Home SALE - 20% Off My Library My Account Pocketmags Plus+ Title A-Z Category A-Z Popular Magazines Latest Offers Gift Vouchers Activate a Subscription Blog Help & Support
US
0 Basket
Login Plus+
BEST SELLERS OFFERS Craft & Hobby Aviation & Transport Leisure General Interest Sport
United States  

SITE SETTINGS

LIGHT MODE
All Categories
Art & Photography Art Design Architecture Photography Aviation & Transport Motorcycles Flying & Aviation Car Magazines Trains Home & Family Kids Family Pets & Animals Cooking DIY Gardening Real Estate Home Decor Food and Drink Cooking & Baking Drink Vegetarian & Vegan Gluten Free & Special Diets General Interest History & Knowledge Astrology Education & Literary Spiritual & Religion Industry & Trade National & Regional Books News & Current Affairs Fitness & Health Healthcare Running Women's Fitness Men's Fitness Healthy Eating & Diet Spirituality & Wellbeing Craft & Hobby Collection RC Modelling Scale Modelling Sewing & Knitting Woodworking Arts & Crafts Leisure Interest Travel Boating & Sailing Poker & Gambling RV & Motorhome Outdoor & Camping TV & Movie Tattoo Horse & Equestrian Animal Men's Interest Fashion Gay TV & Movie Men's Fitness Motorcycles Car Magazines Soccer Angling & Fishing Gaming Accessories & Gadgets Newspapers All Music Classical Heavy Metal Alternative Rock Pop Practical & Playing Hi-Fi Sport Soccer Cycling Rugby Golf & Cricket Soccer Programmes Angling & Fishing Guns & Archery Boxing & MMA Horse & Equestrian Other Boards & Watersports Running & Athletics Racing Ski & Snowmobile Outdoor Adventure Gaming and Tech Apple Gaming Internet Gadgets PC Mobile Industry & Trade Money & Finance Architecture & Building Military & Defense Teaching & Education Media Retail Trade Agriculture Hospitality Business Logistics Government Travel Women's Interest Hairstyles Celebrity Gossip Weddings & Bridal Lifestyle & Fashion Weight Loss Fitness
United States  
Digital Subscriptions > Linux Format > November 2024 > Using Osquery to explore your system
11 MIN READ TIME

OSQUERY Credit: https://osquery.io

Using Osquery to explore your system

Ever-curious David Bolton shows how to use the Osquery application to view your system via a series of SQL select queries.

OUR EXPERT

David Bolton is on a quest to leave no byte unturned on his computers, so has installed yet another utility to document the insides of his Ubuntu system with SQL.

Put simply, Osquery is software that enables you to run SQL queries to P provide information about your system. With Osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.

The idea is that rather than running lots of different utilities to find out things about your system, you instead run an SQL query on one of the tables. Behind the scenes, Osquery has mapped the state of your system into lots of different tables.

How many tables? Well https://osquery.io/schema/5.12.1/ lets you select your OS type (Linux, Mac and Windows) and shows a clickable list. For Linux, there are 154 tables. A significant proportion of these are tied into software you have installed, so there are tables for Chrome, Firefox, Docker, npm packages and quite a few more.

Just click on a table name in the list to see all the fields. When you want to inspect a concept, you ‘select’ the data, and the associated OS APIs are called in real time.

Ironically, the query select * from cpu_info; returns nothing on our system because it’s running in a virtual machine, although cpuid does. Other queries, such as select * from deb_packages; , return many rows. In that case, you might find select count(*) from deb_ packages; more useful.

To see all the tables, use the Osquery command tables . You can then follow it with the command .schema tablename to see the fields for the specified table. This produces the SQL create table for the specified table. Here, for example, is what .schema cupid produces:

CREATE TABLE cpuid( `feature` TEXT, `value` TEXT, `output_register` TEXT, `output_bit` INTEGER, `input_eax` TEXT);

QUICK TIP

Some tables have a lot of rows. Use the where clause to restrict the number of rows returned or count(*) to return a count of how many there are. The query select count(*) from deb_packages; returns 1861 on our system.

