp | 2 - src/osquery/sql/tests/sqlite_util_tests.cpp | 2 - src/osquery/sql/tests/virtual_table.cpp | 2 - src/osquery/sql/virtual_table.cpp | 8 - src/osquery/tables/utility/time.cpp | 1 - src/osquery/tests/test_util.cpp | 5 - src/osquery/utils/CMakeLists.txt | 5 - src/osquery/utils/info/tool_type.cpp | 9 - src/osquery/utils/info/tool_type.h | 29 -- src/osquery/utils/json/json.h | 1 - src/osquery/utils/system/posix/system.cpp | 9 - src/osquery/utils/system/posix/system.h | 98 ----- src/osquery/utils/system/system.cpp | 9 - src/osquery/utils/system/system.h | 98 ----- src/osquery/utils/system/uptime.cpp | 52 --- src/osquery/utils/system/uptime.h | 15 - 29 files changed, 1508 deletions(-) delete mode 100644 src/osquery/core/init.cpp delete mode 100644 src/osquery/core/posix/initializer.cpp delete mode 100644 src/osquery/core/system.cpp delete mode 100644 src/osquery/core/tests/system_test.cpp delete mode 100644 src/osquery/include/osquery/system.h delete mode 100644 src/osquery/main/main.cpp delete mode 100644 src/osquery/main/main.h delete mode 100644 src/osquery/main/posix/main.cpp delete mode 100644 src/osquery/utils/info/tool_type.cpp delete mode 100644 src/osquery/utils/info/tool_type.h delete mode 100644 src/osquery/utils/system/posix/system.cpp delete mode 100644 src/osquery/utils/system/posix/system.h delete mode 100644 src/osquery/utils/system/system.cpp delete mode 100644 src/osquery/utils/system/system.h delete mode 100644 src/osquery/utils/system/uptime.cpp delete mode 100644 src/osquery/utils/system/uptime.h diff --git a/src/osquery/core/CMakeLists.txt b/src/osquery/core/CMakeLists.txt index d7a967b..fce4e27 100644 --- a/src/osquery/core/CMakeLists.txt +++ b/src/osquery/core/CMakeLists.txt @@ -13,15 +13,12 @@ # limitations under the License ADD_OSQUERY_LIBRARY(osquery_core tables.cpp - init.cpp query.cpp - system.cpp database/database.cpp database/in_memory_database.cpp plugins/logger.cpp plugins/plugin.cpp plugins/sql.cpp - posix/initializer.cpp sql/column.cpp sql/diff_results.cpp sql/query_data.cpp diff --git a/src/osquery/core/init.cpp b/src/osquery/core/init.cpp deleted file mode 100644 index a5319ef..0000000 --- a/src/osquery/core/init.cpp +++ /dev/null @@ -1,238 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#include -#include -#include -#include - -#include -#include - -#include - -#ifdef WIN32 - -#include - -#include -#include - -#else -#include -#endif - -#ifndef WIN32 -#include -#endif - -#include - -#include "osquery/utils/config/default_paths.h" -#include "osquery/utils/info/platform_type.h" -#include -#include -#include -#include -#include - -#ifdef __linux__ -#include - -/* - * These are the io priority groups as implemented by CFQ. RT is the realtime - * class, it always gets premium service. BE is the best-effort scheduling - * class, the default for any process. IDLE is the idle scheduling class, it - * is only served when no one else is using the disk. - */ -enum { - IOPRIO_CLASS_NONE, - IOPRIO_CLASS_RT, - IOPRIO_CLASS_BE, - IOPRIO_CLASS_IDLE, -}; - -/* - * 8 best effort priority levels are supported - */ -#define IOPRIO_BE_NR (8) - -enum { - IOPRIO_WHO_PROCESS = 1, - IOPRIO_WHO_PGRP, - IOPRIO_WHO_USER, -}; -#endif - -#define DESCRIPTION \ - "osquery %s, your OS as a high-performance relational database\n" -#define EPILOG "\nosquery project page .\n" -#define OPTIONS \ - "\nosquery configuration options (set by config or CLI flags):\n\n" -#define OPTIONS_SHELL "\nosquery shell-only CLI flags:\n\n" -#define OPTIONS_CLI "osquery%s command line flags:\n\n" -#define USAGE "Usage: %s [OPTION]... %s\n\n" - -namespace { -extern "C" { -volatile std::sig_atomic_t kHandledSignal{0}; - -void signalHandler(int num) { - // Inform exit status of main threads blocked by service joins. - if (kHandledSignal == 0) { - kHandledSignal = num; - // If no part of osquery requested an interruption then the exit 'wanted' - // code becomes the signal number. - if (num != SIGUSR1 && osquery::kExitCode == 0) { - // The only exception is SIGUSR1 which is used to signal the main thread - // to interrupt dispatched services. - osquery::kExitCode = 128 + num; - } - - if (num == SIGTERM || num == SIGINT || num == SIGABRT || - num == SIGUSR1) { - // Restore the default signal handler. - std::signal(num, SIG_DFL); - } - } -} -} -} - -using chrono_clock = std::chrono::high_resolution_clock; - -namespace fs = boost::filesystem; - -namespace osquery { - -ToolType kToolType{ToolType::UNKNOWN}; - -/// The saved exit code from a thread's request to stop the process. -volatile std::sig_atomic_t kExitCode{0}; - -/// The saved thread ID for shutdown to short-circuit raising a signal. -static std::thread::id kMainThreadId; - -/// Legacy thread ID to ensure that the windows service waits before exiting -unsigned long kLegacyThreadId; - -std::function Initializer::shutdown_{nullptr}; -RecursiveMutex Initializer::shutdown_mutex_; - -static inline void printUsage(const std::string& binary, ToolType tool) { - // Parse help options before gflags. Only display osquery-related options. - fprintf(stdout, DESCRIPTION, kVersion.c_str()); - if (tool == ToolType::SHELL) { - // The shell allows a caller to run a single SQL statement and exit. - fprintf(stdout, USAGE, binary.c_str(), "[SQL STATEMENT]"); - } else { - fprintf(stdout, USAGE, binary.c_str(), ""); - } - - fprintf(stdout, EPILOG); -} - -Initializer::Initializer(int& argc, - char**& argv, - ToolType tool, - bool const init_glog) - : argc_(&argc), argv_(&argv) { - // Initialize random number generated based on time. - std::srand(static_cast( - chrono_clock::now().time_since_epoch().count())); - - // osquery can function as the daemon or shell depending on argv[0]. - if (tool == ToolType::SHELL_DAEMON) { - if (fs::path(argv[0]).filename().string().find("osqueryd") != - std::string::npos) { - kToolType = ToolType::DAEMON; - binary_ = "osqueryd"; - } else { - kToolType = ToolType::SHELL; - binary_ = "osqueryi"; - } - } else { - // Set the tool type to allow runtime decisions based on daemon, shell, etc. - kToolType = tool; - } - - // The 'main' thread is that which executes the initializer. - kMainThreadId = std::this_thread::get_id(); - - // Initialize the COM libs - platformSetup(); -} - -void Initializer::initDaemon() const { -} - -void Initializer::initShell() const { -} - -void Initializer::initWorker(const std::string& name) const { - // Clear worker's arguments. - auto original_name = std::string((*argv_)[0]); - for (int i = 1; i < *argc_; i++) { - if ((*argv_)[i] != nullptr) { - memset((*argv_)[i], '\0', strlen((*argv_)[i])); - } - } -} - -void Initializer::initActivePlugin(const std::string& type, - const std::string& name) const { - auto rs = RegistryFactory::get().setActive(type, name); - if (!rs.ok()) { - LOG(ERROR) << "Cannot activate " << name << " " << type - << " plugin: " << rs.getMessage(); - requestShutdown(EXIT_CATASTROPHIC); - } -} - -void Initializer::installShutdown(std::function& handler) { - RecursiveLock lock(shutdown_mutex_); - shutdown_ = std::move(handler); -} - -void Initializer::start() const { - // Run the setup for all lazy registries (tables, SQL). - Registry::setUp(); -} - -void Initializer::waitForShutdown() { - { - RecursiveLock lock(shutdown_mutex_); - if (shutdown_ != nullptr) { - // Copy the callable, then remove it, prevent callable recursion. - auto shutdown = shutdown_; - shutdown_ = nullptr; - - // Call the shutdown callable. - shutdown(); - } - } - - auto excode = (kExitCode != 0) ? kExitCode : EXIT_SUCCESS; - exit(excode); -} - -void Initializer::requestShutdown(int retcode) { - if (kExitCode == 0) { - kExitCode = retcode; - } -} - -void Initializer::requestShutdown(int retcode, const std::string& system_log) { - requestShutdown(retcode); -} - -void Initializer::shutdown(int retcode) { - platformTeardown(); - ::exit(retcode); -} -} diff --git a/src/osquery/core/posix/initializer.cpp b/src/osquery/core/posix/initializer.cpp deleted file mode 100644 index e61ce64..0000000 --- a/src/osquery/core/posix/initializer.cpp +++ /dev/null @@ -1,20 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#include - -namespace osquery { - -void Initializer::platformSetup() { - /* No platform-specific logic is needed on POSIX. */ -} - -void Initializer::platformTeardown() { - /* No platform-specific logic is needed on POSIX. */ -} -} // namespace osquery diff --git a/src/osquery/core/system.cpp b/src/osquery/core/system.cpp deleted file mode 100644 index a6e973a..0000000 --- a/src/osquery/core/system.cpp +++ /dev/null @@ -1,435 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#include -#include -#include - -#ifndef WIN32 -#include -#include -#include -#endif - -#include - -#if !defined(__FreeBSD__) && !defined(WIN32) -#include -#include -#endif - -#ifdef WIN32 -#include -#endif - -#if defined(__FreeBSD__) -#include -#endif - -#if defined(__APPLE__) -#include -#endif - -#include - -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include - -#ifdef WIN32 -#include "osquery/core/windows/wmi.h" -#endif -#include "osquery/utils/info/tool_type.h" -#include "osquery/utils/info/platform_type.h" -#include "osquery/utils/conversions/tryto.h" -#include "osquery/utils/config/default_paths.h" -#ifdef WIN32 -#include -#endif - -namespace fs = boost::filesystem; - -namespace osquery { - -const std::vector kPlaceholderHardwareUUIDList{ - "00000000-0000-0000-0000-000000000000", - "03000200-0400-0500-0006-000700080009", - "03020100-0504-0706-0809-0a0b0c0d0e0f", - "10000000-0000-8000-0040-000000000000", -}; - -#ifdef WIN32 -struct tm* gmtime_r(time_t* t, struct tm* result) { - _gmtime64_s(result, t); - return result; -} - -struct tm* localtime_r(time_t* t, struct tm* result) { - _localtime64_s(result, t); - return result; -} -#endif - -std::string getHostname() { - long max_path = 256; - long size = 0; -#ifndef WIN32 - static long max_hostname = sysconf(_SC_HOST_NAME_MAX); - size = (max_hostname > max_path - 1) ? max_hostname + 1 : max_path; -#endif - if (isPlatform(PlatformType::TYPE_WINDOWS)) { - size = max_path; - } - - std::vector hostname(size, 0x0); - std::string hostname_string; - gethostname(hostname.data(), size - 1); - hostname_string = std::string(hostname.data()); - boost::algorithm::trim(hostname_string); - return hostname_string; -} - -std::string getFqdn() { - if (!isPlatform(PlatformType::TYPE_WINDOWS)) { - std::string fqdn_string = getHostname(); - -#ifndef WIN32 - struct addrinfo hints; - memset(&hints, 0, sizeof(hints)); - hints.ai_family = AF_UNSPEC; - hints.ai_flags = AI_CANONNAME; - - struct addrinfo* res = nullptr; - if (getaddrinfo(fqdn_string.c_str(), nullptr, &hints, &res) == 0) { - if (res->ai_canonname != nullptr) { - fqdn_string = res->ai_canonname; - } - } - if (res != nullptr) { - freeaddrinfo(res); - } -#endif - return fqdn_string; - } else { - unsigned long size = 256; - std::vector fqdn(size, 0x0); -#ifdef WIN32 - GetComputerNameEx(ComputerNameDnsFullyQualified, fqdn.data(), &size); -#endif - return fqdn.data(); - } -} - -std::string generateNewUUID() { - boost::uuids::uuid uuid = boost::uuids::random_generator()(); - return boost::uuids::to_string(uuid); -} - -bool isPlaceholderHardwareUUID(const std::string& uuid) { - std::string lower_uuid = boost::to_lower_copy(uuid); - - return std::find(kPlaceholderHardwareUUIDList.begin(), - kPlaceholderHardwareUUIDList.end(), - lower_uuid) != kPlaceholderHardwareUUIDList.end(); -} - -std::string generateHostUUID() { - return "Not supported"; -} - -Status getInstanceUUID(std::string& ident) { - ident = osquery::generateNewUUID(); - - return Status(-1, "Not supported"); -} - -Status getEphemeralUUID(std::string& ident) { - if (ident.size() == 0) { - ident = osquery::generateNewUUID(); - } - return Status::success(); -} - -Status getHostUUID(std::string& ident) { - return Status(-1, "Not supported"); -} - -Status getSpecifiedUUID(std::string& ident) { - return Status::success(); -} - -std::string getHostIdentifier() { - static std::string ident; - - Status result(2); - if (ident.size() == 0) { - // The identifier has not been set yet. - - if (!result.ok()) { - // assuming the default of "hostname" as the machine identifier - // intentionally not set to `ident` because the hostname may change - // throughout the life of the process and we always want to be using the - // most current hostname - return osquery::getHostname(); - } else { - VLOG(1) << "Using host identifier: " << ident; - } - } - return ident; -} - -Status checkStalePid(const std::string& content) { - int pid; - try { - pid = boost::lexical_cast(content); - } catch (const boost::bad_lexical_cast& /* e */) { - return Status::success(); - } - - // The pid is running, check if it is an osqueryd process by name. - std::stringstream query_text; - - query_text << "SELECT name FROM processes WHERE pid = " << pid - << " AND name LIKE 'osqueryd%';"; - - SQL q(query_text.str()); - if (!q.ok()) { - return Status(1, "Error querying processes: " + q.getMessageString()); - } - - if (q.rows().size() > 0) { - // If the process really is osqueryd, return an "error" status. - - return Status(1, "osqueryd (" + content + ") is already running"); - } else { - VLOG(1) << "Found stale process for osqueryd (" << content << ")"; - } - - return Status::success(); -} - -#ifndef WIN32 - -static inline bool ownerFromResult(const Row& row, long& uid, long& gid) { - auto const uid_exp = tryTo(row.at("uid"), 10); - auto const gid_exp = tryTo(row.at("gid"), 10); - if (uid_exp.isValue()) { - uid = uid_exp.get(); - } - if (gid_exp.isValue()) { - gid = gid_exp.get(); - } - return uid_exp.isValue() && gid_exp.isValue(); -} - -DropPrivilegesRef DropPrivileges::get() { - DropPrivilegesRef handle = DropPrivilegesRef(new DropPrivileges()); - return handle; -} - -bool DropPrivileges::dropToParent(const fs::path& path) { - auto parent = path.parent_path().string(); - auto result = SQL::selectAllFrom("file", "path", EQUALS, parent); - if (result.empty()) { - return false; - } - - if (result.front().at("symlink") == "1") { - // The file is a symlink, inspect the owner of the link. - struct stat link_stat; - if (lstat(parent.c_str(), &link_stat) != 0) { - return false; - } - - return dropTo(link_stat.st_uid, link_stat.st_gid); - } - - long uid = 0; - long gid = 0; - if (!ownerFromResult(result.front(), uid, gid)) { - return false; - } - - return dropTo(static_cast(uid), static_cast(gid)); -} - -bool DropPrivileges::dropTo(const std::string& user) { - auto result = SQL::selectAllFrom("users", "username", EQUALS, user); - if (result.empty()) { - return false; - } - - long uid = 0; - long gid = 0; - if (!ownerFromResult(result.front(), uid, gid)) { - return false; - } - - return dropTo(static_cast(uid), static_cast(gid)); -} - -bool setThreadEffective(uid_t uid, gid_t gid) { -#if defined(__APPLE__) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wdeprecated" - return (pthread_setugid_np(uid, gid) == 0); -#pragma GCC diagnostic pop -#elif defined(__linux__) - return (syscall(SYS_setresgid, -1, gid, -1) == 0 && - syscall(SYS_setresuid, -1, uid, -1) == 0); -#endif - return 0; -} - -bool DropPrivileges::dropTo(const std::string& uid, const std::string& gid) { - auto const uid_exp = tryTo(uid, 10); - auto const gid_exp = tryTo(gid, 10); - if (uid_exp.isError() || gid_exp.isError() || - !dropTo(uid_exp.get(), gid_exp.get())) { - return false; - } - return true; -} - -bool DropPrivileges::dropTo(uid_t uid, gid_t gid) { - if (uid == geteuid() && gid == getegid()) { - // Privileges do not need to be dropped. - return true; - } else if (dropped() && uid == to_user_ && gid == to_group_) { - // Privileges are already dropped to the requested user and group. - return true; - } else if (dropped()) { - return false; - } - - /// Drop process groups. - if (original_groups_ != nullptr) { - restoreGroups(); - } - - group_size_ = getgroups(0, nullptr); - if (group_size_ > 0) { - original_groups_ = (gid_t*)malloc(group_size_ * sizeof(gid_t)); - group_size_ = getgroups(group_size_, original_groups_); - } - setgroups(1, &gid); - - if (!setThreadEffective(uid, gid)) { - (void)setegid(getgid()); - return false; - } - - // Privileges are now dropped to the requested user/group. - to_user_ = uid; - to_group_ = gid; - dropped_ = true; - return true; -} - -void DropPrivileges::restoreGroups() { - if (group_size_ > 0) { - setgroups(group_size_, original_groups_); - group_size_ = 0; - free(original_groups_); - } - original_groups_ = nullptr; -} - -DropPrivileges::~DropPrivileges() { - // We are elevating privileges, there is no security vulnerability if - // either privilege change fails. - if (dropped_) { -#ifdef __APPLE__ - setThreadEffective(KAUTH_UID_NONE, KAUTH_GID_NONE); -#else - setThreadEffective(getuid(), getgid()); -#endif - dropped_ = false; - } - - if (original_groups_ != nullptr) { - restoreGroups(); - } -} -#endif - -Status setThreadName(const std::string& name) { -#if defined(__APPLE__) - int return_code = pthread_setname_np(name.c_str()); - return return_code == 0 - ? Status::success() - : Status::failure("pthread_setname_np failed with error " + - std::to_string(return_code)); -#elif defined(__linux__) - int return_code = pthread_setname_np(pthread_self(), name.c_str()); - return return_code == 0 - ? Status::success() - : Status::failure("pthread_setname_np failed with error " + - std::to_string(return_code)); -#elif defined(__FreeBSD__) - // FreeBSD silently ignores errors and does not return an error code - pthread_set_name_np(pthread_self(), name.c_str()); - return Status::success(); -#elif defined(WIN32) - // SetThreadDescription is available in builds newer than 1607 of windows 10 - // and works even if there is no debugger. - typedef HRESULT(WINAPI * PFNSetThreadDescription)(HANDLE hThread, - PCWSTR lpThreadDescription); - auto pfnSetThreadDescription = reinterpret_cast( - GetProcAddress(GetModuleHandleA("Kernel32.dll"), "SetThreadDescription")); - if (pfnSetThreadDescription != nullptr) { - std::wstring wideName{stringToWstring(name)}; - HRESULT hr = pfnSetThreadDescription(GetCurrentThread(), wideName.c_str()); - if (!FAILED(hr)) { - return Status::success(); - } - } - return Status::failure( - "setThreadName failed due to GetProcAddress returning null"); -#else - return Status::failure("setThreadName not supported on this OS"); -#endif -} - -bool checkPlatform(const std::string& platform) { - if (platform.empty() || platform == "null") { - return true; - } - - if (platform.find("any") != std::string::npos || - platform.find("all") != std::string::npos) { - return true; - } - - // Technically "centos" and "ubuntu" are no longer supported. We have never - // differentiated between Linux distributions, but rather execute all Linux - // based queries on any Linux system. - auto linux_type = (platform.find("linux") != std::string::npos || - platform.find("ubuntu") != std::string::npos || - platform.find("centos") != std::string::npos); - if (linux_type && isPlatform(osquery::PlatformType::TYPE_LINUX)) { - return true; - } - - auto posix_type = (platform.find("posix") != std::string::npos); - if (posix_type && isPlatform(osquery::PlatformType::TYPE_POSIX)) { - return true; - } - - return (platform.find(osquery::kSDKPlatform) != std::string::npos); -} -} // namespace osquery diff --git a/src/osquery/core/tests/query_tests.cpp b/src/osquery/core/tests/query_tests.cpp index 5800145..bb5d174 100644 --- a/src/osquery/core/tests/query_tests.cpp +++ b/src/osquery/core/tests/query_tests.cpp @@ -16,7 +16,6 @@ #include #include -#include #include namespace osquery { diff --git a/src/osquery/core/tests/system_test.cpp b/src/osquery/core/tests/system_test.cpp deleted file mode 100644 index dcdd341..0000000 --- a/src/osquery/core/tests/system_test.cpp +++ /dev/null @@ -1,29 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#include - -#include "osquery/system.h" - -namespace osquery { - -class UUIDTests : public testing::Test {}; - -TEST_F(UUIDTests, test_invalid_uuid) { - std::string uuid = "10000000-0000-8000-0040-000000000000"; - - EXPECT_TRUE(isPlaceholderHardwareUUID(uuid)); -} - -TEST_F(UUIDTests, test_valid_uuid) { - std::string uuid = "226e380e-67d1-4214-9868-5383a79af0b8"; - - EXPECT_FALSE(isPlaceholderHardwareUUID(uuid)); -} - -} // namespace osquery diff --git a/src/osquery/core/tests/tables_tests.cpp b/src/osquery/core/tests/tables_tests.cpp index 03325ec..703c2b6 100644 --- a/src/osquery/core/tests/tables_tests.cpp +++ b/src/osquery/core/tests/tables_tests.cpp @@ -11,7 +11,6 @@ #include #include -#include #include namespace osquery { diff --git a/src/osquery/include/osquery/system.h b/src/osquery/include/osquery/system.h deleted file mode 100644 index 5e4623e..0000000 --- a/src/osquery/include/osquery/system.h +++ /dev/null @@ -1,301 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#pragma once - -#include -#include -#include - -#include - -#include -#include -#include -#include - -namespace osquery { - -class Status; - -/** - * @brief The requested exit code. - * - * Use Initializer::shutdown to request shutdown in most cases. - * This will raise a signal to the main thread requesting the dispatcher to - * interrupt all services. There is a thread requesting a join of all services - * that will continue the shutdown process. - */ -extern volatile std::sig_atomic_t kExitCode; - -using ModuleHandle = void*; - -class Initializer : private boost::noncopyable { - public: - /** - * @brief Sets up various aspects of osquery execution state. - * - * osquery needs a few things to happen as soon as the process begins - * executing. Initializer takes care of setting up the relevant parameters. - * Initializer should be called in an executable's `main()` function. - * - * @param argc the number of elements in argv - * @param argv the command-line arguments passed to `main()` - * @param tool the type of osquery main (daemon, shell, test, extension). - * @param init_glog whether to start google logging module (it can be - * initialized at most once) - */ - Initializer(int& argc, - char**& argv, - ToolType tool = ToolType::TEST, - bool init_glog = true); - - /** - * @brief Sets up the process as an osquery daemon. - * - * A daemon has additional constraints, it can use a process mutex, check - * for sane/non-default configurations, etc. - */ - void initDaemon() const; - - /** - * @brief Sets up the process as an osquery shell. - * - * The shell is lighter than a daemon and disables (by default) features. - */ - void initShell() const; - - /** - * @brief Daemon tools may want to continually spawn worker processes - * and monitor their utilization. - * - * A daemon may call initWorkerWatcher to begin watching child daemon - * processes until it-itself is unscheduled. The basic guarantee is that only - * workers will return from the function. - * - * The worker-watcher will implement performance bounds on CPU utilization - * and memory, as well as