The basic concept involved with the use of the osquery application is the “tabular abstraction” of many aspects of the operating system, such as processes, users, etc. The data is stored in tables which can be queried using SQL
syntax, directly via the osqueryi
shell, or via the osqueryd
daemon.
In this tutorial we will see how to install the application, how to run basic queries, and how to use FIM
(File Integrity Monitoring) as part of your Linux system administration job.
In this tutorial you will learn:
- How to install osquery
- How to list the available tables
- How to perform queries from the osqueryi shell
- How to use the osqueryd daemon to monitor file integrity