https://github.com/osquery/osquery logo
Join Slack
Channels
general
android_tests
apple-silicon
arm-architecture
auditing-warroom
awallaby
aws
beyond-identity
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
golang
goquery
help-proxy
infrastructure
jobs
kolide
linen-dev
linux
loonsecio
macos
officehours
osctrl
plugins
process-auditing
qingteng
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Powered by
# core
  • a

    alessandrogario

    10/23/2021, 4:18 PM
    the osquery shell does not use the watchdog by default, so it will not cause problems in that case
    👍 1
    p
    • 2
    • 1
  • a

    alessandrogario

    10/23/2021, 6:07 PM
    I think that deploying extensions is not a big issue; we had a cool PR that makes packaging configurable
    p
    • 2
    • 5
  • a

    alessandrogario

    10/23/2021, 6:10 PM
    a malware killing an extension might as well just kill osquery itself, so I don't think it changes much whether it's in core or not
    p
    • 2
    • 2
  • a

    alessandrogario

    10/23/2021, 6:11 PM
    another advantage in implementing this in an extension is that your table won't get killed if osquery misbehave; the worker will just restart and your extension will connect back to it
    p
    • 2
    • 2
  • s

    seph

    11/17/2021, 7:23 PM
    @alessandrogario merged the BPF changes in, and that was a thing we wanted to try to get out. How’s m1 support? Should I cut 5.1 today, or do folks want to wait? (@Mike Myers)
    ❤️ 1
    a
    m
    • 3
    • 16
  • s

    seph

    11/29/2021, 9:23 PM
    Speaking of which, we were vaguely holding, since I think @Stefano Bonicatti was going to look at one of the packaging PRs relating to linux symlinks?
    m
    s
    • 3
    • 3
  • s

    seph

    12/02/2021, 6:26 PM
    Skimming that PR, it looks fine. Thoguh it feels weird having the destination set that way. But 🤷 I try not to get into the cmake weeds. Do you want to thumb and merge? Should I? (I am vigorously deferring to you here)
    s
    • 2
    • 8
  • s

    seph

    12/03/2021, 2:55 PM
    Hrm. Before I cut this release… I’m seeing some odd hangs on my mac 😞
    • 1
    • 3
  • s

    seph

    12/03/2021, 3:04 PM
    I guess we’re aiming for another release this year, so I think there’s no point to holding this. I’ll cut a release now, and fill in release notes laterz
    • 1
    • 4
  • z

    zwass

    12/14/2021, 6:27 PM
    Who runs the osquery Twitter account? This could use a response: https://twitter.com/wifitoaster2/status/1470808511152017408 ( I tried logging in to do it myself with the creds in 1Password but I need a 2FA code)
    t
    a
    • 3
    • 4
  • s

    seph

    12/29/2021, 2:40 AM
    I cut https://github.com/osquery/osquery/releases/tag/5.2.0 but builds don't seem to have worked. Probably cmake stuff. I'll see if I can make progress,
    a
    • 2
    • 2
  • t

    thor

    01/04/2022, 7:55 PM
    Hey friends! Sorry I've largely been offline of late. We had another baby and I've disappeared into parental leave. That said, I'm back now, I missed today's office hours due to some meeting conflicts, but wanted to check in on the paid Slack situation. Has that been resolved? Is there anything I can do to help?
    🍼 1
    👏 1
    s
    • 2
    • 4
  • t

    thor

    01/04/2022, 7:55 PM
    I've also noticed a couple releases shipped out, and that we're quite a bit behind with Chocolatey releases. I'll see what I can do to get those builds shipped this week, apologies for my absence!
    👌 1
    ❤️ 1
    a
    • 2
    • 1
  • j

    J

    02/03/2022, 7:52 AM
    We can restrict it on a service level in the OS, but haven’t found a way to limit it properly in osquery.
    s
    h
    • 3
    • 22
  • s

    seph

    02/03/2022, 1:31 PM
    Hrm. I wonder what correct is. I understand that in this case moving to sigkill makes more sense. But what is the flip side? Does that make it more likely to corrupt the local db?
    s
    j
    • 3
    • 17
  • s

    seph

    02/04/2022, 3:47 PM
    @Stefano Bonicatti I think I’m ready to cut 5.2.2. Do you want to try to come to resolution on #7474 before?
    s
    • 2
    • 6
  • s

    seph

    03/01/2022, 7:46 PM
    Any thumbs for https://github.com/osquery/osquery-site/pull/238
    z
    • 2
    • 1
  • j