check for zombie/defunct workers and respawn them - * if appropriate. The appropriateness is determined from heuristics around - * how the worker exited. Various exit states and velocities may cause the - * watcher to resign. - * - * @param name The name of the worker process. - */ - void initWorkerWatcher(const std::string& name = "") const; - - /** - * @brief Move a function callable into the initializer to be called. - * - * Install an optional platform method to call when waiting for shutdown. - * This exists for Windows when the daemon must wait for the service to stop. - */ - void installShutdown(std::function& handler); - - /// Assume initialization finished, start work. - void start() const; - - public: - /** - * @brief Forcefully request the application to stop. - * - * Since all osquery tools may implement various 'dispatched' services in the - * form of event handler threads or thrift service and client pools, a stop - * request should behave nicely and request these services stop. - * - * Use shutdown whenever you would normally call stdlib exit. - * - * @param retcode the requested return code for the process. - */ - static void requestShutdown(int retcode = EXIT_SUCCESS); - - /** - * @brief Forcefully request the application to stop. - * - * See #requestShutdown, this overloaded alternative allows the caller to - * also log a reason/message to the system log. This is intended for extreme - * failure cases and thus requires an explicit error code. - * - * @param retcode the request return code for the process. - * @param system_log A log line to write to the system's log. - */ - static void requestShutdown(int retcode, const std::string& system_log); - - /// Exit immediately without requesting the dispatcher to stop. - static void shutdown(int retcode = EXIT_SUCCESS); - - /** - * @brief Cleanly wait for all services and components to shutdown. - * - * Enter a join of all services followed by a sync wait for event loops. - * If the main thread is out of actions it can call #waitForShutdown. - */ - static void waitForShutdown(); - - /** - * @brief Initialize any platform dependent libraries or objects - * - * On windows, we require the COM libraries be initialized just once - */ - static void platformSetup(); - - /** - * @brief Before ending, tear down any platform specific setup - * - * On windows, we require the COM libraries be initialized just once - */ - static void platformTeardown(); - - /// Check the program is the osquery daemon. - static bool isDaemon() { - return kToolType == ToolType::DAEMON; - } - - /// Check the program is the osquery shell. - static bool isShell() { - return kToolType == ToolType::SHELL; - } - - /** - * @brief Check if a process is an osquery worker. - * - * By default an osqueryd process will fork/exec then set an environment - * variable: `OSQUERY_WORKER` while continually monitoring child I/O. - * The environment variable causes subsequent child processes to skip several - * initialization steps and jump into extension handling, registry setup, - * config/logger discovery and then the event publisher and scheduler. - */ - static bool isWorker(); - - /** - * @brief Check is a process is an osquery watcher. - * - * Is watcher is different from the opposite of isWorker. An osquery process - * may have disabled the watchdog so the parent could be doing the work or - * the worker child. - */ - static bool isWatcher(); - - public: - /// Initialize this process as an osquery daemon worker. - void initWorker(const std::string& name) const; - - /// Initialize the osquery watcher, optionally spawn a worker. - void initWatcher() const; - - /// This pauses the watchdog process until the watcher thread stops. - void waitForWatcher() const; - - private: - /// Set and wait for an active plugin optionally broadcasted. - void initActivePlugin(const std::string& type, const std::string& name) const; - - private: - /// A saved, mutable, reference to the process's argc. - int* argc_{nullptr}; - - /// A saved, mutable, reference to the process's argv. - char*** argv_{nullptr}; - - /// The deduced program name determined by executing path. - std::string binary_; - - /// A platform specific callback to wait for shutdown. - static std::function shutdown_; - - /// Mutex to protect use of the shutdown callable. - static RecursiveMutex shutdown_mutex_; -}; - -/** - * @brief Getter for a host's current hostname - * - * @return a string representing the host's current hostname - */ -std::string getHostname(); - -/** - * @brief Getter for a host's fully qualified domain name - * - * @return a string representation of the hosts fully qualified domain name - * if the host is joined to a domain, otherwise it simply returns the hostname - */ -std::string getFqdn(); - -/** - * @brief Generate a new generic UUID - * - * @return a string containing a random UUID - */ -std::string generateNewUUID(); - -/** - * @brief Getter for an instance uuid - * - * @return ok on success and ident is set to the instance uuid, otherwise - * failure. - */ -Status getInstanceUUID(std::string& ident); - -/** - * @brief Getter for an ephemeral uuid - * - * @return ok on success and ident is set to the ephemeral uuid, otherwise - * failure. - */ -Status getEphemeralUUID(std::string& ident); - -/** - * @brief Getter for a host's uuid. - * - * @return ok on success and ident is set to the host's uuid, otherwise failure. - */ -Status getHostUUID(std::string& ident); - -/** - * @brief Determine whether the UUID is a placeholder. - * - * Some motherboards report placeholder UUIDs which, from point of view of being - * unique, are useless. This method checks the provided UUID against a list of - * known placeholders so that it can be treated