Documentation ¶
Index ¶
- type ErrWrap
- type ExtensionManagerClient
- type ExtensionManagerServer
- func (s *ExtensionManagerServer) Call(ctx context.Context, registry string, item string, ...) (osquery.ExtensionPluginResponse, error)
- func (s *ExtensionManagerServer) Ping(ctx context.Context) (*osquery.ExtensionStatus, error)
- func (s *ExtensionManagerServer) RegisterPlugin(plugins ...OsqueryPlugin)
- func (s *ExtensionManagerServer) Run() error
- func (s *ExtensionManagerServer) Shutdown(ctx context.Context) error
- func (s *ExtensionManagerServer) Start() error
- type OsqueryPlugin
- type ServerOption
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ErrWrap ¶
type ErrWrap struct {
*ExtensionManagerServer
}
type ExtensionManagerClient ¶
type ExtensionManagerClient struct { osquery.ExtensionManager // contains filtered or unexported fields }
ExtensionManagerClient is a wrapper for the osquery Thrift extensions API.
func NewClient ¶
func NewClient(path string, timeout time.Duration) (*ExtensionManagerClient, error)
NewClient creates a new client communicating to osquery over the socket at the provided path. If resolving the address or connecting to the socket fails, this function will error.
func (*ExtensionManagerClient) Close ¶
func (c *ExtensionManagerClient) Close()
Close should be called to close the transport when use of the client is completed.
func (*ExtensionManagerClient) QueryRow ¶
func (c *ExtensionManagerClient) QueryRow(ctx context.Context, sql string) (map[string]string, error)
QueryRow behaves similarly to QueryRows, but it returns an error if the query does not return exactly one row.
func (*ExtensionManagerClient) QueryRows ¶
func (c *ExtensionManagerClient) QueryRows(ctx context.Context, sql string) ([]map[string]string, error)
QueryRows is a helper that executes the requested query and returns the results. It handles checking both the transport level errors and the osquery internal errors by returning a normal Go error type.
type ExtensionManagerServer ¶
type ExtensionManagerServer struct {
// contains filtered or unexported fields
}
ExtensionManagerServer is an implementation of the full ExtensionManager API. Plugins can register with an extension manager, which handles the communication with the osquery process.
func NewExtensionManagerServer ¶
func NewExtensionManagerServer(name string, sockPath string, opts ...ServerOption) (*ExtensionManagerServer, error)
NewExtensionManagerServer creates a new extension management server communicating with osquery over the socket at the provided path. If resolving the address or connecting to the socket fails, this function will error.
func (*ExtensionManagerServer) Call ¶
func (s *ExtensionManagerServer) Call(ctx context.Context, registry string, item string, request osquery.ExtensionPluginRequest) (osquery.ExtensionPluginResponse, error)
Call routes a call from the osquery process to the appropriate registered plugin.
func (*ExtensionManagerServer) Ping ¶
func (s *ExtensionManagerServer) Ping(ctx context.Context) (*osquery.ExtensionStatus, error)
Ping implements the basic health check.
func (*ExtensionManagerServer) RegisterPlugin ¶
func (s *ExtensionManagerServer) RegisterPlugin(plugins ...OsqueryPlugin)
RegisterPlugin adds one or more OsqueryPlugins to this extension manager.
func (*ExtensionManagerServer) Run ¶
func (s *ExtensionManagerServer) Run() error
Run starts the extension manager and runs until osquery calls for a shutdown or the osquery instance goes away.
func (*ExtensionManagerServer) Shutdown ¶
func (s *ExtensionManagerServer) Shutdown(ctx context.Context) error
Shutdown stops the server and closes the listening socket.
func (*ExtensionManagerServer) Start ¶
func (s *ExtensionManagerServer) Start() error
Start registers the extension plugins and begins listening on a unix socket for requests from the osquery process. All plugins should be registered with RegisterPlugin() before calling Start().
type OsqueryPlugin ¶
type OsqueryPlugin interface { // Name is the name used to refer to the plugin (eg. the name of the // table the plugin implements). Name() string // RegistryName is which "registry" the plugin should be added to. // Valid names are ["config", "logger", "table"]. RegistryName() string // Routes returns the detailed information about the interface exposed // by the plugin. See the example plugins for samples. Routes() osquery.ExtensionPluginResponse // Ping implements a health check for the plugin. If the plugin is in a // healthy state, StatusOK should be returned. Ping(ctx context.Context) osquery.ExtensionStatus // Call requests the plugin to perform its defined behavior, returning // a response containing the result. Call(context.Context, osquery.ExtensionPluginRequest) (osquery.ExtensionPluginResponse, error) // Shutdown alerts the plugin to stop. Shutdown() }
type ServerOption ¶
type ServerOption func(*ExtensionManagerServer)
func ServerTimeout ¶
func ServerTimeout(timeout time.Duration) ServerOption
Directories ¶
Path | Synopsis |
---|---|
examples
|
|
gen
|
|
plugin
|
|
config
Package config creates an osquery configuration plugin.
|
Package config creates an osquery configuration plugin. |
distributed
Package distributed creates an osquery distributed query plugin.
|
Package distributed creates an osquery distributed query plugin. |
logger
Package logger creates an osquery logging plugin.
|
Package logger creates an osquery logging plugin. |
table
Package table creates an osquery table plugin.
|
Package table creates an osquery table plugin. |
Package transport provides Thrift TTransport and TServerTransport implementations for use on mac/linux (TSocket/TServerSocket) and Windows (custom named pipe implementation).
|
Package transport provides Thrift TTransport and TServerTransport implementations for use on mac/linux (TSocket/TServerSocket) and Windows (custom named pipe implementation). |