Hello sorry if this is noted somewhere but is it possible to osquery #fleet

Hello, sorry if this is noted somewhere, but is it...

rwa

02/02/2022, 3:55 PM

Hello, sorry if this is noted somewhere, but is it possible to see the current osquery version provided but the default Orbit update server (in the stable branch)? We are testing Fleet, and have Orbit running on clients using the default

fleetctl package

command to build installers. All of the clients are on osquery 5.0.1 which they started with. I would just like to monitor that they update when a new version is specified (my understanding is that this is the default with no special settings).

Tomas Touceda

02/02/2022, 4:56 PM

hi there! we don't currently have an easy way to expose the version of osquery that orbit will use. The best way currently is to look at https://tuf.fleetctl.com/targets.json and see what it shows for

osqueryd/linux/stable/osqueryd

, which is far from ideal, but we're discussing how to best expose this

rwa

02/02/2022, 5:05 PM

That’s certainly good enough. That seems to be related to what I find at

/var/lib/orbit/tuf-metadata.json

, but I guess the online version is the one to look at to make sure everything is working. If things are working I should just expect clients to update to this version:

rwa

02/02/2022, 5:05 PM

Copy code

"osqueryd/macos/stable/osqueryd": {
    "custom": {
        "version": "5.0.1"
    },
    "hashes": {
        "sha512": "8eb9383798b3d343fe977b67fa92c283dfc2b8792ab043239a5b46651cb2ae7f7e9ab39c45402bedef3f1d923eb687e934740e213afb88f9854efed7f185c62d"
    },
    "length": 40232384
}

In the case of

macos

Tomas Touceda

02/02/2022, 7:03 PM

correct

6 Views

Open in Slack

Previous Next