Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add alt_system_info table #58

Merged
merged 6 commits into from
Sep 10, 2024
Merged

Add alt_system_info table #58

merged 6 commits into from
Sep 10, 2024

Conversation

korylprince
Copy link
Contributor

@korylprince korylprince commented Aug 28, 2024
edited
Loading

This PR adds the alt_system_info table, which mimics the built-in system_info table.

The table avoids the Allow "osquery" to find devices on local networks? prompt that the built-in system_info table triggers on macOS 15.0.

On versions other than 15.0, this table queries and returns the output of the system_info table.

The cpu_subtype field always returns empty with this table, because it requires the use of C APIs (e.g. CGo) to fetch.

The following code will allow someone to get the cpu_subtype field, if they want to deal with CGo:

/*
#include <mach/mach.h>

struct cpu_type_info_t {
	char *cpu_type;
	char *cpu_subtype;
};

struct cpu_type_info_t getCpuTypeInfo() {
  struct cpu_type_info_t cpu_info;
  int host = mach_host_self();

  host_basic_info_data_t host_data;
  mach_msg_type_number_t count = HOST_BASIC_INFO_COUNT;
  if (host_info(host, HOST_BASIC_INFO, (host_info_t)&host_data, &count) !=
      KERN_SUCCESS) {
    return cpu_info;
  }

  // Get human readable strings
  slot_name(host_data.cpu_type, host_data.cpu_subtype, &cpu_info.cpu_type, &cpu_info.cpu_subtype);

  return cpu_info;
}
*/
import "C"

func GetCPUInfo() (cpuType, cpuSubtype string) {
	info := C.getCpuTypeInfo()
	cpuTypePtr := (*C.char)(unsafe.Pointer(info.cpu_type))
	cpuSubtypePtr := (*C.char)(unsafe.Pointer(info.cpu_subtype))
	return C.GoString(cpuTypePtr), C.GoString(cpuSubtypePtr)
}

Example from macOS 15.0:

osquery> select * from system_info;
+--------------------+--------------------------------------+----------+-------------+--------------+--------------------+-------------------+-------------+---------------+-----------------+-----------------+----------------+------------------+-----------------+--------------+-------------+---------------+--------------+--------------------+----------------+
| hostname           | uuid                                 | cpu_type | cpu_subtype | cpu_brand    | cpu_physical_cores | cpu_logical_cores | cpu_sockets | cpu_microcode | physical_memory | hardware_vendor | hardware_model | hardware_version | hardware_serial | board_vendor | board_model | board_version | board_serial | computer_name      | local_hostname |
+--------------------+--------------------------------------+----------+-------------+--------------+--------------------+-------------------+-------------+---------------+-----------------+-----------------+----------------+------------------+-----------------+--------------+-------------+---------------+--------------+--------------------+----------------+
| Kory-MacBook.local | DC0DF01C-75C6-495D-9AFB-53D60BD482FA | arm64e   | ARM64E      | Apple M2 Max | 12                 | 12                |             |               | 34359738368     | Apple Inc.      | Mac14,5        |                  | ABCDEFGHIJ      |              |             |               |              | Kory’s MacBook Pro | Kory-MacBook   |
+--------------------+--------------------------------------+----------+-------------+--------------+--------------------+-------------------+-------------+---------------+-----------------+-----------------+----------------+------------------+-----------------+--------------+-------------+---------------+--------------+--------------------+----------------+
osquery> select * from alt_system_info;
+--------------------+--------------------------------------+----------+-------------+--------------+--------------------+-------------------+-------------+---------------+-----------------+-----------------+----------------+------------------+-----------------+--------------+-------------+---------------+--------------+--------------------+----------------+
| hostname           | uuid                                 | cpu_type | cpu_subtype | cpu_brand    | cpu_physical_cores | cpu_logical_cores | cpu_sockets | cpu_microcode | physical_memory | hardware_vendor | hardware_model | hardware_version | hardware_serial | board_vendor | board_model | board_version | board_serial | computer_name      | local_hostname |
+--------------------+--------------------------------------+----------+-------------+--------------+--------------------+-------------------+-------------+---------------+-----------------+-----------------+----------------+------------------+-----------------+--------------+-------------+---------------+--------------+--------------------+----------------+
| Kory-MacBook.local | DC0DF01C-75C6-495D-9AFB-53D60BD482FA | arm64e   |             | Apple M2 Max | 12                 | 12                |             |               | 34359738368     | Apple Inc.      | Mac14,5        |                  | ABCDEFGHIJ      |              |             |               |              | Kory’s MacBook Pro | Kory-MacBook   |
+--------------------+--------------------------------------+----------+-------------+--------------+--------------------+-------------------+-------------+---------------+-----------------+-----------------+----------------+------------------+-----------------+--------------+-------------+---------------+--------------+--------------------+----------------+

