Date: Wednesday, September 29, 2021 @ 16:34:18 Author: anatolik Revision: 1025957
upgpkg: osquery 5.0.1-2 Modified: osquery/trunk/PKGBUILD osquery/trunk/osquery.patch ---------------+ PKGBUILD | 4 +-- osquery.patch | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 60 insertions(+), 3 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2021-09-29 16:16:48 UTC (rev 1025956) +++ PKGBUILD 2021-09-29 16:34:18 UTC (rev 1025957) @@ -2,7 +2,7 @@ pkgname=osquery pkgver=5.0.1 -pkgrel=1 +pkgrel=2 pkgdesc='SQL powered operating system instrumentation, monitoring, and analytics' arch=(x86_64) url='https://osquery.io' @@ -14,7 +14,7 @@ osquery.patch libaudit.patch) sha256sums=('SKIP' - '5b73f732648752c7adf374a9d088d1486129eb6a41664ecd48634ecf1d6f91c7' + '6c6b87a1b473abdb8b895a3cd4f8839b6b19add6937134c620fddb845d7f8969' '96218ef5b7d6d6deb3a7b4b3dfed8068b7e4d10acd5b19372b9882f89d4478a8') prepare() { Modified: osquery.patch =================================================================== --- osquery.patch 2021-09-29 16:16:48 UTC (rev 1025956) +++ osquery.patch 2021-09-29 16:34:18 UTC (rev 1025957) @@ -1,4 +1,4 @@ -commit 4e9200ae92bf4d873ec7ba4309f8c718fa029bc7 +commit 6b69f04e9d4164130c15f9203e20159af69ecdc1 Author: Anatol Pomozov <[email protected]> Date: Tue Sep 21 09:46:53 2021 -0700 @@ -142,6 +142,19 @@ // Data is output, but no way to determine type (long, int, string, struct). Row r; +diff --git a/osquery/tables/system/posix/augeas.cpp b/osquery/tables/system/posix/augeas.cpp +index fb09411d8..615f7adea 100644 +--- a/osquery/tables/system/posix/augeas.cpp ++++ b/osquery/tables/system/posix/augeas.cpp +@@ -35,7 +35,7 @@ FLAG(string, + #else + FLAG(string, + augeas_lenses, +- "/opt/osquery/share/osquery/lenses", ++ "/usr/share/osquery/lenses", + "Directory that contains augeas lenses files"); + #endif + diff --git a/osquery/tables/system/posix/sysctl_utils.h b/osquery/tables/system/posix/sysctl_utils.h index e119f8a9e..0d4a399e4 100644 --- a/osquery/tables/system/posix/sysctl_utils.h @@ -164,6 +177,19 @@ #ifndef CTL_DEBUG_MAXID #define CTL_DEBUG_MAXID (CTL_MAXNAME * 2) #endif +diff --git a/osquery/utils/config/default_paths.h b/osquery/utils/config/default_paths.h +index cda34298e..1c45718f3 100644 +--- a/osquery/utils/config/default_paths.h ++++ b/osquery/utils/config/default_paths.h +@@ -26,7 +26,7 @@ + #define OSQUERY_SOCKET OSQUERY_DB_HOME + #define OSQUERY_PIDFILE "/var/run/" + #define OSQUERY_LOG_HOME "/var/log/osquery/" +-#define OSQUERY_CERTS_HOME "/opt/osquery/share/osquery/certs/" ++#define OSQUERY_CERTS_HOME "/usr/share/osquery/certs/" + #elif defined(WIN32) + #define OSQUERY_HOME "\\Program Files\\osquery\\" + #define OSQUERY_DB_HOME OSQUERY_HOME diff --git a/tools/deployment/linux_packaging/rpm/osqueryd.service b/tools/deployment/linux_packaging/rpm/osqueryd.service index 6aa42752f..7bb3b3dc9 100644 --- a/tools/deployment/linux_packaging/rpm/osqueryd.service @@ -177,3 +203,34 @@ --flagfile $FLAG_FILE \ --config_path $CONFIG_FILE Restart=on-failure +diff --git a/tools/deployment/osquery.example.conf b/tools/deployment/osquery.example.conf +index 96320e2d4..5af675dac 100644 +--- a/tools/deployment/osquery.example.conf ++++ b/tools/deployment/osquery.example.conf +@@ -60,19 +60,19 @@ + // There are several 'default' packs installed via + // packages and/or Homebrew. + // +- // Linux: /opt/osquery/share/osquery/packs ++ // Linux: /usr/share/osquery/packs + // OS X: /var/osquery/packs + // Homebrew: /usr/local/share/osquery/packs + // make install: {PREFIX}/share/osquery/packs + // + "packs": { +- // "osquery-monitoring": "/opt/osquery/share/osquery/packs/osquery-monitoring.conf", +- // "incident-response": "/opt/osquery/share/osquery/packs/incident-response.conf", +- // "it-compliance": "/opt/osquery/share/osquery/packs/it-compliance.conf", ++ // "osquery-monitoring": "/usr/share/osquery/packs/osquery-monitoring.conf", ++ // "incident-response": "/usr/share/osquery/packs/incident-response.conf", ++ // "it-compliance": "/usr/share/osquery/packs/it-compliance.conf", + // "osx-attacks": "/var/osquery/packs/osx-attacks.conf", +- // "vuln-management": "/opt/osquery/share/osquery/packs/vuln-management.conf", +- // "hardware-monitoring": "/opt/osquery/share/osquery/packs/hardware-monitoring.conf", +- // "ossec-rootkit": "/opt/osquery/share/osquery/packs/ossec-rootkit.conf", ++ // "vuln-management": "/usr/share/osquery/packs/vuln-management.conf", ++ // "hardware-monitoring": "/usr/share/osquery/packs/hardware-monitoring.conf", ++ // "ossec-rootkit": "/usr/share/osquery/packs/ossec-rootkit.conf", + // "windows-hardening": "C:\\Program Files\\osquery\\packs\\windows-hardening.conf", + // "windows-attacks": "C:\\Program Files\\osquery\\packs\\windows-attacks.conf" + },
