Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/gibbs/puppet-osquery

Puppet osquery module
https://github.com/gibbs/puppet-osquery

osquery puppet-module

Last synced: 1 day ago
JSON representation

Puppet osquery module

Host: GitHub
URL: https://github.com/gibbs/puppet-osquery
Owner: gibbs
License: apache-2.0
Created: 2022-03-15T16:33:07.000Z (over 2 years ago)
Default Branch: master
Last Pushed: 2024-01-26T17:27:31.000Z (8 months ago)
Last Synced: 2024-05-19T09:04:58.347Z (5 months ago)
Topics: osquery, puppet-module
Language: Ruby
Homepage:
Size: 48.8 KB
Stars: 4
Watchers: 1
Forks: 0
Open Issues: 4
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

        # osquery

[![Build Status](https://github.com/gibbs/puppet-osquery/workflows/CI/badge.svg)](https://github.com/gibbs/puppet-osquery/actions?query=workflow%3ACI)

[![Release](https://github.com/gibbs/puppet-osquery/workflows/Release/badge.svg)](https://github.com/gibbs/puppet-osquery/actions?query=workflow%3ARelease)

[![Puppet Forge](https://img.shields.io/puppetforge/v/genv/osquery.svg?maxAge=2592000?style=plastic)](https://forge.puppet.com/genv/osquery)

[![Apache-2 License](https://img.shields.io/github/license/gibbs/puppet-osquery.svg)](LICENSE)

Install, configure and manage osquery.

## Usage

Include the `osquery` class to install the package and run `osqueryd` with

minimal configuration.

```puppet

include osquery

```

## Configuration

The `settings` parameter accepts any hash that is saved as JSON to

`/etc/osquery/osquery.conf`.

```puppet

class { 'osquery':

  settings => {

    options   => {

      config_plugin   => 'filesystem',

      disable_logging => 'false',

      logger_plugin   => 'syslog',

    },

    discovery => [

      'SELECT pid FROM processes WHERE name = \'foobar\';',

      'SELECT 1 FROM users WHERE username like \'www%\';',

    ],

  }

}

```

```yaml

osquery::settings:

  options:

    config_plugin: filesystem

    logger_plugin: syslog

    host_identifier: uuid

  schedule:

    foobar:

      query: SELECT foo, bar, pid FROM foobar_table;

      interval: 600

  packs:

    shard: 10

    external_pack: /path/to/external_pack.conf

    queries:

      suid_bins:

        query: SELECT * FROM suid_bins;

        interval: 3600

```

## Dependencies

The following modules are soft dependencies that are required

depending on the OS family used.

### Debian Family

- `puppetlabs/apt` >= 9.1.0

### RedHat Family

- `puppetlabs/yumrepo_core` >= 1.2.0

### Windows Family

- `puppetlabs/chocolatey` >= 8.0.0