Hi all working on improving some checks for our deployed end

Question

Hi all working on improving some checks for our deployed endpoint to check if an application feature is enabled or disabled we need to inspect a file for ``` actual on ``` When the feature is disabled we get ``` actual off reason=disabledManually ``` Any direction on how to check the value of a line in a file I suspect we may need carves enabling but am keen to hear if there are alternatives thank you in advance man bowing

sharvil · Answer

hey < oneiroi> carving would definitely work but depending on how the file is structured one could write an augeas lens or a yara signature to match on that

oneiroi · Answer

thinking face thanks < sharvil>

zwass · Answer

You could also use the `file lines` table <https github com macadmins osquery extension blob main main go L53> from the macadmins extension If you are using Orbit this is bundled already

oneiroi · Answer

To update this thread the solution chosen would be to employ the use of `augeas` table ensuring the appropriate augeas lense is present to parse the json file in question currently this is planned future work