[arch-commits] Commit in osquery/trunk (PKGBUILD osquery.patch)
Anatol Pomozov
anatolik at gemini.archlinux.org
Wed Sep 29 16:34:18 UTC 2021
Date: Wednesday, September 29, 2021 @ 16:34:18
Author: anatolik
Revision: 1025957
upgpkg: osquery 5.0.1-2
Modified:
osquery/trunk/PKGBUILD
osquery/trunk/osquery.patch
---------------+
PKGBUILD | 4 +--
osquery.patch | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 60 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2021-09-29 16:16:48 UTC (rev 1025956)
+++ PKGBUILD 2021-09-29 16:34:18 UTC (rev 1025957)
@@ -2,7 +2,7 @@
pkgname=osquery
pkgver=5.0.1
-pkgrel=1
+pkgrel=2
pkgdesc='SQL powered operating system instrumentation, monitoring, and analytics'
arch=(x86_64)
url='https://osquery.io'
@@ -14,7 +14,7 @@
osquery.patch
libaudit.patch)
sha256sums=('SKIP'
- '5b73f732648752c7adf374a9d088d1486129eb6a41664ecd48634ecf1d6f91c7'
+ '6c6b87a1b473abdb8b895a3cd4f8839b6b19add6937134c620fddb845d7f8969'
'96218ef5b7d6d6deb3a7b4b3dfed8068b7e4d10acd5b19372b9882f89d4478a8')
prepare() {
Modified: osquery.patch
===================================================================
--- osquery.patch 2021-09-29 16:16:48 UTC (rev 1025956)
+++ osquery.patch 2021-09-29 16:34:18 UTC (rev 1025957)
@@ -1,4 +1,4 @@
-commit 4e9200ae92bf4d873ec7ba4309f8c718fa029bc7
+commit 6b69f04e9d4164130c15f9203e20159af69ecdc1
Author: Anatol Pomozov <anatol.pomozov at gmail.com>
Date: Tue Sep 21 09:46:53 2021 -0700
@@ -142,6 +142,19 @@
// Data is output, but no way to determine type (long, int, string, struct).
Row r;
+diff --git a/osquery/tables/system/posix/augeas.cpp b/osquery/tables/system/posix/augeas.cpp
+index fb09411d8..615f7adea 100644
+--- a/osquery/tables/system/posix/augeas.cpp
++++ b/osquery/tables/system/posix/augeas.cpp
+@@ -35,7 +35,7 @@ FLAG(string,
+ #else
+ FLAG(string,
+ augeas_lenses,
+- "/opt/osquery/share/osquery/lenses",
++ "/usr/share/osquery/lenses",
+ "Directory that contains augeas lenses files");
+ #endif
+
diff --git a/osquery/tables/system/posix/sysctl_utils.h b/osquery/tables/system/posix/sysctl_utils.h
index e119f8a9e..0d4a399e4 100644
--- a/osquery/tables/system/posix/sysctl_utils.h
@@ -164,6 +177,19 @@
#ifndef CTL_DEBUG_MAXID
#define CTL_DEBUG_MAXID (CTL_MAXNAME * 2)
#endif
+diff --git a/osquery/utils/config/default_paths.h b/osquery/utils/config/default_paths.h
+index cda34298e..1c45718f3 100644
+--- a/osquery/utils/config/default_paths.h
++++ b/osquery/utils/config/default_paths.h
+@@ -26,7 +26,7 @@
+ #define OSQUERY_SOCKET OSQUERY_DB_HOME
+ #define OSQUERY_PIDFILE "/var/run/"
+ #define OSQUERY_LOG_HOME "/var/log/osquery/"
+-#define OSQUERY_CERTS_HOME "/opt/osquery/share/osquery/certs/"
++#define OSQUERY_CERTS_HOME "/usr/share/osquery/certs/"
+ #elif defined(WIN32)
+ #define OSQUERY_HOME "\\Program Files\\osquery\\"
+ #define OSQUERY_DB_HOME OSQUERY_HOME
diff --git a/tools/deployment/linux_packaging/rpm/osqueryd.service b/tools/deployment/linux_packaging/rpm/osqueryd.service
index 6aa42752f..7bb3b3dc9 100644
--- a/tools/deployment/linux_packaging/rpm/osqueryd.service
@@ -177,3 +203,34 @@
--flagfile $FLAG_FILE \
--config_path $CONFIG_FILE
Restart=on-failure
+diff --git a/tools/deployment/osquery.example.conf b/tools/deployment/osquery.example.conf
+index 96320e2d4..5af675dac 100644
+--- a/tools/deployment/osquery.example.conf
++++ b/tools/deployment/osquery.example.conf
+@@ -60,19 +60,19 @@
+ // There are several 'default' packs installed via
+ // packages and/or Homebrew.
+ //
+- // Linux: /opt/osquery/share/osquery/packs
++ // Linux: /usr/share/osquery/packs
+ // OS X: /var/osquery/packs
+ // Homebrew: /usr/local/share/osquery/packs
+ // make install: {PREFIX}/share/osquery/packs
+ //
+ "packs": {
+- // "osquery-monitoring": "/opt/osquery/share/osquery/packs/osquery-monitoring.conf",
+- // "incident-response": "/opt/osquery/share/osquery/packs/incident-response.conf",
+- // "it-compliance": "/opt/osquery/share/osquery/packs/it-compliance.conf",
++ // "osquery-monitoring": "/usr/share/osquery/packs/osquery-monitoring.conf",
++ // "incident-response": "/usr/share/osquery/packs/incident-response.conf",
++ // "it-compliance": "/usr/share/osquery/packs/it-compliance.conf",
+ // "osx-attacks": "/var/osquery/packs/osx-attacks.conf",
+- // "vuln-management": "/opt/osquery/share/osquery/packs/vuln-management.conf",
+- // "hardware-monitoring": "/opt/osquery/share/osquery/packs/hardware-monitoring.conf",
+- // "ossec-rootkit": "/opt/osquery/share/osquery/packs/ossec-rootkit.conf",
++ // "vuln-management": "/usr/share/osquery/packs/vuln-management.conf",
++ // "hardware-monitoring": "/usr/share/osquery/packs/hardware-monitoring.conf",
++ // "ossec-rootkit": "/usr/share/osquery/packs/ossec-rootkit.conf",
+ // "windows-hardening": "C:\\Program Files\\osquery\\packs\\windows-hardening.conf",
+ // "windows-attacks": "C:\\Program Files\\osquery\\packs\\windows-attacks.conf"
+ },
More information about the arch-commits
mailing list