Maybe a silly question but are `augeas` lenses installed wit osquery #fleet

Maybe a silly question, but are `augeas` lenses in...

Jason

07/13/2022, 4:02 PM

Maybe a silly question, but are

augeas

lenses installed with

orbit

by default, or do they need to be installed separately (and where?)

Michal Nicpon

07/13/2022, 4:18 PM

Not a silly question at all. It doesn’t look like augeas lenses are installed when using orbit by default. Let me check with the team to see if they can be included somehow. According to the osquery docs https://osquery.readthedocs.io/en/stable/installation/cli-flags/#augeas-flags, they should go into /opt/osquery/share/osquery/lenses or /private/var/osquery/lenses

Michal Nicpon

07/13/2022, 4:24 PM

It looks like someone asked a similar question before https://osquery.slack.com/archives/C08V7KTJB/p1653917280861609 You can install the augeas lense package on the host and set the

--augeas_lenses

flag in the osquery flags

Guillaume

07/13/2022, 4:31 PM

@Jason feel free to comment on this issue if this would be interesting to you!

Guillaume

07/13/2022, 4:31 PM

https://github.com/fleetdm/fleet/issues/4149

Jason

07/13/2022, 5:28 PM

hm, an easier solution may be to just symlink the lense directory into the default location ?

Jason

07/13/2022, 5:29 PM

I'm trying to decide if it's better to make the symlink, or change flags (And re-install orbit everywhere)

Jason

07/13/2022, 8:27 PM

out of curiosity, are there any plans to allow Fleet to dynamically adjust the osquery flags for orbit clients ?

Rachel Perkins

07/14/2022, 2:37 PM

Hi Jason, great question. We're actually planning on rolling out that ability this quarter!

🦜 1

4 Views

Open in Slack

Previous Next