
Osquery: Easily ask questions about your Linux, Windows and macOS infrastructure - BerislavLopac
https://osquery.io/
======
pixelmonkey
Kinda shocked I have never heard of this before today. Seems very handy,
especially for people deploying x-platform desktop apps or scripts. It is a
SQL abstraction over OS information, kind of the SQL equivalent of the info
you could glean by inspecting properties on the Python `os` module, and
perhaps many OS/device details besides.

------
badrabbit
A discussion about osquery is incomplete without mentioning Kolide fleet:
[https://www.kolide.com/fleet/](https://www.kolide.com/fleet/)

------
kanobo
I don't know about others, but I think this is kinda amazing? There's been so
many times I've wanted to have this ability when setting up a lab. Thanks for
sharing!

------
chmaynard
> Windows, macOS, CentOS, FreeBSD, and almost every Linux OS released since
> 2011 are supported with no dependencies.

No dependencies?

    
    
        $ brew info osquery
    
        osquery: stable 3.3.2 (bottled)
        ...
        ==> Dependencies
        Build: bison , cmake , python@3.8 
        Required: augeas , boost , gflags , glog , libarchive , libmagic , librdkafka , lldpd , openssl@1.1 , 
        rapidjson , rocksdb , sleuthkit , ssdeep , thrift , xz , yara , zstd

~~~
antoncohen
That is a result of how Homebrew built and packaged it. There are downloads at
[https://osquery.io/downloads](https://osquery.io/downloads), and for a
Homebrew installation that page recommends installing the Cask.

    
    
        $ brew cask info osquery
        osquery: 4.4.0
        https://osquery.io/
        Not installed
        From: https://github.com/Homebrew/homebrew-cask/blob/HEAD/Casks/osquery.rb
        ==> Name
        osquery
        ==> Artifacts
        osquery-4.4.0.pkg (Pkg)
        ==> Analytics
        install: 120 (30 days), 198 (90 days), 206 (365 days)

~~~
chmaynard
Thanks for the clarification. I notice that "brew cask install osquery"
installs a package. It would be helpful to get some instructions on what to do
next.

------
hrishios
Love that this is no dependencies. It was starting to look like a lost battle
that everything has 2000 circular dependencies.

------
jasoneckert
This looks like a cross-platform tool similar to WMI Query Language (WQL). I
prefer the ease of using WQL in PowerShell scripts, so I imagine it may become
popular.

~~~
jmarcher
Yes, we use it a fair bit in some internal dev scripts to make them platform
agnostic.

------
rbolla
Facebook uses this extensively on their systems.

