diff --git a/.claude/settings.local.json b/.claude/settings.local.json
index 932a99a..cca9991 100644
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@@ -1,7 +1,8 @@
{
"permissions": {
"allow": [
- "Bash(\"BuildDir\\bin\\Debug\\Assets\\osqueryi.exe\" --json \"SELECT datetime((SELECT CAST(unix_time AS INTEGER) FROM time) - total_seconds, ''unixepoch'') as boot_time FROM uptime;\")"
+ "Bash(\"BuildDir\\bin\\Debug\\Assets\\osqueryi.exe\" --json \"SELECT datetime((SELECT CAST(unix_time AS INTEGER) FROM time) - total_seconds, ''unixepoch'') as boot_time FROM uptime;\")",
+ "Bash(git describe:*)"
],
"deny": [],
"ask": []
diff --git a/Directory.Packages.props b/Directory.Packages.props
index 4bcc052..bd35fe1 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -41,5 +41,7 @@
runtime; build; native; contentfiles; analyzers; buildtransitive
all
+
+
\ No newline at end of file
diff --git a/LD-SysInfo/Config.cs b/LD-SysInfo/Config.cs
index 17949fa..36fc17b 100644
--- a/LD-SysInfo/Config.cs
+++ b/LD-SysInfo/Config.cs
@@ -14,6 +14,14 @@ namespace LD_SysInfo
[JsonProperty("SystemInfoInterval")] public int SystemInfoInterval { get; set; } = 60;
[JsonProperty("ClientIdentifier")] public string ClientIdentifier { get; set; } = "your-default-client-id";
[JsonProperty("Auth")] public AuthConfig Auth { get; set; } = new();
+ [JsonProperty("PatchCompliance")] public PatchComplianceConfig PatchCompliance { get; set; } = new();
+ }
+
+ public class PatchComplianceConfig
+ {
+ [JsonProperty("Enabled")] public bool Enabled { get; set; } = false;
+ [JsonProperty("CheckIntervalHours")] public int CheckIntervalHours { get; set; } = 24;
+ [JsonProperty("LastCheckTime")] public DateTime? LastCheckTime { get; set; } = null;
}
public class AuthConfig
diff --git a/LD-SysInfo/LD_SysInfo.csproj b/LD-SysInfo/LD_SysInfo.csproj
index 4c1098c..28c2fe7 100644
--- a/LD-SysInfo/LD_SysInfo.csproj
+++ b/LD-SysInfo/LD_SysInfo.csproj
@@ -72,6 +72,7 @@
+
diff --git a/LD-SysInfo/MainWindow.xaml b/LD-SysInfo/MainWindow.xaml
index 2285cf0..d206398 100644
--- a/LD-SysInfo/MainWindow.xaml
+++ b/LD-SysInfo/MainWindow.xaml
@@ -230,6 +230,7 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/LD-SysInfo/MainWindow.xaml.cs b/LD-SysInfo/MainWindow.xaml.cs
index 137b2cd..fcadc09 100644
--- a/LD-SysInfo/MainWindow.xaml.cs
+++ b/LD-SysInfo/MainWindow.xaml.cs
@@ -901,5 +901,121 @@ private async void RefreshButton_Click(object sender, RoutedEventArgs e)
}
}
+ // ============================
+ // Service Tab Event Handlers
+ // ============================
+
+ private void RefreshServiceStatus_Click(object sender, RoutedEventArgs e)
+ {
+ try
+ {
+ var serviceName = "PSG-Oversight";
+ var service = System.ServiceProcess.ServiceController.GetServices()
+ .FirstOrDefault(s => s.ServiceName == serviceName);
+
+ if (service != null)
+ {
+ ServiceStatusText.Text = service.Status.ToString();
+ ServiceStatusText.Foreground = service.Status == System.ServiceProcess.ServiceControllerStatus.Running
+ ? new SolidColorBrush(Colors.Green)
+ : new SolidColorBrush(Colors.Red);
+ }
+ else
+ {
+ ServiceStatusText.Text = "Not Installed";
+ ServiceStatusText.Foreground = new SolidColorBrush(Colors.Orange);
+ }
+
+ ServiceLastCheckText.Text = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
+ }
+ catch (Exception ex)
+ {
+ ServiceStatusText.Text = $"Error: {ex.Message}";
+ ServiceStatusText.Foreground = new SolidColorBrush(Colors.Red);
+ }
+ }
+
+ private async void TestPatchCompliance_Click(object sender, RoutedEventArgs e)
+ {
+ ServiceLogOutput.Text = "Running Patch Compliance check...\n\n";
+
+ try
+ {
+ // Create instances of services
+ var apiClient = new Services.ApiClient(_config);
+ var patchTask = new Services.PatchComplianceTask(_config, apiClient);
+
+ // Execute the task
+ await patchTask.ExecuteAsync();
+
+ ServiceLogOutput.Text += $"[{DateTime.Now}] Patch compliance check completed successfully.\n";
+ ServiceLogOutput.Text += "Check %LOCALAPPDATA%\\PSG-Oversight\\patch_compliance.log for details.\n";
+ }
+ catch (Exception ex)
+ {
+ ServiceLogOutput.Text += $"[{DateTime.Now}] ERROR: {ex.Message}\n";
+ ServiceLogOutput.Text += $"Stack Trace:\n{ex.StackTrace}\n";
+ }
+ }
+
+ private void ViewSchedulerState_Click(object sender, RoutedEventArgs e)
+ {
+ try
+ {
+ var stateFilePath = Path.Combine(
+ Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
+ "PSG-Oversight",
+ "task_scheduler_state.json"
+ );
+
+ if (File.Exists(stateFilePath))
+ {
+ var json = File.ReadAllText(stateFilePath);
+ var formatted = JsonConvert.SerializeObject(
+ JsonConvert.DeserializeObject(json),
+ Formatting.Indented
+ );
+
+ ServiceLogOutput.Text = $"Task Scheduler State:\n\n{formatted}";
+ }
+ else
+ {
+ ServiceLogOutput.Text = "Task scheduler state file not found.\nThe service may not have run any tasks yet.";
+ }
+ }
+ catch (Exception ex)
+ {
+ ServiceLogOutput.Text = $"Error reading scheduler state:\n{ex.Message}";
+ }
+ }
+
