#general - Hello, if I set some environme

Home Docs

Join the conversation Join Slack

Channels

Mystery Incorporated
11 months ago
Hello, if I set some environment variables in the OS, can I retrieve them using OSQuery? Or alternatively is there some other method where I can retrieve a constant value that I set per device? I was setting a decorator query in each .conf file previously to do this, but since moving to fleet, having the shared conf means I can't do that now, so I guess setting an Environment variable on heach machine and querying it will be best way?
s
seph
11 months ago
Maybe, depends a lot on the details and operating system.
Environment variables run in an environment. Which is associated with a process, not some hypothetical thing. So to read them from osquery you either need them in osquery’s environment, or you need to pick a specific process to read them from. This is generally awkward.
If you want to pick up some bit of information from a host, I’d look at using something like the plist table on macos, and the registry on windows. I’d have to skim the tables to see what might work from linux. But there are likely others.
Find something like that
theopolis
11 months ago
Perhaps https://osquery.io/schema/4.9.0/#process_envs is what you are looking for.
Mystery Incorporated
11 months ago
But we can set environment variables in the bash profile or in windows we can set os wide (global) environment variables I think they are not all process bound right?
s
seph
11 months ago
“sometimes” There’s not a simple answer to that one. It depends a lot on how startup is sequenced.
As said,
```
This is generally awkward
```
Mystery Incorporated
11 months ago
@theopolis https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_environment_variables?view=powershell-7.1#:~:text=To%20make%20a%20persistent%20change,and%20System%20(Machine)%20scopes.
In Windows there are Machine, User or Process scoped environment variables. I can't speak for other OS I don't know, but it would be nice to fetch all environment variables if possible.
@theopolis also
```
4.9.0	no such table: process_envs
```
when try to use that table you supplied. osquery says it doesn't exist
Oh not for windows, I see the apple and penguin now lol.
So we really have no mechanisim to see environment variables on windows at all?

Join thread in Slack

View count: 2