void Initializer::initShell() const {
// Get the caller's home dir for temporary storage/state management.
auto homedir = osqueryHomeDirectory();
if (osquery::pathExists(homedir).ok()) {
// Only apply user/shell-specific paths if not overridden by CLI flag.
if (Flag::isDefault("database_path")) {
osquery::FLAGS_database_path =
(fs::path(homedir) / "shell.db").make_preferred().string();
}
if (Flag::isDefault("extensions_socket")) {
if (isPlatform(PlatformType::TYPE_WINDOWS)) {
osquery::FLAGS_extensions_socket = "\\\\.\\pipe\\shell.em";
} else {
osquery::FLAGS_extensions_socket =
(fs::path(homedir) / "shell.em").make_preferred().string();
}
}
} else {
fprintf(
stderr, "Cannot access or create osquery home: %s", homedir.c_str());
FLAGS_disable_extensions = true;
FLAGS_disable_database = true;
}
}
Initializer::Initializer(int& argc, char**& argv, ToolType tool)
: argc_(&argc),
argv_(&argv),
tool_(tool),
binary_((tool == OSQUERY_TOOL_DAEMON) ? "osqueryd" : "osqueryi") {
std::srand(chrono_clock::now().time_since_epoch().count());
// The 'main' thread is that which executes the initializer.
kMainThreadId = std::this_thread::get_id();
// Handled boost filesystem locale problems fixes in 1.56.
// See issue #1559 for the discussion and upstream boost patch.
try {
boost::filesystem::path::codecvt();
} catch (const std::runtime_error& e) {
setenv("LC_ALL", "C", 1);
}
// osquery implements a custom help/usage output.
for (int i = 1; i < *argc_; i++) {
auto help = std::string((*argv_)[i]);
if ((help == "--help" || help == "-help" || help == "--h" ||
help == "-h") &&
tool != OSQUERY_TOOL_TEST) {
printUsage(binary_, tool_);
shutdown();
}
}
// To change the default config plugin, compile osquery with
// -DOSQUERY_DEFAULT_CONFIG_PLUGIN=<new_default_plugin>
#ifdef OSQUERY_DEFAULT_CONFIG_PLUGIN
FLAGS_config_plugin = STR(OSQUERY_DEFAULT_CONFIG_PLUGIN);
#endif
// To change the default logger plugin, compile osquery with
// -DOSQUERY_DEFAULT_LOGGER_PLUGIN=<new_default_plugin>
#ifdef OSQUERY_DEFAULT_LOGGER_PLUGIN
FLAGS_logger_plugin = STR(OSQUERY_DEFAULT_LOGGER_PLUGIN);
#endif
// Set version string from CMake build
GFLAGS_NAMESPACE::SetVersionString(kVersion.c_str());
// Let gflags parse the non-help options/flags.
GFLAGS_NAMESPACE::ParseCommandLineFlags(
argc_, argv_, (tool == OSQUERY_TOOL_SHELL));
// Set the tool type to allow runtime decisions based on daemon, shell, etc.
kToolType = tool;
if (tool == OSQUERY_TOOL_SHELL) {
// The shell is transient, rewrite config-loaded paths.
FLAGS_disable_logging = true;
// The shell never will not fork a worker.
FLAGS_disable_watchdog = true;
// Get the caller's home dir for temporary storage/state management.
auto homedir = osqueryHomeDirectory();
boost::system::error_code ec;
if (osquery::pathExists(homedir).ok() ||
boost::filesystem::create_directory(homedir, ec)) {
// Only apply user/shell-specific paths if not overridden by CLI flag.
if (Flag::isDefault("database_path")) {
osquery::FLAGS_database_path = homedir + "/shell.db";
}
if (Flag::isDefault("extensions_socket")) {
osquery::FLAGS_extensions_socket = homedir + "/shell.em";
}
} else {
LOG(INFO) << "Cannot access or create osquery home directory";
FLAGS_disable_extensions = true;
FLAGS_database_path = "/dev/null";
}
}
// All tools handle the same set of signals.
// If a daemon process is a watchdog the signal is passed to the worker,
// unless the worker has not yet started.
std::signal(SIGTERM, signalHandler);
std::signal(SIGABRT, signalHandler);
std::signal(SIGINT, signalHandler);
std::signal(SIGHUP, signalHandler);
std::signal(SIGALRM, signalHandler);
std::signal(SIGUSR1, signalHandler);
// If the caller is checking configuration, disable the watchdog/worker.
if (FLAGS_config_check) {
FLAGS_disable_watchdog = true;
}
// Initialize the status and results logger.
initStatusLogger(binary_);
if (tool != OSQUERY_EXTENSION) {
if (isWorker()) {
VLOG(1) << "osquery worker initialized [watcher=" << getppid() << "]";
} else {
VLOG(1) << "osquery initialized [version=" << kVersion << "]";
}
} else {
VLOG(1) << "osquery extension initialized [sdk=" << kSDKVersion << "]";
}
}
Initializer::Initializer(int& argc, char**& argv, ToolType tool)
: argc_(&argc),
argv_(&argv),
tool_(tool),
binary_(fs::path(std::string(argv[0])).filename().string()) {
std::srand(time(nullptr));
// osquery implements a custom help/usage output.