+ private async void TestAPIConnection_Click(object sender, RoutedEventArgs e)
+ {
+ ServiceLogOutput.Text = "Testing API connection...\n\n";
+
+ try
+ {
+ var apiClient = new Services.ApiClient(_config);
+
+ // Test connectivity
+ bool isConnected = await apiClient.CheckConnectivity();
+
+ if (isConnected)
+ {
+ ServiceLogOutput.Text += $"[{DateTime.Now}] β
API is reachable!\n";
+ ServiceLogOutput.Text += $"Server URL: {_config.ServerUrl}\n";
+ }
+ else
+ {
+ ServiceLogOutput.Text += $"[{DateTime.Now}] β API is NOT reachable!\n";
+ ServiceLogOutput.Text += $"Server URL: {_config.ServerUrl}\n";
+ }
+ }
+ catch (Exception ex)
+ {
+ ServiceLogOutput.Text += $"[{DateTime.Now}] ERROR: {ex.Message}\n";
+ }
+ }
+
}
}
\ No newline at end of file
diff --git a/LD-SysInfo/Services/ApiClient.cs b/LD-SysInfo/Services/ApiClient.cs
index 292f0ac..56512cb 100644
--- a/LD-SysInfo/Services/ApiClient.cs
+++ b/LD-SysInfo/Services/ApiClient.cs
@@ -264,6 +264,44 @@ namespace LD_SysInfo.Services
return response;
}
+ ///
+ /// Sends Windows update history (patch compliance data) to the backend API
+ ///
+ public async Task PostPatchComplianceAsync(object patchData)
+ {
+ try
+ {
+ if (string.IsNullOrEmpty(jwtToken))
+ {
+ Console.WriteLine("β Not authenticated. Cannot send patch compliance data.");
+ return false;
+ }
+
+ var jsonContent = JsonConvert.SerializeObject(patchData);
+ var content = new StringContent(jsonContent, Encoding.UTF8, "application/json");
+
+ var response = await SendWithAutoReauthAsync(() =>
+ httpClient.PostAsync(BuildUrl("/api/patch-compliance"), content)
+ );
+
+ if (response.IsSuccessStatusCode)
+ {
+ Console.WriteLine("β
Patch compliance data sent successfully.");
+ return true;
+ }
+ else
+ {
+ Console.WriteLine($"β Failed to send patch compliance data: {response.StatusCode}");
+ return false;
+ }
+ }
+ catch (Exception ex)
+ {
+ Console.WriteLine($"β Exception sending patch compliance data: {ex.Message}");
+ return false;
+ }
+ }
+
}
}
diff --git a/LD-SysInfo/Services/OsqueryTaskScheduler.cs b/LD-SysInfo/Services/OsqueryTaskScheduler.cs
new file mode 100644
index 0000000..ea3fdbd
--- /dev/null
+++ b/LD-SysInfo/Services/OsqueryTaskScheduler.cs
@@ -0,0 +1,152 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading;
+using System.Threading.Tasks;
+using System.IO;
+using Newtonsoft.Json;
+
+namespace LD_SysInfo.Services
+{
+ ///
+ /// Manages scheduled osquery-based tasks
+ /// Designed to be portable to Windows Service (OversightService) later
+ ///
+ public class OsqueryTaskScheduler
+ {
+ private readonly List _tasks = new();
+ private readonly Timer _timer;
+ private readonly string _stateFilePath;
+ private bool _isRunning;
+
+ public OsqueryTaskScheduler()
+ {
+ // Store task state in AppData to persist last run times
+ var appDataDir = Path.Combine(
+ Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
+ "PSG-Oversight"
+ );
+ Directory.CreateDirectory(appDataDir);
+ _stateFilePath = Path.Combine(appDataDir, "task_scheduler_state.json");
+
+ // Check every minute for tasks that need to run
+ _timer = new Timer(CheckAndRunTasks, null, TimeSpan.Zero, TimeSpan.FromMinutes(1));
+ }
+
+ ///
+ /// Register a task with the scheduler
+ ///
+ public void RegisterTask(IScheduledTask task)
+ {
+ _tasks.Add(task);
+ LoadTaskState(task);
+ }
+
+ ///
+ /// Start the scheduler
+ ///
+ public void Start()
+ {
+ _isRunning = true;
+ }
+
+ ///
+ /// Stop the scheduler
+ ///
+ public void Stop()
+ {
+ _isRunning = false;
+ _timer?.Change(Timeout.Infinite, Timeout.Infinite);
+ }
+
+ private async void CheckAndRunTasks(object? state)
+ {
+ if (!_isRunning) return;
+
+ foreach (var task in _tasks.Where(t => t.ShouldRun()))
+ {
+ try
+ {
+ await task.ExecuteAsync();
+ task.LastRun = DateTime.Now;
+ SaveTaskState(task);
+ }
+ catch (Exception ex)
+ {
+ LogError($"Task '{task.TaskName}' failed: {ex.Message}");
+ }
+ }
+ }
+
+ private void LoadTaskState(IScheduledTask task)
+ {
+ try
+ {
+ if (!File.Exists(_stateFilePath)) return;
+
+ var json = File.ReadAllText(_stateFilePath);
+ var states = JsonConvert.DeserializeObject>(json);
+
+ if (states != null && states.TryGetValue(task.TaskName, out var lastRun))
+ {
+ task.LastRun = lastRun;
+ }
+ }
+ catch (Exception ex)
+ {
+ LogError($"Failed to load task state: {ex.Message}");
+ }
+ }
+
+ private void SaveTaskState(IScheduledTask task)
+ {
+ try
+ {
+ Dictionary states;
+
+ if (File.Exists(_stateFilePath))
+ {
+ var json = File.ReadAllText(_stateFilePath);
+ states = JsonConvert.DeserializeObject>(json)
+ ?? new Dictionary();
+ }
+ else
+ {
+ states = new Dictionary();
+ }
+
+ states[task.TaskName] = task.LastRun ?? DateTime.Now;
+
+ var updatedJson = JsonConvert.SerializeObject(states, Formatting.Indented);
+ File.WriteAllText(_stateFilePath, updatedJson);
+ }
+ catch (Exception ex)
+ {
+ LogError($"Failed to save task state: {ex.Message}");
+ }
+ }
+
+ private void LogError(string message)
+ {
+ try
+ {
+ var logDir = Path.Combine(
+ Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
