def test_osquery_conf(self):
# default machine has a subset of the queries
default_machine = MockMetaMachine([], [], None, None)
config = build_osquery_conf(default_machine, enrollment=None)
self.assertCountEqual(
["decorators", "schedule", "file_accesses", "file_paths"],
config.keys()) # no packs
schedule = config["schedule"]
self.assertCountEqual(
[INVENTORY_QUERY_NAME, self.query_1_key, self.query_2_key],
schedule.keys())
file_paths = config["file_paths"]
self.assertCountEqual(
file_paths.keys(),
[self.query_1_filepath_hash, self.query_2_filepath_hash])
for key, file_path in ((self.query_1_filepath_hash,
self.query_1_filepath),
(self.query_2_filepath_hash,
self.query_2_filepath)):
self.assertEqual(file_paths.get(key), [file_path])
file_accesses = config["file_accesses"]
self.assertEqual([self.query_2_filepath_hash], file_accesses)
# mbu has all the queries
mbu_machine = MockMetaMachine([1], [], None, "SERVER")
config = build_osquery_conf(mbu_machine, enrollment=None)
self.assertCountEqual(
["decorators", "schedule", "file_accesses", "file_paths"],
config.keys()) # no packs
schedule = config["schedule"]
self.assertCountEqual([
INVENTORY_QUERY_NAME, self.query_1_key, self.query_2_key,
self.query_mbu_key
], schedule.keys())
file_paths = config["file_paths"]
self.assertCountEqual(file_paths.keys(), [
self.query_1_filepath_hash, self.query_2_filepath_hash,
self.query_mbu_filepath_hash
])
for key, file_path in ((self.query_1_filepath_hash,
self.query_1_filepath),
(self.query_2_filepath_hash,
self.query_2_filepath),
(self.query_mbu_filepath_hash,
self.query_mbu_filepath)):
self.assertEqual(file_paths.get(key), [file_path])
file_accesses = config["file_accesses"]
self.assertEqual([self.query_2_filepath_hash], file_accesses)
def test_osquery_conf(self):
# default machine has a subset of the queries
default_machine = MockMetaMachine([], [], None, None)
config = build_osquery_conf(default_machine)
self.assertCountEqual(["schedule", "file_accesses", "file_paths"],
config.keys()) # no packs
schedule = config["schedule"]
self.assertCountEqual([INVENTORY_QUERY_NAME,
self.query_1_key,
self.query_2_key],
schedule.keys())
file_paths = config["file_paths"]
self.assertCountEqual(file_paths.keys(),
[self.query_1_filepath_hash,
self.query_2_filepath_hash])
for key, file_path in ((self.query_1_filepath_hash, self.query_1_filepath),
(self.query_2_filepath_hash, self.query_2_filepath)):
self.assertEqual(file_paths.get(key), [file_path])
file_accesses = config["file_accesses"]
self.assertEqual([self.query_2_filepath_hash], file_accesses)
# mbu has all the queries
mbu_machine = MockMetaMachine([1], [], None, "SERVER")
config = build_osquery_conf(mbu_machine)
self.assertCountEqual(["schedule", "file_accesses", "file_paths"],
config.keys()) # no packs
schedule = config["schedule"]
self.assertCountEqual([INVENTORY_QUERY_NAME,
self.query_1_key,
self.query_2_key,
self.query_mbu_key],
schedule.keys())
file_paths = config["file_paths"]
self.assertCountEqual(file_paths.keys(),
[self.query_1_filepath_hash,
self.query_2_filepath_hash,
self.query_mbu_filepath_hash])
for key, file_path in ((self.query_1_filepath_hash, self.query_1_filepath),
(self.query_2_filepath_hash, self.query_2_filepath),
(self.query_mbu_filepath_hash, self.query_mbu_filepath)):
self.assertEqual(file_paths.get(key), [file_path])
file_accesses = config["file_accesses"]
self.assertEqual([self.query_2_filepath_hash], file_accesses)
def test_osquery_conf(self):
# default machine has a subset of the queries
default_machine = MockMetaMachine([], [], None, None)
config = build_osquery_conf(default_machine)
self.assertCountEqual(["schedule"], config.keys()) # no file_paths, file_accesses or packs
schedule = config["schedule"]
self.assertCountEqual([INVENTORY_QUERY_NAME,
self.query_pfu_key, self.query_pfg_key,
self.query_fc_key],
schedule.keys())
# tag has all the queries
tag_machine = MockMetaMachine([], [1], None, "SERVER")
config = build_osquery_conf(tag_machine)
self.assertCountEqual(["schedule"], config.keys()) # no file_paths, file_accesses or packs
schedule = config["schedule"]
self.assertCountEqual([INVENTORY_QUERY_NAME,
self.query_pfu_key, self.query_pfg_key,
self.query_fc_key, self.query_tag_key],
schedule.keys())
def test_osquery_conf(self):
# default machine has a subset of the queries
default_machine = MockMetaMachine([], [], None, None)
config = build_osquery_conf(default_machine)
# schedule with query 1
schedule = config["schedule"]
self.assertIsInstance(schedule, dict)
self.assertCountEqual(
[DEFAULT_ZENTRAL_INVENTORY_QUERY_NAME, self.query_1_key],
