Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
m
Madhur Jodhwani
09/07/2021, 5:39 AMDoes anyone here have links from where I can download bare package of osqueryd for versions 4.8.0, 4.7.0 .
a
alessandrogario
09/07/2021, 7:16 AMhttps://osquery.io/downloads/official/4.7.0, then extract the binary from the package; you can use 7z for MSI
That said, use a newer one if possible; there are many important fixes inside the latest version
m
Madhur Jodhwani
09/07/2021, 7:58 AMI need the older versions just for testing the fleet update server, so i am asking directly for osqueryd exe files
s
sharvil
09/07/2021, 8:12 AMBare binaries are not an official distribution, only packages are. You will either have to extract them from packages (as Alessandro said above), or compile them yourselves
a
alessandrogario
09/07/2021, 8:43 AM@Madhur Jodhwani here are the binaries for 4.7.0, I've included a small readme that explains how to extract them
m
Madhur Jodhwani
09/07/2021, 9:57 AMCan you please explain the Payload~ part for macos
like I extracted the folder but couldn't understrand after that
a
alessandrogario
09/07/2021, 10:00 AM1. Extract the .pkg file:
7z x osquery-xxx.pkgPayload~Payload~7z x Payload~usr./usrm
Madhur Jodhwani
09/07/2021, 10:01 AMFor this I neeed to go into the folder after extracting it, right?
a
alessandrogario
09/07/2021, 10:01 AMYes
m
Madhur Jodhwani
09/07/2021, 10:02 AM7-Zip [64] 17.04 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28
p7zip Version 17.04 (locale=utf8,Utf16=on,HugeFiles=on,64 bits,8 CPUs x64)
Scanning the drive for archives:
ERROR: No such file or directory
Payload~
System ERROR:
Unknown error: -2147024894
this is the error I got
a
alessandrogario
09/07/2021, 10:03 AMWhen you extract the
.pkgThe command on the
.pkg7z x osquery-4.9.0.pkg
7-Zip [64] 17.04 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28
p7zip Version 17.04 (locale=en_US.utf8,Utf16=on,HugeFiles=on,64 bits,16 CPUs x64)
Scanning the drive for archives:
1 file, 10864742 bytes (11 MiB)
Extracting archive: osquery-4.9.0.pkg
--
Path = osquery-4.9.0.pkg
Type = Xar
Physical Size = 10864742
SubType = pkg
Headers Size = 4328
----
Path = Payload
Size = 10842254
Packed Size = 10842254
Modified = 2021-06-22 21:04:41
Created = 2021-06-22 21:04:41
Accessed = 2021-06-22 21:04:40
Mode = -rw-r--r--
User = reed
Group = staff
Method = octet-stream
--
Path = Payload
Type = gzip
Headers Size = 10
Everything is Ok
Size: 41235968
Compressed: 10864742It's possible that maybe the file has a different name; you can check the
Path7zs
sharvil
09/07/2021, 10:32 AMIf you have access to a Mac you can also use
pkgutil —-expand-full osquery-4.9.0.pkg temp-dir🎉 2
m
Madhur Jodhwani
09/07/2021, 11:26 AMThanks☺️😊