osquery is available through OS package management and standalone installers
For release notes please visit https://github.com/facebook/osquery/releases.
Build osquery
To take advantage of the most current features and join the osquery development community we like to suggest building from source! Head to GitHub clone and compile.
$ git clone http://github.com/facebook/osquery.git $ cd osquery $ make deps $ make -j 8 $ ./build/<platform>/osquery/osqueryi
Install or package
With a working build you may install or create OS-specific packages for deployment. Using the recommended osquery-provided vagrant build environments and the build steps your packages should be as portable as possible.
# make install # optional $ make packages [...] [+] package created at ./build/linux/osquery-XYZ.rpm
macOSX Package
You can download a pre-built osquery package that contains the binaries, LaunchDaemon, and example configurations. There are no package or library dependencies needed.
osquery-2.4.6.pkg
sha256: 655836549c9ade4a559d187b0e58128f99d3eaaa4c038f85697a8f4e2bbac5c5
Install with brew
The community publishes an macOSX Homebrew every other week. Installing using brew is not officially supported since we cannot strictly control the build or library dependency builds.
$ brew update $ brew install osquery $ /usr/local/bin/osqueryi
Install yum repository
We publish osquery in a yum repository. The RPMs have extremely few dependencies and should work on *most* x86_64 Linux operating systems. You may install the "auto-repo-add" RPM or add the repository target:
sudo rpm -ivh https://osquery-packages.s3.amazonaws.com/centos7/noarch/osquery-s3-centos7-repo-1-0.0.noarch.rpm sudo yum install osquery
RPM-based 64bit Linux
You may also download a pre-built osquery RPM that contains the binaries, an init.d script, systemd service, and example configurations. The RPMs have extremely few dependencies and should work on *most* x86_64 Linux operating systems.
centos7/osquery-2.4.6-1.linux.x86_64.rpm
sha256: 199f2aba6d50962e8420954ad66bc6913f62c7fc3abb6154b591bc409ffb8f92
Install apt repository
We publish osquery in an apt repository. The DEBs have extremely few dependencies and should work on *most* x86_64 Linux operating systems.
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B sudo add-apt-repository "deb [arch=amd64] https://osquery-packages.s3.amazonaws.com/xenial xenial main" sudo apt-get update sudo apt-get install osquery
DEB-based 64bit Linux
You may also download a pre-built osquery DEB that contains the binaries, an init.d script, systemd service, and example configurations. The DEBs have extremely few dependencies and should work on *most* x86_64 Linux operating systems.
xenial/osquery_2.4.6_1.linux.amd64.deb
sha256: 10c4c5d76c152cab1f4c135350d24c1b36819c64ebe092090cf92a808f45e77d
Windows Choco Package
We recommend installing and deploying Windows support using chocolatey. Please let us know if your enterprise could make use of other package formats.
C:\> choco install osquery
For details see the chocolatey project page https://chocolatey.org/packages/osquery.
Windows devkit
Version 2.0.0 is the first with Windows support. As we develop table parity with POSIX, we also recommend following along and contributing to the development effort!
C:\> git clone https://github.com/facebook/osquery C:\> .\tools\make-win64-dev-env.bat C:\> .\tools\make-win64-binaries.bat
Links for scripts
Every release version is published to S3 on midnight of the release day. A symlink is created for external projects, package maintainers, and integrations. You can find the latest stable package in each platform and distribution's directory on S3:
https://osquery-packages.s3.amazonaws.com/darwin/osquery.pkg https://osquery-packages.s3.amazonaws.com/centos7/osquery.rpm https://osquery-packages.s3.amazonaws.com/xenial/osquery.deb
