defensivedepth
03/20/2020, 11:29 PMMatt Johnson
03/23/2020, 10:32 PMalessandrogario
RITEN MEHTA
03/26/2020, 10:08 AMGrant
03/26/2020, 2:31 PMClement
03/26/2020, 2:58 PM$ sudo apt-key adv --keyserver <http://keyserver.ubuntu.com|keyserver.ubuntu.com> --recv-keys 1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B
Executing: /tmp/apt-key-gpghome.Vw0k9xPaOV/gpg.1.sh --keyserver <http://keyserver.ubuntu.com|keyserver.ubuntu.com> --recv-keys 1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B
gpg: keyserver receive failed: Connection timed out
Gowthamakanthan
03/26/2020, 6:46 PMthor
❯ brew info osquery
osquery: stable 3.3.2 (bottled)
SQL powered operating system instrumentation and analytics
<https://osquery.io>
Not installed
From: <https://github.com/Homebrew/homebrew-core/blob/master/Formula/osquery.rb>
==> Dependencies
Build: bison ✘, cmake ✘, python ✔
Required: augeas ✘, boost ✘, gflags ✘, glog ✘, libarchive ✘, libmagic ✔, librdkafka ✘, lldpd ✘, openssl@1.1 ✔, rapidjson ✘, rocksdb ✘, sleuthkit ✘, ssdeep ✘, thrift ✘, xz ✔, yara ✔, zstd ✘
==> Requirements
Required: macOS >= 10.12 ✔
==> Analytics
install: 1,312 (30 days), 3,562 (90 days), 11,649 (365 days)
install-on-request: 1,213 (30 days), 3,293 (90 days), 10,744 (365 days)
build-error: 0 (30 days)
fritz
03/30/2020, 9:50 PMLawrence D'Anna
03/31/2020, 6:48 AMterracatta
sudo
04/01/2020, 11:49 AMDG
04/01/2020, 4:47 PMZach Zeid
04/02/2020, 6:19 PMDavid Cowen
04/02/2020, 7:51 PMJohn Grigutis
04/05/2020, 3:14 PMAlex Alborzfard
04/06/2020, 5:34 PMDG
04/06/2020, 9:31 PMJeff Singleton
04/07/2020, 3:13 PMDG
04/07/2020, 4:52 PMKryptoNyte
04/09/2020, 10:02 PMalessandrogario
Sujit Jagdev
04/12/2020, 3:32 PMSlackbot
04/12/2020, 6:30 PMtaurian007
04/12/2020, 9:14 PMZach Zeid
04/13/2020, 3:00 PMPhuc Duong
04/14/2020, 4:19 AMC:\Program Files\osquery\osqueryd>osqueryd.exe --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config --config_tls_max_attempts=10 --config_tls_refresh=10 --enroll_tls_endpoint=/api/v1/osquery/enroll --enroll_always=true --watchdog_memory_limit=350 --enroll_secret_path="C:\Program Files\osquery\secret" --tls_hostname=<http://fleet-demo.com:8080|fleet-demo.com:8080> --tls_server_certs "C:\Program Files\osquery\certs\<http://fleet-demo.com|fleet-demo.com>_8080.pem" --disable_distributed=false --distributed_plugin=tls --distributed_interval=10 --distributed_tls_max_attempts=3 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write --logger_plugin=tls --logger_tls_endpoint=/api/v1/osquery/log --logger_tls_period=10 --host_identifier=hexcode
But when I copy these to the osquery.flags file to run the osquery as a service, it returns the error "Windows could not start the osqueryd service on Local Computer" after I start the osqueryd service.
Below is my osquery.flags configuration. Could someone help me on this? thanks so much
--config_plugin=tls
--config_tls_endpoint=/api/v1/osquery/config
--config_tls_max_attempts=10
--config_tls_refresh=10
--enroll_tls_endpoint=/api/v1/osquery/enroll
--enroll_always=true
--watchdog_memory_limit=350
--enroll_secret_path="C:\Program Files\osquery\secret"
--tls_hostname=<http://fleet-demo.com:8080|fleet-demo.com:8080>
--tls_server_certs "C:\Program Files\osquery\certs\<http://fleet-demo.com|fleet-demo.com>_8080.pem"
--disable_distributed=false
--distributed_plugin=tls
--distributed_interval=10
--distributed_tls_max_attempts=3
--distributed_tls_read_endpoint=/api/v1/osquery/distributed/read
--distributed_tls_write_endpoint=/api/v1/osquery/distributed/write
--logger_plugin=tls
--logger_tls_endpoint=/api/v1/osquery/log
--logger_tls_period=10
--host_identifier=hexcode
Stefano Bonicatti
04/14/2020, 9:55 AMZach Zeid
04/14/2020, 2:47 PM