as invalid. This method ignores - * case. - * - * @param uuid UUID to test. - * @return true if UUID is a placeholder and false otherwise. - */ -bool isPlaceholderHardwareUUID(const std::string& uuid); - -/** - * @brief generate a uuid to uniquely identify this machine - * - * @return uuid string to identify this machine - */ -std::string generateHostUUID(); - -/** - * @brief Get a configured UUID/name that uniquely identify this machine - * - * @return string to identify this machine - */ -std::string getHostIdentifier(); - -/** - * @brief Create a pid file - * - * @return A status object indicating the success or failure of the operation - */ -Status createPidFile(); - -/** - * @brief Set the name of the thread - * - * @return If the name was set successfully - */ -Status setThreadName(const std::string& name); - -bool checkPlatform(const std::string& platform); -} // namespace osquery diff --git a/src/osquery/logger/logger.cpp b/src/osquery/logger/logger.cpp index 1ab11c6..a5d04a3 100644 --- a/src/osquery/logger/logger.cpp +++ b/src/osquery/logger/logger.cpp @@ -20,7 +20,6 @@ #include #include #include -#include #include #include diff --git a/src/osquery/main/main.cpp b/src/osquery/main/main.cpp deleted file mode 100644 index 253b961..0000000 --- a/src/osquery/main/main.cpp +++ /dev/null @@ -1,60 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#ifdef WIN32 -#include -#endif - -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -//#include - -namespace fs = boost::filesystem; - -namespace osquery { - -int startDaemon(Initializer& runner) { - runner.start(); - - // Finally wait for a signal / interrupt to shutdown. - runner.waitForShutdown(); - return 0; -} - -int startShell(osquery::Initializer& runner, int argc, char* argv[]) { - int retcode = 0; - - // Finally shutdown. - runner.requestShutdown(); - return retcode; -} - -int startOsquery(int argc, char* argv[], std::function shutdown) { - // Parse/apply flags, start registry, load logger/config plugins. - osquery::Initializer runner(argc, argv, osquery::ToolType::SHELL); - - runner.installShutdown(shutdown); - runner.initDaemon(); - - if (runner.isDaemon()) { - return startDaemon(runner); - } - return startShell(runner, argc, argv); -} -} // namespace osquery diff --git a/src/osquery/main/main.h b/src/osquery/main/main.h deleted file mode 100644 index 1f8c3da..0000000 --- a/src/osquery/main/main.h +++ /dev/null @@ -1,37 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#pragma once - -#include -#include - -#include - -namespace osquery { - -/** - * @brief Install osqueryd as a service for the platform. - * - * Currently, this is only used by Windows. POSIX platforms use a companion - * script called osquerycrl to move files and install launch daemons or init - * scripts/systemd units. - * - * This disconnect of install flows is a limitation. The POSIX install flows - * should be refactored into install/uninstall service methods. - */ -Status installService(const std::string& path); - -/// See installService. -Status uninstallService(); - -/// Begin the platform-agnostic shell and daemon initialization. -int startOsquery(int argc, - char* argv[], - std::function shutdown = nullptr); -} // namespace osquery diff --git a/src/osquery/main/posix/main.cpp b/src/osquery/main/posix/main.cpp deleted file mode 100644 index b33c0f9..0000000 --- a/src/osquery/main/posix/main.cpp +++ /dev/null @@ -1,31 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#include -#include -#include -#include - -namespace osquery { - -Status installService(const std::string& /*path*/) { - LOG(INFO) << "The --install service flag only applies to Windows platforms"; - return Status(1); -} - -Status uninstallService() { - LOG(INFO) << "The --uninstall service flag only applies to Windows platforms"; - return Status(1); -} -} // namespace osquery - -int main(int argc, char* argv[]) { - // On POSIX systems we can jump immediately into startOsquery. - // A short abstraction exists to allow execute-as-service checks in Windows. - return osquery::startOsquery(argc, argv); -} diff --git a/src/osquery/sql/sql.cpp b/src/osquery/sql/sql.cpp index 6ca13e9..d7e3e7a 100644 --- a/src/osquery/sql/sql.cpp +++ b/src/osquery/sql/sql.cpp @@ -17,7 +17,6 @@ #include #include -#include namespace osquery { @@ -209,11 +208,6 @@ Status mockGetQueryTables(std::string copy_q, } Status getQueryTables(const std::string& q, std::vector& tables) { - if (kToolType == ToolType::TEST) { - // We 'mock' this functionality for internal tests. - return mockGetQueryTables(q, tables); - } - PluginResponse response; auto status = Registry::call( "sql", "sql", {{"action", "tables"}, {"query", q}}, response); diff --git a/src/osquery/sql/tests/sql.cpp b/src/osquery/sql/tests/sql.cpp index af5a1b6..d8de36f 100644 --- a/src/osquery/sql/tests/sql.cpp +++ b/src/osquery/sql/tests/sql.cpp @@ -14,7 +14,6 @@ #include #include #include -#include #include namespace osquery { @@ -24,7 +23,6 @@ extern void escapeNonPrintableBytesEx(std::string& data); class SQLTests : public testing::Test { public: void SetUp() override { - Initializer::platformSetup(); registryAndPluginInit(); } }; diff --git a/src/osquery/sql/tests/sqlite_util_tests.cpp b/src/osquery/sql/tests/sqlite_util_tests.cpp index 24a82b7..59120ad 100644 --- a/src/osquery/sql/tests/sqlite_util_tests.cpp +++ b/src/osquery/sql/tests/sqlite_util_tests.cpp @@ -11,7 +11,6 @@ #include #include #include -#include #include #include @@ -23,7 +22,6 @@ namespace osquery { class SQLiteUtilTests : public testing::Test { public: void SetUp() override { - Initializer::platformSetup(); registryAndPluginInit(); } }; diff --git a/src/osquery/sql/tests/virtual_table.cpp b/src/osquery/sql/tests/virtual_table.cpp