Hello, if I set some environment variables in the ...
# generalm
Mystery Incorporated
06/25/2021, 4:13 AMHello, if I set some environment variables in the OS, can I retrieve them using OSQuery? Or alternatively is there some other method where I can retrieve a constant value that I set per device? I was setting a decorator query in each .conf file previously to do this, but since moving to fleet, having the shared conf means I can't do that now, so I guess setting an Environment variable on heach machine and querying it will be best way?
s
seph
06/25/2021, 12:34 PM
Maybe, depends a lot on the details and operating system.
seph
06/25/2021, 12:35 PM
Environment variables run in an environment. Which is associated with a process, not some hypothetical thing. So to read them from osquery you either need them in osquery’s environment, or you need to pick a specific process to read them from. This is generally awkward.
seph
06/25/2021, 12:35 PM
If you want to pick up some bit of information from a host, I’d look at using something like the plist table on macos, and the registry on windows. I’d have to skim the tables to see what might work from linux. But there are likely others.
seph
06/25/2021, 12:35 PM
Find something like that
t
theopolis
06/25/2021, 3:28 PM
Perhaps https://osquery.io/schema/4.9.0/#process_envs is what you are looking for.
m
Mystery Incorporated
06/26/2021, 10:02 AMBut we can set environment variables in the bash profile or in windows we can set os wide (global) environment variables I think they are not all process bound right?
s
seph
06/26/2021, 11:51 AM
“sometimes” There’s not a simple answer to that one. It depends a lot on how startup is sequenced.
seph
06/26/2021, 11:51 AM
As said,
This is generally awkwardm
Mystery Incorporated
06/27/2021, 5:24 AMIn Windows there are Machine, User or Process scoped environment variables. I can't speak for other OS I don't know, but it would be nice to fetch all environment variables if possible.
Mystery Incorporated
06/27/2021, 5:37 AM@theopolis also
4.9.0 no such table: process_envsMystery Incorporated
06/27/2021, 5:38 AMOh not for windows, I see the apple and penguin now lol.
Mystery Incorporated
06/27/2021, 5:38 AMSo we really have no mechanisim to see environment variables on windows at all?
Mystery Incorporated
06/27/2021, 5:41 AM@theopolis @seph by a stroke of luck, I found https://osquery.io/schema/4.9.0/#default_environment
Which lists to me the machine environment variables in Windows, Happy dance.
46 Views