diff --git a/.env.example b/.env.example index c3e015f6..1a5f0b85 100644 --- a/.env.example +++ b/.env.example @@ -1,5 +1,5 @@ OSCTRL_VERSION=0.3.5 -OSQUERY_VERSION=5.10.2 +OSQUERY_VERSION=5.11.0 NGINX_VERSION=1.21.6-alpine POSTGRES_VERSION=13.5-alpine POSTGRES_DB_NAME=osctrl diff --git a/.github/workflows/build_and_test_main_merge.yml b/.github/workflows/build_and_test_main_merge.yml index c8c47e55..7e217aab 100644 --- a/.github/workflows/build_and_test_main_merge.yml +++ b/.github/workflows/build_and_test_main_merge.yml @@ -7,7 +7,7 @@ on: env: GOLANG_VERSION: 1.21.3 - OSQUERY_VERSION: 5.10.2 + OSQUERY_VERSION: 5.11.0 jobs: build_and_test: diff --git a/.github/workflows/build_and_test_pr.yml b/.github/workflows/build_and_test_pr.yml index 37396010..b5cd39bf 100644 --- a/.github/workflows/build_and_test_pr.yml +++ b/.github/workflows/build_and_test_pr.yml @@ -4,7 +4,7 @@ on: [push, pull_request] env: GOLANG_VERSION: 1.19.2 - OSQUERY_VERSION: 5.10.2 + OSQUERY_VERSION: 5.11.0 jobs: build_and_test: diff --git a/.github/workflows/create_tagged_releases.yml b/.github/workflows/create_tagged_releases.yml index 53b1088b..866cf685 100644 --- a/.github/workflows/create_tagged_releases.yml +++ b/.github/workflows/create_tagged_releases.yml @@ -8,7 +8,7 @@ on: env: GOLANG_VERSION: 1.21.3 - OSQUERY_VERSION: 5.10.2 + OSQUERY_VERSION: 5.11.0 jobs: build_and_test: diff --git a/deploy/cicd/deb/generate-deb-package.sh b/deploy/cicd/deb/generate-deb-package.sh index 7f8154be..7ba2c082 100755 --- a/deploy/cicd/deb/generate-deb-package.sh +++ b/deploy/cicd/deb/generate-deb-package.sh @@ -5,7 +5,7 @@ set -e OSCTRL_USER="${VARIABLE:-osctrl}" OSCTRL_GROUP="${VARIABLE:-osctrl}" WORKING_DIR="${VARIABLE:-/etc/osctrl}" -OSQUERY_VESION="${VARIABLE:-5.10.2}" +OSQUERY_VESION="${VARIABLE:-5.11.0}" OSCTRL_VERSION="${VARIABLE:-0.0.0}" ###################################### Init DEB contents ###################################### diff --git a/deploy/docker/conf/dev/.env.example b/deploy/docker/conf/dev/.env.example index db2e2024..111d5a32 100644 --- a/deploy/docker/conf/dev/.env.example +++ b/deploy/docker/conf/dev/.env.example @@ -1,5 +1,5 @@ OSCTRL_VERSION=0.3.5 -OSQUERY_VERSION=5.10.2 +OSQUERY_VERSION=5.11.0 NGINX_VERSION=1.21.6-alpine POSTGRES_VERSION=13.5-alpine POSTGRES_DB_NAME=osctrl diff --git a/deploy/docker/dockerfiles/Dockerfile-osquery b/deploy/docker/dockerfiles/Dockerfile-osquery index 20468f46..5ea582a4 100644 --- a/deploy/docker/dockerfiles/Dockerfile-osquery +++ b/deploy/docker/dockerfiles/Dockerfile-osquery @@ -1,7 +1,7 @@ ARG OSCTRL_VERSION FROM jmpsec/osctrl-cli:v${OSCTRL_VERSION} -ARG OSQUERY_VERSION=5.10.2 +ARG OSQUERY_VERSION=5.11.0 USER root diff --git a/deploy/osquery/data/5.10.2.json b/deploy/osquery/data/5.11.0.json similarity index 99% rename from deploy/osquery/data/5.10.2.json rename to deploy/osquery/data/5.11.0.json index 490cccf2..e7e9acd1 100644 --- a/deploy/osquery/data/5.10.2.json +++ b/deploy/osquery/data/5.11.0.json @@ -1152,87 +1152,6 @@ } ] }, - { - "name":"atom_packages", - "description":"Lists all atom packages in a directory or globally installed in a system.", - "url":"https://github.com/osquery/osquery/blob/master/specs/atom_packages.table", - "platforms":[ - "darwin", - "linux", - "windows" - ], - "evented":false, - "cacheable":false, - "notes":"", - "examples":[ - "select * from atom_packages" - ], - "columns":[ - { - "name":"name", - "description":"Package display name", - "type":"text", - "notes":"", - "hidden":false, - "required":false, - "index":false - }, - { - "name":"version", - "description":"Package supplied version", - "type":"text", - "notes":"", - "hidden":false, - "required":false, - "index":false - }, - { - "name":"description", - "description":"Package supplied description", - "type":"text", - "notes":"", - "hidden":false, - "required":false, - "index":false - }, - { - "name":"path", - "description":"Package's package.json