https://github.com/osquery/osquery logo
Powered by
Title
t

theopolis

02/06/2018, 2:20 AM
I see just about 300 in active test within our infra, which is very low, and @obelisk is the point person on if/where we'll be testing. But for those with audit usage, it is highly recommended to update and test! and we will love you forever if you do
j

jaredl

02/06/2018, 2:46 AM
Hey @theopolis - I’m totally up for testing in our dev environment. Just to make sure I followed correctly, I should give https://osquery-packages.s3.amazonaws.com/rpm/osquery-3.0.0-1.linux.x86_64.rpm a shot?
t

theopolis

02/06/2018, 5:49 AM
Woot woot, yes please!
j

jaredl

02/06/2018, 6:54 PM
Hey @theopolis - Just deployed 3.0.0, seems sane but, nothing better in regards to the audit bits. I checked out the 
3.0.0
tag on Github: https://github.com/facebook/osquery/tree/3.0.0/osquery/events/linux and it seems that this release didn’t get the audit rewrite work that’s currently in `master`: https://github.com/facebook/osquery/tree/master/osquery/events/linux . Is that expected?
More specifically, looks like the commits in https://github.com/facebook/osquery/pull/3492 didn’t make it into the 
3.0.0
tag: https://github.com/facebook/osquery/compare/2.11.2...3.0.0
t

theopolis

02/06/2018, 6:57 PM
wow
trying to understand past me's thinking here
j

jaredl

02/06/2018, 6:58 PM
haha it’s all good
t

theopolis

02/06/2018, 6:58 PM
regardless, I can tag a 3.1.0 just after the audit stuff
will be ready to rock first thing in the morning
j

jaredl

02/06/2018, 7:03 PM
Sounds good, I’ll give it a whirl tomorrow
Hey @theopolis - Did you get a chance to cut the 3.1.0 release? I noticed that https://osquery-packages.s3.amazonaws.com/rpm/osquery-3.1.0-1.linux.x86_64.rpm errors and didn’t see the release on https://github.com/facebook/osquery/releases (not sure if you’re actually doing that part for this or not).
Hey @theopolis - I see that https://github.com/facebook/osquery/releases/tag/3.1.0 is cut! \o/ however, I don’t thing the RPM is built yet https://osquery-packages.s3.amazonaws.com/rpm/osquery-3.1.0-1.linux.x86_64.rpm . Any idea when that might be available?
t

theopolis

02/09/2018, 3:49 PM
uploaded!
j

jaredl

02/09/2018, 5:01 PM
yay! Will give it a whirl today!
🤘 1
t

theopolis

02/09/2018, 6:57 PM
sorry, didn't realize they hadn't finished uploading
https://osquery-packages.s3.amazonaws.com/centos7/osquery-3.1.0-1.linux.x86_64.rpm
should be there
j

jaredl

02/09/2018, 6:58 PM
Perfect, is that just for CentOS 7 or does it work for CentOS 6 as well?
(usually I use https://osquery-packages.s3.amazonaws.com/rpm/osquery-3.1.0-1.linux.x86_64.rpm) which will have SystemD’s unit file and the sysvinit script if I’m remembering correctly
Ah sweet, this has both, works for me, will throw it to dev and see what explodes, thanks @theopolis!
4 Views
#generalJoin Slack
Powered by