https://github.com/osquery/osquery logo
#kolide
Title
# kolide
s

seph

09/12/2019, 2:01 PM
Extension socket not available
is about failing to launch osquery and communicate with it. It is unrelated to the server.
p

Pedro

09/12/2019, 5:55 PM
@seph do you have any idea for possible troobleshooting? I can use osqueryd without any problem, hence don understand why is failing with the launcher.
s

seph

09/12/2019, 5:56 PM
I’m not sure. You said you ran this with -debug. Can you upload the full logs?
p

Pedro

09/13/2019, 12:03 PM
here it goes. I substitute the ip address and key with xxx. I have run and executed the same command on other Macs and it has worked successfully. Hence, this is happenning only on my machine. Before I can deploy to multiple machines would be great to understand why this is happening here. Logs seemed confusing but related with "cannot open a socket", I tried with sudo as well.
s

seph

09/13/2019, 1:45 PM
I’m not sure it’s the problem, but I see that your port is
:8080
, which implies http to me. But launcher is going to default to TLS connections. Is that a TLS port?
Error seems wrong though. I think you’d get a really clear TLS failure if that was it
Starting at that more, there’s an error there from osquery itself. I’m not sure what’s up with that.
Is there anything odd on this mac? Out of disk space? Process restrictions? In need of rebooting? (I’m grasping at straws)
p

Pedro

09/13/2019, 2:22 PM
I am running TLS with 8080 but self signed cert
I used now packaged builder and installed via that and it work now. So packagebuilder was the saviour
s

seph

09/13/2019, 2:23 PM
I’m glad it worked 😃
👍 1
Though I don’t understand what the original issue was.
p

Pedro

09/13/2019, 2:39 PM
me neither the manual execution on other macs worked perfectly
just one final question and (really appreciated your help) on the sensor side I do not need to explicit state that I want to use a secure connection right? At server side I am enforcing a self signed certificate (tls) for now as a test. Of course I run the flag --insecure on the sensor due to that. Am I thinking right? plus I did some wireshark analysis can't see clear text flowing between the endpoint and this server
s

seph

09/13/2019, 2:42 PM
Correct. launcher defaults to using secure transports and verified certs.
--insecure
allows unverified certs.
--insecure_transport
disables TLS. See
--dev_help
for the options
p

Pedro

09/13/2019, 4:00 PM
perfect is running like a charm. I will double check that. One thing I don't find in the launcher (package-builder) is the help for the flag -targets if I want to do a windows or linux package (and not pkg for macos) can you point me out on the please do read about it. thanks for all the help
s

seph

09/13/2019, 4:02 PM
Targets are
platform-init-packaging
triples. linux is going to be something like
linux-systemd-deb
windows is going to be
windows-service-msi
.
(from memory, you’d need to dig through the code to find the full list)
p

Pedro

09/13/2019, 7:06 PM
👍 awesome will do that
2 Views