-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.go
69 lines (58 loc) · 1.72 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
package main
import (
"flag"
"log"
"runtime"
"time"
"github.com/macadmins/osquery-extension/tables/macos_profiles"
"github.com/macadmins/osquery-extension/tables/mdm"
"github.com/osquery/osquery-go"
"github.com/osquery/osquery-go/plugin/table"
"github.com/zentralopensource/osquery-extension/tables/falconctl"
)
var name = "zentral_extension"
func main() {
var (
socket = flag.String("socket", "", "Path to the extensions UNIX domain socket")
timeout = flag.Int("timeout", 3, "Seconds to wait for autoloaded extensions")
interval = flag.Int("interval", 3, "Seconds delay between connectivity checks")
)
flag.Parse()
if *socket == "" {
log.Fatalln("Missing required --socket argument")
}
serverTimeout := osquery.ServerTimeout(
time.Second * time.Duration(*timeout),
)
serverPingInterval := osquery.ServerPingInterval(
time.Second * time.Duration(*interval),
)
server, err := osquery.NewExtensionManagerServer(
name,
*socket,
serverTimeout,
serverPingInterval,
)
if err != nil {
log.Fatalf("Error creating extension: %s\n", err)
}
// platform agnostic plugins
plugins := []osquery.OsqueryPlugin{}
// darwin plugins
if runtime.GOOS == "darwin" {
darwinPlugins := []osquery.OsqueryPlugin{
table.NewPlugin("falconctl", falconctl.FalconctlColumns(), falconctl.FalconctlGenerate),
table.NewPlugin("macos_profiles", macos_profiles.MacOSProfilesColumns(), macos_profiles.MacOSProfilesGenerate),
table.NewPlugin("mdm", mdm.MDMInfoColumns(), mdm.MDMInfoGenerate),
}
plugins = append(plugins, darwinPlugins...)
}
// this loop will register all the plugins
for _, p := range plugins {
server.RegisterPlugin(p)
}
// start the server
if err := server.Run(); err != nil {
log.Fatalln(err)
}
}