Ask Your Question

Revision history [back]

it does more than you probably want but facebook relelased a cool tool called osquery about 2 years ago (osquery

its available as a puppet module osquery module

you can test it using docker - see if its useful:

[root@puppetmaster manifests]# docker run -t -i docker.io/loganp/osquery /bin/bash

Unable to find image 'docker.io/loganp/osquery:latest' locally Trying to pull repository docker.io/loganp/osquery ... latest: Pulling from loganp/osquery 2332d8973c93: Pull complete ea358092da77: Pull complete a467a7c6794f: Pull complete ca4d7b1b9a51: Pull complete 494f173bd1b3: Pull complete 4f1b27280f1f: Pull complete ca57bb4c4fb0: Pull complete 23b3f425601e: Pull complete 234f6f6905ca: Pull complete Digest: sha256:ecd1e4f81c4046834e19b556b65aa83b68010933f07643b527c0f25be7890efd Status: Downloaded newer image for docker.io/loganp/osquery:latest

root@bac80093794c:/# osqueryi osquery - being built, with love, at Facebook ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Using a virtual database. Need help, type '.help' osquery>

depending on os you can generate queries such as select * from rpm_packages or:

osquery> select name, version from deb_packages;

+----------------------------+----------------------------------+ | name | version | +----------------------------+----------------------------------+ | adduser | 3.113+nmu3ubuntu3 | | apt | 1.0.1ubuntu2.10 | | apt-utils | 1.0.1ubuntu2.10 | | base-files | 7.2ubuntu5.3 | | base-passwd | 3.5.33 | | bash | 4.3-7ubuntu1.5 | etc...

it does more than you probably want but facebook relelased a cool tool called osquery about 2 years ago (osquery

its available as a puppet module osquery module

you can test it using docker - see if its useful:

[root@puppetmaster manifests]# docker run -t -i docker.io/loganp/osquery /bin/bash

Unable to find image 'docker.io/loganp/osquery:latest' locally locally

Trying to pull repository docker.io/loganp/osquery ... latest: Pulling from loganp/osquery 2332d8973c93: Pull complete ea358092da77: Pull complete a467a7c6794f: Pull complete ca4d7b1b9a51: Pull complete 494f173bd1b3: Pull complete 4f1b27280f1f: Pull complete ca57bb4c4fb0: Pull complete 23b3f425601e: Pull complete 234f6f6905ca: Pull complete Digest: sha256:ecd1e4f81c4046834e19b556b65aa83b68010933f07643b527c0f25be7890efd loganp/osquery

...

Status: Downloaded newer image for docker.io/loganp/osquery:latest

root@bac80093794c:/# osqueryi osquery - being built, with love, at Facebook ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Using a virtual database. Need help, type '.help' osquery>

depending on os you can generate queries such as select * from rpm_packages or:

osquery> select name, version from deb_packages;
+----------------------------+----------------------------------+
| name                       | version                          |
+----------------------------+----------------------------------+
| adduser                    | 3.113+nmu3ubuntu3                |
| apt                        | 1.0.1ubuntu2.10                  |
| apt-utils                  | 1.0.1ubuntu2.10                  |
| base-files                 | 7.2ubuntu5.3                     |
| base-passwd                | 3.5.33                           |
| bash                       | 4.3-7ubuntu1.5                   |

+----------------------------+----------------------------------+ | name | version | +----------------------------+----------------------------------+ | adduser | 3.113+nmu3ubuntu3 | | apt | 1.0.1ubuntu2.10 | | apt-utils | 1.0.1ubuntu2.10 | | base-files | 7.2ubuntu5.3 | | base-passwd | 3.5.33 | | bash | 4.3-7ubuntu1.5 | etc...