Does anyone have a bash script (macOS/Linux) and/o...
# generala
arod
04/21/2021, 8:56 PMDoes anyone have a bash script (macOS/Linux) and/or powershell/batch script that updates osquery endpoints with a flagfile
I ran the "newer" exe and it still didn't update.
s
seph
04/21/2021, 9:50 PM
I ran the “newer” exe and it still didn’t update.What does this mean?
a
arod
04/22/2021, 12:55 PMOoops. I meant the .msi
Copy code
powershell -ExecutionPolicy Bypass -Command "Invoke-WebRequest <https://pkg.osquery.io/windows/osquery-4.7.0.msi> -OutFile C:\windows\temp\osquery.msi"
C:\windows\temp\osquery.msi /quiets
seph
04/22/2021, 1:35 PM
I’m not an expert window admin — so that’s running the msi in quiet mode, right? Did it actually install?
seph
04/22/2021, 1:35 PM
I doubt there’s any restart there, so there may well be a new osquery on disk, but you need to restart it. (maybe?)
seph
04/22/2021, 1:36 PM
I don’t know if the MSI overwrites the config or flags file. So that’s something to check
🙌 1
seph
04/22/2021, 1:36 PM
From a powershell, you can invoke
osqueryd.exe --versionseph
04/22/2021, 1:37 PM
Oh, wait… Windows doesn’t let you replace an open file. And the service manager has osqueryd.exe open. So there’s some chance an MSI install will fail. Also worth trying without
/quietseph
04/22/2021, 1:37 PM
(sorry for the stream of thought)
a
arod
04/22/2021, 2:12 PMThanks for the response!
No worries. I actually had similar thoughts. I have to do the same on a few linux boxes too. Similar concept except bash. @seph
s
seph
04/22/2021, 2:36 PM
linux and macos are different, in that you can replace a binary that’s open. Windows won’t let you
seph
04/22/2021, 2:36 PM
But I don’t know if the osquery MSI stops the service first, or is generally flagged as upgradable
12 Views