https://github.com/osquery/osquery logo
#general
Title
# general
m

Madhur Jodhwani

09/08/2021, 5:47 AM
how to avoid using this flag, I was successful in turning osqueryd to xyz_daemon and now I have to use 
--allow_unsafe
 to add my daemon to the fleetDM server, I am looking forward to avoid this issue and solve it.
a

alessandrogario

09/08/2021, 7:38 AM
The first step is to double check the osquery permissions
ideally both the binary and the folder that contains it are set to not be writable (except for root)
So you can start with: Owner: chown root:root osquery Permissions: chmod 755 osquery
m

Madhur Jodhwani

09/08/2021, 11:54 AM
tried this but still I get the unsafe permissions error.
m

Mike Myers

09/08/2021, 3:23 PM
a

alessandrogario

09/08/2021, 3:24 PM
I didn't notice this at first; are you trying to rename the binary? This won't work due to several reasons in the code and is not supported
m

Mike Myers

09/08/2021, 3:26 PM
Yea that's been his focus for a while https://github.com/osquery/osquery/issues/7265 but now the question is why this might affect "unsafeness"
m

Madhur Jodhwani

09/09/2021, 11:32 AM
Ok, so what i did was to rename osqueryd to xyz_daemon what i did was found and replaced the osqueryd in all files to xyz_daemon and it worked but now that affects the safeness
a

alessandrogario

09/09/2021, 11:36 AM
@Madhur Jodhwani do note that this affects licensing, since you are changing existing code that is both under GPL and Apache. Users of osquery can decide to use either license and can request the full source code
m

Madhur Jodhwani

09/09/2021, 11:36 AM
oh
so,what should I do?
a

alessandrogario

09/09/2021, 11:38 AM
Use the standard osquery daemon, or include a new notice in your distribution stating that 1. it is no longer an official copy of osquery 2. it is a custom fork 3. where to find the source code for your fork
While you can choose either GPL or Apache for your own machine and personal use, you can't take away the right for other users that are running your binary to pick the license they want to use between the two
m

Madhur Jodhwani

09/09/2021, 11:55 AM
No, I am not distributing it for the time being but using it only for my personal use, so still I should be following any guidelines?
a

alessandrogario

09/09/2021, 11:57 AM
If it is for your personal use, I don't think (but big disclaimer for everything I said about licensing: i am not a lawyer)
m

Madhur Jodhwani

09/09/2021, 12:18 PM
ok, thanks
but how do I avoid the --allow_unsafe flag part? I really need to get it off.
a

alessandrogario

09/10/2021, 9:03 AM
I am not sure, since it's a modified binary you may have to debug the code
it's not a version we support
m

Madhur Jodhwani

09/10/2021, 9:31 AM
ok, but where should i look?
since for normal osqueryd also it shows the same error
m

Mike Myers

09/13/2021, 9:01 PM
2 Views