我发现 osquery 可以在交互模式 (osqueryi) 和守护进程模式 (osqueryd) 下工作,它会定期在 localhost 的后台执行 SQL 查询。远程执行 SQL 查询怎么样 - 例如,REST 服务或 JDBC 驱动程序?
问问题
2013 次
1 回答
5
When osquery is running in daemon mode, you can enable the distributed query facilities. When this is enabled, osqueryd will periodically check in to a remote server to see whether there are queries for it to execute (typical intervals for this check range from 10 seconds to 1 minute).
Note that due to the nature of the environments that osquery runs in, the osquery agent does not listen for incoming connections. It only ever makes outgoing connections to a remote server to check for queries to execute.
To take advantage of this, you need a server implementing the osquery remote APIs. There are a handful of open-source options available:
Fleet (disclaimer: I build this)
Security note: providing remote execution on an osquery agent can be very dangerous since it can retrieve sensitive information on the device it runs on. If you plan to serve some sort of a web page allowing direct queries on your agent, be aware that since osquery provide an SQL abstraction of your system, it can be vulnerable to injections.
于 2019-04-04T16:03:39.423 回答