sonderau/psg-oversight-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Migration to a ServiceWorker for most tasks.

Browse Source 
Implementation of basic PatchComplianceTask. First real iteration, basic/raw asf.
This commit is contained in:
sonderau
2025-11-04 13:55:04 +08:00
parent aacd8e0293
commit d880ebeedb
23 changed files with 1527 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.claude/settings.local.json
View File

@@ -1,7 +1,8 @@
{
"permissions": {
"allow": [
"Bash(\"BuildDir\\bin\\Debug\\Assets\\osqueryi.exe\" --json \"SELECT datetime((SELECT CAST(unix_time AS INTEGER) FROM time) - total_seconds, ''unixepoch'') as boot_time FROM uptime;\")"
"Bash(\"BuildDir\\bin\\Debug\\Assets\\osqueryi.exe\" --json \"SELECT datetime((SELECT CAST(unix_time AS INTEGER) FROM time) - total_seconds, ''unixepoch'') as boot_time FROM uptime;\")",
"Bash(git describe:*)"
],
"deny": [],
"ask": []

2
Directory.Packages.props
View File

@@ -41,5 +41,7 @@
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
<PrivateAssets>all</PrivateAssets>
</PackageVersion>
<PackageVersion Include="System.ServiceProcess.ServiceController" Version="9.0.3" />
<PackageVersion Include="Microsoft.Extensions.Hosting.WindowsServices" Version="9.0.3" />
</ItemGroup>
</Project>

8
LD-SysInfo/Config.cs
View File

@@ -14,6 +14,14 @@ namespace LD_SysInfo
[JsonProperty("SystemInfoInterval")] public int SystemInfoInterval { get; set; } = 60;
[JsonProperty("ClientIdentifier")] public string ClientIdentifier { get; set; } = "your-default-client-id";
[JsonProperty("Auth")] public AuthConfig Auth { get; set; } = new();
[JsonProperty("PatchCompliance")] public PatchComplianceConfig PatchCompliance { get; set; } = new();
}
public class PatchComplianceConfig
{
[JsonProperty("Enabled")] public bool Enabled { get; set; } = false;
[JsonProperty("CheckIntervalHours")] public int CheckIntervalHours { get; set; } = 24;
[JsonProperty("LastCheckTime")] public DateTime? LastCheckTime { get; set; } = null;
}
public class AuthConfig

1
LD-SysInfo/LD_SysInfo.csproj
View File

@@ -72,6 +72,7 @@
<PackageReference Include="Microsoft.Extensions.Hosting" />
<PackageReference Include="Newtonsoft.Json" />
<PackageReference Include="System.Management" />
<PackageReference Include="System.ServiceProcess.ServiceController" />
</ItemGroup>
<ItemGroup>

101
LD-SysInfo/MainWindow.xaml
View File

@@ -230,6 +230,7 @@
<TabItem Header="InstalledApps" FontSize="16"/>
<TabItem Header="Status" FontSize="16"/>
<TabItem Header="Osquery" FontSize="16"/>
<TabItem Header="Service" FontSize="16"/>
</TabControl>
<!--
@@ -456,6 +457,106 @@
</Grid>
</TabItem>
<!-- 🔹 Service Tab -->
<TabItem Header="Service">
<Grid Background="{DynamicResource BackgroundDarkBrush}" Margin="10">
<Grid.RowDefinitions>
<RowDefinition Height="Auto"/>
<RowDefinition Height="Auto"/>
<RowDefinition Height="*"/>
</Grid.RowDefinitions>
<!-- Service Status Section -->
<Border Grid.Row="0" Background="{DynamicResource CardBackgroundBrush}"
CornerRadius="8" Padding="15" Margin="0,0,0,15">
<StackPanel>
<TextBlock Text="PSG-Oversight Service Status"
FontSize="16" FontWeight="Bold"
Foreground="{DynamicResource TextDarkBrush}"
Margin="0,0,0,10"/>
<StackPanel Orientation="Horizontal" Margin="0,5">
<TextBlock Text="Status:" FontWeight="Bold" Width="100"
Foreground="{DynamicResource TextDarkBrush}"/>
<TextBlock x:Name="ServiceStatusText" Text="Unknown"
Foreground="{DynamicResource AccentBrush}"/>
</StackPanel>
<StackPanel Orientation="Horizontal" Margin="0,5">
<TextBlock Text="Last Check:" FontWeight="Bold" Width="100"
Foreground="{DynamicResource TextDarkBrush}"/>
<TextBlock x:Name="ServiceLastCheckText" Text="Never"
Foreground="{DynamicResource TextDarkBrush}"/>
</StackPanel>
<Button Content="Refresh Status" Click="RefreshServiceStatus_Click"
Style="{StaticResource SmallRoundedButtonStyle}"
Margin="0,10,0,0" Width="150" HorizontalAlignment="Left"/>
</StackPanel>
</Border>
<!-- Test Operations Section -->
<Border Grid.Row="1" Background="{DynamicResource CardBackgroundBrush}"
CornerRadius="8" Padding="15" Margin="0,0,0,15">
<StackPanel>
<TextBlock Text="Test Operations"
FontSize="16" FontWeight="Bold"
Foreground="{DynamicResource TextDarkBrush}"
Margin="0,0,0,10"/>
<TextBlock Text="Click buttons below to test service operations:"
TextWrapping="Wrap"
Foreground="{DynamicResource TextDarkBrush}"
Margin="0,0,0,10"/>
<Button Content="🔍 Run Patch Compliance Check Now"
Click="TestPatchCompliance_Click"
Style="{StaticResource SmallRoundedButtonStyle}"
Margin="0,5" Width="280" HorizontalAlignment="Left"/>
<Button Content="📊 View Task Scheduler State"
Click="ViewSchedulerState_Click"
Style="{StaticResource SmallRoundedButtonStyle}"
Margin="0,5" Width="280" HorizontalAlignment="Left"/>
<Button Content="🔄 Test API Connection"
Click="TestAPIConnection_Click"
Style="{StaticResource SmallRoundedButtonStyle}"
Margin="0,5" Width="280" HorizontalAlignment="Left"/>
</StackPanel>
</Border>
<!-- Log Output Section -->
<Border Grid.Row="2" Background="{DynamicResource CardBackgroundBrush}"
CornerRadius="8" Padding="15">
<Grid>
<Grid.RowDefinitions>
<RowDefinition Height="Auto"/>
<RowDefinition Height="*"/>
</Grid.RowDefinitions>
<TextBlock Grid.Row="0" Text="Service Logs"
FontSize="14" FontWeight="Bold"
Foreground="{DynamicResource TextDarkBrush}"
Margin="0,0,0,10"/>
<ScrollViewer Grid.Row="1" VerticalScrollBarVisibility="Auto">
<TextBox x:Name="ServiceLogOutput"
Background="#1e1e1e"
Foreground="#dcdcdc"
FontFamily="Consolas"
FontSize="12"
AcceptsReturn="True"
IsReadOnly="True"
TextWrapping="Wrap"
MinHeight="200"
Text="Service logs will appear here..."/>
</ScrollViewer>
</Grid>
</Border>
</Grid>
</TabItem>
</TabControl>
</Border>

116
LD-SysInfo/MainWindow.xaml.cs
View File

@@ -901,5 +901,121 @@ private async void RefreshButton_Click(object sender, RoutedEventArgs e)
}
}
// ============================
// Service Tab Event Handlers
// ============================
private void RefreshServiceStatus_Click(object sender, RoutedEventArgs e)
{
try
{
var serviceName = "PSG-Oversight";
var service = System.ServiceProcess.ServiceController.GetServices()
.FirstOrDefault(s => s.ServiceName == serviceName);
if (service != null)
{
ServiceStatusText.Text = service.Status.ToString();
ServiceStatusText.Foreground = service.Status == System.ServiceProcess.ServiceControllerStatus.Running
? new SolidColorBrush(Colors.Green)
: new SolidColorBrush(Colors.Red);
}
else
{
ServiceStatusText.Text = "Not Installed";
ServiceStatusText.Foreground = new SolidColorBrush(Colors.Orange);
}
ServiceLastCheckText.Text = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
}
catch (Exception ex)
{
ServiceStatusText.Text = $"Error: {ex.Message}";
ServiceStatusText.Foreground = new SolidColorBrush(Colors.Red);
}
}
private async void TestPatchCompliance_Click(object sender, RoutedEventArgs e)
{
ServiceLogOutput.Text = "Running Patch Compliance check...\n\n";
try
{
// Create instances of services
var apiClient = new Services.ApiClient(_config);
var patchTask = new Services.PatchComplianceTask(_config, apiClient);
// Execute the task
await patchTask.ExecuteAsync();
ServiceLogOutput.Text += $"[{DateTime.Now}] Patch compliance check completed successfully.\n";
ServiceLogOutput.Text += "Check %LOCALAPPDATA%\\PSG-Oversight\\patch_compliance.log for details.\n";
}
catch (Exception ex)
{
ServiceLogOutput.Text += $"[{DateTime.Now}] ERROR: {ex.Message}\n";
ServiceLogOutput.Text += $"Stack Trace:\n{ex.StackTrace}\n";
}
}
private void ViewSchedulerState_Click(object sender, RoutedEventArgs e)
{
try
{
var stateFilePath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"PSG-Oversight",
"task_scheduler_state.json"
);
if (File.Exists(stateFilePath))
{
var json = File.ReadAllText(stateFilePath);
var formatted = JsonConvert.SerializeObject(
JsonConvert.DeserializeObject(json),
Formatting.Indented
);
ServiceLogOutput.Text = $"Task Scheduler State:\n\n{formatted}";
}
else
{
ServiceLogOutput.Text = "Task scheduler state file not found.\nThe service may not have run any tasks yet.";
}
}
catch (Exception ex)
{
ServiceLogOutput.Text = $"Error reading scheduler state:\n{ex.Message}";
}
}
private async void TestAPIConnection_Click(object sender, RoutedEventArgs e)
{
ServiceLogOutput.Text = "Testing API connection...\n\n";
try
{
var apiClient = new Services.ApiClient(_config);
// Test connectivity
bool isConnected = await apiClient.CheckConnectivity();
if (isConnected)
{
ServiceLogOutput.Text += $"[{DateTime.Now}] ✅ API is reachable!\n";
ServiceLogOutput.Text += $"Server URL: {_config.ServerUrl}\n";
}
else
{
ServiceLogOutput.Text += $"[{DateTime.Now}] ❌ API is NOT reachable!\n";
ServiceLogOutput.Text += $"Server URL: {_config.ServerUrl}\n";
}
}
catch (Exception ex)
{
ServiceLogOutput.Text += $"[{DateTime.Now}] ERROR: {ex.Message}\n";
}
}
}
}

