Hi guys question about osqueryd osqueryd seems to depend on osquery #general

Hi guys, question about osqueryd. osqueryd seems ...

Jordan

06/30/2022, 10:29 PM

Hi guys, question about osqueryd. osqueryd seems to depend on SysV to be enabled (chkconfig package is required to be installed), however it starts just fine. This doesn't really make sense to me. osquery should be able to be enabled through systemd if it can be started through systemd. Does anyone know why this is the case? Is this a potential bug or is there a workaround? I would prefer to not use SysV.

[jordan ~]$ sudo systemctl enable osqueryd

Synchronizing state of osqueryd.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.

Executing: /usr/lib/systemd/systemd-sysv-install enable osqueryd

Failed to execute /usr/lib/systemd/systemd-sysv-install: No such file or directory

[jordan ~]$ sudo systemctl start osqueryd

[jordan ~]$ sudo systemctl status osqueryd

● osqueryd.service - The osquery Daemon

Loaded: loaded (/usr/lib/systemd/system/osqueryd.service; disabled; vendor preset: disabled)

Active: active (running) since Wed 2022-06-22 09:55:31 UTC; 5s ago

seph

07/01/2022, 2:47 AM

I’m not deeply familiar with the current linux init systems, but this seems weird. What operating system? What package did you install? Where did it come from?

Jordan

07/01/2022, 3:21 AM

installed on Fedora 34. Install process -

sudo curl -L <https://pkg.osquery.io/rpm/GPG> | sudo tee /etc/pki/rpm-gpg/RPM-GPG-KEY-osquery; sudo dnf config-manager --add-repo <https://pkg.osquery.io/rpm/osquery-s3-rpm.repo>; sudo dnf config-manager --set-enabled osquery-s3-rpm-repo; sudo dnf install osquery

Stefano Bonicatti

07/01/2022, 12:12 PM

I was trying on Ubuntu too. The issue seems to be that since we still install both a native service file and an init script with the same name, systemd detects both and

enable

disable

commands work on both. Although the issue is slightly different, for instance this bug report briefly mentions it: https://github.com/systemd/systemd/issues/15394 I'm not sure if there's a way to ask systemd not to do that, or if we should just not ship an init script anymore. Although for RPM based distros, we still support CentOS 6 which doesn't have systemd. Maybe what we could do is to not install the service file or init script in the system, but leave them as an example on the side under the

/opt

folder. Then the user would've to choose what to use.

👍 1

Stefano Bonicatti

07/01/2022, 12:13 PM

I mean I know that there's the alternative of preparing 2 packages each with their own choice, but that adds to the maintenance

seph

07/01/2022, 3:03 PM

TBH I always feel like it’s weird we ship packages, but 🤷 that ship sailed.

seph

07/01/2022, 3:03 PM

If we thought most users wanted systemd, we could bake that into the rpms, and ship the init script in some doc directory. I think that’s pretty common?

seph

07/01/2022, 3:03 PM

Or ship them both as optional, and try to guess and install in a postinstall script?

Jordan

07/05/2022, 1:32 AM

would it be worth it to open this as a bug on GH? @Stefano Bonicatti I think it makes sense to give the choice to the user. As you mentioned CentOS 6 doesnt support systemd and Fedora has not supported SysV for a while now.

Stefano Bonicatti

07/05/2022, 8:17 AM

@Jordan yeah I would track this as an issue. I think though that as seph was suggesting, we can detect what the system is running (https://www.freedesktop.org/software/systemd/man/sd_booted.html describes that internally just does a check for the existence of a folder, something we can easily do in a postinstall)

👍 1

116 Views

Open in Slack

Previous Next