2023-07-19 09:59:22 +00:00
|
|
|
import ./make-test-python.nix (
|
|
|
|
{ lib, pkgs, ... }:
|
2024-12-10 19:26:33 +00:00
|
|
|
|
2023-07-19 09:59:22 +00:00
|
|
|
let
|
|
|
|
config_refresh = "10";
|
|
|
|
nullvalue = "NULL";
|
|
|
|
utc = false;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
name = "osquery";
|
2023-07-29 01:27:17 +00:00
|
|
|
meta.maintainers = with lib.maintainers; [
|
|
|
|
znewman01
|
|
|
|
lewo
|
|
|
|
];
|
2024-12-10 19:26:33 +00:00
|
|
|
|
2023-07-19 09:59:22 +00:00
|
|
|
nodes.machine =
|
|
|
|
{ config, pkgs, ... }:
|
|
|
|
{
|
|
|
|
services.osquery = {
|
|
|
|
enable = true;
|
2024-12-10 19:26:33 +00:00
|
|
|
|
2023-07-19 09:59:22 +00:00
|
|
|
settings.options = { inherit nullvalue utc; };
|
|
|
|
flags = {
|
|
|
|
inherit config_refresh;
|
|
|
|
nullvalue = "IGNORED";
|
2024-12-10 19:26:33 +00:00
|
|
|
};
|
|
|
|
};
|
2023-07-19 09:59:22 +00:00
|
|
|
};
|
2024-12-10 19:26:33 +00:00
|
|
|
|
2023-07-19 09:59:22 +00:00
|
|
|
testScript =
|
|
|
|
{ nodes, ... }:
|
|
|
|
let
|
|
|
|
cfg = nodes.machine.services.osquery;
|
|
|
|
in
|
|
|
|
''
|
|
|
|
machine.start()
|
|
|
|
machine.wait_for_unit("osqueryd.service")
|
2024-12-10 19:26:33 +00:00
|
|
|
|
2023-07-19 09:59:22 +00:00
|
|
|
# Stop the osqueryd service so that we can use osqueryi to check information stored in the database.
|
|
|
|
machine.wait_until_succeeds("systemctl stop osqueryd.service")
|
2024-12-10 19:26:33 +00:00
|
|
|
|
2023-07-19 09:59:22 +00:00
|
|
|
# osqueryd was able to query information about the host.
|
|
|
|
machine.succeed("echo 'SELECT address FROM etc_hosts LIMIT 1;' | osqueryi | tee /dev/console | grep -q '127.0.0.1'")
|
2024-12-10 19:26:33 +00:00
|
|
|
|
2023-07-19 09:59:22 +00:00
|
|
|
# osquery binaries respect configuration from the Nix config option.
|
2023-10-06 20:54:04 +00:00
|
|
|
machine.succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"utc\";' | osqueryi | tee /dev/console | grep -q ${lib.boolToString utc}")
|
2024-12-10 19:26:33 +00:00
|
|
|
|
2023-07-19 09:59:22 +00:00
|
|
|
# osquery binaries respect configuration from the Nix flags option.
|
|
|
|
machine.succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"config_refresh\";' | osqueryi | tee /dev/console | grep -q ${config_refresh}")
|
2024-12-10 19:26:33 +00:00
|
|
|
|
2023-07-19 09:59:22 +00:00
|
|
|
# Demonstrate that osquery binaries prefer configuration plugin options over CLI flags.
|
|
|
|
# https://osquery.readthedocs.io/en/latest/deployment/configuration/#options.
|
|
|
|
machine.succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"nullvalue\";' | osqueryi | tee /dev/console | grep -q ${nullvalue}")
|
2024-12-10 19:26:33 +00:00
|
|
|
|
2023-07-19 09:59:22 +00:00
|
|
|
# Module creates directories for default database_path and pidfile flag values.
|
|
|
|
machine.succeed("test -d $(dirname ${cfg.flags.database_path})")
|
|
|
|
machine.succeed("test -d $(dirname ${cfg.flags.pidfile})")
|
|
|
|
'';
|
|
|
|
}
|
|
|
|
)
|