38
LD-SysInfo/Services/ApiClient.cs
View File

@@ -264,6 +264,44 @@ namespace LD_SysInfo.Services
return response;
}
/// <summary>
/// Sends Windows update history (patch compliance data) to the backend API
/// </summary>
public async Task<bool> PostPatchComplianceAsync(object patchData)
{
try
{
if (string.IsNullOrEmpty(jwtToken))
{
Console.WriteLine("❌ Not authenticated. Cannot send patch compliance data.");
return false;
}
var jsonContent = JsonConvert.SerializeObject(patchData);
var content = new StringContent(jsonContent, Encoding.UTF8, "application/json");
var response = await SendWithAutoReauthAsync(() =>
httpClient.PostAsync(BuildUrl("/api/patch-compliance"), content)
);
if (response.IsSuccessStatusCode)
{
Console.WriteLine("✅ Patch compliance data sent successfully.");
return true;
}
else
{
Console.WriteLine($"❌ Failed to send patch compliance data: {response.StatusCode}");
return false;
}
}
catch (Exception ex)
{
Console.WriteLine($"❌ Exception sending patch compliance data: {ex.Message}");
return false;
}
}
}
}

152
LD-SysInfo/Services/OsqueryTaskScheduler.cs Normal file
View File

@@ -0,0 +1,152 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using System.IO;
using Newtonsoft.Json;
namespace LD_SysInfo.Services
{
/// <summary>
/// Manages scheduled osquery-based tasks
/// Designed to be portable to Windows Service (OversightService) later
/// </summary>
public class OsqueryTaskScheduler
{
private readonly List<IScheduledTask> _tasks = new();
private readonly Timer _timer;
private readonly string _stateFilePath;
private bool _isRunning;
public OsqueryTaskScheduler()
{
// Store task state in AppData to persist last run times
var appDataDir = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"PSG-Oversight"
);
Directory.CreateDirectory(appDataDir);
_stateFilePath = Path.Combine(appDataDir, "task_scheduler_state.json");
// Check every minute for tasks that need to run
_timer = new Timer(CheckAndRunTasks, null, TimeSpan.Zero, TimeSpan.FromMinutes(1));
}
/// <summary>
/// Register a task with the scheduler
/// </summary>
public void RegisterTask(IScheduledTask task)
{
_tasks.Add(task);
LoadTaskState(task);
}
/// <summary>
/// Start the scheduler
/// </summary>
public void Start()
{
_isRunning = true;
}
/// <summary>
/// Stop the scheduler
/// </summary>
public void Stop()
{
_isRunning = false;
_timer?.Change(Timeout.Infinite, Timeout.Infinite);
}
private async void CheckAndRunTasks(object? state)
{
if (!_isRunning) return;
foreach (var task in _tasks.Where(t => t.ShouldRun()))
{
try
{
await task.ExecuteAsync();
task.LastRun = DateTime.Now;
SaveTaskState(task);
}
catch (Exception ex)
{
LogError($"Task '{task.TaskName}' failed: {ex.Message}");
}
}
}
private void LoadTaskState(IScheduledTask task)
{
try
{
if (!File.Exists(_stateFilePath)) return;
var json = File.ReadAllText(_stateFilePath);
var states = JsonConvert.DeserializeObject<Dictionary<string, DateTime>>(json);
if (states != null && states.TryGetValue(task.TaskName, out var lastRun))
{
task.LastRun = lastRun;
}
}
catch (Exception ex)
{
LogError($"Failed to load task state: {ex.Message}");
}
}
private void SaveTaskState(IScheduledTask task)
{
try
{
Dictionary<string, DateTime> states;
if (File.Exists(_stateFilePath))
{
var json = File.ReadAllText(_stateFilePath);
states = JsonConvert.DeserializeObject<Dictionary<string, DateTime>>(json)
?? new Dictionary<string, DateTime>();
}
else
{
states = new Dictionary<string, DateTime>();
}
states[task.TaskName] = task.LastRun ?? DateTime.Now;
var updatedJson = JsonConvert.SerializeObject(states, Formatting.Indented);
File.WriteAllText(_stateFilePath, updatedJson);
}
catch (Exception ex)
{
LogError($"Failed to save task state: {ex.Message}");
}
}
private void LogError(string message)
{
try
{
var logDir = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"PSG-Oversight"
);
var logPath = Path.Combine(logDir, "scheduler_error.log");
File.AppendAllText(logPath, $"[{DateTime.Now}] {message}\n");
}
catch
{
// Silently fail if we can't write logs
}
}
public void Dispose()
{
Stop();
_timer?.Dispose();
}
}
}