path", - "type":"text", - "notes":"", - "hidden":false, - "required":false, - "index":false - }, - { - "name":"license", - "description":"License for package", - "type":"text", - "notes":"", - "hidden":false, - "required":false, - "index":false - }, - { - "name":"homepage", - "description":"Package supplied homepage", - "type":"text", - "notes":"", - "hidden":false, - "required":false, - "index":false - }, - { - "name":"uid", - "description":"The local user that owns the plugin", - "type":"bigint", - "notes":"", - "hidden":false, - "required":false, - "index":true - } - ] - }, { "name":"augeas", "description":"Configuration files parsed by augeas.", @@ -3072,7 +2991,7 @@ }, { "name":"certificates", - "description":"Certificate Authorities installed in Keychains/ca-bundles.", + "description":"Certificate Authorities installed in Keychains/ca-bundles. NOTE: osquery limits frequent access to keychain files on macOS. This limit is controlled by keychain_access_interval flag.", "url":"https://github.com/osquery/osquery/blob/master/specs/certificates.table", "platforms":[ "darwin", @@ -8759,7 +8678,7 @@ }, { "name":"team_id", - "description":"Team identifier of thd process", + "description":"Team identifier of the process", "type":"text", "notes":"", "hidden":false, @@ -9554,6 +9473,90 @@ "cygwin" ] }, + { + "name":"shortcut_target_path", + "description":"Full path to the file the shortcut points to", + "type":"text", + "notes":"", + "hidden":true, + "required":false, + "index":false, + "platforms":[ + "windows", + "win32", + "cygwin" + ] + }, + { + "name":"shortcut_target_type", + "description":"Display name for the target type", + "type":"text", + "notes":"", + "hidden":true, + "required":false, + "index":false, + "platforms":[ + "windows", + "win32", + "cygwin" + ] + }, + { + "name":"shortcut_target_location", + "description":"Folder name where the shortcut target resides", + "type":"text", + "notes":"", + "hidden":true, + "required":false, + "index":false, + "platforms":[ + "windows", + "win32", + "cygwin" + ] + }, + { + "name":"shortcut_start_in", + "description":"Full path to the working directory to use when executing the shortcut target", + "type":"text", + "notes":"", + "hidden":true, + "required":false, + "index":false, + "platforms":[ + "windows", + "win32", + "cygwin" + ] + }, + { + "name":"shortcut_run", + "description":"Window mode the target of the shortcut should be run in", + "type":"text", + "notes":"", + "hidden":true, + "required":false, + "index":false, + "platforms":[ + "windows", + "win32", + "cygwin" + ] + }, + { + "name":"shortcut_comment", + "description":"Comment on the shortcut", + "type":"text", + "notes":"", + "hidden":true, + "required":false, + "index":false, + "platforms":[ + "windows", + "win32", + "cygwin" + ] + }, { "name":"bsd_flags", "description":"The BSD file flags (chflags). Possible values: NODUMP, UF_IMMUTABLE, UF_APPEND, OPAQUE, HIDDEN, ARCHIVED, SF_IMMUTABLE, SF_APPEND", @@ -11891,7 +11894,7 @@ }, { "name":"keychain_acls", - "description":"Applications that have ACL entries in the keychain.", + "description":"Applications that have ACL entries in the keychain. NOTE: osquery limits frequent access to keychain files. This limit is controlled by keychain_access_interval flag.", "url":"https://github.com/osquery/osquery/blob/master/specs/darwin/keychain_acls.table", "platforms":[ "darwin" @@ -11952,7 +11955,7 @@ }, { "name":"keychain_items", - "description":"Generic details about keychain items.", + "description":"Generic details about keychain items. NOTE: osquery limits frequent access to keychain files. This limit is controlled by keychain_access_interval flag.", "url":"https://github.com/osquery/osquery/blob/master/specs/darwin/keychain_items.table", "platforms":[ "darwin" @@ -19178,7 +19181,7 @@ "notes":"", "hidden":false, "required":false, - "index":true + "index":false }, { "name":"fd", @@ -21026,7 +21029,43 @@ }, { "name":"secure_mode", - "description":"Secure