Merge pull request #45 from jmpsec/osquery-4.2.0

Upgrade osquery to 4.2.0

admin/main.go

@@ -55,7 +55,7 @@ const (
 	// Default Headers configuration file
 	headersConfigurationFile string = "config/headers.json"
 	// osquery version to display tables
-	osqueryTablesVersion string = "4.1.2"
+	osqueryTablesVersion string = "4.2.0"
 	// JSON file with osquery tables data
 	osqueryTablesFile string = "data/" + osqueryTablesVersion + ".json"
 	// Static files folder

deploy/docker/admin/Dockerfile

@@ -15,7 +15,7 @@ COPY admin/templates/components/page-head-online.html tmpl_admin/components/page
 COPY admin/templates/components/page-js-online.html tmpl_admin/components/page-js.html
 COPY admin/static/ static
 
-COPY deploy/osquery/data/4.1.2.json data/
+COPY deploy/osquery/data/4.2.0.json data/
 COPY deploy/osquery/osquery-dev.json data/
 
 RUN mkdir -p carved_files

deploy/docker/dockerize.sh

@@ -152,24 +152,18 @@ log "Preparing certificates for $NAME-nginx"
 # This is for development purposes, in production environments use 2048 or 4096 bits
 _BITS="1024"
 
-CSR_FILE="$CERTSDIR/$NAME.csr"
 KEY_FILE="$CERTSDIR/$NAME.key"
 CRT_FILE="$CERTSDIR/$NAME.crt"
 DH_FILE="$CERTSDIR/dhparam.pem"
 
 if [[ "$_MKCERT" == false ]]; then
-  if [[ -f "$KEY_FILE" && "$_FORCE" == false ]]; then
-    log "Using existing $KEY_FILE"
+  if [[ -f "$KEY_FILE" ]] && [[ -f "$CRT_FILE" ]] && [[ "$_FORCE" == false ]]; then
+    log "Using existing $KEY_FILE and $CRT_FILE"
   else
-    log "Generating $KEY_FILE"
-    openssl req -nodes -newkey rsa:$_BITS -keyout "$KEY_FILE" -out "$CSR_FILE" -subj "/O=$NAME"
-  fi
-
-  if [[ -f "$CRT_FILE" && "$_FORCE" == false ]]; then
-    log "Using existing $CRT_FILE"
-  else
-    log "Generating $CRT_FILE"
-    openssl x509 -req -days 365 -in "$CSR_FILE" -signkey "$KEY_FILE" -out "$CRT_FILE"
+    log "Generating $KEY_FILE and $CRT_FILE"
+    openssl req -x509 -newkey rsa:$_BITS -sha256 -days 365 -nodes \
+    -keyout "$KEY_FILE" -out "$CRT_FILE" -subj "/CN=osctrl-nginx" \
+    -addext "subjectAltName=DNS:localhost,IP:127.0.0.1"
   fi
 else
   log "Generating $KEY_FILE and $CRT_FILE with mkcert"

deploy/docker/nodes/centos6/Dockerfile

@@ -1,7 +1,7 @@
 FROM centos:6
 LABEL maintainer="javuto"
 
-RUN curl -# "https://osquery-packages.s3.amazonaws.com/rpm/osquery-4.1.2-1.linux.x86_64.rpm" -o "/tmp/osquery.rpm"
+RUN curl -# "https://osquery-packages.s3.amazonaws.com/rpm/osquery-4.2.0-1.linux.x86_64.rpm" -o "/tmp/osquery.rpm"
 RUN rpm -ivh "/tmp/osquery.rpm"
 
 COPY deploy/docker/nodes/centos6/wait.sh .

deploy/docker/nodes/centos7/Dockerfile

@@ -1,7 +1,7 @@
 FROM centos:7
 LABEL maintainer="javuto"
 
-RUN curl -# "https://osquery-packages.s3.amazonaws.com/rpm/osquery-4.1.2-1.linux.x86_64.rpm" -o "/tmp/osquery.rpm"
+RUN curl -# "https://osquery-packages.s3.amazonaws.com/rpm/osquery-4.2.0-1.linux.x86_64.rpm" -o "/tmp/osquery.rpm"
 RUN rpm -ivh "/tmp/osquery.rpm"
 
