osquery-rs
| Crates.io | osquery-rs |
| lib.rs | osquery-rs |
| version | 0.1.3 |
| source | src |
| created_at | 2022-07-06 14:47:58.85305 |
| updated_at | 2022-12-10 17:44:22.296706 |
| description | This crate allows you to execute osquery SQL queries using osquery Thrift API |
| homepage | https://github.com/AbdulRhmanAlfaifi/osquery-rs |
| repository | https://github.com/AbdulRhmanAlfaifi/osquery-rs |
| max_upload_size | |
| id | 620513 |
| size | 105,157 |
AbdulRhman Alfaifi (AbdulRhmanAlfaifi)
documentation
README
osquery-rs
This crate allows you to execute osquery SQL queries using osquery Thrift API. You can execute osquery SQL query using one of the following methods:
-
Connect to the extension socket for an existing osquery instance
-
Spawn your own osquery instance and communicate with it using its extension socket
Currently this crates only works on Linux. I am still working on Windows version.
Usage
-
Add it to your dependencies
[dependencies] osquery-rs = { git = "https://github.com/AbdulRhmanAlfaifi/osquery-rs"} -
Start executing queries !
Examples
Connect to extension socket for an existing osquery instance
use osquery_rs::OSQuery;
fn main () {
let res = OSQuery::new()
.set_socket("/home/root/.osquery/shell.em")
.query(String::from("select * from time"))
.unwrap();
println!("{:#?}", res);
}
Spawn your own osquery instance (standalone)
use osquery_rs::OSQuery;
fn main() {
let res = OSQuery::new()
// Specify the path to the osquery binary
.spawn_instance("./osqueryd")
.unwrap()
.query(String::from("select * from time"))
.unwrap();
println!("{:#?}", res);
}
by default the socket path is /tmp/osquery-rs, you can change it by calling the function set_socket:
use osquery_rs::OSQuery;
fn main() {
let res = OSQuery::new()
.set_socket("/tmp/mysocket")
// Specify the path to the osquery binary
.spawn_instance("./osqueryd")
.unwrap()
.query(String::from("select * from time"))
.unwrap();
println!("{:#?}", res);
}