https://github.com/osquery/osquery logo
Powered by
#linux
  • m

    Mystery Incorporated

    03/21/2022, 12:26 AM
    or they are just grabbing and concatenating major + minor + patch actually now I look at that again, so I'm guessing they are doing 
    var OS=major+.+minor+.+patch
    to describe in pseudocode
  • m

    Mystery Incorporated

    03/21/2022, 12:28 AM
    Perhaps some platform specific logic may be needed for Ubuntu to grab version and then substr anything to the left of LTS
  • n

    Nick Klauer

    06/07/2022, 8:25 PM
    I didn’t realize there was a separate channel just for Linux, so I’m cross-posting my question here
  • z

    zwass

    08/17/2022, 10:20 PM
    Is there a good way to tell whether a process is part of a container (independent of the runtime, I know docker containers could be found with 
    docker_containers
    table)? Not sure if @Artemis Tosini’s cgroup work will help with this. In current osquery, best I've come up with is 
    select * from processes join process_namespaces using (pid) where cgroup_namespace != (select cgroup_namespace from process_namespaces where pid = 1);
    (eg. check for a different cgroup than the init process), though I think this will pick up other processes using cgroups besides just containers. I'm looking to do this in order to take advantage of the 
    pid_with_namespace
    column @Stefano Bonicatti added to some tables.
    a
    s
    a
    • 4
    • 22
  • d

    defensivedepth

    08/18/2022, 1:51 AM
    Trying to dig back into the history of when the linux osqueryd binary increased in size.... Anyone recall why it increased so dramatically from 
    4.9
    44mb ------> 
    5.0
    196mb ?
    s
    s
    +2
    • 5
    • 27
  • a

    Artemis Tosini

    08/18/2022, 7:13 PM
    I'm looking at adding some containerd tables. Unfortunately the API is via grpc so we'd require grpc as a dependancy and either pregenerate the C++ with protoc or use protoc at build time, does anyone have opinions?
    z
    a
    +2
    • 5
    • 60
  • s

    Sagar Patil

    08/25/2022, 4:24 AM
    Can anyone please help me with scheduled queries for docker and Linux environment for improving incident detection and response program.
  • m

    MChorfa

    11/02/2022, 12:12 PM
    Hello 🖖 I followed the docs after the deployment of the fleet server. generated the deb package. but was not able to run it .. Am I missing something ? OH tried with dpkg same issue
    Copy code
    mchorfa@mchorfa-linux-02:~/tmp$ sudo apt install fleet-osquery_1.3.0_amd64.deb
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package fleet-osquery_1.3.0_amd64.deb
    s
    • 2
    • 1
  • m

    Michael

    11/09/2022, 6:44 AM
    Hello. I'm trying to package osquery for my distribution of choice. I'm running into a lot of trouble getting the build to find system augeas, is there some flag I need to be passing to get the build to find system libraries?
    s
    • 2
    • 11
  • l

    Larry Gryziak

    02/24/2023, 9:44 PM
    @Larry Gryziak has left the channel
  • s

    Slackbot

    06/08/2023, 11:19 AM
    This message was deleted.
    d
    • 2
    • 2
12Latest