132
LD-SysInfo/Services/PatchComplianceTask.cs Normal file
View File

@@ -0,0 +1,132 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace LD_SysInfo.Services
{
/// <summary>
/// Scheduled task that collects Windows update history using osquery
/// and sends it to the backend API
/// </summary>
public class PatchComplianceTask : ScheduledTask
{
private readonly AppConfig _config;
private readonly ApiClient _apiClient;
public override string TaskName => "PatchCompliance";
public override TimeSpan Interval =>
TimeSpan.FromHours(_config.PatchCompliance.CheckIntervalHours);
public PatchComplianceTask(AppConfig config, ApiClient apiClient)
{
_config = config;
_apiClient = apiClient;
// Initialize LastRun from config if available
LastRun = _config.PatchCompliance.LastCheckTime;
}
public override bool ShouldRun()
{
// Don't run if disabled in config
if (!_config.PatchCompliance.Enabled)
return false;
return base.ShouldRun();
}
public override async Task ExecuteAsync()
{
try
{
// Query windows_update_history from osquery
var updates = OsqueryService.Query(@"
SELECT
date,
title,
update_id
FROM windows_update_history
ORDER BY date DESC;
");
if (!updates.Any())
{
LogInfo("No Windows update history found.");
return;
}
// Transform to API-friendly format
var patchData = updates.Select(u => new
{
date = u.GetValueOrDefault("date"),
title = u.GetValueOrDefault("title"),
updateId = u.GetValueOrDefault("update_id")
}).ToList();
LogInfo($"Collected {patchData.Count} Windows updates.");
// Send to API
await _apiClient.PostPatchComplianceAsync(patchData);
// Update config with last check time
_config.PatchCompliance.LastCheckTime = DateTime.Now;
SaveConfig();
LogInfo("Patch compliance data sent successfully.");
}
catch (Exception ex)
{
LogError($"PatchComplianceTask failed: {ex.Message}");
throw;
}
}
private void SaveConfig()
{
try
{
var configPath = System.IO.Path.Combine(AppContext.BaseDirectory, "config.json");
var json = Newtonsoft.Json.JsonConvert.SerializeObject(_config, Newtonsoft.Json.Formatting.Indented);
System.IO.File.WriteAllText(configPath, json);
}
catch (Exception ex)
{
LogError($"Failed to save config: {ex.Message}");
}
}
private void LogInfo(string message)
{
if (!_config.EnableLogging) return;
try
{
var logDir = System.IO.Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"PSG-Oversight"
);
System.IO.Directory.CreateDirectory(logDir);
var logPath = System.IO.Path.Combine(logDir, "patch_compliance.log");
System.IO.File.AppendAllText(logPath, $"[{DateTime.Now}] INFO: {message}\n");
}
catch { }
}
private void LogError(string message)
{
try
{
var logDir = System.IO.Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"PSG-Oversight"
);
System.IO.Directory.CreateDirectory(logDir);
var logPath = System.IO.Path.Combine(logDir, "patch_compliance.log");
System.IO.File.AppendAllText(logPath, $"[{DateTime.Now}] ERROR: {message}\n");
}
catch { }
}
}
}

35
LD-SysInfo/Services/ScheduledTask.cs Normal file
View File

@@ -0,0 +1,35 @@
using System;
using System.Threading.Tasks;
namespace LD_SysInfo.Services
{
/// <summary>
/// Base interface for scheduled tasks
/// </summary>
public interface IScheduledTask
{
string TaskName { get; }
TimeSpan Interval { get; }
DateTime? LastRun { get; set; }
Task ExecuteAsync();
bool ShouldRun();
}
/// <summary>
/// Base class for scheduled tasks with common logic
/// </summary>
public abstract class ScheduledTask : IScheduledTask
{
public abstract string TaskName { get; }
public abstract TimeSpan Interval { get; }
public DateTime? LastRun { get; set; }
public abstract Task ExecuteAsync();
public virtual bool ShouldRun()
{
if (LastRun == null) return true;
return DateTime.Now - LastRun >= Interval;
}
}
}

47
OversightService/Config.cs Normal file
View File

@@ -0,0 +1,47 @@
#nullable disable
using System;
using System.IO;
using Newtonsoft.Json;
namespace OversightService
{
public class AppConfig
{
[JsonProperty("ServerUrl")] public string ServerUrl { get; set; } = "https://yourserver.com/api/status";
[JsonProperty("EnableLogging")] public bool EnableLogging { get; set; } = true;
[JsonProperty("KeepAlivePeriod")] public int KeepAlivePeriod { get; set; } = 30;
[JsonProperty("SystemInfoInterval")] public int SystemInfoInterval { get; set; } = 60;
[JsonProperty("ClientIdentifier")] public string ClientIdentifier { get; set; } = "your-default-client-id";
[JsonProperty("Auth")] public AuthConfig Auth { get; set; } = new();
[JsonProperty("PatchCompliance")] public PatchComplianceConfig PatchCompliance { get; set; } = new();
}
public class PatchComplianceConfig
{
[JsonProperty("Enabled")] public bool Enabled { get; set; } = false;
[JsonProperty("CheckIntervalHours")] public int CheckIntervalHours { get; set; } = 24;
[JsonProperty("LastCheckTime")] public DateTime? LastCheckTime { get; set; } = null;
}
public class AuthConfig
{
[JsonProperty("Username")] public string Username { get; set; } = "testuser";
[JsonProperty("Password")] public string Password { get; set; } = "testpassword";
}
public static class ConfigManager
{
private static readonly string ConfigPath = Path.Combine(AppContext.BaseDirectory, "config.json");
public static AppConfig LoadConfig(string? pathOverride = null)
{
string path = pathOverride ?? ConfigPath;
if (!File.Exists(path))
throw new FileNotFoundException($"Config file not found at {path}");
string json = File.ReadAllText(path);
return JsonConvert.DeserializeObject<AppConfig>(json) ?? new AppConfig();
}
}
}

36
OversightService/EncryptionHelper.cs Normal file
View File

@@ -0,0 +1,36 @@
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
namespace OversightService
{
public class EncryptionHelper
{
private static readonly byte[] Key = Encoding.UTF8.GetBytes("HWJGbwmF2pWdXySDExMNEbJSrXn0YCBF"); // 32 bytes for AES-256
private static readonly byte[] IV = Encoding.UTF8.GetBytes("VWYRtYCfch0sKs6k"); // 16 bytes
public static string EncryptData(string plainText)
{
using (Aes aes = Aes.Create())
{
aes.Key = Key;
aes.IV = IV;
aes.Mode = CipherMode.CBC;
aes.Padding = PaddingMode.PKCS7;
using (MemoryStream ms = new MemoryStream())
using (CryptoStream cs = new CryptoStream(ms, aes.CreateEncryptor(), CryptoStreamMode.Write))
{
using (StreamWriter sw = new StreamWriter(cs, new UTF8Encoding(false))) // Disable BOM
{
sw.Write(plainText);
}
byte[] encryptedBytes = ms.ToArray();
string encryptedBase64 = Convert.ToBase64String(encryptedBytes);
return encryptedBase64;
}
}
}
}
}

