Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
s
seph
09/12/2019, 2:01 PMExtension socket not availablep
Pedro
09/12/2019, 5:55 PM@seph do you have any idea for possible troobleshooting? I can use osqueryd without any problem, hence don understand why is failing with the launcher.
s
seph
09/12/2019, 5:56 PMI’m not sure. You said you ran this with -debug. Can you upload the full logs?
p
Pedro
09/13/2019, 12:03 PMhere it goes. I substitute the ip address and key with xxx. I have run and executed the same command on other Macs and it has worked successfully. Hence, this is happenning only on my machine. Before I can deploy to multiple machines would be great to understand why this is happening here. Logs seemed confusing but related with "cannot open a socket", I tried with sudo as well.
s
seph
09/13/2019, 1:45 PMI’m not sure it’s the problem, but I see that your port is
:8080Error seems wrong though. I think you’d get a really clear TLS failure if that was it
Starting at that more, there’s an error there from osquery itself. I’m not sure what’s up with that.
Is there anything odd on this mac? Out of disk space? Process restrictions? In need of rebooting? (I’m grasping at straws)
p
Pedro
09/13/2019, 2:22 PMI am running TLS with 8080 but self signed cert
I used now packaged builder and installed via that and it work now. So packagebuilder was the saviour
s
seph
09/13/2019, 2:23 PMI’m glad it worked 😃
👍 1
Though I don’t understand what the original issue was.
p
Pedro
09/13/2019, 2:39 PMme neither the manual execution on other macs worked perfectly
just one final question and (really appreciated your help) on the sensor side I do not need to explicit state that I want to use a secure connection right? At server side I am enforcing a self signed certificate (tls) for now as a test. Of course I run the flag --insecure on the sensor due to that. Am I thinking right? plus I did some wireshark analysis can't see clear text flowing between the endpoint and this server
s
seph
09/13/2019, 2:42 PMCorrect. launcher defaults to using secure transports and verified certs.
--insecure--insecure_transport--dev_helpp
Pedro
09/13/2019, 4:00 PMperfect is running like a charm. I will double check that. One thing I don't find in the launcher (package-builder) is the help for the flag -targets if I want to do a windows or linux package (and not pkg for macos) can you point me out on the please do read about it. thanks for all the help
s
seph
09/13/2019, 4:02 PMTargets are
platform-init-packaginglinux-systemd-debwindows-service-msi(from memory, you’d need to dig through the code to find the full list)
See https://github.com/kolide/launcher/blob/master/docs/package-builder.md for caveats and cross build requirements
p
Pedro
09/13/2019, 7:06 PM👍 awesome will do that