From 7c9454c92d8e2575a2b785249a231d634399bbed Mon Sep 17 00:00:00 2001 From: Zach Wasserman Date: Thu, 23 Feb 2023 06:18:04 -0600 Subject: [PATCH] Changes in Fleet server to support Fleetd for Chrome (#10047) These are minor changes needed to support the new ChromeOS extension. This should have no effect on non-Chrome platforms. # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality --- changes/chrome | 1 + server/fleet/hosts.go | 5 ++- server/service/osquery_utils/queries.go | 15 +++++++-- server/service/osquery_utils/queries_test.go | 34 +++++++++++++++++++- 4 files changed, 50 insertions(+), 5 deletions(-) create mode 100644 changes/chrome diff --git a/changes/chrome b/changes/chrome new file mode 100644 index 0000000000..6422b81901 --- /dev/null +++ b/changes/chrome @@ -0,0 +1 @@ +* Minor server changes to support Fleetd for ChromeOS (to be released soon). diff --git a/server/fleet/hosts.go b/server/fleet/hosts.go index df00eedee8..b10b47a534 100644 --- a/server/fleet/hosts.go +++ b/server/fleet/hosts.go @@ -392,7 +392,10 @@ func PlatformFromHost(hostPlatform string) string { return "linux" case hostPlatform == "darwin", hostPlatform == "windows", // Some customers have custom agents that support ChromeOS - hostPlatform == "CrOS": + // TODO remove this once that customer migrates to Fleetd for Chrome + hostPlatform == "CrOS", + // Fleet now supports Chrome via fleetd + hostPlatform == "chrome": return hostPlatform default: return "" diff --git a/server/service/osquery_utils/queries.go b/server/service/osquery_utils/queries.go index 1e223a53c6..aadbd36f48 100644 --- a/server/service/osquery_utils/queries.go +++ b/server/service/osquery_utils/queries.go @@ -113,6 +113,11 @@ var hostDetailQueries = map[string]DetailQuery{ Platforms: []string{"windows"}, IngestFunc: ingestNetworkInterface, }, + "network_interface_chrome": { + Query: `SELECT address, mac FROM network_interfaces LIMIT 1`, + Platforms: []string{"chrome"}, + IngestFunc: ingestNetworkInterface, + }, "os_version": { // Collect operating system information for the `hosts` table. // Note that data for `operating_system` and `host_operating_system` tables are ingested via @@ -903,16 +908,20 @@ func directIngestOSUnixLike(ctx context.Context, logger log.Logger, host *fleet. // depend on available data, which varies between operating systems. func parseOSVersion(name string, version string, major string, minor string, patch string, build string) string { var osVersion string - if strings.Contains(strings.ToLower(name), "ubuntu") { + switch { + case strings.Contains(strings.ToLower(name), "ubuntu"): // Ubuntu takes a different approach to updating patch IDs so we instead use // the version string provided after removing the code name. regx := regexp.MustCompile(`\(.*\)`) osVersion = strings.TrimSpace(regx.ReplaceAllString(version, "")) - } else if major != "0" || minor != "0" || patch != "0" { + case strings.Contains(strings.ToLower(name), "chrome"): + osVersion = build + case major != "0" || minor != "0" || patch != "0": osVersion = fmt.Sprintf("%s.%s.%s", major, minor, patch) - } else { + default: osVersion = build } + osVersion = strings.Trim(osVersion, ".") return osVersion diff --git a/server/service/osquery_utils/queries_test.go b/server/service/osquery_utils/queries_test.go index 51df3bb44d..14c8651d90 100644 --- a/server/service/osquery_utils/queries_test.go +++ b/server/service/osquery_utils/queries_test.go @@ -239,6 +239,7 @@ func TestGetDetailQueries(t *testing.T) { baseQueries := []string{ "network_interface_unix", "network_interface_windows", + "network_interface_chrome", "os_version", "os_version_windows", "osquery_flags", @@ -266,7 +267,7 @@ func TestGetDetailQueries(t *testing.T) { sortedKeysCompare(t, queriesNoConfig, baseQueries) queriesWithoutWinOSVuln := GetDetailQueries(context.Background(), config.FleetConfig{Vulnerabilities: config.VulnerabilitiesConfig{DisableWinOSVulnerabilities: true}}, nil, nil) - require.Len(t, queriesWithoutWinOSVuln, 22) + require.Len(t, queriesWithoutWinOSVuln, 23) queriesWithUsers := GetDetailQueries(context.Background(), config.FleetConfig{App: config.AppConfig{EnableScheduledQueryStats: true}}, nil, &fleet.Features{EnableHostUsers: true}) qs := append(baseQueries, "users", "scheduled_query_stats") @@ -408,6 +409,37 @@ func TestDetailQueriesOSVersionWindows(t *testing.T) { assert.Equal(t, "Windows 10 Enterprise LTSC ", host.OSVersion) } +func TestDetailQueriesOSVersionChrome(t *testing.T) { + var initialHost fleet.Host + host := initialHost + + ingest := GetDetailQueries(context.Background(), config.FleetConfig{}, nil, nil)["os_version"].IngestFunc + + assert.NoError(t, ingest(context.Background(), log.NewNopLogger(), &host, nil)) + assert.Equal(t, initialHost, host) + + var rows []map[string]string + require.NoError(t, json.Unmarshal([]byte(` +[{ + "hostname": "chromeo", + "arch": "x86_64", + "build": "chrome-build", + "codename": "", + "major": "1", + "minor": "3", + "name": "chromeos", + "patch": "7", + "platform": "chrome", + "platform_like": "chrome", + "version": "1.3.3.7" +}]`), + &rows, + )) + + assert.NoError(t, ingest(context.Background(), log.NewNopLogger(), &host, rows)) + assert.Equal(t, "chromeos chrome-build", host.OSVersion) +} + func TestDirectIngestMDMMac(t *testing.T) { ds := new(mock.Store) ds.SetOrUpdateMDMDataFunc = func(ctx context.Context, hostID uint, isServer, enrolled bool, serverURL string, installedFromDep bool, name string) error {