22
OversightService/OversightService.csproj
View File

@@ -7,7 +7,29 @@
<UserSecretsId>dotnet-OversightService-9352272b-722c-4a12-acc2-8c9b146e5292</UserSecretsId>
</PropertyGroup>
<PropertyGroup>
<EnableDefaultContentItems>false</EnableDefaultContentItems>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.Extensions.Hosting" />
<PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" />
<PackageReference Include="Newtonsoft.Json" />
</ItemGroup>
<ItemGroup>
<Content Include="osqueryi.exe">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
<Content Include="config.json">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
<Content Include="appsettings.json">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
</Content>
<Content Include="appsettings.Development.json">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
</Content>
</ItemGroup>
</Project>

7
OversightService/Program.cs
View File

@@ -1,6 +1,13 @@
using OversightService;
var builder = Host.CreateApplicationBuilder(args);
// Configure Windows Service with custom service name
builder.Services.AddWindowsService(options =>
{
options.ServiceName = "PSG-Oversight";
});
builder.Services.AddHostedService<Worker>();
var host = builder.Build();

317
OversightService/Services/ApiClient.cs Normal file
View File

@@ -0,0 +1,317 @@
using System;
using System.IO;
using System.Net.Http;
using System.Security.Cryptography.X509Certificates;
using System.Net.Security;
using System.Text;
using System.Threading.Tasks;
using Newtonsoft.Json;
namespace OversightService.Services
{
public class ApiClient
{
/// <summary>
/// Constructs the full URL for API requests.
/// </summary>
private static readonly HttpClient httpClient = CreateHttpClient();
private readonly AppConfig _config;
private static string jwtToken = null; // 🔹 Store the JWT token globally
public ApiClient(AppConfig config)
{
_config = config ?? throw new ArgumentNullException(nameof(config));
}
private void Log(string message)
{
try
{
var logDir = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "PSG-Oversight");
Directory.CreateDirectory(logDir);
var logPath = Path.Combine(logDir, "api_client.log");
File.AppendAllText(logPath, $"[{DateTime.Now}] {message}\n");
}
catch { }
}
private string BuildUrl(string route)
{
return $"{_config.ServerUrl.TrimEnd('/')}/{route.TrimStart('/')}";
}
/// <summary>
/// Creates an HttpClient that bypasses SSL validation (for testing purposes only).
/// </summary>
public static HttpClient CreateHttpClient()
{
HttpClientHandler handler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback = (httpRequestMessage, cert, certChain, sslPolicyErrors) =>
{
return true; // 🔥 Ignores all SSL certificate warnings (TEMPORARY!)
}
};
return new HttpClient(handler);
}
/// <summary>
/// Sets the JWT token to be used for subsequent requests.
/// </summary>
public static void SetJwtToken(string token)
{
jwtToken = token;
httpClient.DefaultRequestHeaders.Authorization =
new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", jwtToken);
}
/// <summary>
/// Gets the JWT token to be used for subsequent requests.
/// </summary>
public static string GetJwtToken()
{
return jwtToken;
}
/// <summary>
/// Authenticates with the API using credentials from config.json.
/// </summary>
public async Task<LoginResponse> AuthenticateAsync(string username, string password)
{
try
{
string encryptedUsername = EncryptionHelper.EncryptData(username);
string encryptedPassword = EncryptionHelper.EncryptData(password);
var payload = new
{
username = encryptedUsername,
password = encryptedPassword
};
string jsonContent = JsonConvert.SerializeObject(payload);
var content = new StringContent(jsonContent, Encoding.UTF8, "application/json");
HttpResponseMessage response = await httpClient.PostAsync(BuildUrl("/api/auth/login"), content);
string rawResponse = await response.Content.ReadAsStringAsync();
if (!response.IsSuccessStatusCode)
{
Log($"❌ Authentication failed: {response.StatusCode} - {rawResponse}");
return null;
}
var loginResponse = JsonConvert.DeserializeObject<LoginResponse>(rawResponse);
if (!string.IsNullOrEmpty(loginResponse?.Token))
{
SetJwtToken(loginResponse.Token);
}
return loginResponse;
}
catch (Exception ex)
{
Log($"❌ Exception during login: {ex.Message}");
return null;
}
}
/// <summary>
/// Checks connectivity to the server using the stored JWT token.
/// </summary>
public async Task<bool> CheckConnectivity()
{
string testUrl = "https://localhost:8443/api/system/ping-status"; // Your HTTPS URL with port 8443
try
{
if (string.IsNullOrEmpty(jwtToken))
{
throw new Exception("No JWT token stored. Please authenticate first.");
}
var response = await SendWithAutoReauthAsync(() =>
httpClient.GetAsync(testUrl)
);
if (response.IsSuccessStatusCode)
{
return true;
}
else
{
Log($"❌ Server Unreachable: {response.StatusCode}");
return false;
}
}
catch (Exception ex)
{
Log($"❌ Connection Error: {ex.Message}");
return false;
}
}
/// <summary>
/// Sends the collected data to the server.
/// </summary>
public async Task<string> StoreSystemInfoAsync(string encryptedData)
{
try
{
if (string.IsNullOrEmpty(jwtToken))
return "❌ Error: Not authenticated. Please log in first.";
var payload = new { data = encryptedData };
string jsonContent = JsonConvert.SerializeObject(payload);
var content = new StringContent(jsonContent, Encoding.UTF8, "application/json");
var response = await SendWithAutoReauthAsync(() =>
httpClient.PostAsync(BuildUrl("/api/system-info"), content)
);
if (response.IsSuccessStatusCode)
return await response.Content.ReadAsStringAsync();
else
return $"❌ Error: {response.StatusCode} - {await response.Content.ReadAsStringAsync()}";
}
catch (Exception ex)
{
return $"❌ Exception: {ex.Message}";
}
}
/// <summary>
/// Refreshes the current JWT token without requiring username/password.
/// </summary>
public async Task<bool> RefreshTokenAsync()
{
try
{
if (string.IsNullOrEmpty(jwtToken))
{
Log("⚠️ No token to refresh.");
return false;
}
HttpResponseMessage response = await httpClient.PostAsync(BuildUrl("/api/auth/refresh"), null);
string rawResponse = await response.Content.ReadAsStringAsync();
if (!response.IsSuccessStatusCode)
{
Log($"❌ Token refresh failed: {response.StatusCode} - {rawResponse}");
return false;
}
// Parse the response to get the new token if provided in body
// Note: Your server sets it via cookie, but may also return it in response
try
{
var refreshResponse = JsonConvert.DeserializeObject<Dictionary<string, string>>(rawResponse);
if (refreshResponse?.ContainsKey("token") == true)
{
SetJwtToken(refreshResponse["token"]);
}
}
catch
{
// Token might only be in cookie, which is fine
}
Log("✅ Token refreshed successfully.");
return true;
}
catch (Exception ex)
{
Log($"❌ Exception during token refresh: {ex.Message}");
return false;
}
}
/// <summary>
/// Sends the collected data to the server with automatic token refresh and re-auth.
/// </summary>
private async Task<HttpResponseMessage> SendWithAutoReauthAsync(Func<Task<HttpResponseMessage>> requestFunc)
{
var response = await requestFunc();
if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized)
{
Log("⚠️ Token expired or invalid. Attempting token refresh...");
// Try refreshing the token first (faster than full re-auth)
bool refreshed = await RefreshTokenAsync();
if (refreshed)
{
// Retry original request after refresh
response = await requestFunc();
if (response.IsSuccessStatusCode)
{
return response;
}
}
// If refresh failed or didn't work, fall back to full re-authentication
Log("⚠️ Token refresh failed. Attempting full re-auth...");
var loginResponse = await AuthenticateAsync(_config.Auth.Username, _config.Auth.Password);
if (loginResponse == null || string.IsNullOrEmpty(loginResponse.Token))
{
Log("❌ Re-authentication failed.");
return response; // Return original 401 response
}
// Retry original request after reauth
response = await requestFunc();
}
return response;
}
/// <summary>
/// Sends Windows update history (patch compliance data) to the backend API
/// </summary>
public async Task<bool> PostPatchComplianceAsync(object patchData)
{
try
{
if (string.IsNullOrEmpty(jwtToken))
{
Log("❌ Not authenticated. Cannot send patch compliance data.");
return false;
}
var jsonContent = JsonConvert.SerializeObject(patchData);
var content = new StringContent(jsonContent, Encoding.UTF8, "application/json");
var response = await SendWithAutoReauthAsync(() =>
httpClient.PostAsync(BuildUrl("/api/patch-compliance"), content)
);
if (response.IsSuccessStatusCode)
{
Log("✅ Patch compliance data sent successfully.");
return true;
}
else
{
Log($"❌ Failed to send patch compliance data: {response.StatusCode}");
return false;
}
}
catch (Exception ex)
{
Log($"❌ Exception sending patch compliance data: {ex.Message}");
return false;
}
}
}
}

