Title
#kolide
j

john

04/10/2020, 3:55 PM
Does the launcher auto-updater also allow for installing extra extensions when you publish an update?
s

seph

04/10/2020, 4:42 PM
Launcher’s update mechanism is explicitly just for launcher and osqueryd. I’m not sure there’s a straightfoward way to run launcher with additional extensions anyhow. It’s certainly possible, but I don’t think there are obvious hooks. Maybe
j

john

04/10/2020, 9:04 PM
hmm, is that because launcher is designed to only insert itself as an extension via the socket?
s

seph

04/10/2020, 9:05 PM
Launcher is a bit more complicated, but yes. It’s not impossible to launcher other extensions, but it’s not part of launchers’s designed use case, so we didn’t write it
j

john

04/10/2020, 9:05 PM
my goal was to package the fwctl extension from trailofbits so we have a nice way to read windows/linux firewall status as they don’t have an easy table like we have for macos’s alf
s

seph

04/10/2020, 9:29 PM
Dows fwctl add notable read abilities? I thought it was mostly oriented around being a writable interface
j

john

04/11/2020, 12:49 AM
it does indeed mostly describe that new write table stuff but i’m mostly interested in reading the windows firewall status, which it also does (as well as pf, iptables)
12:52 AM
but now that you mention it, knowing if it has enabled rules doesn’t mean the firewall itself is running 🤔
s

seph

04/11/2020, 12:52 AM
You often need to look at multiple tables to understand the state of a system
j

john

04/11/2020, 12:53 AM
yeah, so far i’ve looked at processes, services and the registry, but i’ve also seen states where the process is running the firewall service is running and the registry key says it’s enabled, but
netsh advfirewall show allprofiles state
shows it’s not enabled