osquery: remove
osquery was marked as broken since April. If somebody steps up to fix it, we can always revive it from the histroy, but there's not much value in shipping completely broken things in current master. cc @ma27
This commit is contained in:
parent
e994b67a7f
commit
02f869ff30
9 changed files with 9 additions and 272 deletions
|
@ -181,6 +181,11 @@
|
|||
The BeeGFS module has been removed.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The osquery module has been removed.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
|
|
|
@ -518,7 +518,6 @@
|
|||
./services/monitoring/munin.nix
|
||||
./services/monitoring/nagios.nix
|
||||
./services/monitoring/netdata.nix
|
||||
./services/monitoring/osquery.nix
|
||||
./services/monitoring/prometheus/default.nix
|
||||
./services/monitoring/prometheus/alertmanager.nix
|
||||
./services/monitoring/prometheus/exporters.nix
|
||||
|
|
|
@ -285,6 +285,9 @@ with lib;
|
|||
(mkRemovedOptionModule [ "services.beegfsEnable" ] "The BeeGFS module has been removed")
|
||||
(mkRemovedOptionModule [ "services.beegfs" ] "The BeeGFS module has been removed")
|
||||
|
||||
# osquery
|
||||
(mkRemovedOptionModule [ "services.osquery" ] "The osquery module has been removed")
|
||||
|
||||
# Redis
|
||||
(mkRemovedOptionModule [ "services" "redis" "user" ] "The redis module now is hardcoded to the redis user.")
|
||||
(mkRemovedOptionModule [ "services" "redis" "dbpath" ] "The redis module now uses /var/lib/redis as data directory.")
|
||||
|
|
|
@ -1,91 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with builtins;
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.osquery;
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
options = {
|
||||
|
||||
services.osquery = {
|
||||
|
||||
enable = mkEnableOption "osquery";
|
||||
|
||||
loggerPath = mkOption {
|
||||
type = types.path;
|
||||
description = "Base directory used for logging.";
|
||||
default = "/var/log/osquery";
|
||||
};
|
||||
|
||||
pidfile = mkOption {
|
||||
type = types.path;
|
||||
description = "Path used for pid file.";
|
||||
default = "/var/osquery/osqueryd.pidfile";
|
||||
};
|
||||
|
||||
utc = mkOption {
|
||||
type = types.bool;
|
||||
description = "Attempt to convert all UNIX calendar times to UTC.";
|
||||
default = true;
|
||||
};
|
||||
|
||||
databasePath = mkOption {
|
||||
type = types.path;
|
||||
description = "Path used for database file.";
|
||||
default = "/var/osquery/osquery.db";
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.attrs // {
|
||||
merge = loc: foldl' (res: def: recursiveUpdate res def.value) {};
|
||||
};
|
||||
description = "Extra config to be recursively merged into the JSON config file.";
|
||||
default = { };
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
environment.systemPackages = [ pkgs.osquery ];
|
||||
|
||||
environment.etc."osquery/osquery.conf".text = toJSON (
|
||||
recursiveUpdate {
|
||||
options = {
|
||||
config_plugin = "filesystem";
|
||||
logger_plugin = "filesystem";
|
||||
logger_path = cfg.loggerPath;
|
||||
database_path = cfg.databasePath;
|
||||
utc = cfg.utc;
|
||||
};
|
||||
} cfg.extraConfig
|
||||
);
|
||||
|
||||
systemd.services.osqueryd = {
|
||||
description = "The osquery Daemon";
|
||||
after = [ "network.target" "syslog.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ pkgs.osquery ];
|
||||
preStart = ''
|
||||
mkdir -p ${escapeShellArg cfg.loggerPath}
|
||||
mkdir -p "$(dirname ${escapeShellArg cfg.pidfile})"
|
||||
mkdir -p "$(dirname ${escapeShellArg cfg.databasePath})"
|
||||
'';
|
||||
serviceConfig = {
|
||||
TimeoutStartSec = "infinity";
|
||||
ExecStart = "${pkgs.osquery}/bin/osqueryd --logger_path ${escapeShellArg cfg.loggerPath} --pidfile ${escapeShellArg cfg.pidfile} --database_path ${escapeShellArg cfg.databasePath}";