9
OversightService/Services/LoginResponse.cs Normal file
View File

@@ -0,0 +1,9 @@
namespace OversightService.Services
{
public class LoginResponse
{
public string Token { get; set; }
public string Username { get; set; }
public int UserId { get; set; }
}
}

97
OversightService/Services/OsqueryService.cs Normal file
View File

@@ -0,0 +1,97 @@
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using Newtonsoft.Json.Linq;
namespace OversightService.Services
{
public static class OsqueryService
{
private static string GetLogPath(string filename)
{
string logDir = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "PSG-Oversight");
Directory.CreateDirectory(logDir);
return Path.Combine(logDir, filename);
}
private static string GetOsqueryPath()
{
var baseDir = AppContext.BaseDirectory;
var path = Path.Combine(baseDir, "Assets", "osqueryi.exe");
if (!File.Exists(path))
{
try
{
File.AppendAllText(GetLogPath("osquery_error.log"), $"[{DateTime.Now}] ❌ osqueryi.exe not found at {path}\n");
}
catch { /* Silently fail if we can't write logs */ }
throw new FileNotFoundException("osqueryi.exe not found", path);
}
return path;
}
private static string RunQuery(string sql)
{
var processInfo = new ProcessStartInfo
{
FileName = GetOsqueryPath(),
Arguments = $"--json \"{sql}\"",
RedirectStandardOutput = true,
UseShellExecute = false,
CreateNoWindow = true
};
using var process = Process.Start(processInfo); // ✅ FIXED — actually start the process
if (process == null)
throw new Exception("Failed to start osquery process");
string output = process.StandardOutput.ReadToEnd();
process.WaitForExit();
// Optional debug logging
try
{
File.AppendAllText(GetLogPath("osquery_debug.log"),
$"[{DateTime.Now}] Ran query: {sql}\nOutput length: {output.Length}\n");
}
catch { /* Silently fail if we can't write logs */ }
return output;
}
public static List<Dictionary<string, string>> Query(string sql)
{
string json = RunQuery(sql);
try
{
var jArray = JArray.Parse(json);
var results = new List<Dictionary<string, string>>();
foreach (var obj in jArray)
{
var dict = new Dictionary<string, string>();
foreach (var prop in (JObject)obj)
dict[prop.Key] = prop.Value?.ToString() ?? "";
results.Add(dict);
}
return results;
}
catch (Exception ex)
{
try
{
File.AppendAllText(GetLogPath("osquery_error.log"),
$"[{DateTime.Now}] ⚠️ JSON parse failed for query '{sql}': {ex.Message}\n");
}
catch { /* Silently fail if we can't write logs */ }
return new List<Dictionary<string, string>>();
}
}
}
}

