summarylogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.SRCINFO41
-rw-r--r--PKGBUILD81
-rw-r--r--arch-linux.patch72
-rw-r--r--osqueryd.service14
4 files changed, 208 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 000000000000..f8bd367dbcb8
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,41 @@
+pkgbase = osquery-git
+ pkgdesc = SQL powered operating system instrumentation, monitoring, and analytics.
+ pkgver = 1.8.0.r3.gb9a5313
+ pkgrel = 1
+ url = https://osquery.io
+ arch = any
+ license = BSD
+ makedepends = rocksdb
+ makedepends = rocksdb-static
+ makedepends = cpp-netlib
+ makedepends = magic
+ makedepends = unzip
+ depends = asio
+ depends = audit
+ depends = aws-sdk-cpp-git
+ depends = boost
+ depends = boost-libs
+ depends = clang
+ depends = cmake
+ depends = doxygen
+ depends = gflags
+ depends = git
+ depends = google-glog
+ depends = lsb-release
+ depends = make
+ depends = python
+ depends = python-jinja
+ depends = python-pip
+ depends = sleuthkit
+ depends = snappy
+ depends = thrift
+ depends = yara
+ source = osquery-git-1.8.0.r3.gb9a5313::git+https://github.com/facebook/osquery
+ source = osqueryd.service
+ source = arch-linux.patch
+ sha256sums = SKIP
+ sha256sums = 6f1d7950f547ba6e39a67a267c0a8a46424dd9707cec9041a95fb75fc35a3dcf
+ sha256sums = 8da0d77bd189f4bb778a6be719322ea8c0cd624d2ad3e76bee584bd1d1259542
+
+pkgname = osquery-git
+
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 000000000000..0a84ca82b010
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,81 @@
+# This is an example PKGBUILD file. Use this as a start to creating your own,
+# and remove these comments. For more information, see 'man PKGBUILD'.
+# NOTE: Please fill out the license field for your package! If it is unknown,
+# then please put 'unknown'.
+
+# Maintainer: Matěj Týč <matej.tyc@gmail.com>
+pkgname=osquery-git
+pkgver=1.8.0.r3.gb9a5313
+pkgrel=1
+epoch=
+pkgdesc="SQL powered operating system instrumentation, monitoring, and analytics."
+arch=(any)
+url="https://osquery.io"
+license=('BSD')
+groups=()
+depends=('asio' 'audit' 'aws-sdk-cpp-git' 'boost' 'boost-libs' 'clang' 'cmake'
+ 'doxygen' 'gflags' 'git' 'google-glog' 'lsb-release' 'make' 'python'
+ 'python-jinja' 'python-pip' 'sleuthkit' 'snappy' 'thrift' 'yara')
+makedepends=('rocksdb' 'rocksdb-static' 'cpp-netlib' 'magic' 'unzip')
+checkdepends=()
+optdepends=()
+provides=()
+conflicts=()
+replaces=()
+backup=()
+options=()
+install=
+changelog=
+source=("${pkgname}-${pkgver}::git+https://github.com/facebook/osquery"
+ "osqueryd.service"
+ "arch-linux.patch")
+noextract=()
+sha256sums=('SKIP'
+ '6f1d7950f547ba6e39a67a267c0a8a46424dd9707cec9041a95fb75fc35a3dcf'
+ '1d01edee89b505f0cc9d42fcc7a16e580503f444780767c95f17274ff44024b3')
+validpgpkeys=()
+
+_gitname=${pkgname}-${pkgver}
+
+pkgver() {
+ cd $_gitname
+
+ git describe --long --tags | sed 's/\([^-]*-g\)/r\1/;s/-/./g'
+}
+
+prepare() {
+ cd $_gitname
+
+ git submodule update --init
+ patch -p1 -i "${srcdir}/arch-linux.patch"
+}
+
+
+build() {
+ cd $_gitname
+
+ make deps
+ cmake -DCMAKE_INSTALL_PREFIX=/usr
+ make -j $(nproc) -C osquery DESTDIR="${pkgdir}"
+}
+
+package() {
+ cd $_gitname
+
+ make DESTDIR="${pkgdir}" install
+
+ install -dm755 "${pkgdir}/var/osquery/"
+ install -dm755 "${pkgdir}/var/log/osquery/"
+
+ install -Dm755 "${pkgdir}/usr/share/osquery/osquery.example.conf" \
+ "${pkgdir}/etc/osquery/osquery.conf"
+
+ install -Dm755 "${srcdir}/osqueryd.service" \
+ "${pkgdir}/usr/lib/systemd/system/osqueryd.service"
+}
+sha256sums=('SKIP'
+ '6f1d7950f547ba6e39a67a267c0a8a46424dd9707cec9041a95fb75fc35a3dcf'
