mirror of
https://github.com/fleetdm/fleet
synced 2026-05-10 02:30:56 +00:00
0028e2ce3f
Following the discussion in #15651, this adds the `nftables` table by parsing the binary output. --------- Co-authored-by: Zach Wasserman <zach@fleetdm.com>
22 lines
1,003 B
Go
22 lines
1,003 B
Go
//go:build linux
|
|
|
|
package table
|
|
|
|
import (
|
|
"github.com/fleetdm/fleet/v4/orbit/pkg/table/crowdstrike/falcon_kernel_check"
|
|
"github.com/fleetdm/fleet/v4/orbit/pkg/table/crowdstrike/falconctl"
|
|
"github.com/fleetdm/fleet/v4/orbit/pkg/table/cryptsetup"
|
|
"github.com/fleetdm/fleet/v4/orbit/pkg/table/dataflattentable"
|
|
"github.com/rs/zerolog/log"
|
|
|
|
"github.com/osquery/osquery-go"
|
|
)
|
|
|
|
func PlatformTables(_ PluginOpts) ([]osquery.OsqueryPlugin, error) {
|
|
return []osquery.OsqueryPlugin{
|
|
cryptsetup.TablePlugin(log.Logger), // table name is "cryptsetup_status"
|
|
falconctl.NewFalconctlOptionTable(log.Logger), // table name is "falconctl_option"
|
|
falcon_kernel_check.TablePlugin(log.Logger), // table name is "falcon_kernel_check"
|
|
dataflattentable.TablePluginExec(log.Logger, "nftables", dataflattentable.JsonType, []string{"nft", "-jat", "list", "ruleset"}, dataflattentable.WithBinDirs("/usr/bin", "/usr/sbin")), // -j (json) -a (show object handles) -t (terse, omit set contents)
|
|
}, nil
|
|
}
|