Fleet osquery

package packaging import "text/template" // Best reference I could find: // http://s.sudre.free.fr/Stuff/Ivanhoe/FLAT.html var macosPackageInfoTemplate = template.Must(template.New("").Option("missingkey=error").Parse( `

`)) // This template is used to generate a Distribution Definition file, which // controls the experience of the installer (the default dir, what options the // user has, etc.) // // Reference: // https://developer.apple.com/library/archive/documentation/DeveloperTools/Reference/DistributionDefinitionRef/Chapters/Distribution_XML_Ref.html var macosDistributionTemplate = template.Must(template.New("").Option("missingkey=error").Parse( ` Fleet osquery

{{/* base.pkg specified here is the foldername that contains the package contents */}} #base.pkg {{/* this ref is collapsed with the previous, having a bundle version helps our notarization tools */}}

`)) var macosPostinstallTemplate = template.Must(template.New("").Option("missingkey=error").Parse( `#!/bin/bash ln -sf /opt/orbit/bin/orbit/macos/{{.OrbitChannel}}/orbit /opt/orbit/bin/orbit/orbit ln -sf /opt/orbit/bin/orbit/orbit /usr/local/bin/orbit {{ if .LegacyVarLibSymlink }} # Symlink needed to support old versions of orbit. ln -sf /opt/orbit /var/lib/orbit {{- end }} {{ if .StartService -}} DAEMON_LABEL="com.fleetdm.orbit" DAEMON_PLIST="/Library/LaunchDaemons/${DAEMON_LABEL}.plist" # Stop the previous desktop agent pkill fleet-desktop || true # Remove any pre-existing version of the config launchctl bootout "system/${DAEMON_LABEL}" # Make sure the launch daemon is enabled before we try to bootstrap it launchctl enable "system/${DAEMON_LABEL}" # Add the daemon to the launchd system. # # We add retries because we've seen "launchctl bootstrap" fail # if the service is still running after bootout (in case the # service takes a bit longer to terminate gracefully). # We've seen this when deploying the package via an MDM server. # count=0 while ! launchctl bootstrap system "${DAEMON_PLIST}"; do sleep 1 ((count++)) if [[ $count -eq 30 ]]; then echo "Failed to bootstrap system ${DAEMON_PLIST}" exit 1 fi echo "Retrying launchctl bootstrap..." done echo "Successfully bootstrap system ${DAEMON_PLIST}" # Force the daemon to start launchctl kickstart "system/${DAEMON_LABEL}" {{- end }} `)) // Note it's important not to start the orbit binary in // `/usr/local/bin/orbit` because this is a path that users usually have write // access to, and running that binary with launchd can become a privilege // escalation vector. var macosLaunchdTemplate = template.Must(template.New("").Option("missingkey=error").Parse( ` EnvironmentVariables {{- if .Debug }} ORBIT_DEBUG true {{- end }} {{- if .Insecure }} ORBIT_INSECURE true {{- end }} {{- if .FleetCertificate }} ORBIT_FLEET_CERTIFICATE /opt/orbit/fleet.pem {{- end }} {{- if .EnrollSecret }} ORBIT_ENROLL_SECRET_PATH /opt/orbit/secret.txt {{- end }} {{- if .FleetURL }} ORBIT_FLEET_URL {{ .FleetURL }} {{- end }} {{- if .UseSystemConfiguration }} ORBIT_USE_SYSTEM_CONFIGURATION {{ .UseSystemConfiguration }} {{- end }} {{- if .EnableScripts }} ORBIT_ENABLE_SCRIPTS {{ .EnableScripts }} {{- end }} {{- if .DisableUpdates }} ORBIT_DISABLE_UPDATES true {{- end }} ORBIT_ORBIT_CHANNEL {{ .OrbitChannel }} ORBIT_OSQUERYD_CHANNEL {{ .OsquerydChannel }} ORBIT_UPDATE_URL {{ .UpdateURL }} {{- if .UpdateTLSServerCertificate }} ORBIT_UPDATE_TLS_CERTIFICATE /opt/orbit/update.pem {{- end }} {{- if .Desktop }} ORBIT_FLEET_DESKTOP true ORBIT_DESKTOP_CHANNEL {{ .DesktopChannel }} {{- if .FleetDesktopAlternativeBrowserHost }} ORBIT_FLEET_DESKTOP_ALTERNATIVE_BROWSER_HOST {{ .FleetDesktopAlternativeBrowserHost }} {{- end }} {{- end }} ORBIT_UPDATE_INTERVAL {{ .OrbitUpdateInterval }} {{- if and (ne .HostIdentifier "") (ne .HostIdentifier "uuid") }} ORBIT_HOST_IDENTIFIER {{ .HostIdentifier }} {{- end }} {{- if .DisableKeystore }} ORBIT_DISABLE_KEYSTORE true {{- end }} {{- if .OsqueryDB }} ORBIT_OSQUERY_DB {{ .OsqueryDB }} {{- end }} KeepAlive Label com.fleetdm.orbit ProgramArguments /opt/orbit/bin/orbit/orbit RunAtLoad StandardErrorPath /var/log/orbit/orbit.stderr.log StandardOutPath /var/log/orbit/orbit.stdout.log ThrottleInterval 10 `))