Skip to content

Commit

Permalink
Remove FreeBSD references from website, UI, and query library (#7279)
Browse files Browse the repository at this point in the history
  • Loading branch information
lukeheath authored Aug 24, 2022
1 parent 625081c commit f08cf6c
Show file tree
Hide file tree
Showing 9 changed files with 65 additions and 178 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ apiVersion: v1
kind: query
spec:
name: Get installed Chrome Extensions
platforms: macOS, Linux, Windows, FreeBSD
platforms: macOS, Linux, Windows
description: List installed Chrome Extensions for all users.
query: SELECT * FROM users CROSS JOIN chrome_extensions USING (uid);
purpose: Informational
Expand All @@ -57,17 +57,6 @@ spec:
---
apiVersion: v1
kind: query
spec:
name: Get installed FreeBSD software
platforms: FreeBSD
description: Get all software installed on a FreeBSD computer, including browser plugins and installed packages. Note that this does not include other running processes in the processes table.
query: SELECT name AS name, version AS version, 'Browser plugin (Chrome)' AS type, 'chrome_extensions' AS source FROM chrome_extensions UNION SELECT name AS name, version AS version, 'Browser plugin (Firefox)' AS type, 'firefox_addons' AS source FROM firefox_addons UNION SELECT name AS name, version AS version, 'Package (Atom)' AS type, 'atom_packages' AS source FROM atom_packages UNION SELECT name AS name, version AS version, 'Package (Python)' AS type, 'python_packages' AS source FROM python_packages UNION SELECT name AS name, version AS version, 'Package (pkg)' AS type, 'pkg_packages' AS source FROM pkg_packages;
purpose: Informational
tags: inventory
contributors: zwass
---
apiVersion: v1
kind: query
spec:
name: Get installed Linux software
platforms: Linux
Expand Down Expand Up @@ -125,7 +114,7 @@ apiVersion: v1
kind: query
spec:
name: Get current users with active shell/console on the system
platforms: macOS, Linux, Windows, FreeBSD
platforms: macOS, Linux, Windows
description: Get current users with active shell/console on the system and associated process
query: SELECT user,host,time, p.name, p.cmdline, p.cwd, p.root FROM logged_in_users liu, processes p WHERE liu.pid = p.pid and liu.type='user' and liu.user <> '' ORDER BY time;
purpose: Informational
Expand All @@ -136,7 +125,7 @@ apiVersion: v1
kind: query
spec:
name: Get unencrypted SSH keys for local accounts
platforms: macOS, Linux, Windows, FreeBSD
platforms: macOS, Linux, Windows
description: Identify SSH keys created without a passphrase which can be used in Lateral Movement (MITRE. TA0008)
query: SELECT uid, username, description, path, encrypted FROM users CROSS JOIN user_ssh_keys using (uid) WHERE encrypted=0;
purpose: Informational
Expand All @@ -148,7 +137,7 @@ apiVersion: v1
kind: query
spec:
name: Get unencrypted SSH keys for domain-joined accounts
platforms: macOS, Linux, Windows, FreeBSD
platforms: macOS, Linux, Windows
description: Identify SSH keys created without a passphrase which can be used in Lateral Movement (MITRE. TA0008)
query: SELECT uid, username, description, path, encrypted FROM users CROSS JOIN user_ssh_keys using (uid) WHERE encrypted=0 and username in (SELECT distinct(username) FROM last);
purpose: Informational
Expand Down Expand Up @@ -195,7 +184,7 @@ apiVersion: v1
kind: query
spec:
name: Get network interfaces
platforms: macOS, Linux, Windows, FreeBSD
platforms: macOS, Linux, Windows
description: Network interfaces MAC address
query: SELECT a.interface, a.address, d.mac FROM interface_addresses a JOIN interface_details d USING (interface) WHERE address not in ('127.0.0.1', '::1');
purpose: informational
Expand All @@ -206,7 +195,7 @@ apiVersion: v1
kind: query
spec:
name: Get local user accounts
platforms: macOS, Linux, Windows, FreeBSD
platforms: macOS, Linux, Windows
description: Local user accounts (including domain accounts that have logged on locally (Windows)).
query: SELECT uid, gid, username, description, directory, shell FROM users;
purpose: informational
Expand All @@ -228,7 +217,7 @@ apiVersion: v1
kind: query
spec:
name: Get Nmap scanner
platforms: macOS, Linux, Windows, FreeBSD
platforms: macOS, Linux, Windows
description: Get Nmap scanner process, as well as its user, parent, and process details.
query: SELECT p.pid, name, p.path, cmdline, cwd, start_time, parent,
(SELECT name FROM processes WHERE pid=p.parent) AS parent_name,
Expand Down Expand Up @@ -299,7 +288,7 @@ spec:
name: Get local administrator accounts on macOS
platforms: macOS
description: The query allows you to check macOS systems for local administrator accounts.
query: SELECT uid, username, type, group name FROM users u JOIN groups g ON g.gid = u.gid;
query: SELECT uid, username, type FROM users u JOIN groups g ON g.gid = u.gid;
purpose: Informational
tags: hunting, inventory
contributors: alphabrevity
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ const DISPLAY_ORDER = [
"darwin",
"linux",
"windows",
// "freebsd",
// "None",
// "Invalid query",
];
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -114,13 +114,6 @@ const QuerySidePanel = ({
{PLATFORM_DISPLAY_NAMES[platform] || platform}
</li>
);
} else if (platform === "freebsd") {
return (
<li key={platform}>
<FleetIcon name="single-host" />{" "}
{PLATFORM_DISPLAY_NAMES[platform]}
</li>
);
}
platform = platform.toLowerCase();
let icon = (
Expand Down
2 changes: 1 addition & 1 deletion frontend/interfaces/osquery_table.ts
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ export const DEFAULT_OSQUERY_TABLE: IOsqueryTable = {
description:
"Local user accounts (including domain accounts that have logged on locally (Windows)).",
url: "https://github.com/osquery/osquery/blob/master/specs/users.table",
platforms: ["darwin", "linux", "windows", "freebsd"],
platforms: ["darwin", "linux", "windows"],
evented: false,
cacheable: false,
columns: [
Expand Down
4 changes: 1 addition & 3 deletions frontend/interfaces/platform.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,7 @@ export type IOsqueryPlatform =
| "windows"
| "Windows"
| "linux"
| "Linux"
| "freebsd"
| "FreeBSD";
| "Linux";

export type IPlatformString =
| ""
Expand Down
Loading

0 comments on commit f08cf6c

Please sign in to comment.