https://github.com/osquery/osquery logo
Powered by
#general
Title
# general
m

Madhur Jodhwani

09/07/2021, 5:39 AM
Does anyone here have links from where I can download bare package of osqueryd for versions 4.8.0, 4.7.0 .
a

alessandrogario

09/07/2021, 7:16 AM
https://osquery.io/downloads/official/4.7.0, then extract the binary from the package; you can use 7z for MSI
That said, use a newer one if possible; there are many important fixes inside the latest version
m

Madhur Jodhwani

09/07/2021, 7:58 AM
I need the older versions just for testing the fleet update server, so i am asking directly for osqueryd exe files
s

sharvil

09/07/2021, 8:12 AM
Bare binaries are not an official distribution, only packages are. You will either have to extract them from packages (as Alessandro said above), or compile them yourselves
a

alessandrogario

09/07/2021, 8:43 AM
@Madhur Jodhwani here are the binaries for 4.7.0, I've included a small readme that explains how to extract them
osquery_470_binaries.zip
m

Madhur Jodhwani

09/07/2021, 9:57 AM
Can you please explain the Payload~ part for macos
like I extracted the folder but couldn't understrand after that
a

alessandrogario

09/07/2021, 10:00 AM
1. Extract the .pkg file: 
7z x osquery-xxx.pkg
. This will create a (possibly hidden) file named 
Payload~
2. Extract the 
Payload~
file: 
7z x Payload~
. This will create the standard deployment folders, such as 
usr
. 3. Locate the osqueryd binary under 
./usr
m

Madhur Jodhwani

09/07/2021, 10:01 AM
For this I neeed to go into the folder after extracting it, right?
a

alessandrogario

09/07/2021, 10:01 AM
Yes
m

Madhur Jodhwani

09/07/2021, 10:02 AM
7-Zip [64] 17.04 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28 p7zip Version 17.04 (locale=utf8,Utf16=on,HugeFiles=on,64 bits,8 CPUs x64) Scanning the drive for archives:       ERROR: No such file or directory Payload~ System ERROR: Unknown error: -2147024894
this is the error I got
a

alessandrogario

09/07/2021, 10:03 AM
When you extract the 
.pkg
archive, what new files do you get?
The command on the 
.pkg
file should look like this:
Copy code
7z x osquery-4.9.0.pkg 

7-Zip [64] 17.04 : Copyright (c) 1999-2021 Igor Pavlov : 2017-08-28
p7zip Version 17.04 (locale=en_US.utf8,Utf16=on,HugeFiles=on,64 bits,16 CPUs x64)

Scanning the drive for archives:
1 file, 10864742 bytes (11 MiB)

Extracting archive: osquery-4.9.0.pkg
--
Path = osquery-4.9.0.pkg
Type = Xar
Physical Size = 10864742
SubType = pkg
Headers Size = 4328
----
Path = Payload
Size = 10842254
Packed Size = 10842254
Modified = 2021-06-22 21:04:41
Created = 2021-06-22 21:04:41
Accessed = 2021-06-22 21:04:40
Mode = -rw-r--r--
User = reed
Group = staff
Method = octet-stream
--
Path = Payload
Type = gzip
Headers Size = 10

Everything is Ok

Size:       41235968
Compressed: 10864742
It's possible that maybe the file has a different name; you can check the 
Path
messages in the 
7z
output to determine what files have been created
s

sharvil

09/07/2021, 10:32 AM
If you have access to a Mac you can also use 
pkgutil —-expand-full osquery-4.9.0.pkg temp-dir
🎉 2
m

Madhur Jodhwani

09/07/2021, 11:26 AM
Thanks☺️😊
5 Views
Powered by