インストール方法
以下のコマンドを実行します
wget https://pkg.osquery.io/deb/osquery_4.3.0_1.linux.amd64.deb
sudo dpkg -i osquery_4.3.0_1.linux.amd64.deb
サンプル実行
sudo osqueryi "select * from device_partitions where device = '/dev/sda'"
+----------+-----------+-----------------+-------------+-------------+-------------+---------+---------+-------+
| device | partition | label | type | offset | blocks_size | blocks | inodes | flags |
+----------+-----------+-----------------+-------------+-------------+-------------+---------+---------+-------+
| /dev/sda | 0 | Safety Table | meta | 0 | 512 | 1 | -1 | 4 |
| /dev/sda | 1 | Unallocated | unallocated | 0 | 512 | 2048 | -1 | 2 |
| /dev/sda | 2 | GPT Header | meta | 512 | 512 | 1 | -1 | 4 |
| /dev/sda | 3 | Partition Table | meta | 1024 | 512 | 32 | -1 | 4 |
| /dev/sda | 4 | | normal | 1048576 | 512 | 2048 | -1 | 1 |
| /dev/sda | 5 | | ext4 | 2097152 | 4096 | 7863552 | 1966081 | 2 |
| /dev/sda | 6 | Unallocated | unallocated | 32211206144 | 512 | 2048 | -1 | 2 |
+----------+-----------+-----------------+-------------+-------------+-------------+---------+---------+-------+
〇関連情報
・osqueryに関する他の情報はこちらを参照してください。
0 件のコメント:
コメントを投稿