Dev
09/23/2019, 5:07 PMDev
09/23/2019, 5:43 PMmake deps make generate-dev make build
how do I launch the binary?seph
osqueryi
will take statements on the command line.ycpr
09/24/2019, 4:26 PMlibc.so.6
while trying to compile osquery on 3.16.0-6-amd64 #1 SMP Debian 3.16.57-2 (2018-07-14) x86_64 GNU/Linux
. It compiles on Debian 9 though. Do I do something wrong? I get the following cmake
output:
ycpr@deb8osq-dev:~/osquery/build$ cmake -DOSQUERY_TOOLCHAIN_SYSROOT=/usr/local/osquery-toolchain ../src
-- The C compiler identification is Clang 8.0.1
-- The CXX compiler identification is Clang 8.0.1
-- Check for working C compiler: /usr/local/osquery-toolchain/usr/bin/clang
-- Check for working C compiler: /usr/local/osquery-toolchain/usr/bin/clang -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /usr/local/osquery-toolchain/usr/bin/clang++
-- Check for working CXX compiler: /usr/local/osquery-toolchain/usr/bin/clang++ -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Not found: ccache. Install it and put it into the PATH if you want to speed up partial builds.
-- Found Git: /usr/bin/git (found version "2.1.4")
-- osquery version: 4.0.0-122-g7eda0af-dirty
-- Build type: RelWithDebInfo
-- Shared libraries: OFF
-- Found Python2: /usr/bin/python2.7 (found version "2.7.9") found components: Interpreter
-- Found Python3: /usr/bin/python3.4 (found version "3.4.2") found components: Interpreter
-- Importing: facebook/markupsafe
-- Importing: facebook/jinja2
-- Importing: source/augeas
-- Found FLEX: /usr/bin/flex (found version "2.5.39")
-- Found BISON: /usr/bin/bison (found version "3.0.2")
-- Importing: source/augeas/gnulib
-- Importing: source/berkeley-db
-- Importing: source/boost
Submodule 'foreach' (<https://github.com/boostorg/foreach.git>) registered for path 'foreach'
Cloning into 'libs/foreach'...
fatal: reference is not a tree: 4240a1d095cf4a5e04093a1b91b1f0c791a58da9
Unable to checkout '4240a1d095cf4a5e04093a1b91b1f0c791a58da9' in submodule path 'foreach'
CMake Error at libraries/cmake/source/modules/utils.cmake:64 (message):
Failed to update the following git submodule:
"/home/ycpr/osquery/src/libraries/cmake/source/boost/src/libs/foreach"
Call Stack (most recent call first):
libraries/cmake/source/modules/utils.cmake:115 (initializeGitSubmodule)
libraries/cmake/source/modules/Findboost.cmake:10 (importSourceSubmodule)
CMakeLists.txt:134 (find_package)
CMakeLists.txt:52 (importLibraries)
CMakeLists.txt:174 (main)
-- Configuring incomplete, errors occurred!
See also "/home/ycpr/osquery/build/CMakeFiles/CMakeOutput.log".
See also "/home/ycpr/osquery/build/CMakeFiles/CMakeError.log".
thor
Zach Zeid
09/25/2019, 4:57 PM/var/log/osquery
. Running the osqueryd
command with --ephemeral
doesn't clearly say there is anything wrong, but it seems to chock on loading extensions and creating a socket. Is that expected behavior?harroldhino
09/26/2019, 3:07 PMZach Zeid
09/26/2019, 6:16 PMraj
09/28/2019, 6:32 PMZach Zeid
09/30/2019, 5:11 PMJams
10/01/2019, 9:45 PMJenny Mandl
10/08/2019, 4:47 AMAdrian Hains
10/08/2019, 9:27 PMtimb
10/11/2019, 3:09 AMtheopolis
cd osquery-dev
mkdir build
cd build/
cmake -DOSQUERY_BUILD_TESTS=ON -DOSQUERY_TOOLCHAIN_SYSROOT=/usr/local/osquery-toolchain ..
make -j$(nproc)
make test
Alex Woolford
10/15/2019, 12:08 AMzwass
osquery_schedule
table to get some information about the queries executing.timb
10/15/2019, 9:31 PMsmarsh
10/16/2019, 3:09 PMZach Zeid
10/22/2019, 2:50 PMyum update
was last run on a machine? Is that a correct assumption?npamnani
10/23/2019, 8:06 AMAoS
10/23/2019, 12:03 PMAlanK
10/23/2019, 12:40 PMHarrison
10/23/2019, 3:54 PMEoin Miller
10/24/2019, 2:28 AMosqueryi --config_path /var/osquery/osquery.conf --pack incident-response --json
Eighth query in the incident-response pack:
"alf": {
"query" : "select * from alf;",
...
"description" : "Retrieves the configuration values for the Application Layer Firewall for OSX.",
"value" : "Verify firewall settings are as restrictive as you need. Identify unwanted firewall holes made by malware or humans"
},
First output:
[ {"allow_signed_enabled":"1","firewall_unload":"0","global_state":"0","logging_enabled":"1","logging_option":"0","stealth_enabled":"0","version":"1.6"}
]
npamnani
10/24/2019, 4:43 AMEva
10/24/2019, 10:06 AMDustin M
10/25/2019, 6:27 PMAoS
10/28/2019, 2:06 PMtimb
10/28/2019, 7:08 PM