https://github.com/osquery/osquery logo
Powered by
#general
Title
# general
t

Tilman Bender

03/16/2022, 5:48 PM
How again do you query values in specific textfiles (e.g. the presence of 'PermitRootLogin no' in an sshd_config) ?
There was some kind of subprojet for that but I cannot recall the name
h

Hugh (Zercurity)

03/16/2022, 6:10 PM
Augeaus can parse the config
osquery> SELECT CASE WHEN COUNT(*) = 1 THEN 'PASSING' ELSE 'FAILING' END AS state FROM augeas WHERE path = '/etc/ssh/sshd_config' AND label = 'PermitRootLogin' AND value != 'yes';
t

Tilman Bender

03/16/2022, 6:49 PM
Ah that was it! Was reading your medium article a couple of mins after I asked
h

Hugh (Zercurity)

03/16/2022, 6:49 PM
😁
t

Tilman Bender

03/16/2022, 6:50 PM
Do you happen to use that with fleet btw?
Still not 100% certain about vanilla osquery vs. what fleet bundles into their agent
h

Hugh (Zercurity)

03/16/2022, 6:50 PM
Zercurity is another fleet like manager for osquery
s

seph

03/16/2022, 7:00 PM
Launcher, Kolide’s agent, ships a variety of things to help with this. But It’s much more oriented around using our SaaS than rolling your own.
6 Views
Powered by