Example from not macOS 15.0:

osquery> select * from system_info;
+--------------------+--------------------------------------+----------+-------------+--------------+--------------------+-------------------+-------------+---------------+-----------------+-----------------+----------------+------------------+-----------------+--------------+-------------+---------------+--------------+--------------------+----------------+
| hostname           | uuid                                 | cpu_type | cpu_subtype | cpu_brand    | cpu_physical_cores | cpu_logical_cores | cpu_sockets | cpu_microcode | physical_memory | hardware_vendor | hardware_model | hardware_version | hardware_serial | board_vendor | board_model | board_version | board_serial | computer_name      | local_hostname |
+--------------------+--------------------------------------+----------+-------------+--------------+--------------------+-------------------+-------------+---------------+-----------------+-----------------+----------------+------------------+-----------------+--------------+-------------+---------------+--------------+--------------------+----------------+
| Kory-MacBook.local | DC0DF01C-75C6-495D-9AFB-53D60BD482FA | arm64e   | ARM64E      | Apple M2 Max | 12                 | 12                |             |               | 34359738368     | Apple Inc.      | Mac14,5        |                  | ABCDEFGHIJ      |              |             |               |              | Kory’s MacBook Pro | Kory-MacBook   |
+--------------------+--------------------------------------+----------+-------------+--------------+--------------------+-------------------+-------------+---------------+-----------------+-----------------+----------------+------------------+-----------------+--------------+-------------+---------------+--------------+--------------------+----------------+
osquery> select * from alt_system_info;
+--------------------+--------------------------------------+----------+-------------+--------------+--------------------+-------------------+-------------+---------------+-----------------+-----------------+----------------+------------------+-----------------+--------------+-------------+---------------+--------------+--------------------+----------------+
| hostname           | uuid                                 | cpu_type | cpu_subtype | cpu_brand    | cpu_physical_cores | cpu_logical_cores | cpu_sockets | cpu_microcode | physical_memory | hardware_vendor | hardware_model | hardware_version | hardware_serial | board_vendor | board_model | board_version | board_serial | computer_name      | local_hostname |
+--------------------+--------------------------------------+----------+-------------+--------------+--------------------+-------------------+-------------+---------------+-----------------+-----------------+----------------+------------------+-----------------+--------------+-------------+---------------+--------------+--------------------+----------------+
| Kory-MacBook.local | DC0DF01C-75C6-495D-9AFB-53D60BD482FA | arm64e   | ARM64E      | Apple M2 Max | 12                 | 12                |             |               | 34359738368     | Apple Inc.      | Mac14,5        |                  | ABCDEFGHIJ      |              |             |               |              | Kory’s MacBook Pro | Kory-MacBook   |
+--------------------+--------------------------------------+----------+-------------+--------------+--------------------+-------------------+-------------+---------------+-----------------+-----------------+----------------+------------------+-----------------+--------------+-------------+---------------+--------------+--------------------+----------------+

@grahamgilbert
Copy link
Contributor

Thank you for this - have you considered moving the osquery client in the sofa table to your new generic one as well?

@grahamgilbert grahamgilbert merged commit b732d7c into macadmins:main Sep 10, 2024
1 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grahamgilbert grahamgilbert grahamgilbert approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@korylprince @grahamgilbert