Unlock this article and thousands more for just 99p Get unlimited access to 650+ titles

30 day trial, then just $9.99 p/ month.
One per customer. Cancel anytime.

Learn more
Pocketmags Plus
Unlock this article and much more with
You can enjoy:
Enjoy this edition in full
Instant access to 600+ titles
Thousands of back issues
No contract or commitment
Try for 99c
SUBSCRIBE NOW
30 day trial, then just $9.99 / month. Cancel anytime. New subscribers only.


Learn more
Pocketmags Plus
Pocketmags Plus
More Options:
SUBSCRIBER LOGIN | PRINT OFFERS | DIGITAL OFFERS | DIGITAL BACK ISSUES
SUBSCRIBER LOGIN
PRINT OFFERS
DIGITAL OFFERS
DIGITAL BACK ISSUES

This article is from...


View Issues
Linux Format
November 2024
VIEW IN STORE

Other Articles in this Issue


LINUX FORMAT
MEET THE TEAM
This issue, we’re setting up Qubes OS for total privacy. What little thing do you do to help bolster your privacy or security either on or offline?
LINUX FORMAT
The #1 open source mag Future Publishing Limited,
WELCOME
Reassuringly expensive
Linux Format has cost £6.49 for over
REGULARS AT A GLANCE
Linux summit points to Rust and RISC future
PLUMBERS CONFERENCE
Rust vs C out of control
The promise of memory-safe Rust code provokes ugly debates leading to police intervention.
Snapdragon support improving
ARM64 image of Ubuntu 24.10 to support X13s.
MANY TONGUES
Italo Vignoli is one of the founders
REDISCENT EVILS!
Dave Stokes is a technology evangelist at
Linux is finally a real-time OS!
The culmination of decades of hard work was realised in September.
Microsoft adopts SPIR-V
In a surprise move, Microsoft moves to the open format.
MS hands over Mono to Wine
Microsoft donates Mono to Wine, urging migration to modern .NET.
Distro Watch
What’s behind the free software sofa?
SMART AUDIO
Julian Bouzas is a senior software engineer
RT ARTISTS
Jon Masters is a kernel hacker who’s
Kernel Watch
Jon Masters summarises the latest happenings in the Linux kernel, so that you don’t have to.
Answers
Got a burning question about open source or the kernel? Whatever your level, email it to answers@linuxformat.com
Mailserver
LoRa, LoRa laughs As an LXF fan/reader, I’m
Helpdex
shane_collinge@yahoo.com
Snoop
THE BEST NEW OPEN SOURCE SOFTWARE ON THE PL ANET
Nuclear
MUSIC PLAYER
Media Downloader
Version: 5.0.1 Web: https://mhogomchungu . github.io/media-downloader/
Concessio
LEARN FILE PERMISSIONS
Endless Key
Version: 0.9 Web: www.endlessos.org/key
Tuta
EMAIL CLIENT
Fire Dragon
Version: 11.18.1-1 Web: https:// firedragon.garudalinux.org
AntiMicroX
JOYSTICK BUTTON MAPPER
LibreQuake
Version: 0.07-beta Web: https://librequake.queer.sh
NNN
FILE MANAGER
Micro
Version: 2.0.14 Web: https://microeditor.github.io/index.html
REVIEWS
Framework 13
Brandon Hill loves what this is doing for his eyes!
4MLinux 46.0
Nate Drake dives into this innovative, lightweight Polish distro to pose the burning question: are you 4M or against ’em?
Liya 2.0
Nate Drake takes a gander at this rolling Arch-based distro offering powerful performance and a slick interface. Shame about the updates.
PorteuX 1.6
Nate Drake delves into this Slack-based distro. Does it live up to its claims of being fast, small and portable?
RebeccaBlackOS 2024
Nate Drake is getting that Friday feeling as he discovers all that’s awesome about this celebrity-themed distro with Wayland support.
World of Goo 2
Recycling goo has The Management ecstatic at the chances it’ll give Kerry Brunskill to reuse all of their old work to increase profits.
ROUNDUP
Media servers
Without wishing to turn into a couch potato, Michael Reed examines five media servers that mean he could become one if he decided to.
Basic server install options
Hopefully, you’ve got a good array of options for setting up the server.
Initial setup process
Let’s get some folders set up, media shared and cover other basics.
Network access to content
Open standards over the network.
Access over the internet
