mirror of https://github.com/fleetdm/fleet synced 2026-05-17 05:58:40 +00:00

History

Victor Lyuboslavsky a453979202 Updated macadmins and added new tables. (#18819 ) #18808 Added the new `sofa_security_release_info` and `sofa_unpatched_cves` tables from `macadmins/osquery-extension` 1.0.1 These tables do not have detailed documentation in macadmins repo, so not adding documentation at this point. # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [x] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).	2024-05-08 08:57:16 -05:00
..
fleetd_tables.go	Updated macadmins and added new tables. (#18819 )	2024-05-08 08:57:16 -05:00
README.md	add simple go osquery extension & readme to register orbit tables (#10795 )	2023-03-31 10:39:13 -04:00

Victor Lyuboslavsky a453979202

Updated macadmins and added new tables. (#18819 )

#18808 
Added the new `sofa_security_release_info` and `sofa_unpatched_cves`
tables from `macadmins/osquery-extension` 1.0.1

These tables do not have detailed documentation in macadmins repo, so
not adding documentation at this point.

# Checklist for submitter
<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

2024-05-08 08:57:16 -05:00

fleetd_tables.go

Updated macadmins and added new tables. (#18819 )

2024-05-08 08:57:16 -05:00

README.md

add simple go osquery extension & readme to register orbit tables (#10795 )

2023-03-31 10:39:13 -04:00

README.md

Fleet osquery extensions without fleetd

If you are interested in getting some of the fleetd tables but cannot run fleetd natively then its possible to utilize this "fleetd_tables" extension with standalone osqueryd.

Building the extension

First run (note .ext is required for osquery):

go build -o fleetd_tables.ext fleetd_tables.go

or using the Makefile

make fleetd-tables-linux

Then move it somewhere osqueryd can load it:

sudo cp fleetd_tables.ext /usr/local/osquery_extensions

And tell osqueryd to autoload your extension

echo "/usr/local/osquery_extensions/fleetd_tables.ext" > /tmp/extensions.load

Finally, launch osqueryd

sudo osqueryd --extensions_autoload=/tmp/extensions.load

Local testing

Obtain the extensions_socket

osqueryi --nodisable_extensions
osquery> select value from osquery_flags where name = 'extensions_socket';
+-----------------------------------+
| value                             |
+-----------------------------------+
| /Users/USERNAME/.osquery/shell.em |
+-----------------------------------+

Then run the app

go run ./fleetd_tables.go --socket /Users/USERNAME/.osquery/shell.em

Or you can build the app and have osqueryi load it

go build -o fleetd_tables.ext fleetd_tables.go
osqueryi --extension /path/to/fleetd_tables.ext