Skip to content

gibbs/puppet-osquery

BranchesTags

Repository files navigation

osquery

Build Status Release Puppet Forge Apache-2 License

Install, configure and manage osquery.

Usage

Include the osquery class to install the package and run osqueryd with minimal configuration.

include osquery

Configuration

The settings parameter accepts any hash that is saved as JSON to /etc/osquery/osquery.conf.

class { 'osquery':
  settings => {
    options   => {
      config_plugin   => 'filesystem',
      disable_logging => 'false',
      logger_plugin   => 'syslog',
    },
    discovery => [
      'SELECT pid FROM processes WHERE name = \'foobar\';',
      'SELECT 1 FROM users WHERE username like \'www%\';',
    ],
  }
}
osquery::settings:
  options:
    config_plugin: filesystem
    logger_plugin: syslog
    host_identifier: uuid
  schedule:
    foobar:
      query: SELECT foo, bar, pid FROM foobar_table;
      interval: 600
  packs:
    shard: 10
    external_pack: /path/to/external_pack.conf
    queries:
      suid_bins:
        query: SELECT * FROM suid_bins;
        interval: 3600

Dependencies

The following modules are soft dependencies that are required depending on the OS family used.

Debian Family

  • puppetlabs/apt >= 9.1.0

RedHat Family

  • puppetlabs/yumrepo_core >= 1.2.0

Windows Family

  • puppetlabs/chocolatey >= 8.0.0

About

Puppet osquery module

Topics

osquery puppet-module

Resources

Readme

License

Apache-2.0 license
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

3 tags

Languages