+ '5adaeaf699980ef880a2487fab25fa732b3847c780dafb97f2eb9612fbe93328')
+sha256sums=('SKIP'
+ '6f1d7950f547ba6e39a67a267c0a8a46424dd9707cec9041a95fb75fc35a3dcf'
+ '8da0d77bd189f4bb778a6be719322ea8c0cd624d2ad3e76bee584bd1d1259542')
diff --git a/arch-linux.patch b/arch-linux.patch
new file mode 100644
index 000000000000..3a7fd2e31ed2
--- /dev/null
+++ b/arch-linux.patch
@@ -0,0 +1,72 @@
+diff --git a/osquery/CMakeLists.txt b/osquery/CMakeLists.txt
+index b96fb5f..8f3a500 100644
+--- a/osquery/CMakeLists.txt
++++ b/osquery/CMakeLists.txt
+@@ -98,6 +98,9 @@ ADD_OSQUERY_LINK_CORE("glog")
+ ADD_OSQUERY_LINK_CORE("boost_system")
+ ADD_OSQUERY_LINK_CORE("boost_filesystem")
+ ADD_OSQUERY_LINK_CORE("boost_regex")
++ADD_OSQUERY_LINK_CORE("bz2")
++ADD_OSQUERY_LINK_CORE("cryptsetup")
++ADD_OSQUERY_LINK_CORE("lz4")
+
+ # TODO(#1956): Ignoring on WIN32 for now
+ if(NOT WIN32)
+diff --git a/osquery/remote/transports/tls.cpp b/osquery/remote/transports/tls.cpp
+index 4273293..f181af9 100644
+--- a/osquery/remote/transports/tls.cpp
++++ b/osquery/remote/transports/tls.cpp
+@@ -30,12 +30,12 @@ SSL_CTX* TLSv1_2_method(void) { return nullptr; }
+ SSL_CTX* TLSv1_2_server_method(void) { return nullptr; }
+ #endif
+ #if defined(NO_SSL_TXT_SSLV3)
+-SSL_METHOD* SSLv3_server_method(void) { return nullptr; }
+-SSL_METHOD* SSLv3_client_method(void) { return nullptr; }
+-SSL_METHOD* SSLv3_method(void) { return nullptr; }
+-SSL_METHOD* SSLv2_server_method(void) { return nullptr; }
+-SSL_METHOD* SSLv2_client_method(void) { return nullptr; }
+-SSL_METHOD* SSLv2_method(void) { return nullptr; }
++const SSL_METHOD* SSLv3_server_method(void) { return nullptr; }
++const SSL_METHOD* SSLv3_client_method(void) { return nullptr; }
++const SSL_METHOD* SSLv3_method(void) { return nullptr; }
++const SSL_METHOD* SSLv2_server_method(void) { return nullptr; }
++const SSL_METHOD* SSLv2_client_method(void) { return nullptr; }
++const SSL_METHOD* SSLv2_method(void) { return nullptr; }
+ #endif
+ #endif
+ }
+diff --git a/osquery/remote/transports/tls.h b/osquery/remote/transports/tls.h
+index 751c416..55038dc 100644
+--- a/osquery/remote/transports/tls.h
++++ b/osquery/remote/transports/tls.h
+@@ -27,9 +27,9 @@
+ /// Newer versions of LibreSSL will lack SSL methods.
+ extern "C" {
+ #if defined(NO_SSL_TXT_SSLV3)
+-SSL_METHOD* SSLv3_server_method(void);
+-SSL_METHOD* SSLv3_client_method(void);
+-SSL_METHOD* SSLv3_method(void);
++const SSL_METHOD* SSLv3_server_method(void);
++const SSL_METHOD* SSLv3_client_method(void);
++const SSL_METHOD* SSLv3_method(void);
+ #endif
+ void ERR_remove_state(unsigned long);
+ }
+diff --git a/tools/provision/arch.sh b/tools/provision/arch.sh
+index d6498d4..6f7a7ce 100755
+--- a/tools/provision/arch.sh
++++ b/tools/provision/arch.sh
+@@ -30,12 +30,10 @@ function main_arch() {
+ package thrift
+ package yara
+
+- install_aws_sdk
+-
+ echo ""
+ echo "The following packages need to be installed from the AUR:"
+ echo "rocksdb or rocksdb-static (if using rocksdb export BUILD_LINK_SHARED=True)"
+- echo "cpp-netlib and magic"
++ echo "aws-sdk-cpp-git, cpp-netlib and magic"
+ echo ""
+ }
+
diff --git a/osqueryd.service b/osqueryd.service
new file mode 100644
index 000000000000..b30cf6ae9a29
--- /dev/null
+++ b/osqueryd.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=The osquery Daemon
+After=network.service syslog.service
+
+[Service]
+TimeoutStartSec=0
+ExecStart=/usr/bin/osqueryd --config_path /etc/osquery/osquery.conf
+Restart=on-abort
+KillMode=process
+KillSignal=SIGTERM
+SendSIGKILL=yes
+
+[Install]
+WantedBy=multi-user.target