https://github.com/osquery/osquery logo
Title
j

Jordan

01/03/2018, 2:49 PM
This is a good method for testing, but what if I wanted to push to 100 computers with osquery….ENVs aren’t, IMO, ideal. if there is no method for getting the data from the flagfile, is the next best option to parse it in the extension??
g

groob

01/03/2018, 2:49 PM
Why are ENVs not ideal?
use a JSON file if you prefer and load it from a specific location
j

Jordan

01/03/2018, 2:53 PM
I really dont have a answer to that, I just feel managing ENVs across an enterprise sounds painful. Maybe I am mistaken. The JSON sounds okay….would adding functionality to the API to leverage the flagfile even be possible?
because I would have to assume that the extensions get loaded after the flagfile vars….again, im assuming.
g

groob

01/03/2018, 2:55 PM
you can't use CLI flags to configure your extension. the architecture of osquery + extensions makes it not possible
j

Jordan

01/03/2018, 2:55 PM
gotcha
g

groob

01/03/2018, 2:55 PM
env vars are no more or less difficult than a file or CLI flags. You just add them to your launchd/systemd file and you're done
launchd looks very similar
j

Jordan

01/03/2018, 2:57 PM
fair enough, ill give it a whirl…..thanks again