https://github.com/osquery/osquery logo
Powered by
#fleet
Title
r

rwa

02/02/2022, 3:55 PM
Hello, sorry if this is noted somewhere, but is it possible to see the current osquery version provided but the default Orbit update server (in the stable branch)? We are testing Fleet, and have Orbit running on clients using the default 
fleetctl package
command to build installers. All of the clients are on osquery 5.0.1 which they started with. I would just like to monitor that they update when a new version is specified (my understanding is that this is the default with no special settings).
t

Tomas Touceda

02/02/2022, 4:56 PM
hi there! we don't currently have an easy way to expose the version of osquery that orbit will use. The best way currently is to look at https://tuf.fleetctl.com/targets.json and see what it shows for 
osqueryd/linux/stable/osqueryd
, which is far from ideal, but we're discussing how to best expose this
r

rwa

02/02/2022, 5:05 PM
That’s certainly good enough. That seems to be related to what I find at 
/var/lib/orbit/tuf-metadata.json
, but I guess the online version is the one to look at to make sure everything is working. If things are working I should just expect clients to update to this version:
Copy code
"osqueryd/macos/stable/osqueryd": {
    "custom": {
        "version": "5.0.1"
    },
    "hashes": {
        "sha512": "8eb9383798b3d343fe977b67fa92c283dfc2b8792ab043239a5b46651cb2ae7f7e9ab39c45402bedef3f1d923eb687e934740e213afb88f9854efed7f185c62d"
    },
    "length": 40232384
}
In the case of 
macos
?
t

Tomas Touceda

02/02/2022, 7:03 PM
correct
6 Views
Powered by