Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

startup_items/linux: add systemd support #6562

Merged
merged 1 commit into from
Nov 23, 2020
Merged

startup_items/linux: add systemd support #6562

merged 1 commit into from
Nov 23, 2020

Conversation

rachelcipkins
Copy link
Contributor

@rachelcipkins rachelcipkins commented Jul 21, 2020
edited by alessandrogario

This PR leverages the dbus API to add systemd support to the startup items table (#6502).

+---------------------------+-------------------------------------------------+------+--------------+-------------------------+----------+------------------+
| name                      | path                                            | args | type         | source                  | status   | username         |
+---------------------------+-------------------------------------------------+------+--------------+-------------------------+----------+------------------+
| hddtemp.service           | /run/systemd/generator.late/hddtemp.service     |      | systemd unit | /etc/init.d/hddtemp     | active   |                  |
| colord.service            | /lib/systemd/system/colord.service              |      | systemd unit |                         | active   | colord           |
| systemd-resolved.service  | /lib/systemd/system/systemd-resolved.service    |      | systemd unit |                         | active   | systemd-resolve  |
| e2scrub_reap.service      | /lib/systemd/system/e2scrub_reap.service        |      | systemd unit |                         | inactive | root             |
| user@1000.service         | /lib/systemd/system/user@.service               |      | systemd unit |                         | active   | 1000             |
| fwupd-refresh.service     | /lib/systemd/system/fwupd-refresh.service       |      | systemd unit |                         | inactive | fwupd-refresh    |
| man-db.service            | /lib/systemd/system/man-db.service              |      | systemd unit |                         | inactive | man              |
| grub-common.service       | /run/systemd/generator.late/grub-common.service |      | systemd unit | /etc/init.d/grub-common | active   |                  |
| run-user-1000-gvfs.mount  |                                                 |      | systemd unit | /proc/self/mountinfo    | active   |                  |
| systemd-timesyncd.service | /lib/systemd/system/systemd-timesyncd.service   |      | systemd unit |                         | active   | systemd-timesync |
| -.mount                   | /run/systemd/generator/-.mount                  |      | systemd unit | /etc/fstab              | active   |                  |
| home.mount                | /run/systemd/generator/home.mount               |      | systemd unit | /etc/fstab              | active   |                  |
| boot-efi.mount             | /run/systemd/generator/boot-efi.mount            |      | systemd unit | /etc/fstab              | active   |                  |
| run-user-1000.mount       |                                                 |      | systemd unit | /proc/self/mountinfo    | active   |                  |
| apport.service            | /run/systemd/generator.late/apport.service      |      | systemd unit | /etc/init.d/apport      | active   |                  |
| ModemManager.service      | /lib/systemd/system/ModemManager.service        |      | systemd unit |                         | active   | root             |
| kerneloops.service        | /lib/systemd/system/kerneloops.service          |      | systemd unit |                         | active   | kernoops         |
| systemd-networkd.service  | /lib/systemd/system/systemd-networkd.service    |      | systemd unit |                         | inactive | systemd-network  |
| uuidd.service             | /lib/systemd/system/uuidd.service               |      | systemd unit |                         | inactive | uuidd            |
+---------------------------+-------------------------------------------------+------+--------------+-------------------------+----------+------------------+

directionless
directionless reviewed Jul 27, 2020
View reviewed changes
Copy link
Member

@directionless directionless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I love the functionality. I'm looking forward to seeing what kind of stuff we can extract with dbus. Are there ways we can add testing to it?

This table isn't listed as being for linux. I think because https://github.com/osquery/osquery/blob/master/specs/macwin/startup_items.table is in a macwin specific directory

.gitmodules Show resolved Hide resolved
@rachelcipkins
Copy link
Contributor Author

I'll move the table file, thanks! What kind of testing did you have in mind?

@directionless
Copy link
Member

I'll move the table file, thanks! What kind of testing did you have in mind?

I'm not sure. But the dbus stuff should have some sort of testing around it. I don't know what's feasible

@theopolis
Copy link
Member

Adding the dbus library looks complex, we're doing a lot of hacking to make it work. Maybe we can explore using systemd and sd-bus instead?

@theopolis
Copy link
Member

Adding the dbus library looks complex, we're doing a lot of hacking to make it work. Maybe we can explore using systemd and sd-bus instead?

Nevermind, this looks equally challenging. Maybe we can assume libdbus exists on the system?

@mike-myers-tob
Copy link
Member

mike-myers-tob commented Aug 13, 2020
edited by alessandrogario

Adding the dbus library looks complex, we're doing a lot of hacking to make it work. Maybe we can explore using systemd and sd-bus instead?

Nevermind, this looks equally challenging. Maybe we can assume libdbus exists on the system?

Apparently we do not want to ever build using a pre-built static library from the system because it may end up being non-portable to other Linuxes.

This is my understanding of what is needed now:

  • "Conversion" of libdbus to a from-source build using CMake, like has been done for every other dependency in the past.
  • Avoiding a new XML library dependency if possible, when there is already one in the osquery build. This might be done as a part of the conversion of libdbus to CMake.

@theopolis
Copy link
Member

Ping, how is this coming along, do you need any help?

@mike-myers-tob
Copy link
Member

Ping, how is this coming along, do you need any help?

It's mainly held up by the task of redoing libdbus' CMake, if anyone wants to help with that. Rachel has had to go back to school, so it fell down our list of priorities.

