Does anyone have any examples of finding versions ...
# general
Does anyone have any examples of finding versions of command line tools and binaries such as git? We’re using
at the moment, but that misses out on things such as the AppleGit versions included in the Xcode CLI tools. I’m thinking the extension route might be the way to go, but just checking if anyone has solved this in an easier way?
Are they in the apps table?
👍 1
Ultimately this will depend on how these command line tools are installed.
How would you find the version without using osquery?
Are they in the apps table?
Nope - for example, when installing the Xcode command line tools. Looking around that isn’t exposed anywhere in OSQuery - we’d get it from the cli by running
git --version
- but there doesn’t seem to be a footprint anywhere on the system that I can see.
Osquery generally talks to apis. Home brew, apps, etc. I don't think I've seen anything that does quiet what you're asking. Each tool would need its own logic.
For things that come via Xcode your night be able to check Xcode's version. But it's a bit indirect.
That’s what I was expecting - essentially trying to get the data we’d need to do vulnerability detection and this was on the list of edge cases - thanks for the confirmation!
I think there’s a really deep rathole.
It’s “easy” to gather apps version. And homebrew ones. But it seems impossible to try to get all the possible binaries an end user installed.
Yeah in that case it might make more sense to gather what can be gathered as installed, and then monitor processes. Won’t help you detect a vuln on an executable that is present but never executed, but maybe that’s not the worst thing ever (I don’t really know your use case)