+ "PSG-Oversight"
+ );
+ var logPath = Path.Combine(logDir, "scheduler_error.log");
+ File.AppendAllText(logPath, $"[{DateTime.Now}] {message}\n");
+ }
+ catch
+ {
+ // Silently fail if we can't write logs
+ }
+ }
+
+ public void Dispose()
+ {
+ Stop();
+ _timer?.Dispose();
+ }
+ }
+}
diff --git a/LD-SysInfo/Services/PatchComplianceTask.cs b/LD-SysInfo/Services/PatchComplianceTask.cs
new file mode 100644
index 0000000..95a4361
--- /dev/null
+++ b/LD-SysInfo/Services/PatchComplianceTask.cs
@@ -0,0 +1,132 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace LD_SysInfo.Services
+{
+ ///
+ /// Scheduled task that collects Windows update history using osquery
+ /// and sends it to the backend API
+ ///
+ public class PatchComplianceTask : ScheduledTask
+ {
+ private readonly AppConfig _config;
+ private readonly ApiClient _apiClient;
+
+ public override string TaskName => "PatchCompliance";
+
+ public override TimeSpan Interval =>
+ TimeSpan.FromHours(_config.PatchCompliance.CheckIntervalHours);
+
+ public PatchComplianceTask(AppConfig config, ApiClient apiClient)
+ {
+ _config = config;
+ _apiClient = apiClient;
+
+ // Initialize LastRun from config if available
+ LastRun = _config.PatchCompliance.LastCheckTime;
+ }
+
+ public override bool ShouldRun()
+ {
+ // Don't run if disabled in config
+ if (!_config.PatchCompliance.Enabled)
+ return false;
+
+ return base.ShouldRun();
+ }
+
+ public override async Task ExecuteAsync()
+ {
+ try
+ {
+ // Query windows_update_history from osquery
+ var updates = OsqueryService.Query(@"
+ SELECT
+ date,
+ title,
+ update_id
+ FROM windows_update_history
+ ORDER BY date DESC;
+ ");
+
+ if (!updates.Any())
+ {
+ LogInfo("No Windows update history found.");
+ return;
+ }
+
+ // Transform to API-friendly format
+ var patchData = updates.Select(u => new
+ {
+ date = u.GetValueOrDefault("date"),
+ title = u.GetValueOrDefault("title"),
+ updateId = u.GetValueOrDefault("update_id")
+ }).ToList();
+
+ LogInfo($"Collected {patchData.Count} Windows updates.");
+
+ // Send to API
+ await _apiClient.PostPatchComplianceAsync(patchData);
+
+ // Update config with last check time
+ _config.PatchCompliance.LastCheckTime = DateTime.Now;
+ SaveConfig();
+
+ LogInfo("Patch compliance data sent successfully.");
+ }
+ catch (Exception ex)
+ {
+ LogError($"PatchComplianceTask failed: {ex.Message}");
+ throw;
+ }
+ }
+
+ private void SaveConfig()
+ {
+ try
+ {
+ var configPath = System.IO.Path.Combine(AppContext.BaseDirectory, "config.json");
+ var json = Newtonsoft.Json.JsonConvert.SerializeObject(_config, Newtonsoft.Json.Formatting.Indented);
+ System.IO.File.WriteAllText(configPath, json);
+ }
+ catch (Exception ex)
+ {
+ LogError($"Failed to save config: {ex.Message}");
+ }
+ }
+
+ private void LogInfo(string message)
+ {
+ if (!_config.EnableLogging) return;
+
+ try
+ {
+ var logDir = System.IO.Path.Combine(
+ Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
+ "PSG-Oversight"
+ );
+ System.IO.Directory.CreateDirectory(logDir);
+ var logPath = System.IO.Path.Combine(logDir, "patch_compliance.log");
+ System.IO.File.AppendAllText(logPath, $"[{DateTime.Now}] INFO: {message}\n");
+ }
+ catch { }
+ }
+
+ private void LogError(string message)
+ {
+ try
+ {
+ var logDir = System.IO.Path.Combine(
+ Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
+ "PSG-Oversight"
+ );
+ System.IO.Directory.CreateDirectory(logDir);
+ var logPath = System.IO.Path.Combine(logDir, "patch_compliance.log");
+ System.IO.File.AppendAllText(logPath, $"[{DateTime.Now}] ERROR: {message}\n");
+ }
+ catch { }
+ }
+ }
+}
diff --git a/LD-SysInfo/Services/ScheduledTask.cs b/LD-SysInfo/Services/ScheduledTask.cs
new file mode 100644
index 0000000..6527be5
--- /dev/null
+++ b/LD-SysInfo/Services/ScheduledTask.cs
@@ -0,0 +1,35 @@
+using System;
+using System.Threading.Tasks;
+
+namespace LD_SysInfo.Services
+{
+ ///
+ /// Base interface for scheduled tasks
+ ///
+ public interface IScheduledTask
+ {
+ string TaskName { get; }
+ TimeSpan Interval { get; }
+ DateTime? LastRun { get; set; }
+ Task ExecuteAsync();
+ bool ShouldRun();
+ }
+
+ ///
+ /// Base class for scheduled tasks with common logic
+ ///
+ public abstract class ScheduledTask : IScheduledTask
+ {
+ public abstract string TaskName { get; }
+ public abstract TimeSpan Interval { get; }
+ public DateTime? LastRun { get; set; }
+
+ public abstract Task ExecuteAsync();
+
+ public virtual bool ShouldRun()
+ {
+ if (LastRun == null) return true;
+ return DateTime.Now - LastRun >= Interval;
+ }
+ }
+}
diff --git a/OversightService/Config.cs b/OversightService/Config.cs
new file mode 100644
index 0000000..d36c139
--- /dev/null
+++ b/OversightService/Config.cs
@@ -0,0 +1,47 @@
+#nullable disable
+using System;
+using System.IO;
+
+using Newtonsoft.Json;
+
+namespace OversightService
+{
+ public class AppConfig
+ {
+ [JsonProperty("ServerUrl")] public string ServerUrl { get; set; } = "https://yourserver.com/api/status";