152
OversightService/Services/OsqueryTaskScheduler.cs Normal file
View File

@@ -0,0 +1,152 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using System.IO;
using Newtonsoft.Json;
namespace OversightService.Services
{
/// <summary>
/// Manages scheduled osquery-based tasks
/// Designed to be portable to Windows Service (OversightService) later
/// </summary>
public class OsqueryTaskScheduler
{
private readonly List<IScheduledTask> _tasks = new();
private readonly Timer _timer;
private readonly string _stateFilePath;
private bool _isRunning;
public OsqueryTaskScheduler()
{
// Store task state in AppData to persist last run times
var appDataDir = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"PSG-Oversight"
);
Directory.CreateDirectory(appDataDir);
_stateFilePath = Path.Combine(appDataDir, "task_scheduler_state.json");
// Check every minute for tasks that need to run
_timer = new Timer(CheckAndRunTasks, null, TimeSpan.Zero, TimeSpan.FromMinutes(1));
}
/// <summary>
/// Register a task with the scheduler
/// </summary>
public void RegisterTask(IScheduledTask task)
{
_tasks.Add(task);
LoadTaskState(task);
}
/// <summary>
/// Start the scheduler
/// </summary>
public void Start()
{
_isRunning = true;
}
/// <summary>
/// Stop the scheduler
/// </summary>
public void Stop()
{
_isRunning = false;
_timer?.Change(Timeout.Infinite, Timeout.Infinite);
}
private async void CheckAndRunTasks(object? state)
{
if (!_isRunning) return;
foreach (var task in _tasks.Where(t => t.ShouldRun()))
{
try
{
await task.ExecuteAsync();
task.LastRun = DateTime.Now;
SaveTaskState(task);
}
catch (Exception ex)
{
LogError($"Task '{task.TaskName}' failed: {ex.Message}");
}
}
}
private void LoadTaskState(IScheduledTask task)
{
try
{
if (!File.Exists(_stateFilePath)) return;
var json = File.ReadAllText(_stateFilePath);
var states = JsonConvert.DeserializeObject<Dictionary<string, DateTime>>(json);
if (states != null && states.TryGetValue(task.TaskName, out var lastRun))
{
task.LastRun = lastRun;
}
}
catch (Exception ex)
{
LogError($"Failed to load task state: {ex.Message}");
}
}
private void SaveTaskState(IScheduledTask task)
{
try
{
Dictionary<string, DateTime> states;
if (File.Exists(_stateFilePath))
{
var json = File.ReadAllText(_stateFilePath);
states = JsonConvert.DeserializeObject<Dictionary<string, DateTime>>(json)
?? new Dictionary<string, DateTime>();
}
else
{
states = new Dictionary<string, DateTime>();
}
states[task.TaskName] = task.LastRun ?? DateTime.Now;
var updatedJson = JsonConvert.SerializeObject(states, Formatting.Indented);
File.WriteAllText(_stateFilePath, updatedJson);
}
catch (Exception ex)
{
LogError($"Failed to save task state: {ex.Message}");
}
}
private void LogError(string message)
{
try
{
var logDir = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"PSG-Oversight"
);
var logPath = Path.Combine(logDir, "scheduler_error.log");
File.AppendAllText(logPath, $"[{DateTime.Now}] {message}\n");
}
catch
{
// Silently fail if we can't write logs
}
}
public void Dispose()
{
Stop();
_timer?.Dispose();
}
}
}

