-
Notifications
You must be signed in to change notification settings - Fork 0
deployment
Prior to distributing osquery to your infrastructure, please:
- Verify you have a working build
- Verify you understand your configuration options
- Verify you have a good understanding of osqueryi and the commands and tables available to you
Build a a package by following the instructions here
You can now distribute and install the package across your infrastructure
A high-level overview:
- leverage homebrew to install all build dependencies
- distribute all dependencies with a packaged build
- don't conflict with existing package manager installations
Once you've built the code, run the following command from the root of the osquery repository:
$ ./tools/make_osx_package.sh -c ~/path/to/my/osquery.conf
This tool will recursively identify the specific versions of homebrew dependencies you used to compile osquery. The dependencies will be packaged into an OS X pkg installer, along with:
- the osqueryi and osqueryd binaries
- the LaunchDaemon that is responsible for osqueryd
- the osqueryd config file that was specified via the command line
make_osx_package.sh uses homebrew to create an exact replica of your installed packages. This ensures osquery has it's specific dependencies bundled (ex: Boost 1.56.0), but also ensures that existing environment/system dependencies aren't clobbered.
If you have OSX hosts that are used for C++ development or have package managers other than Homebrew, you don't have to worry about osquery negatively impacting developers or existing package managers. Core libraries are installed in a unique directory (not /usr/local/Cellar).
Here is the output from us running make_osx_package.sh:
$ ./tools/make_osx_package.sh -c ~/Desktop/osquery.conf
[+] calculating dependency tree
[+] copying dependencies
- rocksdb (/usr/local/Cellar/rocksdb/3.5)
- boost (/usr/local/Cellar/boost/1.56.0)
- gflags (/usr/local/Cellar/gflags/2.0)
- glog (/usr/local/Cellar/glog/0.3.3)
- thrift (/usr/local/Cellar/thrift/0.9.1)
- lz4 (/usr/local/Cellar/lz4/r116)
- pkg-config (/usr/local/Cellar/pkg-config/0.28)
- snappy (/usr/local/Cellar/snappy/1.1.1)
[+] copying osquery binaries
[+] copying osquery configurations
[+] finalizing preinstall and postinstall scripts
[+] creating package
[+] package created at ~/git/osquery/osqueryd.pkg
As you can see, the distributable package can be found at ~/git/osquery/osqueryd.pkg.
You can now use your existing package distribution system (JAMF, Chef, etc) to push this package to your infrastructure.
If you want to modify the command-line arguments used to start osquery, modify the LaunchDaemon before you run make_osx_package.sh.