Last Updated: 12/14/2023
This is a place holder. You can use osquery as a easy way to query information about your workstations. Fleet – which is a GUI portal can use osquery to … well manage information about your nodes.
The beauty of using this is that you can reference everything as a query. This can serve as a fundamental building block to answer so many questions.
For downloads please visit: https://osquery.io/downloads/official/5.10.2
You can download the binary. For example for debian – at the time of this writing I can use
wget https://pkg.osquery.io/deb/osquery_5.10.2-1.linux_amd64.deb
root@node1:/home/ubuntu# dpkg -i osquery_5.10.2-1.linux_amd64.deb
Selecting previously unselected package osquery.
(Reading database ... 120040 files and directories currently installed.)
Preparing to unpack osquery_5.10.2-1.linux_amd64.deb ...
Unpacking osquery (5.10.2-1.linux) ...
Setting up osquery (5.10.2-1.linux) ...
17831
root@node1:/home/ubuntu#
root@node1:/home/ubuntu# osqueryi
Using a virtual database. Need help, type '.help'
osquery> select * from users
...> ;
+-------+-------+------------+------------+------------------+------------------------------------+--------------------------+-------------------+------+
| uid | gid | uid_signed | gid_signed | username | description | directory | shell | uuid |
+-------+-------+------------+------------+------------------+------------------------------------+--------------------------+-------------------+------+
| 0 | 0 | 0 | 0 | root | root | /root | /bin/bash | |
| 1 | 1 | 1 | 1 | daemon | daemon | /usr/sbin | /usr/sbin/nologin | |
| 2 | 2 | 2 | 2 | bin | bin | /bin | /usr/sbin/nologin | |
references:
https://www.starwindsoftware.com/blog/how-to-install-and-use-osquery-on-ubuntu-and-linux-mint