Altaf
09/18/2022, 3:41 AMSlackbot
09/18/2022, 6:22 AMAltaf
09/19/2022, 3:49 AM/bin/bash -c '/usr/local/bin/osqueryi --json "select * from uptime"'
I get this error:
/bin/bash /usr/local/bin/osqueryi: Operation not permitted
exit code 126
But when I run the exact same thing on the same Mac from the terminal, it works as expected. Any pointers ?PJ Meyer
09/20/2022, 2:29 PMTiernan
09/21/2022, 12:59 PMBrandon Mesa
09/21/2022, 1:57 PMBrandon Mesa
09/22/2022, 9:14 PMHarrison
09/22/2022, 10:10 PMsudo profiles list
? Seems like that managed_policies table is grabbing the output from /Library/Managed Preferences
Shruti Dixit
09/23/2022, 7:25 AMnidhin
09/23/2022, 10:46 AMnidhin
09/23/2022, 10:47 AMJens Willmer
09/26/2022, 11:04 AMslevchenko
09/27/2022, 11:38 AMflag provided but not defined: -verbose
osqueryd[99410]: Usage of /opt/osquery/plugins/logger/threat_logger.ext:
osqueryd[99410]: -interval int
osqueryd[99410]: -socket string
osqueryd[99410]: path to osqueryd extensions socket
osqueryd[99410]: -timeout int
What I've did:
1. Loaded logger_plugin via extensions.load
file
/opt/osquery/plugins/logger/threat_logger.ext
2. Enabled it via logger_plugin flag:
--logger_plugin=/opt/osquery/plugins/logger/threat_logger.ext
slevchenko
09/27/2022, 11:39 AMLee Segal
09/27/2022, 5:14 PMsambit
09/29/2022, 3:59 PMgrahamgilbert
10/01/2022, 1:18 AMunified_log
tabledefensivedepth
10/04/2022, 11:13 PMHarrison
10/06/2022, 4:04 AMmanaged_policies
table? The query returns a whole suite of info but almost none of it relate to things I have deployed through our MDM (Kandji). Where is the gap?Karthick
10/06/2022, 4:04 AMZach Zeid
10/06/2022, 2:28 PMpeanut butter
10/09/2022, 9:43 AMwennan.he
10/10/2022, 3:52 AMwennan.he
10/10/2022, 9:41 PMwennan.he
10/10/2022, 11:23 PMwennan.he
10/11/2022, 6:34 PMThomas Stromberg
10/12/2022, 7:22 PMecho query | osqueryi
today.
I found https://github.com/osquery/osquery/pull/2093 which added --pack
, but it appears to only run ones that are already defined as part of your config. As a workaround I was considering dynamically generating a JSON config file and passing it in via --config_path
, but it seems pretty hacky & the sort of thing that someone probably found a better solution for.wennan.he
10/12/2022, 7:24 PMwennan.he
10/12/2022, 7:40 PMwennan.he
10/12/2022, 8:27 PM