Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
j
Jason NG
07/23/2021, 3:43 AMHi All, new to this. I followed this document to create osquery python extensions. https://github.com/osquery/osquery-python this works in linux but when i try to do it in windows it just fails to register the extension. Im not sure what i did wrong, since the only error i receive is " Cannot create extension process: test2.py". I have changed the file permissions as per osquery documentation and also ran osqueryi in --allow_unsafe mode (for the time being). Any help is appreciated! Thanks!
t
theopolis
07/24/2021, 7:32 PM(I think this question was asked in two places) so for posterity, I think the issue is that osquery is also checking the directory permissions. osquery wants to make sure the file cannot be deleted and recreated by an unprivileged user
j
Jason NG
07/26/2021, 4:45 AM@theopolis whats the correct permission? i ran the commands listed on osquery documentation. i also tried granting inheritance and full control from the parent directory but all does not work
c
CptOfEvilMinions
07/26/2021, 8:12 PMhttps://osquery.readthedocs.io/en/latest/deployment/extensions/
Extensions Binary Permissions
icacls .\Extensions /setowner Administrators /t
icacls .\Extensions /grant Administrators:f /t
icacls .\Extensions /inheritance:r /t
icacls .\Extensions /inheritance:d /t