mode for Intel-based macOS: 0 disabled, 1 full security, 2 medium security", + "description":"(Intel) Secure mode: 0 disabled, 1 full security, 2 medium security", + "type":"integer", + "notes":"", + "hidden":true, + "required":false, + "index":false, + "platforms":[ + "darwin" + ] + }, + { + "name":"description", + "description":"(Apple Silicon) Human-readable description: 'Full Security', 'Reduced Security', or 'Permissive Security'", + "type":"text", + "notes":"", + "hidden":true, + "required":false, + "index":false, + "platforms":[ + "darwin" + ] + }, + { + "name":"kernel_extensions", + "description":"(Apple Silicon) Allow user management of kernel extensions from identified developers (1 if allowed)", + "type":"integer", + "notes":"", + "hidden":true, + "required":false, + "index":false, + "platforms":[ + "darwin" + ] + }, + { + "name":"mdm_operations", + "description":"(Apple Silicon) Allow remote (MDM) management of kernel extensions and automatic software updates (1 if allowed)", "type":"integer", "notes":"", "hidden":true, @@ -24944,6 +24983,105 @@ } ] }, + { + "name":"vscode_extensions", + "description":"Lists all vscode extensions.", + "url":"https://github.com/osquery/osquery/blob/master/specs/vscode_extensions.table", + "platforms":[ + "darwin", + "linux", + "windows" + ], + "evented":false, + "cacheable":false, + "notes":"", + "examples":[ + "select * from vscode_extensions" + ], + "columns":[ + { + "name":"name", + "description":"Extension Name", + "type":"text", + "notes":"", + "hidden":false, + "required":false, + "index":false + }, + { + "name":"uuid", + "description":"Extension UUID", + "type":"text", + "notes":"", + "hidden":false, + "required":false, + "index":false + }, + { + "name":"version", + "description":"Extension version", + "type":"text", + "notes":"", + "hidden":false, + "required":false, + "index":false + }, + { + "name":"path", + "description":"Extension path", + "type":"text", + "notes":"", + "hidden":false, + "required":false, + "index":false + }, + { + "name":"publisher", + "description":"Publisher Name", + "type":"text", + "notes":"", + "hidden":false, + "required":false, + "index":false + }, + { + "name":"publisher_id", + "description":"Publisher ID", + "type":"text", + "notes":"", + "hidden":false, + "required":false, + "index":false + }, + { + "name":"installed_at", + "description":"Installed Timestamp", + "type":"bigint", + "notes":"", + "hidden":false, + "required":false, + "index":false + }, + { + "name":"prerelease", + "description":"Pre release version", + "type":"integer", + "notes":"", + "hidden":false, + "required":false, + "index":false + }, + { + "name":"uid", + "description":"The local user that owns the plugin", + "type":"bigint", + "notes":"", + "hidden":false, + "required":false, + "index":false + } + ] + }, { "name":"wifi_networks", "description":"macOS known/remembered Wi-Fi networks list.", diff --git a/deploy/provision.sh b/deploy/provision.sh index d2fd7ac6..9ac31913 100755 --- a/deploy/provision.sh +++ b/deploy/provision.sh @@ -172,7 +172,7 @@ BRANCH="main" SOURCE_PATH=/vagrant DEST_PATH=/opt/osctrl ALL_HOST="127.0.0.1" -OSQUERY_VERSION="5.10.2" +OSQUERY_VERSION="5.11.0" # Backend values _DB_HOST="localhost" diff --git a/version/version.go b/version/version.go index d6526072..edf8f31a 100644 --- a/version/version.go +++ b/version/version.go @@ -4,5 +4,5 @@ const ( // OsctrlVersion to have the version for all components OsctrlVersion = "0.3.5" // OsqueryVersion to have the version for osquery defined - OsqueryVersion = "5.10.2" + OsqueryVersion = "5.11.0" ) diff --git a/version/version_test.go b/version/version_test.go index d73c91db..1681da88 100644 --- a/version/version_test.go +++ b/version/version_test.go @@ -7,7 +7,7 @@ import ( ) func TestOsqueryVersion(t *testing.T) { - assert.Equal(t, "5.10.2", OsqueryVersion) + assert.Equal(t, "5.11.0", OsqueryVersion) } func TestOsctrlVersion(t *testing.T) {