Does anyone have a bash script macOS Linux and or powershell

Question

Does anyone have a bash script macOS Linux and or powershell batch script that updates osquery endpoints with a flagfile I ran the newer exe and it still didn t update

seph · Answer

gt I ran the newer exe and it still didn t update What does this mean

arod · Answer

Ooops I meant the msi ```powershell ExecutionPolicy Bypass Command Invoke WebRequest OutFile C windows temp osquery msi C windows temp osquery msi quiet``` The current installation is 4 5 0 Trying to manually update one agent for 4 7 0 I d like to do this via group policy scripts on some endpoints < seph>

seph · Answer

I m not an expert window admin so that s running the msi in quiet mode right Did it actually install

seph · Answer

I doubt there s any restart there so there may well be a new osquery on disk but you need to restart it maybe

seph · Answer

I don t know if the MSI overwrites the config or flags file So that s something to check

seph · Answer

From a powershell you can invoke `osqueryd exe version` to see what the version on disk is

seph · Answer

Oh wait Windows doesn t let you replace an open file And the service manager has osqueryd exe open So there s some chance an MSI install will fail Also worth trying without ` quiet` and seeing what it does

seph · Answer

sorry for the stream of thought

arod · Answer

Thanks for the response No worries I actually had similar thoughts I have to do the same on a few linux boxes too Similar concept except bash < seph>

seph · Answer

linux and macos are different in that you can replace a binary that s open Windows won t let you

seph · Answer

But I don t know if the osquery MSI stops the service first or is generally flagged as upgradable