This is a good method for testing, but what if I wanted to push to 100 computers with osquery….ENVs aren’t, IMO, ideal. if there is no method for getting the data from the flagfile, is the next best option to parse it in the extension??
g
groob
01/03/2018, 2:49 PM
Why are ENVs not ideal?
use a JSON file if you prefer and load it from a specific location
j
Jordan
01/03/2018, 2:53 PM
I really dont have a answer to that, I just feel managing ENVs across an enterprise sounds painful. Maybe I am mistaken. The JSON sounds okay….would adding functionality to the API to leverage the flagfile even be possible?
because I would have to assume that the extensions get loaded after the flagfile vars….again, im assuming.
g
groob
01/03/2018, 2:55 PM
you can't use CLI flags to configure your extension. the architecture of osquery + extensions makes it not possible
j
Jordan
01/03/2018, 2:55 PM
gotcha
g
groob
01/03/2018, 2:55 PM
env vars are no more or less difficult than a file or CLI flags. You just add them to your launchd/systemd file and you're done