Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
j
Jordan
06/30/2022, 10:29 PMHi guys, question about osqueryd.
osqueryd seems to depend on SysV to be enabled (chkconfig package is required to be installed), however it starts just fine. This doesn't really make sense to me. osquery should be able to be enabled through systemd if it can be started through systemd. Does anyone know why this is the case? Is this a potential bug or is there a workaround? I would prefer to not use SysV.
[jordan ~]$ sudo systemctl enable osquerydSynchronizing state of osqueryd.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.Executing: /usr/lib/systemd/systemd-sysv-install enable osquerydFailed to execute /usr/lib/systemd/systemd-sysv-install: No such file or directory[jordan ~]$ sudo systemctl start osqueryd[jordan ~]$ sudo systemctl status osqueryd● osqueryd.service - The osquery DaemonLoaded: loaded (/usr/lib/systemd/system/osqueryd.service; disabled; vendor preset: disabled)Active: active (running) since Wed 2022-06-22 09:55:31 UTC; 5s agos
seph
07/01/2022, 2:47 AMI’m not deeply familiar with the current linux init systems, but this seems weird.
What operating system? What package did you install? Where did it come from?
j
Jordan
07/01/2022, 3:21 AMinstalled on Fedora 34. Install process -
sudo curl -L <https://pkg.osquery.io/rpm/GPG> | sudo tee /etc/pki/rpm-gpg/RPM-GPG-KEY-osquery; sudo dnf config-manager --add-repo <https://pkg.osquery.io/rpm/osquery-s3-rpm.repo>; sudo dnf config-manager --set-enabled osquery-s3-rpm-repo; sudo dnf install osquerys
Stefano Bonicatti
07/01/2022, 12:12 PMI was trying on Ubuntu too. The issue seems to be that since we still install both a native service file and an init script with the same name, systemd detects both and
enabledisable/opt👍 1
I mean I know that there's the alternative of preparing 2 packages each with their own choice, but that adds to the maintenance
s
seph
07/01/2022, 3:03 PMTBH I always feel like it’s weird we ship packages, but 🤷 that ship sailed.
If we thought most users wanted systemd, we could bake that into the rpms, and ship the init script in some doc directory. I think that’s pretty common?
Or ship them both as optional, and try to guess and install in a postinstall script?
j
Jordan
07/05/2022, 1:32 AMwould it be worth it to open this as a bug on GH? @Stefano Bonicatti I think it makes sense to give the choice to the user. As you mentioned CentOS 6 doesnt support systemd and Fedora has not supported SysV for a while now.
s
Stefano Bonicatti
07/05/2022, 8:17 AM@Jordan yeah I would track this as an issue. I think though that as seph was suggesting, we can detect what the system is running (https://www.freedesktop.org/software/systemd/man/sd_booted.html describes that internally just does a check for the existence of a folder, something we can easily do in a postinstall)
👍 1