allister
06/22/2022, 12:47 AMallister
06/22/2022, 12:49 AMMike Myers
06/22/2022, 5:08 PMSteve Poe
06/22/2022, 10:10 PM/usr/local/bin/osqueryi --line "select * from fan_speed_sensors desc;"
fan = 0
name = 0
actual = -1
min = -1
max = -1
target = -1
fan = 1
name = 0
actual = -1
min = -1
max = -1
target = -1
The result is the same on my M1 Pro.
allister
06/24/2022, 12:25 AMosquery> select * from os_version;
name = macOS
version = 13.0
major = 13
minor = 0
patch = 0
build = 22A5286j
version is telling us the truth, Apple doesn't like numbers that go up sometimesallister
06/24/2022, 12:33 AMuname -r
similarly doesn't think the darwin kernel version has incremented on beta 2, I think we should be leaving patch unset on the yearly pre-release/beta major OS versionsMike Myers
06/27/2022, 3:58 PMTarek Talaat
06/27/2022, 10:45 PMTarek Talaat
06/28/2022, 10:38 PMzwass
Oleg Koreev
07/15/2022, 1:56 PMallister
07/15/2022, 2:08 PMallister
07/20/2022, 6:23 AMlast
command works on Mac and the table spec refers to a fuzzed "/var/log/wtmpx" path? it seems to be include'ing <utmpx.h>, and I don't know what that translates to on the file system if there is a (binary or log or otherwise) artifact I'd confirm with.
One way or the other, even if I'm trusting the OS itself and not a filesystem artifact, I am trying to understand retention because it seems to be getting purged/trimmed on a schedule I don't understandallister
07/20/2022, 6:28 AMAndrea
08/02/2022, 11:54 AMproc_pidpath
from libproc.h
to get the path of the process from the pid.
The code is pretty standard :
char path[PROC_PIDPATHINFO_MAXSIZE] = {0};
int bufsize = proc_pidpath(pid, path, sizeof(path));
if(bufsize > 0)
return std::string(path);
return {};
Also osquery already uses it so it should work fine.
Am I missing something?
Anybody experienced the same ?Praveen Kumar
08/26/2022, 7:52 PMPraveen Kumar
08/26/2022, 7:53 PMPraveen Kumar
08/26/2022, 7:54 PMPraveen Kumar
08/26/2022, 7:54 PMPraveen Kumar
08/26/2022, 7:54 PMPraveen Kumar
08/26/2022, 7:55 PMseph
Stefano Bonicatti
08/27/2022, 1:33 AMcmake -G
you will see the list of available project types.Stefano Bonicatti
08/27/2022, 1:36 AM-G
option from Ninja
to the XCode one. I also suggest passing -DADD_HEADERS_AS_SOURCES=ON
when configuring, and if you haven't built yet, build the prepare_for_ide
target with cmake --build . --target prepare_for_ide
. Then when opening the project XCode should be able to find all the headers.Stefano Bonicatti
08/27/2022, 1:37 AMPraveen Kumar
08/28/2022, 1:07 PMPraveen Kumar
08/28/2022, 1:08 PMallister
08/28/2022, 1:26 PMPraveen Kumar
09/01/2022, 10:39 PMPraveen Kumar
09/01/2022, 10:40 PM