0

I need to run a process called osqueryi before I run my app, and when shutting down, killing that process. (It is kind of a daemon which can be queried. I need it to be running in order for my app to work).

func bootOsqueryi(strcmd string) {
  cwd, err := os.Getwd()
  if err != nil {
    panic(err)
  }

  pa := os.ProcAttr{
    Files: []*os.File{os.Stdin, os.Stdout, os.Stderr},
    Dir:   cwd,
  }
  path, err := exec.LookPath(strcmd)
  if err != nil {
    handleError(err)
    return
  }
  osqueryi, err := os.StartProcess(path, []string{strcmd}, &pa)
  if err != nil {
    handleError(err)
    return
  }
  osqueryi.Wait()
}

I call this from a cobra PersistentPreRun hook like this: go bootOsqueryi("osqueryi").

In the PersistentPostRun hook I shut it just down:

func shutdown() {
  if osqueryi != nil {
    osqueryi.Kill()
  }
}

Osqueryi is like an interactive shell. It needs to be passed os.Stdin, because apparently it uses isatty. If I don't do that, it doesn't run. So I need to start this process because I need to query it but I don't need to write any input to it because the idea is to use a go module osquery-go to issue queries from my app...

I need to call it in a go routine because otherwise I can't write log output to the screen...

In any case, it kinda works well. BUT, when the app terminates, my terminal is messed up: my prompt line is missing (can't see what I type). I guess, because I am assigning it STDIN but I am never writing to it and in the meanwhile writing output to STDOUT via fmt.Println().

Is there a way to make this work?

Jonathan Hall
  • 75,165
  • 16
  • 143
  • 189
transient_loop
  • 5,984
  • 15
  • 58
  • 117

1 Answers1

1

You tagged osquery, so... Perhaps as an alternative, don't run osqueryi that way, it's not meant to be used like that.

The general recommendation is to use osqueryd with the configuration as you'd like it. Or, if you really want to a single invocation of osqueryi you can invoke it with a query from the command line, outputting in json:

osqueryi --json "select 1"
[
  {"1":"1"}
]

osqueryi is not really the same as osqueryd.

seph
  • 813
  • 6
  • 16
  • With the very generous and friendly help of folks over at the `osquery` slack channel, I was able to transition from using `osqueryi` to start `osqueryd` with custom parameters, which is the intended way, as this answer suggests. My terminal nightmare is gone at least. – transient_loop Apr 15 '20 at 22:53
  • If someone gets here for different reasons, using a `pseudo` terminal with the https://github.com/creack/pty package does help to fix the messed up terminal, as I was able to assign the pseudo-terminal to the process and things were kinda working as well, as STDIN was not being shared and messed up by the processes. However, I have no idea how cross-platform such a solution could be and how well it would work in real production settings. – transient_loop Apr 15 '20 at 22:56