osquery
Installation
Download the RPM package from the repository
cd ~
wget https://github.com/JakePeralta7/osquery/blob/main/osquery-5.7.0-1.linux.x86_64.rpmInstall osquery and delete the installation file
rpm -i osquery-5.7.0-1.linux.x86_64.rpm
rm -f osquery-5.7.0-1.linux.x86_64.rpmUsage
Enter the osquery interface
You can enter a shell-like interface where you can your queries using osqueryi
Executing single query
osqueryi "<query>" --jsonExamples
osqueryi "SELECT * FROM users" --json
osqueryi "SELECT * FROM system_info" --json
osqueryi "SELECT * FROM logged_in_users WHERE type='user'" --json