std::string getHostIdentifier() { if (FLAGS_host_identifier != "uuid") { // use the hostname as the default machine identifier return osquery::getHostname(); } // Generate a identifier/UUID for this application launch, and persist. static std::string ident; if (ident.size() == 0) { getHostUUID(ident); } return ident; }
QueryData genSystemInfo(QueryContext& context) { Row r; r["hostname"] = osquery::getFqdn(); r["computer_name"] = osquery::getHostname(); r["local_hostname"] = r["computer_name"]; getHostUUID(r["uuid"]); auto qd = SQL::selectAllFrom("cpuid"); for (const auto& row : qd) { if (row.at("feature") == "product_name") { r["cpu_brand"] = row.at("value"); boost::trim(r["cpu_brand"]); } } WmiRequest wmiSystemReq("select * from Win32_ComputerSystem"); WmiRequest wmiSystemReqProc("select * from Win32_Processor"); std::vector<WmiResultItem>& wmiResults = wmiSystemReq.results(); std::vector<WmiResultItem>& wmiResultsProc = wmiSystemReqProc.results(); if (!wmiResults.empty() && !wmiResultsProc.empty()) { long numProcs = 0; wmiResults[0].GetLong("NumberOfLogicalProcessors", numProcs); r["cpu_logical_cores"] = INTEGER(numProcs); wmiResultsProc[0].GetLong("NumberOfCores", numProcs); r["cpu_physical_cores"] = INTEGER(numProcs); wmiResults[0].GetString("TotalPhysicalMemory", r["physical_memory"]); wmiResults[0].GetString("Manufacturer", r["hardware_vendor"]); wmiResults[0].GetString("Model", r["hardware_model"]); } else { r["cpu_logical_cores"] = "-1"; r["cpu_physical_cores"] = "-1"; r["physical_memory"] = "-1"; r["hardware_vendor"] = "-1"; r["hardware_model"] = "-1"; } QueryData regResults; queryKey( "HKEY_LOCAL_MACHINE\\" "HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\", regResults); for (const auto& key : regResults) { if (key.at("name") == "Update Revision") { if (key.at("data").size() >= 16) { unsigned long int revision = 0; safeStrtoul(key.at("data").substr(8, 2), 16, revision); r["cpu_microcode"] = std::to_string(revision); } break; } } WmiRequest wmiBiosReq("select * from Win32_Bios"); std::vector<WmiResultItem>& wmiBiosResults = wmiBiosReq.results(); if (wmiBiosResults.size() != 0) { wmiBiosResults[0].GetString("SerialNumber", r["hardware_serial"]); } else { r["hardware_serial"] = "-1"; } SYSTEM_INFO systemInfo; GetSystemInfo(&systemInfo); switch (systemInfo.wProcessorArchitecture) { case PROCESSOR_ARCHITECTURE_AMD64: r["cpu_type"] = "x86_64"; break; case PROCESSOR_ARCHITECTURE_ARM: r["cpu_type"] = "ARM"; break; case PROCESSOR_ARCHITECTURE_IA64: r["cpu_type"] = "x64 Itanium"; break; case PROCESSOR_ARCHITECTURE_INTEL: r["cpu_type"] = "x86"; break; case PROCESSOR_ARCHITECTURE_UNKNOWN: r["cpu_type"] = "Unknown"; default: break; } r["cpu_subtype"] = "-1"; r["hardware_version"] = "-1"; return {r}; }