https://github.com/osquery/osquery logo
Powered by
#fleet
Title
# fleet
j

Jason

07/13/2022, 4:02 PM
Maybe a silly question, but are 
augeas
lenses installed with 
orbit
by default, or do they need to be installed separately (and where?)
m

Michal Nicpon

07/13/2022, 4:18 PM
Not a silly question at all. It doesn’t look like augeas lenses are installed when using orbit by default. Let me check with the team to see if they can be included somehow. According to the osquery docs https://osquery.readthedocs.io/en/stable/installation/cli-flags/#augeas-flags, they should go into /opt/osquery/share/osquery/lenses or /private/var/osquery/lenses
It looks like someone asked a similar question before https://osquery.slack.com/archives/C08V7KTJB/p1653917280861609 You can install the augeas lense package on the host and set the 
--augeas_lenses
flag in the osquery flags
g

Guillaume

07/13/2022, 4:31 PM
@Jason feel free to comment on this issue if this would be interesting to you!
j

Jason

07/13/2022, 5:28 PM
hm, an easier solution may be to just symlink the lense directory into the default location ?
I'm trying to decide if it's better to make the symlink, or change flags (And re-install orbit everywhere)
out of curiosity, are there any plans to allow Fleet to dynamically adjust the osquery flags for orbit clients ?
r

Rachel Perkins

07/14/2022, 2:37 PM
Hi Jason, great question. We're actually planning on rolling out that ability this quarter!
🦜 1
4 Views
Powered by