132
OversightService/Services/PatchComplianceTask.cs Normal file
View File

@@ -0,0 +1,132 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace OversightService.Services
{
/// <summary>
/// Scheduled task that collects Windows update history using osquery
/// and sends it to the backend API
/// </summary>
public class PatchComplianceTask : ScheduledTask
{
private readonly AppConfig _config;
private readonly ApiClient _apiClient;
public override string TaskName => "PatchCompliance";
public override TimeSpan Interval =>
TimeSpan.FromHours(_config.PatchCompliance.CheckIntervalHours);
public PatchComplianceTask(AppConfig config, ApiClient apiClient)
{
_config = config;
_apiClient = apiClient;
// Initialize LastRun from config if available
LastRun = _config.PatchCompliance.LastCheckTime;
}
public override bool ShouldRun()
{
// Don't run if disabled in config
if (!_config.PatchCompliance.Enabled)
return false;
return base.ShouldRun();
}
public override async Task ExecuteAsync()
{
try
{
// Query windows_update_history from osquery
var updates = OsqueryService.Query(@"
SELECT
date,
title,
update_id
FROM windows_update_history
ORDER BY date DESC;
");
if (!updates.Any())
{
LogInfo("No Windows update history found.");
return;
}
// Transform to API-friendly format
var patchData = updates.Select(u => new
{
date = u.GetValueOrDefault("date"),
title = u.GetValueOrDefault("title"),
updateId = u.GetValueOrDefault("update_id")
}).ToList();
LogInfo($"Collected {patchData.Count} Windows updates.");
// Send to API
await _apiClient.PostPatchComplianceAsync(patchData);
// Update config with last check time
_config.PatchCompliance.LastCheckTime = DateTime.Now;
SaveConfig();
LogInfo("Patch compliance data sent successfully.");
}
catch (Exception ex)
{
LogError($"PatchComplianceTask failed: {ex.Message}");
throw;
}
}
private void SaveConfig()
{
try
{
var configPath = System.IO.Path.Combine(AppContext.BaseDirectory, "config.json");
var json = Newtonsoft.Json.JsonConvert.SerializeObject(_config, Newtonsoft.Json.Formatting.Indented);
System.IO.File.WriteAllText(configPath, json);
}
catch (Exception ex)
{
LogError($"Failed to save config: {ex.Message}");
}
}
private void LogInfo(string message)
{
if (!_config.EnableLogging) return;
try
{
var logDir = System.IO.Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"PSG-Oversight"
);
System.IO.Directory.CreateDirectory(logDir);
var logPath = System.IO.Path.Combine(logDir, "patch_compliance.log");
System.IO.File.AppendAllText(logPath, $"[{DateTime.Now}] INFO: {message}\n");
}
catch { }
}
private void LogError(string message)
{
try
{
var logDir = System.IO.Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"PSG-Oversight"
);
System.IO.Directory.CreateDirectory(logDir);
var logPath = System.IO.Path.Combine(logDir, "patch_compliance.log");
System.IO.File.AppendAllText(logPath, $"[{DateTime.Now}] ERROR: {message}\n");
}
catch { }
}
}
}

35
OversightService/Services/ScheduledTask.cs Normal file
View File

@@ -0,0 +1,35 @@
using System;
using System.Threading.Tasks;
namespace OversightService.Services
{
/// <summary>
/// Base interface for scheduled tasks
/// </summary>
public interface IScheduledTask
{
string TaskName { get; }
TimeSpan Interval { get; }
DateTime? LastRun { get; set; }
Task ExecuteAsync();
bool ShouldRun();
}
/// <summary>
/// Base class for scheduled tasks with common logic
/// </summary>
public abstract class ScheduledTask : IScheduledTask
{
public abstract string TaskName { get; }
public abstract TimeSpan Interval { get; }
public DateTime? LastRun { get; set; }
public abstract Task ExecuteAsync();
public virtual bool ShouldRun()
{
if (LastRun == null) return true;
return DateTime.Now - LastRun >= Interval;
}
}
}

77
OversightService/Worker.cs
View File

@@ -1,8 +1,12 @@
using OversightService.Services;
namespace OversightService
{
public class Worker : BackgroundService
{
private readonly ILogger<Worker> _logger;
private OsqueryTaskScheduler? _taskScheduler;
private AppConfig? _config;
public Worker(ILogger<Worker> logger)
{
@@ -11,14 +15,77 @@ namespace OversightService
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
_logger.LogInformation("OversightService starting...");
try
{
// Load configuration
_config = LoadConfig();
_logger.LogInformation("Configuration loaded successfully.");
// Initialize osquery task scheduler
InitializeTaskScheduler();
_logger.LogInformation("Task scheduler initialized successfully.");
}
catch (Exception ex)
{
_logger.LogError(ex, "Failed to initialize OversightService");
throw;
}
// Keep service running
while (!stoppingToken.IsCancellationRequested)
{
if (_logger.IsEnabled(LogLevel.Information))
{
_logger.LogInformation("Worker running at: {time}", DateTimeOffset.Now);
}
await Task.Delay(1000, stoppingToken);
await Task.Delay(TimeSpan.FromMinutes(1), stoppingToken);
}
// Cleanup on shutdown
_logger.LogInformation("OversightService stopping...");
_taskScheduler?.Stop();
}
private AppConfig LoadConfig()
{
var configPath = Path.Combine(AppContext.BaseDirectory, "config.json");
if (!File.Exists(configPath))
{
throw new FileNotFoundException($"Config file not found at {configPath}");
}
var json = File.ReadAllText(configPath);
var config = Newtonsoft.Json.JsonConvert.DeserializeObject<AppConfig>(json);
if (config == null)
{
throw new InvalidOperationException("Failed to deserialize config.json");
}
return config;
}
private void InitializeTaskScheduler()
{
if (_config == null)
{
throw new InvalidOperationException("Config must be loaded before initializing scheduler");
}
_taskScheduler = new OsqueryTaskScheduler();
// Register patch compliance task if enabled
if (_config.PatchCompliance.Enabled)
{
var apiClient = new ApiClient(_config);
var patchTask = new PatchComplianceTask(_config, apiClient);
_taskScheduler.RegisterTask(patchTask);
_logger.LogInformation("Patch compliance task registered (interval: {hours} hours)",
_config.PatchCompliance.CheckIntervalHours);
}
// Start the scheduler
_taskScheduler.Start();
}
}
}

14
OversightService/config.json Normal file
View File

@@ -0,0 +1,14 @@
{
"ServerUrl": "https://yourserver.com/api/status",
"EnableLogging": true,
"ClientIdentifier": "your-default-client-id",
"Auth": {
"Username": "testuser",
"Password": "testpassword"
},
"PatchCompliance": {
"Enabled": true,
"CheckIntervalHours": 24,
"LastCheckTime": null
}
}

BIN
OversightService/osqueryi.exe Normal file
View File

Binary file not shown.