Skip to content

jmpsec/osctrld

BranchesTags

Repository files navigation

osctrld

osctrld

Daemon for `osctrl`, the fast and efficient osquery management.

Software License Go Report Card

What is osctrld?

osctrld is the daemon component for osctrl. Its purpose is to maintain integrity of osquery clients, manage its flags, enrolling secret and server certificate. It can also provide a fast method to deploy osquery extensions.

Documentation

You can find the full documentation of the project in https://osctrl.net

Usage

NAME:
   osctrld - Daemon for osctrl, the fast and efficient osquery management

USAGE:
   osctrld [global options] command [command options] [arguments...]

VERSION:
   1.0.0

DESCRIPTION:
   Daemon for osctrl, the fast and efficient osquery management, to manage secret, flags and osquery deployment

COMMANDS:
   enroll   Enroll a new node in osctrl, using new secret and flag files
   remove   Remove enrolled node from osctrl, clearing secret and flag files
   verify   Verify flags, cert and secret for an enrolled node in osctrl
   flags    Retrieve flags for osquery from osctrl and write them locally
   cert     Retrieve server certificate for osquery from osctrl and write it locally
   help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --certificate FILE, -C FILE                                    Use FILE as certificate for osquery, if needed. Default depends on OS [$OSQUERY_CERTIFICATE]
   --configuration value, -c value, --conf value, --config value  Configuration file for osctrld to load all necessary values [$OSCTRL_CONFIG]
   --environment value, -e value, --env value                     Environment in osctrl to enrolled nodes to [$OSCTRL_ENV]
   --flagfile FILE, -F FILE                                       Use FILE as flagfile for osquery. Default depends on OS [$OSQUERY_FLAGFILE]
   --force, -f                                                    Overwrite existing files for flags, certificate and secret (default: false) [$OSCTRL_FORCE]
   --help, -h                                                     show help (default: false)
   --insecure, -i                                                 Ignore TLS warnings, often used with self-signed certificates (default: false) [$OSCTRL_INSECURE]
   --osctrl-url value, -U value                                   Base URL for the osctrl server [$OSCTRL_URL]
   --osquery-path FILE, --osquery FILE, -o FILE                   Use FILE as path for osquery installation, if needed. Default depends on OS [$OSQUERY_PATH]
   --secret value, -s value                                       Enroll secret to authenticate against osctrl server [$OSCTRL_SECRET]
   --secret-file FILE, -S FILE                                    Use FILE as secret file for osquery. Default depends on OS [$OSQUERY_SECRET]
   --verbose, -V                                                  Enable verbose informational messages (default: false) [$OSCTRL_VERBOSE]
   --version, -v                                                  print the version (default: false)

Slack

Find us in the #osctrl channel in the official osquery Slack community (Request an auto-invite!)

License

osctrld is licensed under the MIT License.

Donate

If you like osctrld you can send BTC or ETH donations to the following wallets:

bitcoin:bc1qvjep6r6j7a00xyhcgp4g2ea2f4pupaprcvllj5 ethereum:0x99e211251fca06286596498823Fd0a48785B64eB
bitcoin:bc1qvjep6r6j7a00xyhcgp4g2ea2f4pupaprcvllj5 ethereum:0x99e211251fca06286596498823Fd0a48785B64eB

About

Daemon agent for osctrl

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages