https://github.com/osquery/osquery logo
Powered by
Title
n

nyanshak

04/09/2021, 4:58 PM
Had a user in my org report an issue installing osquery. They're using RHEL, so I'm following along with the 'alternative install options' on https://osquery.io/downloads/official/4.70. For my test, running all in docker: 
docker run -it <http://registry.access.redhat.com/ubi8/ubi:8.1|registry.access.redhat.com/ubi8/ubi:8.1> bash

# yum-config-manager needs to be installed on this system
yum install yum-utils

# no sudo installed by default and already running as root, so I've modified instructions to remove sudo, but otherwise are the same:
curl -L <https://pkg.osquery.io/rpm/GPG> | tee /etc/pki/rpm-gpg/RPM-GPG-KEY-osquery

yum-config-manager --add-repo <https://pkg.osquery.io/rpm/osquery-s3-rpm.repo>

yum-config-manager --enable osquery-s3-rpm
Error: No matching repo to modify: osquery-s3-rpm.
^ I noticed the instructions failed at this point. I opened https://pkg.osquery.io/rpm/osquery-s3-rpm.repo to take a look... Looks like the repo name changed or something? Shows as 
osquery-s3-rpm-repo
instead of 
osquery-s3-rpm
. Seems to pan out, because changing the line to this works: 
yum-config-manager --enable osquery-s3-rpm
And then I'm able to successfully install osquery with 
yum install osquery
t

theopolis

04/09/2021, 5:07 PM
Do you mean the command: 
yum-config-manager --enable osquery-s3-rpm-repo
worked?
n

nyanshak

04/09/2021, 5:07 PM
yeah
🤦 that's what I meant
t

theopolis

04/09/2021, 5:07 PM
interesting, this might be a typo on the website, vs. a change to that file
n

nyanshak

04/09/2021, 5:08 PM
I'm not sure where this is setup so not sure about digging through old commits to identify this.
Seems odd that nobody pointed this out if nothing changed though. Or just... nobody actually uses those instructions 🤷‍♀️
t

theopolis

04/09/2021, 5:11 PM
https://github.com/osquery/osquery-site/pull/205
This is a copy of the bucket from when I moved it from FB -> Linux Foundation https://osquery-packages-xfer.s3.us-east-2.amazonaws.com/rpm/osquery-s3-rpm.repo so it's been titled 
osquery-s3-rpm-repo
for a while (since at least last August)
poor instructions, nobody gave them the love they needed 😢
n

nyanshak

04/09/2021, 5:17 PM
ah okay - documentation is one of the hard problems in computer science 😢
but thanks for updating instructions
s

seph

04/09/2021, 5:59 PM
Is the 
--enable
required?
I noticed this recently, and I suspect it's skew across different versions of yum. It's hard to keep up with all the different versions
n

nyanshak

04/09/2021, 6:01 PM
Interesting - I'm not sure. I don't regularly use yum / any systems that do. I was basically furiously googling my way through debugging this one 😐
s

seph

04/09/2021, 6:05 PM
I feel bad I didn't hint it then. I think i twiddled a couples and didn't think too hard.
Maybe I listed the configed yum repos and copypasted the obvious one.
2 Views
#generalJoin Slack
Powered by