+ [JsonProperty("EnableLogging")] public bool EnableLogging { get; set; } = true;
+ [JsonProperty("KeepAlivePeriod")] public int KeepAlivePeriod { get; set; } = 30;
+ [JsonProperty("SystemInfoInterval")] public int SystemInfoInterval { get; set; } = 60;
+ [JsonProperty("ClientIdentifier")] public string ClientIdentifier { get; set; } = "your-default-client-id";
+ [JsonProperty("Auth")] public AuthConfig Auth { get; set; } = new();
+ [JsonProperty("PatchCompliance")] public PatchComplianceConfig PatchCompliance { get; set; } = new();
+ }
+
+ public class PatchComplianceConfig
+ {
+ [JsonProperty("Enabled")] public bool Enabled { get; set; } = false;
+ [JsonProperty("CheckIntervalHours")] public int CheckIntervalHours { get; set; } = 24;
+ [JsonProperty("LastCheckTime")] public DateTime? LastCheckTime { get; set; } = null;
+ }
+
+ public class AuthConfig
+ {
+ [JsonProperty("Username")] public string Username { get; set; } = "testuser";
+ [JsonProperty("Password")] public string Password { get; set; } = "testpassword";
+ }
+
+ public static class ConfigManager
+ {
+ private static readonly string ConfigPath = Path.Combine(AppContext.BaseDirectory, "config.json");
+
+ public static AppConfig LoadConfig(string? pathOverride = null)
+ {
+ string path = pathOverride ?? ConfigPath;
+ if (!File.Exists(path))
+ throw new FileNotFoundException($"Config file not found at {path}");
+
+ string json = File.ReadAllText(path);
+ return JsonConvert.DeserializeObject(json) ?? new AppConfig();
+ }
+ }
+}
diff --git a/OversightService/EncryptionHelper.cs b/OversightService/EncryptionHelper.cs
new file mode 100644
index 0000000..ae91a08
--- /dev/null
+++ b/OversightService/EncryptionHelper.cs
@@ -0,0 +1,36 @@
+using System;
+using System.IO;
+using System.Security.Cryptography;
+using System.Text;
+
+namespace OversightService
+{
+ public class EncryptionHelper
+ {
+ private static readonly byte[] Key = Encoding.UTF8.GetBytes("HWJGbwmF2pWdXySDExMNEbJSrXn0YCBF"); // 32 bytes for AES-256
+ private static readonly byte[] IV = Encoding.UTF8.GetBytes("VWYRtYCfch0sKs6k"); // 16 bytes
+
+ public static string EncryptData(string plainText)
+ {
+ using (Aes aes = Aes.Create())
+ {
+ aes.Key = Key;
+ aes.IV = IV;
+ aes.Mode = CipherMode.CBC;
+ aes.Padding = PaddingMode.PKCS7;
+
+ using (MemoryStream ms = new MemoryStream())
+ using (CryptoStream cs = new CryptoStream(ms, aes.CreateEncryptor(), CryptoStreamMode.Write))
+ {
+ using (StreamWriter sw = new StreamWriter(cs, new UTF8Encoding(false))) // Disable BOM
+ {
+ sw.Write(plainText);
+ }
+ byte[] encryptedBytes = ms.ToArray();
+ string encryptedBase64 = Convert.ToBase64String(encryptedBytes);
+ return encryptedBase64;
+ }
+ }
+ }
+ }
+}
diff --git a/OversightService/OversightService.csproj b/OversightService/OversightService.csproj
index 5387f3a..7014191 100644
--- a/OversightService/OversightService.csproj
+++ b/OversightService/OversightService.csproj
@@ -7,7 +7,29 @@
dotnet-OversightService-9352272b-722c-4a12-acc2-8c9b146e5292
+
+ false
+
+
+
+
+
+
+
+ Always
+
+
+ Always
+
+
+ PreserveNewest
+
+
+ PreserveNewest
+
+
+
diff --git a/OversightService/Program.cs b/OversightService/Program.cs
index e04e76a..b34e38e 100644
--- a/OversightService/Program.cs
+++ b/OversightService/Program.cs
@@ -1,6 +1,13 @@
using OversightService;
var builder = Host.CreateApplicationBuilder(args);
+
+// Configure Windows Service with custom service name
+builder.Services.AddWindowsService(options =>
+{
+ options.ServiceName = "PSG-Oversight";
+});
+
builder.Services.AddHostedService();
var host = builder.Build();
diff --git a/OversightService/Services/ApiClient.cs b/OversightService/Services/ApiClient.cs
new file mode 100644
index 0000000..a13e637
--- /dev/null
+++ b/OversightService/Services/ApiClient.cs
@@ -0,0 +1,317 @@
+ο»Ώusing System;
+using System.IO;
+using System.Net.Http;
+using System.Security.Cryptography.X509Certificates;
+using System.Net.Security;
+using System.Text;
+using System.Threading.Tasks;
+using Newtonsoft.Json;
+
+namespace OversightService.Services
+{
+ public class ApiClient
+ {
+ ///
+ /// Constructs the full URL for API requests.
+ ///
+ private static readonly HttpClient httpClient = CreateHttpClient();
+ private readonly AppConfig _config;
+ private static string jwtToken = null; // πΉ Store the JWT token globally
+
+ public ApiClient(AppConfig config)
+ {
+ _config = config ?? throw new ArgumentNullException(nameof(config));
+ }
+
+ private void Log(string message)
+ {
+ try
+ {
+ var logDir = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "PSG-Oversight");
+ Directory.CreateDirectory(logDir);
+ var logPath = Path.Combine(logDir, "api_client.log");
+ File.AppendAllText(logPath, $"[{DateTime.Now}] {message}\n");
+ }
+ catch { }
+ }
+
+
+ private string BuildUrl(string route)
+ {
+ return $"{_config.ServerUrl.TrimEnd('/')}/{route.TrimStart('/')}";
+ }
+
+ ///
+ /// Creates an HttpClient that bypasses SSL validation (for testing purposes only).
