Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add startup_items table for linux #6502

Merged
merged 6 commits into from
Jul 21, 2020
Merged

Add startup_items table for linux #6502

merged 6 commits into from
Jul 21, 2020

Conversation

rachelcipkins
Copy link
Contributor

@rachelcipkins rachelcipkins commented Jun 15, 2020
edited

This PR adds support for the startup_items table on Linux. It checks .config/autostart, .config/autostart-scripts, /etc/init.d/ , and /etc/xdg/autostart/ for start up items. Additional locations can be added as well.

This PR begins to address #3627 and #4392.

Example implementation:

+-----------+---------------------------------------------------+------+--------------+------------------------------------------+---------+----------+
| name      | path                                              | args | type         | source                                   | status  | username |
+-----------+---------------------------------------------------+------+--------------+------------------------------------------+---------+----------+
| Item      | /usr/bin/item                                     |      | Startup Item | /home/example/.config/autostart/         | enabled | example  |
| script.sh | /home/example/.config/autostart-scripts/script.sh |      | Startup Item | /home/example/.config/autostart-scripts/ | enabled | example  |
| example1  | /etc/init.d/example1                              |      | Startup Item | /etc/init.d/                             | enabled |          |
| example2  | /usr/bin/example2                                 |      | Startup Item | /etc/xdg/autostart/                      | enabled |          |
+-----------+---------------------------------------------------+------+--------------+------------------------------------------+---------+----------+

@rachelcipkins rachelcipkins force-pushed the rachel/feature/startup-items-linux branch from 4b2fc11 to 34dc093 Compare June 22, 2020 16:58
theopolis
theopolis requested changes Jun 29, 2020
View reviewed changes
osquery/tables/system/linux/startup_items.cpp Outdated Show resolved Hide resolved
osquery/tables/system/linux/startup_items.cpp Outdated Show resolved Hide resolved
@directionless
Copy link
Member

directionless commented Jul 7, 2020
edited

Relates to: #4019

theopolis
theopolis requested changes Jul 11, 2020
View reviewed changes
Copy link
Member

@theopolis theopolis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for my lag in reviewing.

osquery/tables/system/linux/startup_items.cpp Outdated Show resolved Hide resolved
osquery/tables/system/linux/startup_items.cpp Outdated Show resolved Hide resolved
osquery/tables/system/linux/startup_items.cpp Outdated Show resolved Hide resolved
osquery/tables/system/linux/startup_items.cpp Outdated Show resolved Hide resolved
osquery/tables/system/linux/startup_items.cpp Outdated Show resolved Hide resolved
osquery/tables/system/linux/startup_items.cpp Outdated Show resolved Hide resolved
osquery/tables/system/linux/startup_items.cpp Outdated Show resolved Hide resolved
@rachelcipkins
Copy link
Contributor Author

Sorry for my lag in reviewing.

No worries, thank you!

@rachelcipkins rachelcipkins force-pushed the rachel/feature/startup-items-linux branch from 5326c8d to d5a9608 Compare July 15, 2020 16:22
theopolis
theopolis requested changes Jul 20, 2020
View reviewed changes
Copy link
Member

@theopolis theopolis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah sorry I missed something before, see my comments on the ./specs/CMakeLists.txt changes.

This is a complexity that should be better documented or enforced as it is not obvious that we should only have 1 of any table specification.

The code looks good, after this last change we should be ready to merge.

specs/CMakeLists.txt Outdated Show resolved Hide resolved
specs/linux/startup_items.table Outdated Show resolved Hide resolved
@theopolis theopolis merged commit 6096347 into osquery:master Jul 21, 2020
This was referenced Jul 21, 2020
Closed
Merged
This was referenced Jan 25, 2021
Closed
Closed
@mike-myers-tob mike-myers-tob deleted the rachel/feature/startup-items-linux branch March 5, 2021 00:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@theopolis theopolis theopolis approved these changes

@alessandrogario alessandrogario Awaiting requested review from alessandrogario

@Smjert Smjert Awaiting requested review from Smjert

Assignees
No one assigned
Labels
Linux virtual tables
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@rachelcipkins @directionless @theopolis @mike-myers-tob