 COPY deploy/docker/nodes/centos7/wait.sh .

deploy/docker/nodes/debian8/Dockerfile

@@ -3,7 +3,7 @@ LABEL maintainer="javuto"
 
 RUN apt update && apt install -y curl
 
-RUN curl -# "https://osquery-packages.s3.amazonaws.com/deb/osquery_4.1.2_1.linux.amd64.deb" -o "/tmp/osquery.deb"
+RUN curl -# "https://osquery-packages.s3.amazonaws.com/deb/osquery_4.2.0_1.linux.amd64.deb" -o "/tmp/osquery.deb"
 RUN dpkg -i "/tmp/osquery.deb"
 
 COPY deploy/docker/nodes/debian8/wait.sh .

deploy/docker/nodes/debian9/Dockerfile

@@ -3,7 +3,7 @@ LABEL maintainer="javuto"
 
 RUN apt update && apt install -y curl
 
-RUN curl -# "https://osquery-packages.s3.amazonaws.com/deb/osquery_4.1.2_1.linux.amd64.deb" -o "/tmp/osquery.deb"
+RUN curl -# "https://osquery-packages.s3.amazonaws.com/deb/osquery_4.2.0_1.linux.amd64.deb" -o "/tmp/osquery.deb"
 RUN dpkg -i "/tmp/osquery.deb"
 
 COPY deploy/docker/nodes/debian9/wait.sh .

deploy/docker/nodes/ubuntu16/Dockerfile

@@ -3,7 +3,7 @@ LABEL maintainer="javuto"
 
 RUN apt update && apt install -y curl
 
-RUN curl -# "https://osquery-packages.s3.amazonaws.com/deb/osquery_4.1.2_1.linux.amd64.deb" -o "/tmp/osquery.deb"
+RUN curl -# "https://osquery-packages.s3.amazonaws.com/deb/osquery_4.2.0_1.linux.amd64.deb" -o "/tmp/osquery.deb"
 RUN dpkg -i "/tmp/osquery.deb"
 
 COPY deploy/docker/nodes/ubuntu16/wait.sh .

deploy/docker/nodes/ubuntu18/Dockerfile

@@ -3,7 +3,7 @@ LABEL maintainer="javuto"
 
 RUN apt update && apt install -y curl
 
-RUN curl -# "https://osquery-packages.s3.amazonaws.com/deb/osquery_4.1.2_1.linux.amd64.deb" -o "/tmp/osquery.deb"
+RUN curl -# "https://osquery-packages.s3.amazonaws.com/deb/osquery_4.2.0_1.linux.amd64.deb" -o "/tmp/osquery.deb"
 RUN dpkg -i "/tmp/osquery.deb"
 
 COPY deploy/docker/nodes/ubuntu18/wait.sh .

deploy/lib.sh

@@ -157,17 +157,21 @@ function nginx_generate() {
 #   string  path_to_certs
 #   string  certificate_name
 #   int     rsa_bits
+#   string  certificate_domain
+#   string  certificate_ip
 function self_signed_cert() {
   local __certs=$1
   local __name=$2
   local __bits=$3
+  local __host=$4
+  local __ip=$5
 
-  local __csr="$__certs/$__name.csr"
   local __devcert="$__certs/$__name.crt"
   local __devkey="$__certs/$__name.key"
 
-  sudo openssl req -nodes -newkey rsa:$__bits -keyout "$__devkey" -out "$__csr" -subj "/O=localhost"
-  sudo openssl x509 -req -days 365 -in "$__csr" -signkey "$__devkey" -out "$__devcert"
+  sudo openssl req -x509 -newkey rsa:$__bits -sha256 -days 365 -nodes \
+  -keyout "$__devkey" -out "$__devcert" -subj "/CN=$__host" \
+  -addext "subjectAltName=IP:$__ip"
 }
 
 # Generate certbot certificates for nginx