diff options
| author | Antoine Eiche <lewo@gandi.net> | 2023-07-19 11:59:22 +0200 |
|---|---|---|
| committer | Antoine Eiche <lewo@gandi.net> | 2023-07-19 16:57:05 +0200 |
| commit | 8dff9f64ecb309e362b59dc099c090ae4f633481 (patch) | |
| tree | e91883fddbdc53603a28f4c1de18c1bc90ef52a6 /nixos/tests/osquery.nix | |
| parent | da65d1dd20ab7cc0f5019d8357770b7ade2ceb0c (diff) | |
nixos/tests/osquery: init
Diffstat (limited to 'nixos/tests/osquery.nix')
| -rw-r--r-- | nixos/tests/osquery.nix | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/nixos/tests/osquery.nix b/nixos/tests/osquery.nix new file mode 100644 index 0000000000000..dc55fa82f8d19 --- /dev/null +++ b/nixos/tests/osquery.nix @@ -0,0 +1,56 @@ +import ./make-test-python.nix ({ lib, pkgs, ... }: + +with lib; + +let + config_refresh = "10"; + nullvalue = "NULL"; + utc = false; +in +{ + name = "osquery"; + meta = with maintainers; { + maintainers = [ znewman01 lewo ]; + }; + + nodes.machine = { config, pkgs, ... }: { + services.osquery = { + enable = true; + + settings.options = { inherit nullvalue utc; }; + flags = { + inherit config_refresh; + nullvalue = "IGNORED"; + }; + }; + }; + + testScript = { nodes, ... }: + let + cfg = nodes.machine.services.osquery; + in + '' + machine.start() + machine.wait_for_unit("osqueryd.service") + + # Stop the osqueryd service so that we can use osqueryi to check information stored in the database. + machine.wait_until_succeeds("systemctl stop osqueryd.service") + + # osqueryd was able to query information about the host. + machine.succeed("echo 'SELECT address FROM etc_hosts LIMIT 1;' | osqueryi | tee /dev/console | grep -q '127.0.0.1'") + + # osquery binaries respect configuration from the Nix config option. + machine.succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"utc\";' | osqueryi | tee /dev/console | grep -q ${boolToString utc}") + + # osquery binaries respect configuration from the Nix flags option. + machine.succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"config_refresh\";' | osqueryi | tee /dev/console | grep -q ${config_refresh}") + + # Demonstrate that osquery binaries prefer configuration plugin options over CLI flags. + # https://osquery.readthedocs.io/en/latest/deployment/configuration/#options. + machine.succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"nullvalue\";' | osqueryi | tee /dev/console | grep -q ${nullvalue}") + + # Module creates directories for default database_path and pidfile flag values. + machine.succeed("test -d $(dirname ${cfg.flags.database_path})") + machine.succeed("test -d $(dirname ${cfg.flags.pidfile})") + ''; +}) |