Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-16 05:28:38 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 120
fleet/orbit/pkg/table/extension_windows.go
Juan Fernandez 128ee07cae
Add ability to determine Bitlocker protectors (#31090) 
For #31062:

Added new Fleetd table 'bitlocker_key_protectors' that can be used for
determining whether a TPM PIN protector is setup in a volume.
2025-07-24 18:30:55 -04:00

57 lines
1.5 KiB
Go
Raw Blame History

//go:build windows
package table
import (
"fmt"
"github.com/fleetdm/fleet/v4/orbit/pkg/table/bitlocker_key_protectors"
cisaudit "github.com/fleetdm/fleet/v4/orbit/pkg/table/cis_audit"
mdmbridge "github.com/fleetdm/fleet/v4/orbit/pkg/table/mdm"
"github.com/fleetdm/fleet/v4/orbit/pkg/table/windowsupdatetable"
"github.com/rs/zerolog/log"
"golang.org/x/sys/windows/registry"
"github.com/osquery/osquery-go"
"github.com/osquery/osquery-go/plugin/table"
)
func PlatformTables(_ PluginOpts) ([]osquery.OsqueryPlugin, error) {
plugins := []osquery.OsqueryPlugin{
// Fleet tables
table.NewPlugin("cis_audit", cisaudit.Columns(), cisaudit.Generate),
bitlocker_key_protectors.TablePlugin(log.Logger),
windowsupdatetable.TablePlugin(windowsupdatetable.UpdatesTable, log.Logger), // table name is "windows_updates"
}
windowsServer, err := IsWindowsServer()
if err != nil {
return nil, err
}
if !windowsServer {
plugins = append(plugins, table.NewPlugin("mdm_bridge", mdmbridge.Columns(), mdmbridge.Generate))
}
return plugins, nil
}
func IsWindowsServer() (bool, error) {
k, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE)
if err != nil {
return false, fmt.Errorf("windows server check: %w", err)
}
defer k.Close()
s, _, err := k.GetStringValue("InstallationType")
if err != nil {
return false, fmt.Errorf("windows server check: %w", err)
}
if s == "Server" {
return true, nil
}
return false, nil
}
Reference in a new issue View git blame Copy permalink