-
Notifications
You must be signed in to change notification settings - Fork 98
/
best_practices.go
61 lines (54 loc) · 2.8 KB
/
best_practices.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package table
import (
"context"
"github.com/kolide/osquery-go"
"github.com/kolide/osquery-go/plugin/table"
"github.com/pkg/errors"
)
// bestPracticesSimpleColumns is a map of the best practices columns that are
// "simple" to generate. The keys are the column names, and the values are the
// associated queries. Any practice that can be defined by a query returning a
// single row with an integer "1" for compliant, or "0" for non-compliant can
// be added to this map and automatically included in the best practices table.
// This should be treated as const.
var bestPracticesSimpleColumns = map[string]string{
"sip_enabled": "SELECT enabled AS compliant FROM sip_config WHERE config_flag='sip'",
"gatekeeper_enabled": "SELECT assessments_enabled AS compliant FROM gatekeeper",
"filevault_enabled": "SELECT de.encrypted AS compliant FROM mounts m join disk_encryption de ON m.device_alias = de.name WHERE m.path = '/'",
"firewall_enabled": "SELECT global_state AS compliant FROM alf",
// Sharing prefs
"screen_sharing_disabled": "SELECT screen_sharing = 0 AS compliant FROM sharing_preferences",
"file_sharing_disabled": "SELECT file_sharing = 0 AS compliant FROM sharing_preferences",
"printer_sharing_disabled": "SELECT printer_sharing = 0 AS compliant FROM sharing_preferences",
"remote_login_disabled": "SELECT remote_login = 0 AS compliant FROM sharing_preferences",
"remote_management_disabled": "SELECT remote_management = 0 AS compliant FROM sharing_preferences",
"remote_apple_events_disabled": "SELECT remote_apple_events = 0 AS compliant FROM sharing_preferences",
"internet_sharing_disabled": "SELECT internet_sharing = 0 AS compliant FROM sharing_preferences",
"bluetooth_sharing_disabled": "SELECT bluetooth_sharing = 0 AS compliant FROM sharing_preferences",
"disc_sharing_disabled": "SELECT disc_sharing = 0 AS compliant FROM sharing_preferences",
}
func BestPractices(client *osquery.ExtensionManagerClient) *table.Plugin {
columns := []table.ColumnDefinition{}
for col, _ := range bestPracticesSimpleColumns {
columns = append(columns, table.IntegerColumn(col))
}
return table.NewPlugin("kolide_best_practices", columns, generateBestPractices(client))
}
func generateBestPractices(client *osquery.ExtensionManagerClient) table.GenerateFunc {
return func(ctx context.Context, queryContext table.QueryContext) ([]map[string]string, error) {
res := map[string]string{}
// Add all of the "simple" columns
for col, query := range bestPracticesSimpleColumns {
row, err := client.QueryRow(query)
if err != nil {
return nil, errors.Wrapf(err, "query %s", col)
}
val, ok := row["compliant"]
if !ok {
return nil, errors.Errorf("query %s did not have 'compliant' column", col)
}
res[col] = val
}
return []map[string]string{res}, nil
}
}