インストール方法
以下のコマンドを実行します
wget https://pkg.osquery.io/deb/osquery_3.2.6_1.linux.amd64.deb
sudo dpkg -i osquery_3.2.6_1.linux.amd64.deb
サンプル実行
sudo osqueryi "select * from device_partitions where device = '/dev/sda'"
+----------+-----------+---------------------------------+-------------+-------------+-------------+---------+---------+-------+
| device | partition | label | type | offset | blocks_size | blocks | inodes | flags |
+----------+-----------+---------------------------------+-------------+-------------+-------------+---------+---------+-------+
| /dev/sda | 0 | Primary Table (#0) | meta | 0 | 512 | 1 | -1 | 4 |
| /dev/sda | 1 | Unallocated | unallocated | 0 | 512 | 2048 | -1 | 2 |
| /dev/sda | 2 | Linux (0x83) | ext4 | 1048576 | 4096 | 6026496 | 1507329 | 2 |
| /dev/sda | 3 | Unallocated | unallocated | 24685576192 | 512 | 2048 | -1 | 2 |
| /dev/sda | 4 | DOS Extended (0x05) | meta | 24686623744 | 512 | 2113538 | -1 | 4 |
| /dev/sda | 5 | Extended Table (#1) | meta | 24686623744 | 512 | 1 | -1 | 4 |
| /dev/sda | 6 | Linux Swap / Solaris x86 (0x82) | normal | 24686624768 | 512 | 2113536 | -1 | 1 |
| /dev/sda | 7 | Unallocated | unallocated | 25768755200 | 512 | 2048 | -1 | 2 |
+----------+-----------+---------------------------------+-------------+-------------+-------------+---------+---------+-------+
0 件のコメント:
コメントを投稿