KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache
System : Linux cs317.bluehost.com 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64
User : andertr9 ( 1047)
PHP Version : 8.2.18
Disable Function : NONE
Directory :  /opt/osquery/share/osquery/lenses/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //opt/osquery/share/osquery/lenses/masterpasswd.aug
(*
 Module: MasterPasswd
 Parses /etc/master.passwd

 Author: Matt Dainty <matt@bodgit-n-scarper.com>

 About: Reference
        - man 5 master.passwd

 Each line in the master.passwd file represents a single user record, whose
 colon-separated attributes correspond to the members of the passwd struct

*)

module MasterPasswd =

   autoload xfm

(************************************************************************
 * Group:                    USEFUL PRIMITIVES
 *************************************************************************)

(* Group: Comments and empty lines *)

let eol        = Util.eol
let comment    = Util.comment
let empty      = Util.empty
let dels       = Util.del_str

let word       = Rx.word
let integer    = Rx.integer

let colon      = Sep.colon

let sto_to_eol = Passwd.sto_to_eol
let sto_to_col = Passwd.sto_to_col
(* Store an empty string if nothing matches *)
let sto_to_col_or_empty = Passwd.sto_to_col_or_empty

(************************************************************************
 * Group:                        ENTRIES
 *************************************************************************)

let username    = /[_.A-Za-z0-9][-_.A-Za-z0-9]*\$?/

(* View: password
        pw_passwd *)
let password    = [ label "password"    . sto_to_col?   . colon ]

(* View: uid
        pw_uid *)
let uid         = [ label "uid"         . store integer . colon ]

(* View: gid
        pw_gid *)
let gid         = [ label "gid"         . store integer . colon ]

(* View: class
        pw_class *)
let class       = [ label "class"       . sto_to_col? . colon ]

(* View: change
        pw_change *)
let change_date = [ label "change_date" . store integer? . colon ]

(* View: expire
        pw_expire *)
let expire_date = [ label "expire_date" . store integer? . colon ]

(* View: name
        pw_gecos; the user's full name *)
let name        = [ label "name"        . sto_to_col? . colon ]

(* View: home
        pw_dir *)
let home        = [ label "home"        . sto_to_col?   . colon ]

(* View: shell
        pw_shell *)
let shell       = [ label "shell"       . sto_to_eol? ]

(* View: entry
        struct passwd *)
let entry       = [ key username
                . colon
                . password
                . uid
                . gid
                . class
                . change_date
                . expire_date
                . name
                . home
                . shell
                . eol ]

(* NIS entries *)
let niscommon   =  [ label "password"    . sto_to_col ]?    . colon
               . [ label "uid"         . store integer ]? . colon
               . [ label "gid"         . store integer ]? . colon
               . [ label "class"       . sto_to_col ]?    . colon
               . [ label "change_date" . store integer ]? . colon
               . [ label "expire_date" . store integer ]? . colon
               . [ label "name"        . sto_to_col ]?    . colon
               . [ label "home"        . sto_to_col ]?    . colon
               . [ label "shell"       . sto_to_eol ]?

let nisentry =
  let overrides =
        colon
      . niscommon in
  [ dels "+@" . label "@nis" . store username . overrides . eol ]

let nisuserplus =
  let overrides =
        colon
      . niscommon in
  [ dels "+" . label "@+nisuser" . store username . overrides . eol ]

let nisuserminus =
  let overrides =
        colon
      . niscommon in
  [ dels "-" . label "@-nisuser" . store username . overrides . eol ]

let nisdefault =
  let overrides =
        colon
      . [ label "password"    . sto_to_col_or_empty . colon ]
      . [ label "uid"         . store integer? . colon ]
      . [ label "gid"         . store integer? . colon ]
      . [ label "class"       . sto_to_col?    . colon ]
      . [ label "change_date" . store integer? . colon ]
      . [ label "expire_date" . store integer? . colon ]
      . [ label "name"        . sto_to_col?    . colon ]
      . [ label "home"        . sto_to_col?    . colon ]
      . [ label "shell"       . sto_to_eol? ] in
  [ dels "+" . label "@nisdefault" . overrides? . eol ]

(************************************************************************
 *                                LENS
 *************************************************************************)

let lns        = (comment|empty|entry|nisentry|nisdefault|nisuserplus|nisuserminus) *

let filter     = incl "/etc/master.passwd"

let xfm        = transform lns filter

Anon7 - 2021