def deregister_extension():
"""Deregister the entire extension from the core extension manager"""
args = parse_cli_params()
client = ExtensionClient(path=args.socket)
client.open()
ext_manager = ExtensionManager()
if ext_manager.uuid is None:
raise ExtensionException(
code=1,
message="Extension Manager does not have a valid UUID",
)
try:
status = client.extension_manager_client().deregisterExtension(
ext_manager.uuid)
except socket.error:
message = "Could not connect to %s" % args.socket
raise ExtensionException(
code=1,
message=message,
)
if status.code is not 0:
raise ExtensionException(code=1, message=status.message,)
def start_extension(name="<unknown>", version="0.0.0", sdk_version="1.8.0",
min_sdk_version="1.8.0"):
"""Start your extension by communicating with osquery core and starting
a thrift server.
Keyword arguments:
name -- the name of your extension
version -- the version of your extension
sdk_version -- the version of the osquery SDK used to build this extension
min_sdk_version -- the minimum version of the osquery SDK that you can use
"""
args = parse_cli_params()
# Disable logging for the thrift module (can be loud).
logging.getLogger('thrift').addHandler(logging.NullHandler())
client = ExtensionClient(path=args.socket)
if not client.open(args.timeout):
return
ext_manager = ExtensionManager()
# try connecting to the desired osquery core extension manager socket
try:
status = client.extension_manager_client().registerExtension(
info=InternalExtensionInfo(
name=name,
version=version,
sdk_version=sdk_version,
min_sdk_version=min_sdk_version,
),
registry=ext_manager.registry(),
)
except socket.error:
message = "Could not connect to %s" % args.socket
raise ExtensionException(
code=1,
message=message,
)
if status.code is not 0:
raise ExtensionException(
code=1,
message=status.message,
)
# Start a watchdog thread to monitor the osquery process.
rt = threading.Thread(target=start_watcher, args=(client, args.interval))
rt.daemon = True
rt.start()
# start a thrift server listening at the path dictated by the uuid returned
# by the osquery core extension manager
ext_manager.uuid = status.uuid
processor = Processor(ext_manager)
transport = transport = TSocket.TServerSocket(
unix_socket=args.socket + "." + str(status.uuid))
tfactory = TTransport.TBufferedTransportFactory()
pfactory = TBinaryProtocol.TBinaryProtocolFactory()
server = TServer.TSimpleServer(processor, transport, tfactory, pfactory)
server.serve()
def start_extension(name="<unknown>",
version="0.0.0",
sdk_version="1.8.0",
min_sdk_version="1.8.0"):
"""Start your extension by communicating with osquery core and starting
a thrift server.
Keyword arguments:
name -- the name of your extension
version -- the version of your extension
sdk_version -- the version of the osquery SDK used to build this extension
min_sdk_version -- the minimum version of the osquery SDK that you can use
"""
args = parse_cli_params()
client = ExtensionClient(path=args.socket)
client.open()
ext_manager = ExtensionManager()
# try connecting to the desired osquery core extension manager socket
try:
status = client.extension_manager_client().registerExtension(
info=InternalExtensionInfo(
name=name,
version=version,
sdk_version=sdk_version,
min_sdk_version=min_sdk_version,
),
registry=ext_manager.registry(),
)
except socket.error:
message = "Could not connect to %s" % args.socket
raise ExtensionException(
code=1,
message=message,
)
if status.code is not 0:
raise ExtensionException(
code=1,
message=status.message,
)
# start a thrift server listening at the path dictated by the uuid returned
# by the osquery core extension manager
ext_manager.uuid = status.uuid
processor = Processor(ext_manager)
transport = transport = TSocket.TServerSocket(unix_socket=args.socket +
"." + str(status.uuid))
tfactory = TTransport.TBufferedTransportFactory()
pfactory = TBinaryProtocol.TBinaryProtocolFactory()
server = TServer.TSimpleServer(processor, transport, tfactory, pfactory)
server.serve()
def open(self, timeout=2, interval=0.01):
"""
Start the instance process and open an extension client
Keyword arguments:
timeout -- maximum number of seconds to wait for client
interval -- seconds between client open attempts
"""
proc = [
self.path,
"--extensions_socket",
self._socket[1],
"--database_path",
# This is a temporary directory, there is not FD tuple.
self._dbpath,
"--pidfile",
self._pidfile[1],
"--disable_watchdog",
"--disable_logging",
"--config_path",
"/dev/null",
]
self.instance = subprocess.Popen(proc,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
self.connection = ExtensionClient(path=self._socket[1])
if not self.is_running():
raise Exception("Cannot start process from path: %s" % (self.path))
# Attempt to open the extension client.
delay = 0
while delay < timeout:
try:
self.connection.open()
return
except:
time.sleep(interval)
delay += interval
self.instance.kill()
self.instance = None
raise Exception("Cannot open socket: %s" % (self._socket[1]))