    Juan Alvarez

    03/10/2022, 3:17 PM
    Hi all, I am not sure if this is the best channel for this, but i have opened this ticket a few days ago: https://github.com/osquery/osquery/issues/7494 . I would like to get your point of view on the criticality of those vulnerabilities and if you think they qualify to get a new release with those dependencies upgraded. Reading on the ASSURANCE.md document, i read that some of the vulnerabilities may not affect osquery for one or other reason but i am not smart enough to understand when they do or they not. The fact is that our tool (we are using SNYK) reports back 4 CRITICAL and 21 HIGH vulnerabilities which does not look really good. If they are so, would you be open to release a new osquery version sooner with those dependecies upgraded? Thanks!
    👀 2
    m
    • 2
    • 6
  • s

    seph

    03/22/2022, 2:40 AM
    Removing freebsd intructions. https://github.com/osquery/osquery-site/pull/242
  • n

    n0b00de

    03/23/2022, 3:50 PM
    Is there a way to search a directory for a specific file extension? ex:
    Copy code
    SELECT path FROM file WHERE path LIKE 'C:\Windows\Prefetch\%\%.db';
  • s

    seph

    03/23/2022, 7:22 PM
    I’m seeing occasional messages
    Refusing to register duplicate extension
    which don’t make a lot of sense given what I know of my startup flow. Anyone happen to know if the registry it’s using is somehow persisted across restarts?
    s
    • 2
    • 3
  • n

    n0b00de

    03/23/2022, 9:07 PM
    Can we package osquery extensions inside the the orbit packages [rpm,pkg,exe]?
  • t

    thor

    03/25/2022, 9:30 PM
    Hey friends! I received a nice call from digicert that my authenticode code signing certificate is going to expire in about 20 some odd days. I hadn't planned on renewing this cert, as it's ~$500 and I don't think work will expense it for me any longer. Did we have any plans on the future of the signing certificate?
    z
    s
    m
    • 4
    • 7
  • i

    iko1

    03/26/2022, 9:54 AM
    Hi, I'm interested working on this issue: https://github.com/osquery/osquery/issues/7463. I'm wondering If it's a way fetching the data from other way in order to support more distributions. I found that i can execute the following command line: "lldpctl -f xml". The output of this command is backward/forward-compatibility and the information is enough to generate 'lldp_neighbors'. I'm wondering if it's right/valid to generate table with this way?
    s
    • 2
    • 2
  • t

    thor

    04/05/2022, 2:40 AM
    Hey gang, just quick FYI - I've got my updated code signing certificate, going to do a couple test build/signs tonight then will be updating our secrets flow to ensure that we're all set for the next release.
  • t

    thor

    04/05/2022, 3:02 AM
    Ok, verified that the signatures work as expected locally, I've updated the secrets for our build process, so we should be all set for the next release.
    ty 3
    z
    • 2
    • 2
  • m

    Mike Myers

    04/05/2022, 7:23 PM
    The last issue on the 5.3 milestone is complete, and this is a security-related release, so can we begin by tagging a pre-release and get moving on the release? https://github.com/osquery/osquery/milestone/61
  • s

    seph

    04/05/2022, 8:56 PM
    How close is https://github.com/osquery/osquery/pull/7549 ?
    a
    • 2
    • 1
  • s

    seph

    04/05/2022, 8:56 PM
    I’d be in favor of cutting a 5.3 whenever!
    🆒 1
  • s

    seph

    04/06/2022, 3:08 PM
    After discussion, we cut a 5.2.3 release. https://github.com/osquery/osquery/releases/5.2.3 exists. Take a look folks!
    osquery 1
    🥳 1
    🍻 1
    j
    • 2
    • 1
1...111213...220Latest