index 67aa30c..f85e14f 100644 --- a/src/osquery/sql/tests/virtual_table.cpp +++ b/src/osquery/sql/tests/virtual_table.cpp @@ -13,7 +13,6 @@ #include #include #include -#include #include @@ -22,7 +21,6 @@ namespace osquery { class VirtualTableTests : public testing::Test { public: void SetUp() override { - Initializer::platformSetup(); registryAndPluginInit(); } }; diff --git a/src/osquery/sql/virtual_table.cpp b/src/osquery/sql/virtual_table.cpp index d8693de..c90631f 100644 --- a/src/osquery/sql/virtual_table.cpp +++ b/src/osquery/sql/virtual_table.cpp @@ -14,7 +14,6 @@ #include #include #include -#include #include #include @@ -916,13 +915,6 @@ static int xFilter(sqlite3_vtab_cursor* pVtabCursor, << " is event-based but events are disabled"; } - // Provide a helpful reference to table documentation within the shell. - if (Initializer::isShell() && - (!user_based_satisfied || !required_satisfied || !events_satisfied)) { - LOG(WARNING) << "Please see the table documentation: " - << table_doc(pVtab->content->name); - } - // Reset the virtual table contents. pCur->rows.clear(); options.clear(); diff --git a/src/osquery/tables/utility/time.cpp b/src/osquery/tables/utility/time.cpp index 3fdc3a9..42565e9 100644 --- a/src/osquery/tables/utility/time.cpp +++ b/src/osquery/tables/utility/time.cpp @@ -12,7 +12,6 @@ #include -#include #include namespace osquery { diff --git a/src/osquery/tests/test_util.cpp b/src/osquery/tests/test_util.cpp index 85030bd..6764643 100644 --- a/src/osquery/tests/test_util.cpp +++ b/src/osquery/tests/test_util.cpp @@ -22,7 +22,6 @@ #include #include #include -#include #include #include @@ -45,7 +44,6 @@ std::string kTestDataPath{"../../../tools/tests/"}; using chrono_clock = std::chrono::high_resolution_clock; void initTesting() { - kToolType = ToolType::TEST; if (osquery::isPlatform(PlatformType::TYPE_OSX)) { kTestWorkingDirectory = "/private/tmp/osquery-tests"; } else { @@ -95,12 +93,9 @@ void initTesting() { fs::remove_all(kTestWorkingDirectory); fs::create_directories(kTestWorkingDirectory); - - Initializer::platformSetup(); } void shutdownTesting() { - Initializer::platformTeardown(); } ScheduledQuery getOsqueryScheduledQuery() { diff --git a/src/osquery/utils/CMakeLists.txt b/src/osquery/utils/CMakeLists.txt index 815bb41..40b114f 100644 --- a/src/osquery/utils/CMakeLists.txt +++ b/src/osquery/utils/CMakeLists.txt @@ -16,17 +16,12 @@ ADD_OSQUERY_LIBRARY(osquery_utils base64.cpp chars.cpp only_movable.cpp status/status.cpp - system/system.cpp system/time.cpp - system/uptime.cpp system/posix/env.cpp system/posix/errno.cpp system/posix/filepath.cpp - system/posix/system.cpp system/posix/time.cpp info/platform_type.cpp - info/tool_type.cpp - info/version.cpp config/default_paths.cpp conversions/tryto.cpp conversions/split.cpp diff --git a/src/osquery/utils/info/tool_type.cpp b/src/osquery/utils/info/tool_type.cpp deleted file mode 100644 index 435e91c..0000000 --- a/src/osquery/utils/info/tool_type.cpp +++ /dev/null @@ -1,9 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#include diff --git a/src/osquery/utils/info/tool_type.h b/src/osquery/utils/info/tool_type.h deleted file mode 100644 index 39f0d07..0000000 --- a/src/osquery/utils/info/tool_type.h +++ /dev/null @@ -1,29 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#pragma once - -namespace osquery { - /** - * @brief A helpful tool type to report when logging, print help, or debugging. - * - * The Initializer class attempts to detect the ToolType using the tool name - * and some compile time options. - */ - enum class ToolType { - UNKNOWN = 0, - SHELL, - DAEMON, - TEST, - EXTENSION, - SHELL_DAEMON, - }; - - /// The osquery tool type for runtime decisions. - extern ToolType kToolType; -} diff --git a/src/osquery/utils/json/json.h b/src/osquery/utils/json/json.h index e5c7ed2..38847da 100644 --- a/src/osquery/utils/json/json.h +++ b/src/osquery/utils/json/json.h @@ -12,7 +12,6 @@ #include #include -#include #ifdef WIN32 #pragma warning(push, 3) diff --git a/src/osquery/utils/system/posix/system.cpp b/src/osquery/utils/system/posix/system.cpp deleted file mode 100644 index 7859043..0000000 --- a/src/osquery/utils/system/posix/system.cpp +++ /dev/null @@ -1,9 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#include "system.h" diff --git a/src/osquery/utils/system/posix/system.h b/src/osquery/utils/system/posix/system.h deleted file mode 100644 index 2d86bb5..0000000 --- a/src/osquery/utils/system/posix/system.h +++ /dev/null @@ -1,98 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#pragma once - -#include -#include -#include - -#include -#include -#include -#include - -namespace osquery { - -/// The osquery platform agnostic process identifier type. -using PlatformPidType = pid_t; - -class DropPrivileges; -using DropPrivilegesRef = std::shared_ptr; - -class DropPrivileges : private boost::noncopyable { - public: - /// Make call sites use 'dropTo' booleans to improve the UI. - static DropPrivilegesRef get(); - - /** - * @brief Attempt to drop privileges to that of the parent of a given path. - * - * This will return false if privileges could not be dropped or there was - * an previous, and still active, request for dropped privileges. - * - * @return success if privileges were dropped, otherwise false. - */ - bool dropToParent(const boost::filesystem::path& path); - - /// See DropPrivileges::dropToParent but explicitiy set the UID and GID. - bool dropTo(const std::string& uid, const std::string& gid); - - /// See DropPrivileges::dropToParent but explicitly set the UID and GID. - bool dropTo(uid_t uid, gid_t gid); - - /// See DropPrivileges::dropToParent but for a user's UID and GID. - bool dropTo(const