|
||||
KillMode = "process";
|
||||
KillSignal = "SIGTERM";
|
||||
Restart = "on-failure";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
|
@ -206,7 +206,6 @@ in
|
|||
openstack-image-metadata = (handleTestOn ["x86_64-linux"] ./openstack-image.nix {}).metadata or {};
|
||||
orangefs = handleTest ./orangefs.nix {};
|
||||
os-prober = handleTestOn ["x86_64-linux"] ./os-prober.nix {};
|
||||
osquery = handleTest ./osquery.nix {};
|
||||
osrm-backend = handleTest ./osrm-backend.nix {};
|
||||
overlayfs = handleTest ./overlayfs.nix {};
|
||||
packagekit = handleTest ./packagekit.nix {};
|
||||
|
|
|
@ -1,28 +0,0 @@
|
|||
import ./make-test.nix ({ pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
name = "osquery";
|
||||
meta = with pkgs.stdenv.lib.maintainers; {
|
||||
maintainers = [ ma27 ];
|
||||
};
|
||||
|
||||
machine = {
|
||||
services.osquery.enable = true;
|
||||
services.osquery.loggerPath = "/var/log/osquery/logs";
|
||||
services.osquery.pidfile = "/run/osqueryd.pid";
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
$machine->start;
|
||||
$machine->waitForUnit("osqueryd.service");
|
||||
|
||||
$machine->succeed("echo 'SELECT address FROM etc_hosts LIMIT 1;' | osqueryi | grep '127.0.0.1'");
|
||||
$machine->succeed(
|
||||
"echo 'SELECT value FROM osquery_flags WHERE name = \"logger_path\";' | osqueryi | grep /var/log/osquery/logs"
|
||||
);
|
||||
|
||||
$machine->succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"pidfile\";' | osqueryi | grep /run/osqueryd.pid");
|
||||
'';
|
||||
})
|
|
@ -1,149 +0,0 @@
|
|||
{ stdenv, lib, fetchFromGitHub, pkgconfig, cmake, python
|
||||
, udev, audit, aws-sdk-cpp, cryptsetup, lvm2, libgcrypt, libarchive
|
||||
, libgpgerror, libuuid, iptables, dpkg, lzma, bzip2, rpm
|
||||
, beecrypt, augeas, libxml2, sleuthkit, yara, lldpd, gflags
|
||||
, thrift, boost, rocksdb_lite, glog, gbenchmark, snappy
|
||||
, openssl, file, doxygen
|
||||
, gtest, fpm, zstd, rdkafka, rapidjson, fetchgit, fetchurl, libelfin
|
||||
, smartmontools, which, git, cscope, ctags, ssdeep
|
||||
}:
|
||||
|
||||
let
|
||||
overrides = {
|
||||
# use older `lvm2` source for osquery, the 2.03 sourcetree
|
||||
# will break osquery due to the lacking header `lvm2app.h`.
|
||||
#
|
||||
# https://github.com/NixOS/nixpkgs/pull/51756#issuecomment-446035295
|
||||
lvm2 = lvm2.overrideAttrs (old: rec {
|
||||
name = "lvm2-${version}";
|
||||
version = "2.02.183";
|
||||
src = fetchgit {
|
||||
url = "git://sourceware.org/git/lvm2.git";
|
||||
rev = "v${version}";
|
||||
sha256 = "1ny3srcsxd6kj59zq1cman5myj8kzw010wbyc6mrpk4kp823r5nx";
|
||||
};
|
||||
});
|
||||
|
||||
# use smartmontools fork to programatically retrieve SMART information.
|
||||
# https://github.com/facebook/osquery/pull/4133
|
||||
smartmontools = smartmontools.overrideAttrs (old: rec {
|
||||
name = "smartmontools-${version}";
|
||||
version = "0.3.1";
|
||||
src = fetchFromGitHub {
|
||||
owner = "allanliu";
|
||||
repo = "smartmontools";
|
||||
rev = "v${version}";
|
||||
sha256 = "1i72fk2ranrky02h7nh9l3va4kjzj0lx1gr477zkxd44wf3w0pjf";
|
||||
};
|
||||
|
||||
# Apple build fix doesn't apply here and isn't needed as we
|
||||
# only support `osquery` on Linux.
|
||||
patches = [];
|
||||
});
|
||||
|
||||
# dpkg 1.19.2 dropped api in `<dpkg/dpkg-db.h>` which breaks compilation.
|
||||
dpkg = dpkg.overrideAttrs (old: rec {
|
||||
name = "dpkg-${version}";
|
||||
version = "1.19.0.5";
|
||||
src = fetchurl {
|
||||
url = "mirror://debian/pool/main/d/dpkg/dpkg_${version}.tar.xz";
|
||||
sha256 = "1dc5kp3fqy1k66fly6jfxkkg7w6d0jy8szddpfyc2xvzga94d041";
|
||||
};
|
||||
});
