osquery plist fix and osquery 5.2.2 support

admin/handlers/get.go

@@ -14,19 +14,11 @@ import (
 	"github.com/jmpsec/osctrl/utils"
 )
 
-// osquery
-const (
-	// osquery version to display tables
-	osqueryTablesVersion string = "5.0.1"
-	// Carved files folder
-	carvedFilesFolder string = "carved_files/"
-)
-
 // FaviconHandler for the favicon
 func (h *HandlersAdmin) FaviconHandler(w http.ResponseWriter, r *http.Request) {
 	utils.DebugHTTPDump(r, h.Settings.DebugHTTP(settings.ServiceAdmin), false)
 	w.Header().Set(utils.ContentType, "image/png")
-	http.ServeFile(w, r, "./static/favicon.png")
+	http.ServeFile(w, r, "/static/favicon.png")
 }
 
 // HealthHandler for health requests
@@ -116,7 +108,7 @@ func (h *HandlersAdmin) CarvesDownloadHandler(w http.ResponseWriter, r *http.Req
 		return
 	}
 	// Prepare file to download
-	result, err := h.Carves.Archive(carveSession, carvedFilesFolder)
+	result, err := h.Carves.Archive(carveSession, h.CarvesFolder)
 	if err != nil {
 		h.Inc(metricAdminErr)
 		log.Printf("error downloading carve - %v", err)

admin/handlers/handlers.go

@@ -47,7 +47,9 @@ type HandlersAdmin struct {
 	RedisCache      *cache.RedisManager
 	Sessions        *sessions.SessionManager
 	ServiceVersion  string
+	OsqueryVersion  string
 	TemplatesFolder string
+	CarvesFolder    string
 	OsqueryTables   []types.OsqueryTable
 	AdminConfig     *types.JSONConfigurationService
 }
@@ -102,6 +104,12 @@ func WithCarves(carves *carves.Carves) HandlersOption {
 	}
 }
 
+func WithCarvesFolder(carves string) HandlersOption {
+	return func(h *HandlersAdmin) {
+		h.CarvesFolder = carves
+	}
+}
+
 func WithMetrics(metrics *metrics.Metrics) HandlersOption {
 	return func(h *HandlersAdmin) {
 		h.Metrics = metrics
@@ -126,6 +134,12 @@ func WithVersion(version string) HandlersOption {
 	}
 }
 
+func WithOsqueryVersion(version string) HandlersOption {
+	return func(h *HandlersAdmin) {
+		h.OsqueryVersion = version
+	}
+}
+
 func WithTemplates(templates string) HandlersOption {
 	return func(h *HandlersAdmin) {
 		h.TemplatesFolder = templates

admin/handlers/templates.go

@@ -317,7 +317,7 @@ func (h *HandlersAdmin) QueryRunGETHandler(w http.ResponseWriter, r *http.Reques
 		UUIDs:         uuids,
 		Hosts:         hosts,
 		Tables:        h.OsqueryTables,
-		TablesVersion: osqueryTablesVersion,
+		TablesVersion: h.OsqueryVersion,
 	}
 	if err := t.Execute(w, templateData); err != nil {
 		h.Inc(metricAdminErr)
@@ -493,7 +493,7 @@ func (h *HandlersAdmin) CarvesRunGETHandler(w http.ResponseWriter, r *http.Reque
 		UUIDs:         uuids,
 		Hosts:         hosts,
 		Tables:        h.OsqueryTables,
-		TablesVersion: osqueryTablesVersion,
+		TablesVersion: h.OsqueryVersion,
 	}
 	if err := t.Execute(w, templateData); err != nil {
 		h.Inc(metricAdminErr)

admin/main.go

@@ -83,6 +83,8 @@ const (
 	defStaticFilesFolder string = "./static"
 	// Default templates folder
 	defTemplatesFolder string = "./tmpl_admin"
+	// Default carved files folder
+	defCarvedFolder string = "./carved_files/"
 	// Default refreshing interval in seconds
 	defaultRefresh int = 300
 	// Default hours to classify nodes as inactive
@@ -92,7 +94,7 @@ const (
 // osquery
 const (
 	// osquery version to display tables
-	defOsqueryTablesVersion string = "5.0.1"
+	defOsqueryTablesVersion string = "5.2.2"
 	// JSON file with osquery tables data
 	defOsqueryTablesFile string = "data/" + defOsqueryTablesVersion + ".json"
 )
@@ -144,6 +146,7 @@ var (
 	osqueryTablesVersion string
 	loggerFile           string
 	staticFilesFolder    string
+	carvedFilesFolder    string
 	templatesFolder      string
 )
 
@@ -493,10 +496,17 @@ func init() {
 		&cli.StringFlag{
 			Name:        "templates",
 			Value:       defTemplatesFolder,
-			Usage:       "Directory with all the static files needed for the osctrl-admin UI",
+			Usage:       "Directory with all the templates needed for the osctrl-admin UI",
 			EnvVars:     []string{"STATIC_FILES"},
 			Destination: &templatesFolder,
 		},
+		&cli.StringFlag{
+			Name:        "carved",
+			Value:       defCarvedFolder,
+			Usage:       "Directory for all the received carved files from osquery",
+			EnvVars:     []string{"CARVED_FILES"},
+			Destination: &carvedFilesFolder,
+		},
 	}
 	// Logging format flags
 	log.SetFlags(log.Lshortfile)
@@ -601,6 +611,7 @@ func osctrlAdminService() {
 		handlers.WithCache(redis),
 		handlers.WithSessions(sessionsmgr),
 		handlers.WithVersion(serviceVersion),
+		handlers.WithOsqueryVersion(osqueryTablesVersion),
 		handlers.WithTemplates(templatesFolder),
 		handlers.WithOsqueryTables(osqueryTables),
 		handlers.WithAdminConfig(&adminConfig),

deploy/docker/env.example

@@ -1,5 +1,5 @@
 OSCTRL_VERSION=0.2.7
-OSQUERY_VERSION=5.0.1
+OSQUERY_VERSION=5.2.2
 NGINX_VERSION=1.21.1-alpine
 POSTGRES_VERSION=10-alpine
 POSTGRES_DB_NAME=osctrl