Skip to content
/ osquery-s3-config Public

An osquery config plugin to read from a configuration file stored in an AWS s3 bucket

License

View license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

burdzwastaken/osquery-s3-config

BranchesTags

Repository files navigation

osquery-s3-config

A osquery config plugin to read from a configuration file stored in an AWS s3 bucket.

Building

To build the osquery extension you will need to have the following installed:

To build the extension use the following commands:

make

Configuration

To the run the extension the following environment variables are required to be set:

OSQUERY_S3_CONFIG_BUCKET_NAME
OSQUERY_S3_CONFIG_BUCKET_REGION
OSQUERY_S3_CONFIG_PATH // optional - defaults to `osquery.conf`

AWS configuration

Standard AWS SDK mechanisms for AWS; This includes env vars (AWS_ACCESS_KEY_ID) and profiles (AWS_PROFILE) and IAM authentication.

Troubleshooting

When troubleshooting, ensure you are running osqueryd/osqueryi with the --verbose flag.

Note if running osquery as root you will have to change the ownership of build/osquery-s3-config.ext to root or by passing the --allow_unsafe flag.

Thanks

groob for the example in his blog post Extending osquery with Go.

About

An osquery config plugin to read from a configuration file stored in an AWS s3 bucket

Resources

Readme

License

View license
Activity

Stars

4 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages