Installing Osquery on Ubuntu 18.04 is a straightforward process that allows you to deploy this powerful operating system instrumentation tool on your server or workstation. Osquery exposes the operating system as a high-performance relational database, letting you write SQL queries to explore OS data. Follow these steps for a smooth installation.
First, you need to add the official Osquery software repository to your system’s list of sources. This ensures you get the latest stable version and future updates easily. Open your terminal and execute the following command to add the repository:
sudo add-apt-repository ‘deb [arch=amd64] https://pkg.osquery.io/deb deb main’
This command tells your system where to find the Osquery packages.
Next, it’s crucial to import the GPG key that is used to sign the Osquery packages. This verifies the authenticity of the packages you download and install, preventing malicious tampering. Download and add the key using these commands:
curl -L https://pkg.osquery.io/deb/osquery-key.pub | sudo apt-key add –
The first part downloads the public key, and the second part pipes it to apt-key add -, which adds it to your system’s trusted keys.
After adding the repository and the key, you must update your system’s package list. This makes your system aware of the new packages available from the Osquery repository you just added. Run:
sudo apt update
Now that your package list is updated, you can proceed with installing Osquery itself. Use the standard APT installation command:
sudo apt install osquery
Your system’s package manager will now download and install the Osquery package and its dependencies. Confirm any prompts to proceed with the installation.
Once the installation is complete, you can verify that Osquery is installed correctly by launching the interactive query shell. Type:
osqueryi
If installed successfully, you will see the Osquery interactive prompt (osquery>), indicating you can start running SQL queries against your operating system. To exit the interactive shell, type .quit and press Enter.
For ongoing system monitoring, you might want to run Osquery as a service. The installed package typically includes the necessary service files. You can start the Osquery service and enable it to launch automatically on boot using these commands:
sudo systemctl start osqueryd
sudo systemctl enable osqueryd
By following these steps, you have successfully installed Osquery on your Ubuntu 18.04 system, empowering you to query your system’s state like a database.
Source: https://kifarunix.com/how-to-install-osquery-on-ubuntu-18-04/