+ ///
+ public static HttpClient CreateHttpClient()
+ {
+ HttpClientHandler handler = new HttpClientHandler
+ {
+ ServerCertificateCustomValidationCallback = (httpRequestMessage, cert, certChain, sslPolicyErrors) =>
+ {
+ return true; // π₯ Ignores all SSL certificate warnings (TEMPORARY!)
+ }
+ };
+
+ return new HttpClient(handler);
+ }
+
+ ///
+ /// Sets the JWT token to be used for subsequent requests.
+ ///
+ public static void SetJwtToken(string token)
+ {
+ jwtToken = token;
+ httpClient.DefaultRequestHeaders.Authorization =
+ new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", jwtToken);
+ }
+ ///
+ /// Gets the JWT token to be used for subsequent requests.
+ ///
+ public static string GetJwtToken()
+ {
+ return jwtToken;
+ }
+
+ ///
+ /// Authenticates with the API using credentials from config.json.
+ ///
+ public async Task AuthenticateAsync(string username, string password)
+ {
+ try
+ {
+ string encryptedUsername = EncryptionHelper.EncryptData(username);
+ string encryptedPassword = EncryptionHelper.EncryptData(password);
+
+ var payload = new
+ {
+ username = encryptedUsername,
+ password = encryptedPassword
+ };
+
+ string jsonContent = JsonConvert.SerializeObject(payload);
+ var content = new StringContent(jsonContent, Encoding.UTF8, "application/json");
+
+ HttpResponseMessage response = await httpClient.PostAsync(BuildUrl("/api/auth/login"), content);
+ string rawResponse = await response.Content.ReadAsStringAsync();
+
+ if (!response.IsSuccessStatusCode)
+ {
+ Log($"β Authentication failed: {response.StatusCode} - {rawResponse}");
+ return null;
+ }
+
+ var loginResponse = JsonConvert.DeserializeObject(rawResponse);
+
+ if (!string.IsNullOrEmpty(loginResponse?.Token))
+ {
+ SetJwtToken(loginResponse.Token);
+ }
+
+ return loginResponse;
+ }
+ catch (Exception ex)
+ {
+ Log($"β Exception during login: {ex.Message}");
+ return null;
+ }
+ }
+
+
+
+ ///
+ /// Checks connectivity to the server using the stored JWT token.
+ ///
+ public async Task CheckConnectivity()
+ {
+ string testUrl = "https://localhost:8443/api/system/ping-status"; // Your HTTPS URL with port 8443
+
+ try
+ {
+ if (string.IsNullOrEmpty(jwtToken))
+ {
+ throw new Exception("No JWT token stored. Please authenticate first.");
+ }
+
+ var response = await SendWithAutoReauthAsync(() =>
+ httpClient.GetAsync(testUrl)
+);
+
+
+ if (response.IsSuccessStatusCode)
+ {
+ return true;
+ }
+ else
+ {
+ Log($"β Server Unreachable: {response.StatusCode}");
+ return false;
+ }
+ }
+ catch (Exception ex)
+ {
+ Log($"β Connection Error: {ex.Message}");
+ return false;
+ }
+ }
+
+ ///
+ /// Sends the collected data to the server.
+ ///
+ public async Task StoreSystemInfoAsync(string encryptedData)
+ {
+ try
+ {
+ if (string.IsNullOrEmpty(jwtToken))
+ return "β Error: Not authenticated. Please log in first.";
+
+ var payload = new { data = encryptedData };
+ string jsonContent = JsonConvert.SerializeObject(payload);
+ var content = new StringContent(jsonContent, Encoding.UTF8, "application/json");
+
+ var response = await SendWithAutoReauthAsync(() =>
+ httpClient.PostAsync(BuildUrl("/api/system-info"), content)
+ );
+
+ if (response.IsSuccessStatusCode)
+ return await response.Content.ReadAsStringAsync();
+ else
+ return $"β Error: {response.StatusCode} - {await response.Content.ReadAsStringAsync()}";
+ }
+ catch (Exception ex)
+ {
+ return $"β Exception: {ex.Message}";
+ }
+ }
+
+
+ ///
+ /// Refreshes the current JWT token without requiring username/password.
+ ///
+ public async Task RefreshTokenAsync()
+ {
+ try
+ {
+ if (string.IsNullOrEmpty(jwtToken))
+ {
+ Log("β οΈ No token to refresh.");
+ return false;
+ }
+
+ HttpResponseMessage response = await httpClient.PostAsync(BuildUrl("/api/auth/refresh"), null);
+ string rawResponse = await response.Content.ReadAsStringAsync();
+
+ if (!response.IsSuccessStatusCode)
+ {
+ Log($"β Token refresh failed: {response.StatusCode} - {rawResponse}");
+ return false;
+ }
+
+ // Parse the response to get the new token if provided in body
+ // Note: Your server sets it via cookie, but may also return it in response
+ try
+ {
+ var refreshResponse = JsonConvert.DeserializeObject>(rawResponse);
+ if (refreshResponse?.ContainsKey("token") == true)
+ {
+ SetJwtToken(refreshResponse["token"]);
+ }
+ }
+ catch
+ {
+ // Token might only be in cookie, which is fine
+ }
+
+ Log("β
Token refreshed successfully.");
+ return true;
+ }
+ catch (Exception ex)
+ {
+ Log($"β Exception during token refresh: {ex.Message}");
+ return false;
+ }
+ }
+
+ ///
+ /// Sends the collected data to the server with automatic token refresh and re-auth.
