osquery-rust
By providing rust bindings for osquery this crate facilitates the implementation of osquery extensions. The crate, published on crates.io, contributes to polarlabs mission by enabling any developer to extend osquery easily without sacrificing performance and security.
Known issues / limitations
- ποΈ Version 0.1.1 does not work out of the box because the thrift crate we rely on does not support Unix Domain Sockets. We brought forward a PR to the thrift-rust bindings but as of 13th of Mar '22 it's still in progress.
- π§ An osquery extension consists of one or multiple plugins. Version 0.1.x is limited to table plugins, other plugin types such as config or logger are not supported (yet).
- π§ Version 0.1.x has been testet on Linux only.
Roadmap and future considerations
Version 0.4.0
- Support config plugins
Version 0.3.0
- Support logging plugins
Version 0.2.0
- Add support for Windows
- Automate building and testing
- Provide a tutorial to explain osquery and how to extend its functionality with osquery-rust
Version 0.1.2
- Update to thrift-rust bindings to communicate with osquery via Unix Domain Sockets
Project structure
Besides the library itself, osquery-rust offers additional value:
- π docker images of osquery covering different platforms, various Linux distributions and up to date as well as outdated osquery versions.
- πͺΊ examples to showcase how to use osquery-rust.
- π osquery-rust bindings: the crate published at crates.io used by osquery developers to implement their own osquery extension.
- π§ osquery-rust-codegen: a helper crate to generate code via macros, this is not meant to be used directly by osquery extension developers.
- π¦ tutorial: get familiar with osquery and jump start into implementing an osquery extension with osquery-rust.
Related projects
polarlabs plans to implement valuable osquery extensions as separate projects. So, stay tuned πΈ.
Additional resources
- Homepage polarlabs: polarlabs.io
- Tutorial: osquery-rust tutorial
- Examples: osquery-rust by example
- Crate: crates.io/osquery-rust
- Lib documentation: docs.rs/osquery-rust
- Docker: images @ docker hub