schedule.keys())
# 1 pack with query 2
packs = config["packs"]
self.assertIsInstance(packs, dict)
self.assertCountEqual([self.query_pack_key], packs.keys())
pack = packs[self.query_pack_key]
self.assertIsInstance(pack, dict)
self.assertCountEqual(["discovery", "queries"], pack.keys())
self.assertCountEqual(pack["discovery"], self.query_pack_discovery)
pack_queries = pack["queries"]
self.assertCountEqual([self.query_2_key], pack_queries.keys())
# windows has all the queries
windows = MockMetaMachine([1], [1], "WINDOWS", None)
config = build_osquery_conf(windows)
# schedule with query 1
schedule = config["schedule"]
self.assertIsInstance(schedule, dict)
self.assertCountEqual(
[DEFAULT_ZENTRAL_INVENTORY_QUERY_NAME, self.query_1_key],
schedule.keys())
# 1 pack with query 2 and query windows
packs = config["packs"]
self.assertIsInstance(packs, dict)
self.assertCountEqual([self.query_pack_key], packs.keys())
pack = packs[self.query_pack_key]
self.assertIsInstance(pack, dict)
self.assertCountEqual(["discovery", "queries"], pack.keys())
self.assertCountEqual(pack["discovery"], self.query_pack_discovery)
pack_queries = pack["queries"]
self.assertCountEqual([self.query_2_key, self.query_windows_key],
pack_queries.keys())
def test_osquery_conf(self):
# default machine has a subset of the queries
default_machine = MockMetaMachine([], [], None, None)
config = build_osquery_conf(default_machine)
# schedule with query 1
schedule = config["schedule"]
self.assertIsInstance(schedule, dict)
self.assertCountEqual([INVENTORY_QUERY_NAME, self.query_1_key], schedule.keys())
# 1 pack with query 2
packs = config["packs"]
self.assertIsInstance(packs, dict)
self.assertCountEqual([self.query_pack_key], packs.keys())
pack = packs[self.query_pack_key]
self.assertIsInstance(pack, dict)
self.assertCountEqual(["discovery", "queries"], pack.keys())
self.assertCountEqual(pack["discovery"], self.query_pack_discovery)
pack_queries = pack["queries"]
self.assertCountEqual([self.query_2_key], pack_queries.keys())
# windows has all the queries
windows = MockMetaMachine([1], [1], "WINDOWS", None)
config = build_osquery_conf(windows)
# schedule with query 1
schedule = config["schedule"]
self.assertIsInstance(schedule, dict)
self.assertCountEqual([INVENTORY_QUERY_NAME, self.query_1_key], schedule.keys())
# 1 pack with query 2 and query windows
packs = config["packs"]
self.assertIsInstance(packs, dict)
self.assertCountEqual([self.query_pack_key], packs.keys())
pack = packs[self.query_pack_key]
self.assertIsInstance(pack, dict)
self.assertCountEqual(["discovery", "queries"], pack.keys())
self.assertCountEqual(pack["discovery"], self.query_pack_discovery)
pack_queries = pack["queries"]
self.assertCountEqual([self.query_2_key, self.query_windows_key], pack_queries.keys())
def test_osquery_conf(self):
# default machine has a subset of the queries
default_machine = MockMetaMachine([], [], None, None)
config = build_osquery_conf(default_machine)
self.assertCountEqual(
["decorators", "schedule"],
config.keys()) # no file_paths, file_accesses or packs
schedule = config["schedule"]
self.assertCountEqual([
INVENTORY_QUERY_NAME, self.query_pfu_key, self.query_pfg_key,
self.query_fc_key
], schedule.keys())
# tag has all the queries
tag_machine = MockMetaMachine([], [1], None, "SERVER")
config = build_osquery_conf(tag_machine)
self.assertCountEqual(
["decorators", "schedule"],
config.keys()) # no file_paths, file_accesses or packs
schedule = config["schedule"]
self.assertCountEqual([
INVENTORY_QUERY_NAME, self.query_pfu_key, self.query_pfg_key,
self.query_fc_key, self.query_tag_key
], schedule.keys())
def do_node_post(self, data):
# TODO: The machine serial number is included in the string used to authenticate the requests
# This is done in the osx pkg builder. The machine serial number should always be present here.
# Maybe we could code a fallback to the available mbu probes if the serial number is not present.
return build_osquery_conf(MetaMachine(self.machine_serial_number))
def do_node_post(self, data):
# TODO: The machine serial number is included in the string used to authenticate the requests
# This is done in the osx pkg builder. The machine serial number should always be present here.
# Maybe we could code a fallback to the available mbu probes if the serial number is not present.
return build_osquery_conf(MetaMachine(self.machine_serial_number))
def do_node_post(self, data):
return build_osquery_conf(MetaMachine(self.machine_serial_number),
self.enrollment)
def do_node_post(self):
return build_osquery_conf(self.machine, self.enrollment)