D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
opt
/
osquery
/
share
/
osquery
/
packs
/
Filename :
nf-inventory.conf
back
Copy
{ "queries": { "system_info": { "query": "SELECT si.*, ci.*, os.name AS os_name, os.platform AS os_platform, os.platform_like AS os_platform_like, ( SELECT CONCAT(major, '.', minor, '.', patch) AS version_number FROM os_version ) AS os_version, ki.arguments AS os_kernel_args, ki.device AS os_kernel_device, ki.path AS os_kernel_path, ki.version as os_kernel_version, ( CASE WHEN EXISTS ( SELECT * FROM yum_sources WHERE enabled IS true AND ( name LIKE '%cloudlinux%' OR name LIKE '%Extended Lifecycle Support by TuxCare%' ) ) THEN true ELSE false END ) as cloud_linux_enabled FROM ci_info ci, os_version os, kernel_info ki, system_info si;", "interval": 86400, "snapshot": true }, "certificates": { "query": "SELECT DISTINCT common_name as name, sha1 as fingerprint,'SHA1' as fingerprint_algorithm, serial as serial_number,DATETIME(not_valid_before,'unixepoch') as valid_from,DATETIME(not_valid_after,'unixepoch') as valid_to,ca as is_ca,issuer as issuer_distinguished_name,common_name as subject_common_name,subject as subject_distinguished_name,GROUP_CONCAT(c.path, char(10)) as path,self_signed,key_algorithm,key_strength from file f INNER JOIN certificates c ON f.path == c.path WHERE (f.directory LIKE '/etc/httpd/%%' OR f.directory LIKE '/usr/share/ssl/%%' OR f.directory LIKE '/etc/mysql/%' OR f.directory LIKE '/var/cpanel/ssl/%' OR f.directory LIKE '/var/lib/mysql/%' OR f.directory LIKE '/var/lib/psql/%%' OR f.directory LIKE '/etc/pki/%%' OR f.directory LIKE '/etc/ssl/%%') AND (f.filename LIKE '%.cabundle' OR f.filename LIKE '%.ca-bundle' OR f.filename LIKE '%.crt' OR f.filename LIKE '%.pem') AND not_valid_after >= strftime('%s', 'now', '-60 days') AND ca = false GROUP BY fingerprint;", "interval": 86400, "snapshot": true }, "interface_info": { "query": "SELECT CASE WHEN a.interface != '' THEN a.interface ELSE i.interface END AS interface, CASE WHEN instr (a.interface, ':') > 0 THEN substr (a.interface, instr (a.interface, ':') + 1) ELSE '' END as alias, CASE WHEN instr (a.interface, '.') > 0 THEN substr (a.interface, instr (a.interface, '.') + 1) ELSE '' END as vlan, mac, CASE WHEN instr (address, ':') > 0 THEN 'ipv6' WHEN instr (address, '.') > 0 THEN 'ipv4' ELSE '' END AS ip_version, address AS address, mask AS netmask FROM interface_details i INNER JOIN interface_addresses a ON CASE WHEN instr (a.interface, ':') > 0 THEN substr (a.interface, 0, instr (a.interface, ':')) ELSE a.interface END = i.interface WHERE i.interface != 'lo';", "interval": 86400, "snapshot": true } } }