+ ///
+ private async Task SendWithAutoReauthAsync(Func> requestFunc)
+ {
+ var response = await requestFunc();
+
+ if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized)
+ {
+ Log("β οΈ Token expired or invalid. Attempting token refresh...");
+
+ // Try refreshing the token first (faster than full re-auth)
+ bool refreshed = await RefreshTokenAsync();
+
+ if (refreshed)
+ {
+ // Retry original request after refresh
+ response = await requestFunc();
+
+ if (response.IsSuccessStatusCode)
+ {
+ return response;
+ }
+ }
+
+ // If refresh failed or didn't work, fall back to full re-authentication
+ Log("β οΈ Token refresh failed. Attempting full re-auth...");
+ var loginResponse = await AuthenticateAsync(_config.Auth.Username, _config.Auth.Password);
+ if (loginResponse == null || string.IsNullOrEmpty(loginResponse.Token))
+ {
+ Log("β Re-authentication failed.");
+ return response; // Return original 401 response
+ }
+
+ // Retry original request after reauth
+ response = await requestFunc();
+ }
+
+ return response;
+ }
+
+ ///
+ /// Sends Windows update history (patch compliance data) to the backend API
+ ///
+ public async Task PostPatchComplianceAsync(object patchData)
+ {
+ try
+ {
+ if (string.IsNullOrEmpty(jwtToken))
+ {
+ Log("β Not authenticated. Cannot send patch compliance data.");
+ return false;
+ }
+
+ var jsonContent = JsonConvert.SerializeObject(patchData);
+ var content = new StringContent(jsonContent, Encoding.UTF8, "application/json");
+
+ var response = await SendWithAutoReauthAsync(() =>
+ httpClient.PostAsync(BuildUrl("/api/patch-compliance"), content)
+ );
+
+ if (response.IsSuccessStatusCode)
+ {
+ Log("β
Patch compliance data sent successfully.");
+ return true;
+ }
+ else
+ {
+ Log($"β Failed to send patch compliance data: {response.StatusCode}");
+ return false;
+ }
+ }
+ catch (Exception ex)
+ {
+ Log($"β Exception sending patch compliance data: {ex.Message}");
+ return false;
+ }
+ }
+
+
+ }
+}
diff --git a/OversightService/Services/LoginResponse.cs b/OversightService/Services/LoginResponse.cs
new file mode 100644
index 0000000..2498ce4
--- /dev/null
+++ b/OversightService/Services/LoginResponse.cs
@@ -0,0 +1,9 @@
+ο»Ώnamespace OversightService.Services
+{
+ public class LoginResponse
+ {
+ public string Token { get; set; }
+ public string Username { get; set; }
+ public int UserId { get; set; }
+ }
+}
diff --git a/OversightService/Services/OsqueryService.cs b/OversightService/Services/OsqueryService.cs
new file mode 100644
index 0000000..b4590eb
--- /dev/null
+++ b/OversightService/Services/OsqueryService.cs
@@ -0,0 +1,97 @@
+ο»Ώusing System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+
+using Newtonsoft.Json.Linq;
+
+namespace OversightService.Services
+{
+ public static class OsqueryService
+ {
+ private static string GetLogPath(string filename)
+ {
+ string logDir = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "PSG-Oversight");
+ Directory.CreateDirectory(logDir);
+ return Path.Combine(logDir, filename);
+ }
+
+ private static string GetOsqueryPath()
+ {
+ var baseDir = AppContext.BaseDirectory;
+ var path = Path.Combine(baseDir, "Assets", "osqueryi.exe");
+
+ if (!File.Exists(path))
+ {
+ try
+ {
+ File.AppendAllText(GetLogPath("osquery_error.log"), $"[{DateTime.Now}] β osqueryi.exe not found at {path}\n");
+ }
+ catch { /* Silently fail if we can't write logs */ }
+ throw new FileNotFoundException("osqueryi.exe not found", path);
+ }
+
+ return path;
+ }
+
+ private static string RunQuery(string sql)
+ {
+ var processInfo = new ProcessStartInfo
+ {
+ FileName = GetOsqueryPath(),
+ Arguments = $"--json \"{sql}\"",
+ RedirectStandardOutput = true,
+ UseShellExecute = false,
+ CreateNoWindow = true
+ };
+
+ using var process = Process.Start(processInfo); // β
FIXED β actually start the process
+ if (process == null)
+ throw new Exception("Failed to start osquery process");
+
+ string output = process.StandardOutput.ReadToEnd();
+ process.WaitForExit();
+
+ // Optional debug logging
+ try
+ {
+ File.AppendAllText(GetLogPath("osquery_debug.log"),
+ $"[{DateTime.Now}] Ran query: {sql}\nOutput length: {output.Length}\n");
+ }
+ catch { /* Silently fail if we can't write logs */ }
+
+ return output;
+ }
+
+ public static List> Query(string sql)
+ {
+ string json = RunQuery(sql);
+
+ try
+ {
+ var jArray = JArray.Parse(json);
+ var results = new List>();
+
+ foreach (var obj in jArray)
+ {
+ var dict = new Dictionary();
+ foreach (var prop in (JObject)obj)
+ dict[prop.Key] = prop.Value?.ToString() ?? "";
+ results.Add(dict);
+ }
+
+ return results;
+ }
+ catch (Exception ex)
+ {
+ try
+ {
+ File.AppendAllText(GetLogPath("osquery_error.log"),
+ $"[{DateTime.Now}] β οΈ JSON parse failed for query '{sql}': {ex.Message}\n");
+ }
+ catch { /* Silently fail if we can't write logs */ }
+ return new List>();
+ }
+ }
+ }
+}
diff --git a/OversightService/Services/OsqueryTaskScheduler.cs b/OversightService/Services/OsqueryTaskScheduler.cs
new file mode 100644
index 0000000..2a69e30
--- /dev/null
+++ b/OversightService/Services/OsqueryTaskScheduler.cs
@@ -0,0 +1,152 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading;
+using System.Threading.Tasks;
+using System.IO;
+using Newtonsoft.Json;
+