For when you want to access your media wherever you are.
Support and documentation
Help to get it set up, make it work how you want and troubleshoot issues.
Official client app
The clients are front-ends that allow you to interact with your content.
Add-ons and extra features
Pushing systems beyond their basic media server functions.
Media servers
T he reason we chose Kodi as our winner
ALSO CONSIDER
Emby ( https://emby.media ) is a media
Build Your LINUX FORTRESS!
Chronically insecure and unreasonable Jonni Bidwell needs reasonable operational security. With Qubes, and containment and isolation, he finds a solution
The Qube-ic formula
What on earth is Qubes? How can it stop your traitorous activities being noted by hostile governments?
Stacking secure Qubes
Enough with the waffle, we hear you cry. Fine, let’s get this Qubes thing installed and set up.
Configure your Qubes
Find out where Qubes differs from other distros and join the single-use society with Disposable qubes.
Sending packets over Qubes tubes
Get Qubes working the way you want, find out how networking works, and start making your own qubes.
Free AI courses from Pi Foundation & Google
The hottest current topic can now be picked up by educators for free online.
Pi Rust
Embedded stability.
Pico VS Code
Easy coding time.
THE IMPRESSIVE POWER OF PI
Les Pounder works with groups such as
Recalbox 9.2
Les Pounder travels back to a time when a pocket full of change could open the door to whole new worlds.
Ultramarine Linux
Les Pounder knows that good looks will only get you so far, and Ultramarine Linux has the looks, but sadly none of the performance.
Work with Pi Pico temperature sensors
HEAT SENSORS
THE DHT11 AND DHT22
OK, one more sensor. The venerable DHT11, the
Power projects with the best Pi Pico LEDs
RGB LEDS
IN DEPTH
OPEN PROTOCOLS MATTER
Google and Amazon might be behind the latest IoT protocol, but Tam Hanna is just the guy to bring it to the masses, with a little help from Arduino…
TUTORIALS
Clean up filenames
You don’t have to get up at 4am and practise yoga to find balance in life. Shashank Sharma found inner peace by cleaning up filenames.
Secure the Linux system and its files
The ever-watchful Nick Peers discovers how Linux is built from the ground up to help keep you and your data secure.
IRC: the oldest chat system going on strong
Chatterbox Nate Drake walks you through how to set up and secure your very own IRC server, as well as master its many commands.
Radio astronomy – tune in to the aurora
Radio astronomy isn’t as difficult as you might think. Mike Bedford shows how to get going with just your PC audio system and some free software.
Upgrade it: Enhance your viewing pleasure!
It’s worth spending more on a good display, because you could be using it longer than any other component, says Neil Mohr.
Pixio PXC277 Advanced
The best budget 1440p display to grab right now.
Gigabyte M32UC
An “entry-level” 4K high-refresh gaming display.
Asus TUF Gaming VG289Q
The best choice for budget 4K gaming.
BenQ 23.8” MOBIUZ EX240N
1080p displays aren’t dead or buried yet!
Dell S3221QS
Best all-round choice if you fancy curves in your life.
BenQ SW321C PhotoVue
A 4K display targeting photo and video professionals.
Asus ROG Swift PG27AQDP
The best gaming OLED display – but at a price.
Dell UltraSharp UP3218K
For extreme 8K resolution and price, this is for you!
ADMINISTERIA
Simplify network configs with Tailscale
No one calls Stuart Burns a simple man, but he appreciates tools that simplify his admin life, especially for networking.
MAXIMISE YOUR SEED SPEEDS!
Nate Drake introduces you to one of the internet’s best kept secrets to turbocharge your downloads and uploads.
CODING ACADEMY
Add some history to the LXF Shell
Refusing to ever learn from anything, Ferenc Deák realises that adding history to the LXF Shell will help him repeat his mistakes.

Basket -

Your basket is currently empty.
Continue Shopping
Chat
X
Pocketmags Support