blob: 9aa9820e50c5260e5bc4a89b006786090e70b603 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
import ./make-test-python.nix ({ lib, pkgs, ... }:
let
config_refresh = "10";
nullvalue = "NULL";
utc = false;
in
{
name = "osquery";
meta.maintainers = with lib.maintainers; [ znewman01 lewo ];
nodes.machine = { config, pkgs, ... }: {
services.osquery = {
enable = true;
settings.options = { inherit nullvalue utc; };
flags = {
inherit config_refresh;
nullvalue = "IGNORED";
};
};
};
testScript = { nodes, ... }:
let
cfg = nodes.machine.services.osquery;
in
''
machine.start()
machine.wait_for_unit("osqueryd.service")
# Stop the osqueryd service so that we can use osqueryi to check information stored in the database.
machine.wait_until_succeeds("systemctl stop osqueryd.service")
# osqueryd was able to query information about the host.
machine.succeed("echo 'SELECT address FROM etc_hosts LIMIT 1;' | osqueryi | tee /dev/console | grep -q '127.0.0.1'")
# osquery binaries respect configuration from the Nix config option.
machine.succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"utc\";' | osqueryi | tee /dev/console | grep -q ${boolToString utc}")
# osquery binaries respect configuration from the Nix flags option.
machine.succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"config_refresh\";' | osqueryi | tee /dev/console | grep -q ${config_refresh}")
# Demonstrate that osquery binaries prefer configuration plugin options over CLI flags.
# https://osquery.readthedocs.io/en/latest/deployment/configuration/#options.
machine.succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"nullvalue\";' | osqueryi | tee /dev/console | grep -q ${nullvalue}")
# Module creates directories for default database_path and pidfile flag values.
machine.succeed("test -d $(dirname ${cfg.flags.database_path})")
machine.succeed("test -d $(dirname ${cfg.flags.pidfile})")
'';
})
|