|
||||
|
||||
# filter out static linking configuration to avoid that the library will
|
||||
# be linked both statically and dynamically.
|
||||
gflags = gflags.overrideAttrs (old: {
|
||||
cmakeFlags = stdenv.lib.filter (f: (builtins.match ".*STATIC.*" f) == null) old.cmakeFlags;
|
||||
});
|
||||
};
|
||||
in
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "osquery";
|
||||
version = "3.3.2";
|
||||
|
||||
# this is what `osquery --help` will show as the version.
|
||||
OSQUERY_BUILD_VERSION = version;
|
||||
OSQUERY_PLATFORM = "NixOS;";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "facebook";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "0nrwmzmbziacs3y0nljyc73bibr3w68myjpfwkicg9zgkq4qihij";
|
||||
};
|
||||
|
||||
patches = [ ./0001-Fix-CMake-configuration-for-Nix.patch ];
|
||||
|
||||
NIX_CFLAGS_COMPILE = [
|
||||
"-I${libxml2.dev}/include/libxml2"
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ python which git cscope ctags cmake pkgconfig doxygen fpm ]
|
||||
++ (with python.pkgs; [ jinja2 ]);
|
||||
|
||||
buildInputs = [
|
||||
udev
|
||||
audit
|
||||
(aws-sdk-cpp.override {
|
||||
apis = [ "firehose" "kinesis" "sts" "ec2" ];
|
||||
customMemoryManagement = false;
|
||||
})
|
||||
overrides.lvm2
|
||||
libgcrypt
|
||||
libarchive
|
||||
libgpgerror
|
||||
libuuid
|
||||
iptables
|
||||
overrides.dpkg
|
||||
lzma
|
||||
bzip2
|
||||
rpm
|
||||
beecrypt
|
||||
augeas
|
||||
libxml2
|
||||
sleuthkit
|
||||
yara
|
||||
lldpd
|
||||
overrides.gflags
|
||||
thrift
|
||||
boost
|
||||
glog
|
||||
gbenchmark
|
||||
snappy
|
||||
openssl
|
||||
file
|
||||
cryptsetup
|
||||
gtest
|
||||
zstd
|
||||
rdkafka
|
||||
rapidjson
|
||||
rocksdb_lite
|
||||
libelfin
|
||||
ssdeep
|
||||
overrides.smartmontools
|
||||
];
|
||||
|
||||
cmakeFlags = [ "-DSKIP_TESTS=1" ];
|
||||
|
||||
preConfigure = ''
|
||||
cp -r ${fetchFromGitHub {
|
||||
owner = "osquery";
|
||||
repo = "third-party";
|
||||
rev = "32e01462fbea75d3b1904693f937dfd62eaced15";
|
||||
sha256 = "0va24gmgk43a1lyjs63q9qrhvpv8gmqjzpjr5595vhr16idv8wyf";
|
||||
}}/* third-party
|
||||
|
||||
chmod +w -R third-party
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "SQL powered operating system instrumentation, monitoring, and analytics";
|
||||
homepage = https://osquery.io/;
|
||||
license = licenses.bsd3;
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ cstrahan ma27 ];
|
||||
broken = true;
|
||||
};
|
||||
}
|
|
@ -261,6 +261,7 @@ mapAliases ({
|
|||
openjpeg_2_1 = openjpeg_2; # added 2018-10-25
|
||||
opensans-ttf = open-sans; # added 2018-12-04
|
||||
openssh_with_kerberos = openssh; # added 2018-01-28
|
||||
osquery = throw "osquery has been removed."; # added 2019-11-24
|
||||
owncloudclient = owncloud-client; # added 2016-08
|
||||
p11_kit = p11-kit; # added 2018-02-25
|
||||
parquet-cpp = arrow-cpp; # added 2018-09-08
|
||||
|
|
|
@ -20461,8 +20461,6 @@ in
|
|||
|
||||
osmo = callPackage ../applications/office/osmo { };
|
||||
|
||||
osquery = callPackage ../tools/system/osquery { };
|
||||
|
||||
palemoon = callPackage ../applications/networking/browsers/palemoon {
|
||||
# https://forum.palemoon.org/viewtopic.php?f=57&t=15296#p111146
|
||||
stdenv = gcc49Stdenv;
|
||||
|
|
Loading…
Reference in a new issue