def deregister_extension(): """Deregister the entire extension from the core extension manager""" args = parse_cli_params() client = ExtensionClient(path=args.socket) client.open() ext_manager = ExtensionManager() if ext_manager.uuid is None: raise ExtensionException( code=1, message="Extension Manager does not have a valid UUID", ) try: status = client.extension_manager_client().deregisterExtension( ext_manager.uuid) except socket.error: message = "Could not connect to %s" % args.socket raise ExtensionException( code=1, message=message, ) if status.code is not 0: raise ExtensionException(code=1, message=status.message,)
def start_extension(name="<unknown>", version="0.0.0", sdk_version="1.8.0", min_sdk_version="1.8.0"): """Start your extension by communicating with osquery core and starting a thrift server. Keyword arguments: name -- the name of your extension version -- the version of your extension sdk_version -- the version of the osquery SDK used to build this extension min_sdk_version -- the minimum version of the osquery SDK that you can use """ args = parse_cli_params() # Disable logging for the thrift module (can be loud). logging.getLogger('thrift').addHandler(logging.NullHandler()) client = ExtensionClient(path=args.socket) if not client.open(args.timeout): return ext_manager = ExtensionManager() # try connecting to the desired osquery core extension manager socket try: status = client.extension_manager_client().registerExtension( info=InternalExtensionInfo( name=name, version=version, sdk_version=sdk_version, min_sdk_version=min_sdk_version, ), registry=ext_manager.registry(), ) except socket.error: message = "Could not connect to %s" % args.socket raise ExtensionException( code=1, message=message, ) if status.code is not 0: raise ExtensionException( code=1, message=status.message, ) # Start a watchdog thread to monitor the osquery process. rt = threading.Thread(target=start_watcher, args=(client, args.interval)) rt.daemon = True rt.start() # start a thrift server listening at the path dictated by the uuid returned # by the osquery core extension manager ext_manager.uuid = status.uuid processor = Processor(ext_manager) transport = transport = TSocket.TServerSocket( unix_socket=args.socket + "." + str(status.uuid)) tfactory = TTransport.TBufferedTransportFactory() pfactory = TBinaryProtocol.TBinaryProtocolFactory() server = TServer.TSimpleServer(processor, transport, tfactory, pfactory) server.serve()
def start_extension(name="<unknown>", version="0.0.0", sdk_version="1.8.0", min_sdk_version="1.8.0"): """Start your extension by communicating with osquery core and starting a thrift server. Keyword arguments: name -- the name of your extension version -- the version of your extension sdk_version -- the version of the osquery SDK used to build this extension min_sdk_version -- the minimum version of the osquery SDK that you can use """ args = parse_cli_params() client = ExtensionClient(path=args.socket) client.open() ext_manager = ExtensionManager() # try connecting to the desired osquery core extension manager socket try: status = client.extension_manager_client().registerExtension( info=InternalExtensionInfo( name=name, version=version, sdk_version=sdk_version, min_sdk_version=min_sdk_version, ), registry=ext_manager.registry(), ) except socket.error: message = "Could not connect to %s" % args.socket raise ExtensionException( code=1, message=message, ) if status.code is not 0: raise ExtensionException( code=1, message=status.message, ) # start a thrift server listening at the path dictated by the uuid returned # by the osquery core extension manager ext_manager.uuid = status.uuid processor = Processor(ext_manager) transport = transport = TSocket.TServerSocket(unix_socket=args.socket + "." + str(status.uuid)) tfactory = TTransport.TBufferedTransportFactory() pfactory = TBinaryProtocol.TBinaryProtocolFactory() server = TServer.TSimpleServer(processor, transport, tfactory, pfactory) server.serve()
def open(self, timeout=2, interval=0.01): """ Start the instance process and open an extension client Keyword arguments: timeout -- maximum number of seconds to wait for client interval -- seconds between client open attempts """ proc = [ self.path, "--extensions_socket", self._socket[1], "--database_path", # This is a temporary directory, there is not FD tuple. self._dbpath, "--pidfile", self._pidfile[1], "--disable_watchdog", "--disable_logging", "--config_path", "/dev/null", ] self.instance = subprocess.Popen(proc, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) self.connection = ExtensionClient(path=self._socket[1]) if not self.is_running(): raise Exception("Cannot start process from path: %s" % (self.path)) # Attempt to open the extension client. delay = 0 while delay < timeout: try: self.connection.open() return except: time.sleep(interval) delay += interval self.instance.kill() self.instance = None raise Exception("Cannot open socket: %s" % (self._socket[1]))