+namespace OversightService.Services
+{
+ ///
+ /// Manages scheduled osquery-based tasks
+ /// Designed to be portable to Windows Service (OversightService) later
+ ///
+ public class OsqueryTaskScheduler
+ {
+ private readonly List _tasks = new();
+ private readonly Timer _timer;
+ private readonly string _stateFilePath;
+ private bool _isRunning;
+
+ public OsqueryTaskScheduler()
+ {
+ // Store task state in AppData to persist last run times
+ var appDataDir = Path.Combine(
+ Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
+ "PSG-Oversight"
+ );
+ Directory.CreateDirectory(appDataDir);
+ _stateFilePath = Path.Combine(appDataDir, "task_scheduler_state.json");
+
+ // Check every minute for tasks that need to run
+ _timer = new Timer(CheckAndRunTasks, null, TimeSpan.Zero, TimeSpan.FromMinutes(1));
+ }
+
+ ///
+ /// Register a task with the scheduler
+ ///
+ public void RegisterTask(IScheduledTask task)
+ {
+ _tasks.Add(task);
+ LoadTaskState(task);
+ }
+
+ ///
+ /// Start the scheduler
+ ///
+ public void Start()
+ {
+ _isRunning = true;
+ }
+
+ ///
+ /// Stop the scheduler
+ ///
+ public void Stop()
+ {
+ _isRunning = false;
+ _timer?.Change(Timeout.Infinite, Timeout.Infinite);
+ }
+
+ private async void CheckAndRunTasks(object? state)
+ {
+ if (!_isRunning) return;
+
+ foreach (var task in _tasks.Where(t => t.ShouldRun()))
+ {
+ try
+ {
+ await task.ExecuteAsync();
+ task.LastRun = DateTime.Now;
+ SaveTaskState(task);
+ }
+ catch (Exception ex)
+ {
+ LogError($"Task '{task.TaskName}' failed: {ex.Message}");
+ }
+ }
+ }
+
+ private void LoadTaskState(IScheduledTask task)
+ {
+ try
+ {
+ if (!File.Exists(_stateFilePath)) return;
+
+ var json = File.ReadAllText(_stateFilePath);
+ var states = JsonConvert.DeserializeObject>(json);
+
+ if (states != null && states.TryGetValue(task.TaskName, out var lastRun))
+ {
+ task.LastRun = lastRun;
+ }
+ }
+ catch (Exception ex)
+ {
+ LogError($"Failed to load task state: {ex.Message}");
+ }
+ }
+
+ private void SaveTaskState(IScheduledTask task)
+ {
+ try
+ {
+ Dictionary states;
+
+ if (File.Exists(_stateFilePath))
+ {
+ var json = File.ReadAllText(_stateFilePath);
+ states = JsonConvert.DeserializeObject>(json)
+ ?? new Dictionary();
+ }
+ else
+ {
+ states = new Dictionary();
+ }
+
+ states[task.TaskName] = task.LastRun ?? DateTime.Now;
+
+ var updatedJson = JsonConvert.SerializeObject(states, Formatting.Indented);
+ File.WriteAllText(_stateFilePath, updatedJson);
+ }
+ catch (Exception ex)
+ {
+ LogError($"Failed to save task state: {ex.Message}");
+ }
+ }
+
+ private void LogError(string message)
+ {
+ try
+ {
+ var logDir = Path.Combine(
+ Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
+ "PSG-Oversight"
+ );
+ var logPath = Path.Combine(logDir, "scheduler_error.log");
+ File.AppendAllText(logPath, $"[{DateTime.Now}] {message}\n");
+ }
+ catch
+ {
+ // Silently fail if we can't write logs
+ }
+ }
+
+ public void Dispose()
+ {
+ Stop();
+ _timer?.Dispose();
+ }
+ }
+}
diff --git a/OversightService/Services/PatchComplianceTask.cs b/OversightService/Services/PatchComplianceTask.cs
new file mode 100644
index 0000000..fe45895
--- /dev/null
+++ b/OversightService/Services/PatchComplianceTask.cs
@@ -0,0 +1,132 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace OversightService.Services
+{
+ ///
+ /// Scheduled task that collects Windows update history using osquery
+ /// and sends it to the backend API
+ ///
+ public class PatchComplianceTask : ScheduledTask
+ {
+ private readonly AppConfig _config;
+ private readonly ApiClient _apiClient;
+
+ public override string TaskName => "PatchCompliance";
+
+ public override TimeSpan Interval =>
+ TimeSpan.FromHours(_config.PatchCompliance.CheckIntervalHours);
+
+ public PatchComplianceTask(AppConfig config, ApiClient apiClient)
+ {
+ _config = config;
+ _apiClient = apiClient;
+
+ // Initialize LastRun from config if available
+ LastRun = _config.PatchCompliance.LastCheckTime;
+ }
+
+ public override bool ShouldRun()
+ {
+ // Don't run if disabled in config
+ if (!_config.PatchCompliance.Enabled)
+ return false;
+
+ return base.ShouldRun();
+ }
+
+ public override async Task ExecuteAsync()
+ {
+ try
+ {
+ // Query windows_update_history from osquery
+ var updates = OsqueryService.Query(@"
+ SELECT
+ date,
+ title,
+ update_id
+ FROM windows_update_history
+ ORDER BY date DESC;
+ ");
+
+ if (!updates.Any())
+ {
+ LogInfo("No Windows update history found.");
+ return;
+ }
+
+ // Transform to API-friendly format
+ var patchData = updates.Select(u => new
+ {
+ date = u.GetValueOrDefault("date"),
+ title = u.GetValueOrDefault("title"),
+ updateId = u.GetValueOrDefault("update_id")
+ }).ToList();
+
+ LogInfo($"Collected {patchData.Count} Windows updates.");
+
+ // Send to API
+ await _apiClient.PostPatchComplianceAsync(patchData);
+
+ // Update config with last check time
+ _config.PatchCompliance.LastCheckTime = DateTime.Now;
+ SaveConfig();
+
+ LogInfo("Patch compliance data sent successfully.");
+ }
+ catch (Exception ex)
+ {
+ LogError($"PatchComplianceTask failed: {ex.Message}");
+ throw;
+ }
+ }
+
+ private void SaveConfig()
+ {
+ try
+ {
+ var configPath = System.IO.Path.Combine(AppContext.BaseDirectory, "config.json");