std::string& user); - - /// Check if effective privileges do not match real. - bool dropped() { - return (getuid() != geteuid() || getgid() != getegid()); - } - - /** - * @brief The privilege/permissions dropper deconstructor will restore - * effective permissions. - * - * There should only be a single drop of privilege/permission active. - */ - virtual ~DropPrivileges(); - - private: - DropPrivileges() = default; - - /// Restore groups if dropping consecutively. - void restoreGroups(); - - private: - /// Boolean to track if this instance needs to restore privileges. - bool dropped_{false}; - - /// The user this instance dropped privileges to. - uid_t to_user_{0}; - - /// The group this instance dropped privileges to. - gid_t to_group_{0}; - - /** - * @brief If dropping explicitly to a user and group also drop groups. - * - * Original process groups before explicitly dropping privileges. - * On restore, if there are any groups in this list, they will be added - * to the processes group list. - */ - gid_t* original_groups_{nullptr}; - - /// The size of the original groups to backup when restoring privileges. - size_t group_size_{0}; - - private: - FRIEND_TEST(PermissionsTests, test_explicit_drop); - FRIEND_TEST(PermissionsTests, test_path_drop); - FRIEND_TEST(PermissionsTests, test_nobody_drop); -}; -} // namespace osquery diff --git a/src/osquery/utils/system/system.cpp b/src/osquery/utils/system/system.cpp deleted file mode 100644 index 7859043..0000000 --- a/src/osquery/utils/system/system.cpp +++ /dev/null @@ -1,9 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#include "system.h" diff --git a/src/osquery/utils/system/system.h b/src/osquery/utils/system/system.h deleted file mode 100644 index 2d86bb5..0000000 --- a/src/osquery/utils/system/system.h +++ /dev/null @@ -1,98 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#pragma once - -#include -#include -#include - -#include -#include -#include -#include - -namespace osquery { - -/// The osquery platform agnostic process identifier type. -using PlatformPidType = pid_t; - -class DropPrivileges; -using DropPrivilegesRef = std::shared_ptr; - -class DropPrivileges : private boost::noncopyable { - public: - /// Make call sites use 'dropTo' booleans to improve the UI. - static DropPrivilegesRef get(); - - /** - * @brief Attempt to drop privileges to that of the parent of a given path. - * - * This will return false if privileges could not be dropped or there was - * an previous, and still active, request for dropped privileges. - * - * @return success if privileges were dropped, otherwise false. - */ - bool dropToParent(const boost::filesystem::path& path); - - /// See DropPrivileges::dropToParent but explicitiy set the UID and GID. - bool dropTo(const std::string& uid, const std::string& gid); - - /// See DropPrivileges::dropToParent but explicitly set the UID and GID. - bool dropTo(uid_t uid, gid_t gid); - - /// See DropPrivileges::dropToParent but for a user's UID and GID. - bool dropTo(const std::string& user); - - /// Check if effective privileges do not match real. - bool dropped() { - return (getuid() != geteuid() || getgid() != getegid()); - } - - /** - * @brief The privilege/permissions dropper deconstructor will restore - * effective permissions. - * - * There should only be a single drop of privilege/permission active. - */ - virtual ~DropPrivileges(); - - private: - DropPrivileges() = default; - - /// Restore groups if dropping consecutively. - void restoreGroups(); - - private: - /// Boolean to track if this instance needs to restore privileges. - bool dropped_{false}; - - /// The user this instance dropped privileges to. - uid_t to_user_{0}; - - /// The group this instance dropped privileges to. - gid_t to_group_{0}; - - /** - * @brief If dropping explicitly to a user and group also drop groups. - * - * Original process groups before explicitly dropping privileges. - * On restore, if there are any groups in this list, they will be added - * to the processes group list. - */ - gid_t* original_groups_{nullptr}; - - /// The size of the original groups to backup when restoring privileges. - size_t group_size_{0}; - - private: - FRIEND_TEST(PermissionsTests, test_explicit_drop); - FRIEND_TEST(PermissionsTests, test_path_drop); - FRIEND_TEST(PermissionsTests, test_nobody_drop); -}; -} // namespace osquery diff --git a/src/osquery/utils/system/uptime.cpp b/src/osquery/utils/system/uptime.cpp deleted file mode 100644 index ae8dc4a..0000000 --- a/src/osquery/utils/system/uptime.cpp +++ /dev/null @@ -1,52 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#include - -#if defined(__APPLE__) -#include -#include -#include -#elif defined(__linux__) -#include -#elif defined(WIN32) -#include -#endif - -namespace osquery { - -long getUptime() { -#if defined(DARWIN) - struct timeval boot_time; - size_t len = sizeof(boot_time); - int mib[2] = {CTL_KERN, KERN_BOOTTIME}; - - if (sysctl(mib, 2, &boot_time, &len, nullptr, 0) < 0) { - return -1; - } - - time_t seconds_since_boot = boot_time.tv_sec; - time_t current_seconds = time(nullptr); - - return long(difftime(current_seconds, seconds_since_boot)); -#elif defined(__linux__) - struct sysinfo sys_info; - - if (sysinfo(&sys_info) != 0) { - return -1; - } - - return sys_info.uptime; -#elif defined(WIN32) - return static_cast(GetTickCount64() / 1000); -#endif - - return -1; -} - -} // namespace osquery diff --git a/src/osquery/utils/system/uptime.h b/src/osquery/utils/system/uptime.h deleted file mode 100644 index 73be64e..0000000 --- a/src/osquery/utils/system/uptime.h +++ /dev/null @@ -1,15 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#pragma once - -namespace osquery { - -long getUptime(); - -} // namespace osquery -- 2.34.1