std::string first_arg = (*argc_ > 1) ? std::string((*argv_)[1]) : "";
if ((first_arg == "--help" || first_arg == "-help" || first_arg == "--h" ||
first_arg == "-h") &&
tool != OSQUERY_TOOL_TEST) {
printUsage(binary_, tool_);
::exit(0);
}
// To change the default config plugin, compile osquery with
// -DOSQUERY_DEFAULT_CONFIG_PLUGIN=<new_default_plugin>
#ifdef OSQUERY_DEFAULT_CONFIG_PLUGIN
FLAGS_config_plugin = STR(OSQUERY_DEFAULT_CONFIG_PLUGIN);
#endif
// To change the default logger plugin, compile osquery with
// -DOSQUERY_DEFAULT_LOGGER_PLUGIN=<new_default_plugin>
#ifdef OSQUERY_DEFAULT_LOGGER_PLUGIN
FLAGS_logger_plugin = STR(OSQUERY_DEFAULT_LOGGER_PLUGIN);
#endif
// Set version string from CMake build
GFLAGS_NAMESPACE::SetVersionString(OSQUERY_VERSION);
// Let gflags parse the non-help options/flags.
GFLAGS_NAMESPACE::ParseCommandLineFlags(
argc_, argv_, (tool == OSQUERY_TOOL_SHELL));
if (tool == OSQUERY_TOOL_SHELL) {
// The shell is transient, rewrite config-loaded paths.
FLAGS_disable_logging = true;
// Get the caller's home dir for temporary storage/state management.
auto homedir = osqueryHomeDirectory();
if (osquery::pathExists(homedir).ok() ||
boost::filesystem::create_directory(homedir)) {
osquery::FLAGS_database_path = homedir + "/shell.db";
osquery::FLAGS_extensions_socket = homedir + "/shell.em";
}
}
// If the caller is checking configuration, disable the watchdog/worker.
if (FLAGS_config_check) {
FLAGS_disable_watchdog = true;
}
// Initialize the status and results logger.
initStatusLogger(binary_);
if (tool != OSQUERY_EXTENSION) {
VLOG(1) << "osquery initialized [version=" << OSQUERY_VERSION << "]";
} else {
VLOG(1) << "osquery extension initialized [sdk=" << OSQUERY_SDK_VERSION
<< "]";
}
}
Initializer::Initializer(int& argc, char**& argv, ToolType tool)
: argc_(&argc),
argv_(&argv),
tool_(tool),
binary_(fs::path(std::string(argv[0])).filename().string()) {
std::srand(chrono_clock::now().time_since_epoch().count());
// osquery implements a custom help/usage output.
for (int i = 1; i < *argc_; i++) {
auto help = std::string((*argv_)[i]);
if ((help == "--help" || help == "-help" || help == "--h" ||
help == "-h") &&
tool != OSQUERY_TOOL_TEST) {
printUsage(binary_, tool_);
::exit(0);
}
}
// To change the default config plugin, compile osquery with
// -DOSQUERY_DEFAULT_CONFIG_PLUGIN=<new_default_plugin>
#ifdef OSQUERY_DEFAULT_CONFIG_PLUGIN
FLAGS_config_plugin = STR(OSQUERY_DEFAULT_CONFIG_PLUGIN);
#endif
// To change the default logger plugin, compile osquery with
// -DOSQUERY_DEFAULT_LOGGER_PLUGIN=<new_default_plugin>
#ifdef OSQUERY_DEFAULT_LOGGER_PLUGIN
FLAGS_logger_plugin = STR(OSQUERY_DEFAULT_LOGGER_PLUGIN);
#endif
// Set version string from CMake build
GFLAGS_NAMESPACE::SetVersionString(kVersion.c_str());
// Let gflags parse the non-help options/flags.
GFLAGS_NAMESPACE::ParseCommandLineFlags(
argc_, argv_, (tool == OSQUERY_TOOL_SHELL));
if (tool == OSQUERY_TOOL_SHELL) {
// The shell is transient, rewrite config-loaded paths.
FLAGS_disable_logging = true;
// Get the caller's home dir for temporary storage/state management.
auto homedir = osqueryHomeDirectory();
if (osquery::pathExists(homedir).ok() ||
boost::filesystem::create_directory(homedir)) {
// Only apply user/shell-specific paths if not overridden by CLI flag.
if (Flag::isDefault("database_path")) {
osquery::FLAGS_database_path = homedir + "/shell.db";
}
if (Flag::isDefault("extensions_socket")) {
osquery::FLAGS_extensions_socket = homedir + "/shell.em";
}
}
}
// If the caller is checking configuration, disable the watchdog/worker.
if (FLAGS_config_check) {
FLAGS_disable_watchdog = true;
}
// Initialize the status and results logger.
initStatusLogger(binary_);
if (tool != OSQUERY_EXTENSION) {
if (isWorker()) {
VLOG(1) << "osquery worker initialized [watcher="
<< getenv("OSQUERY_WORKER") << "]";
} else {
VLOG(1) << "osquery initialized [version=" << kVersion << "]";
}
} else {
VLOG(1) << "osquery extension initialized [sdk=" << kSDKVersion << "]";
}
}