+ var json = Newtonsoft.Json.JsonConvert.SerializeObject(_config, Newtonsoft.Json.Formatting.Indented);
+ System.IO.File.WriteAllText(configPath, json);
+ }
+ catch (Exception ex)
+ {
+ LogError($"Failed to save config: {ex.Message}");
+ }
+ }
+
+ private void LogInfo(string message)
+ {
+ if (!_config.EnableLogging) return;
+
+ try
+ {
+ var logDir = System.IO.Path.Combine(
+ Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
+ "PSG-Oversight"
+ );
+ System.IO.Directory.CreateDirectory(logDir);
+ var logPath = System.IO.Path.Combine(logDir, "patch_compliance.log");
+ System.IO.File.AppendAllText(logPath, $"[{DateTime.Now}] INFO: {message}\n");
+ }
+ catch { }
+ }
+
+ private void LogError(string message)
+ {
+ try
+ {
+ var logDir = System.IO.Path.Combine(
+ Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
+ "PSG-Oversight"
+ );
+ System.IO.Directory.CreateDirectory(logDir);
+ var logPath = System.IO.Path.Combine(logDir, "patch_compliance.log");
+ System.IO.File.AppendAllText(logPath, $"[{DateTime.Now}] ERROR: {message}\n");
+ }
+ catch { }
+ }
+ }
+}
diff --git a/OversightService/Services/ScheduledTask.cs b/OversightService/Services/ScheduledTask.cs
new file mode 100644
index 0000000..26d9e53
--- /dev/null
+++ b/OversightService/Services/ScheduledTask.cs
@@ -0,0 +1,35 @@
+using System;
+using System.Threading.Tasks;
+
+namespace OversightService.Services
+{
+ ///
+ /// Base interface for scheduled tasks
+ ///
+ public interface IScheduledTask
+ {
+ string TaskName { get; }
+ TimeSpan Interval { get; }
+ DateTime? LastRun { get; set; }
+ Task ExecuteAsync();
+ bool ShouldRun();
+ }
+
+ ///
+ /// Base class for scheduled tasks with common logic
+ ///
+ public abstract class ScheduledTask : IScheduledTask
+ {
+ public abstract string TaskName { get; }
+ public abstract TimeSpan Interval { get; }
+ public DateTime? LastRun { get; set; }
+
+ public abstract Task ExecuteAsync();
+
+ public virtual bool ShouldRun()
+ {
+ if (LastRun == null) return true;
+ return DateTime.Now - LastRun >= Interval;
+ }
+ }
+}
diff --git a/OversightService/Worker.cs b/OversightService/Worker.cs
index 181340e..8046604 100644
--- a/OversightService/Worker.cs
+++ b/OversightService/Worker.cs
@@ -1,8 +1,12 @@
+using OversightService.Services;
+
namespace OversightService
{
public class Worker : BackgroundService
{
private readonly ILogger _logger;
+ private OsqueryTaskScheduler? _taskScheduler;
+ private AppConfig? _config;
public Worker(ILogger logger)
{
@@ -11,14 +15,77 @@ namespace OversightService
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
+ _logger.LogInformation("OversightService starting...");
+
+ try
+ {
+ // Load configuration
+ _config = LoadConfig();
+ _logger.LogInformation("Configuration loaded successfully.");
+
+ // Initialize osquery task scheduler
+ InitializeTaskScheduler();
+ _logger.LogInformation("Task scheduler initialized successfully.");
+ }
+ catch (Exception ex)
+ {
+ _logger.LogError(ex, "Failed to initialize OversightService");
+ throw;
+ }
+
+ // Keep service running
while (!stoppingToken.IsCancellationRequested)
{
- if (_logger.IsEnabled(LogLevel.Information))
- {
- _logger.LogInformation("Worker running at: {time}", DateTimeOffset.Now);
- }
- await Task.Delay(1000, stoppingToken);
+ await Task.Delay(TimeSpan.FromMinutes(1), stoppingToken);
}
+
+ // Cleanup on shutdown
+ _logger.LogInformation("OversightService stopping...");
+ _taskScheduler?.Stop();
+ }
+
+ private AppConfig LoadConfig()
+ {
+ var configPath = Path.Combine(AppContext.BaseDirectory, "config.json");
+
+ if (!File.Exists(configPath))
+ {
+ throw new FileNotFoundException($"Config file not found at {configPath}");
+ }
+
+ var json = File.ReadAllText(configPath);
+ var config = Newtonsoft.Json.JsonConvert.DeserializeObject(json);
+
+ if (config == null)
+ {
+ throw new InvalidOperationException("Failed to deserialize config.json");
+ }
+
+ return config;
+ }
+
+ private void InitializeTaskScheduler()
+ {
+ if (_config == null)
+ {
+ throw new InvalidOperationException("Config must be loaded before initializing scheduler");
+ }
+
+ _taskScheduler = new OsqueryTaskScheduler();
+
+ // Register patch compliance task if enabled
+ if (_config.PatchCompliance.Enabled)
+ {
+ var apiClient = new ApiClient(_config);
+ var patchTask = new PatchComplianceTask(_config, apiClient);
+ _taskScheduler.RegisterTask(patchTask);
+
+ _logger.LogInformation("Patch compliance task registered (interval: {hours} hours)",
+ _config.PatchCompliance.CheckIntervalHours);
+ }
+
+ // Start the scheduler
+ _taskScheduler.Start();
}
}
}
diff --git a/OversightService/config.json b/OversightService/config.json
new file mode 100644
index 0000000..c173ff7
--- /dev/null
+++ b/OversightService/config.json
@@ -0,0 +1,14 @@
+{
+ "ServerUrl": "https://yourserver.com/api/status",
+ "EnableLogging": true,
+ "ClientIdentifier": "your-default-client-id",
+ "Auth": {
+ "Username": "testuser",
+ "Password": "testpassword"
+ },
+ "PatchCompliance": {
+ "Enabled": true,
+ "CheckIntervalHours": 24,
+ "LastCheckTime": null
+ }
+}
diff --git a/OversightService/osqueryi.exe b/OversightService/osqueryi.exe
new file mode 100644
index 0000000..ca880c8
Binary files /dev/null and b/OversightService/osqueryi.exe differ