@directionless directionless mentioned this pull request Sep 30, 2020
Closed
@alessandrogario alessandrogario force-pushed the rachel/feature/systemd branch 3 times, most recently from 996ea9a to 80d98b1 Compare November 4, 2020 18:19
@alessandrogario
Copy link
Member

Ping, how is this coming along, do you need any help?

It's mainly held up by the task of redoing libdbus' CMake, if anyone wants to help with that. Rachel has had to go back to school, so it fell down our list of priorities.

The libdbus and libexpat libraries have now been imported correctly, but we still have to regenerate the configuration files from the reference distribution. I'll convert the PR back to draft until it's ready

@alessandrogario alessandrogario marked this pull request as draft November 4, 2020 18:21
@alessandrogario alessandrogario changed the title Added systemD support to startup_items table startup_items/linux: add systemd support Nov 4, 2020
@alessandrogario alessandrogario mentioned this pull request Nov 4, 2020
Merged
@alessandrogario
Copy link
Member

Ping, how is this coming along, do you need any help?

It's mainly held up by the task of redoing libdbus' CMake, if anyone wants to help with that. Rachel has had to go back to school, so it fell down our list of priorities.

The libdbus and libexpat libraries have now been imported correctly, but we still have to regenerate the configuration files from the reference distribution. I'll convert the PR back to draft until it's ready

The configurations are correct, I'm removing the draft state and marking it as ready for review

@alessandrogario alessandrogario added the ready for review Pull requests that are ready to be reviewed by a maintainer label Nov 5, 2020
@alessandrogario alessandrogario marked this pull request as ready for review November 5, 2020 01:47
theopolis
theopolis requested changes Nov 11, 2020
View reviewed changes
osquery/tables/system/linux/startup_items.cpp Outdated Show resolved Hide resolved
osquery/tables/system/linux/startup_items.cpp Outdated Show resolved Hide resolved
osquery/tables/system/linux/startup_items.cpp Outdated Show resolved Hide resolved
osquery/tables/system/linux/startup_items.cpp Outdated Show resolved Hide resolved
osquery/tables/system/linux/startup_items.cpp Outdated Show resolved Hide resolved
osquery/tables/system/linux/startup_items.cpp Outdated Show resolved Hide resolved
@alessandrogario alessandrogario added do not merge Do not merge PR as it's pending on some discussion or external factor. Reviewer should have context. and removed ready for review Pull requests that are ready to be reviewed by a maintainer labels Nov 13, 2020
@alessandrogario alessandrogario force-pushed the rachel/feature/systemd branch 2 times, most recently from 5ead65a to d5a5b45 Compare November 16, 2020 15:07
@alessandrogario alessandrogario removed the do not merge Do not merge PR as it's pending on some discussion or external factor. Reviewer should have context. label Nov 16, 2020
@alessandrogario alessandrogario added the ready for review Pull requests that are ready to be reviewed by a maintainer label Nov 16, 2020
@alessandrogario alessandrogario force-pushed the rachel/feature/systemd branch 2 times, most recently from 5ebaefb to e150273 Compare November 16, 2020 15:43
@mike-myers-tob
Copy link
Member

This works for me in Ubuntu 18.04, but I don't have any results in the username or args column. Perhaps nothing is being launched with arguments, but what about the usernames?

@alessandrogario
Copy link
Member

This works for me in Ubuntu 18.04, but I don't have any results in the username or args column. Perhaps nothing is being launched with arguments, but what about the usernames?

The 'args' column is empty, it's probably something used on non-linux platforms. The username column should appear in some instances, but it's normal if there are many rows without it

@mike-myers-tob
Copy link
Member

The 'args' column is empty, it's probably something used on non-linux platforms.

Ok, so this column is just here for schema consistency with the startup_items table on other platforms.

The username column should appear in some instances, but it's normal if there are many rows without it

Ah you're right: it is present, just infrequently.

@alessandrogario alessandrogario force-pushed the rachel/feature/systemd branch 2 times, most recently from 99e02b4 to 3d10c4d Compare November 19, 2020 17:09
@rachelcipkins @alessandrogario
startup_items: Add systemd support on Linux
2562d42 
Co-authored-by: Alessandro Gario <alessandro.gario@gmail.com>
@Smjert Smjert closed this Nov 21, 2020
@Smjert Smjert reopened this Nov 21, 2020
theopolis
theopolis approved these changes Nov 23, 2020
View reviewed changes
Copy link
Member

@theopolis theopolis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow, this looks great!

@mike-myers-tob mike-myers-tob merged commit 8290887 into osquery:master Nov 23, 2020
@mike-myers-tob mike-myers-tob deleted the rachel/feature/systemd branch November 23, 2020 06:38
This was referenced Jan 25, 2021
Closed
Closed
@mike-myers-tob mike-myers-tob removed the ready for review Pull requests that are ready to be reviewed by a maintainer label Feb 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@directionless directionless directionless left review comments

@alessandrogario alessandrogario alessandrogario left review comments

@mike-myers-tob mike-myers-tob mike-myers-tob left review comments

@theopolis theopolis theopolis approved these changes

Assignees
No one assigned
Labels
Linux virtual tables
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@rachelcipkins @directionless @theopolis @mike-myers-tob @alessandrogario @Smjert