Hacker News new | past | comments | ask | show | jobs | submit login
Osquery: Easily ask questions about your Linux, Windows and macOS infrastructure (osquery.io)
62 points by BerislavLopac on Aug 16, 2020 | hide | past | favorite | 13 comments



Kinda shocked I have never heard of this before today. Seems very handy, especially for people deploying x-platform desktop apps or scripts. It is a SQL abstraction over OS information, kind of the SQL equivalent of the info you could glean by inspecting properties on the Python `os` module, and perhaps many OS/device details besides.


A discussion about osquery is incomplete without mentioning Kolide fleet: https://www.kolide.com/fleet/


I don't know about others, but I think this is kinda amazing? There's been so many times I've wanted to have this ability when setting up a lab. Thanks for sharing!


> Windows, macOS, CentOS, FreeBSD, and almost every Linux OS released since 2011 are supported with no dependencies.

No dependencies?

    $ brew info osquery

    osquery: stable 3.3.2 (bottled)
    ...
    ==> Dependencies
    Build: bison , cmake , python@3.8 
    Required: augeas , boost , gflags , glog , libarchive , libmagic , librdkafka , lldpd , openssl@1.1 , 
    rapidjson , rocksdb , sleuthkit , ssdeep , thrift , xz , yara , zstd


That is a result of how Homebrew built and packaged it. There are downloads at https://osquery.io/downloads, and for a Homebrew installation that page recommends installing the Cask.

    $ brew cask info osquery
    osquery: 4.4.0
    https://osquery.io/
    Not installed
    From: https://github.com/Homebrew/homebrew-cask/blob/HEAD/Casks/osquery.rb
    ==> Name
    osquery
    ==> Artifacts
    osquery-4.4.0.pkg (Pkg)
    ==> Analytics
    install: 120 (30 days), 198 (90 days), 206 (365 days)


Thanks for the clarification. I notice that "brew cask install osquery" installs a package. It would be helpful to get some instructions on what to do next.


I think what they mean is that they statically compile those in their builds, therefore producing a binary with no runtime dependencies. Homebrew builds use dynamic linking instead.


Not only that, but the formula has been disabled for security/lack of mainteance reason. The recommended way is currently `brew cask install osquery`.


Love that this is no dependencies. It was starting to look like a lost battle that everything has 2000 circular dependencies.


This looks like a cross-platform tool similar to WMI Query Language (WQL). I prefer the ease of using WQL in PowerShell scripts, so I imagine it may become popular.


Yes, we use it a fair bit in some internal dev scripts to make them platform agnostic.


Facebook uses this extensively on their systems.


Osquery is from Facebook [0] from what I understand.

[0] https://engineering.fb.com/security/introducing-osquery/




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: