For release notes please visit https://github.com/facebook/osquery/releases.

Build osquery

To take advantage of the most current features and join the osquery development community we like to suggest building from source! Head to GitHub clone and compile.

$ git clone http://github.com/facebook/osquery.git
$ cd osquery
$ make deps
$ make -j 8
$ ./build/<platform>/osquery/osqueryi

Install or package

With a working build you may install or create OS-specific packages for deployment. Using the recommended osquery-provided vagrant build environments and the build steps your packages should be as portable as possible.

# make install # optional
$ make packages
[...]
[+] package created at ./build/linux/osquery-XYZ.rpm


 macOSX Package

You can download a pre-built osquery package that contains the binaries, LaunchDaemon, and example configurations. There are no package or library dependencies needed.

osquery-2.6.1.pkg


sha256: 4dc6bee0360fc187bd2b0a9c63907280bb5203812f06c5516e644adcbfa7b90e

Install with brew

The community publishes an macOS Homebrew every other week. Installing using brew is not officially supported since we cannot strictly control the build or library dependency builds.

$ brew update
$ brew install osquery
$ /usr/local/bin/osqueryi

Install yum repository

We publish osquery in a yum repository. The RPMs have extremely few dependencies and should work on *most* x86_64 Linux operating systems. You may install the "auto-repo-add" RPM or add the repository target:

curl https://s3.amazonaws.com/osquery-packages/rpm/RPM-GPG-KEY-osquery \
  | sudo tee /etc/pki/rpm-gpg/RPM-GPG-KEY-osquery
sudo yum-config-manager --add-repo https://s3.amazonaws.com/osquery-packages/rpm/osquery-s3-rpm.repo
sudo yum-config-manager --enable osquery-s3-rpm
sudo yum install osquery

RPM-based 64bit Linux

You may also download a pre-built osquery RPM that contains the binaries, an init.d script, systemd service, and example configurations. The RPMs have extremely few dependencies and should work on *most* x86_64 Linux operating systems.

rpm/osquery-2.6.1-1.linux.x86_64.rpm


sha256: 930642bc056ad1dff83ff064174938c1b8c8d466e039a81bfcfa89a4185dc9b1

Install apt repository

We publish osquery in an apt repository. The DEBs have extremely few dependencies and should work on *most* x86_64 Linux operating systems.

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B
sudo add-apt-repository "deb [arch=amd64] https://osquery-packages.s3.amazonaws.com/deb deb main"
sudo apt-get update
sudo apt-get install osquery

DEB-based 64bit Linux

You may also download a pre-built osquery DEB that contains the binaries, an init.d script, systemd service, and example configurations. The DEBs have extremely few dependencies and should work on *most* x86_64 Linux operating systems.

deb/osquery_2.6.1_1.linux.amd64.deb


sha256: de325647e11d73678485c6abdc2a2b9555a3c7d12c0f1d42707101ba2c0b227e

 Windows Choco Package

We recommend installing and deploying Windows support using chocolatey. Please let us know if your enterprise could make use of other package formats.

C:\> choco install osquery

For details see the chocolatey project page https://chocolatey.org/packages/osquery.

Windows devkit

Version 2.0.0 is the first with Windows support. As we develop table parity with POSIX, we also recommend following along and contributing to the development effort!

C:\> git clone https://github.com/facebook/osquery
C:\> .\tools\make-win64-dev-env.bat
C:\> .\tools\make-win64-binaries.bat

Links for scripts

Every release version is published to S3 on midnight of the release day. A symlink is created for external projects, package maintainers, and integrations. You can find the latest stable package in each platform and distribution's directory on S3:

https://osquery-packages.s3.amazonaws.com/darwin/osquery.pkg
https://osquery-packages.s3.amazonaws.com/centos7/osquery.rpm
https://osquery-packages.s3.amazonaws.com/xenial/osquery.deb

Generic Linux-based OS tarball

If you're using a Linux distribution that does not support RPMs/DEBs you may untar this to /. The package layout assumes /usr is your prefix and installs the same static x86_64 ELFs found in the other packages.

linux/osquery-2.6.1_1.linux_x86_64.tar.gz


sha256: dca2a19bac2d34598e19101989bf53df8dbfc0c071fd2889fc57f0506ad237c5

GPG key for RPMs and DEBs

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFTC4xABEADYBQa4v0v1UI0ikTL1neuaWYOia23TE3R4BprcztGUlzO97cqF
AKkrvs0bze0NcCKxz+5mISRnkwIp4H8JaM3yffhC2Bx3Cc7fPcuyBmZtwMVS9/p/
yjP1LSVatLbBXjymzCyv4DNlyVtVe4UeMpek82PwBzcWPWB1hiNzQUr508vFT01x
c19B4Niswqwm1OjKNVtjFoinX4aU7ZqEo+EvPPthGMxMkfwGnQLpaqAv7PLGQbHz
Dd1fTwWOcOpzcfUP/6n1G7uRIiIdRkya5UDwCfJxYzNhM/7LA4mrd5JAqAUFIZX8
XHUXAysU+09beyBqY678Ary4rIqZCXx2/IrqzFrFGZAPZ8dR2B6aUN03F23stBvJ
+z7Ge4/JUvswqjpJ7P3Ug/tSI9mTcmjaCvIRHJecRKIlvb4OeRQ3pC7BY8f6hPoH
sx/I1ZIcd2mPf4GWwK0o4PjcnyvO3qSV4NDlwMRBqTZfdtxQ5jxEHBhPSrEs6kr2
wTBnk+YC2XGHuZzmJb7HEX0MTvSuihmWXRixEwOpHmP+2fy20v/6yeNsiKV7LtS/
4M7aIy1iwG/etiWtm6k+wMTmiAl017tqVm9kni80wuG5c6jVUw5maNHXvQiRIB7e
NN5fDGQL/1lQjXucbVzagbTyYrv9Agmg89TanC3+UYSS5FQ2qGse8q3lAwARAQAB
tCJvc3F1ZXJ5IChvc3F1ZXJ5KSA8b3NxdWVyeUBmYi5jb20+iQI3BBMBCgAhBQJU
wuMQAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEJeoDGPJ2LgLEKoQAJ6w
8uKo8+WosiCbKrioPCirGH3RW703AQ+RHb5+XojpbCsuqnqDRI4dZKLhnI60kpLX
Fstz+P3PofYKFJDoSAwb0351StE6iWkCW5lWYIH/VpiYcSl5eg2+G8wd7aAL6huK
vt0NqsknmDa/4MuKFjWKSWjlApI5qu1ZV3h9C3n5qrWuMby5ooGM2VO93yKUu1l2
MVj72OCIWlG0RYfCRdyDtDfHFwtw5aKim8VpbD+w5Ge+Hyd0RCNaUPj7v6jaESjY
cH5zcpHt11j0kzfQ3byKHKuau+Yp8Nqj4fUJB+H9mILpy+AzJkxI+KbZBJ2LQ9rf
itmAy7/KjFG01i3mHMNmmRTNCfJijfP5wC/cAbG7H9QN25MsZ0oqo0NqkVYPjBAe
hY3qu35i+dH/yODy/2pK00UkobXqwsPlQyn/f7AhP7Rm+t8557LAo7GK8SyjN8Kv
zJAspACGogxx5l4fkWMKXoy5sEQyJ55jZAtC4Am3bA/hMgDycoIJ90y/Jl/mSb5k
GEcIUDI/MSWDhG8B0THyj7tGLAbWbx45nDQyrl6T9N5haDkVVIIz1UY+s1q89YXU
OK8afUibFh1drpfHx/sbHqMnAxDsA5HqYYjO5A7teKQTkvXn77zph7C/oi8g29WF
gHczO/S/I3qyGBkU+lsDG0JAVP5gMk4CKBb372svuQINBFTC4xABEAC2XUgq3NEP
4Uiz/3pWeNMvGKP+7JGZgDstgid86OYZ0aKA1vJ+khyJd3xT/dMH0wm7RVgjm9Jn
TEZvIpWpvxoVmxNUoM/DwlavYBJmsuI6jXPJBX+hfNkG9N9VlQBUZAZZIsSMLs4x
qGw1QyMcOf3KmqwmwHAqniyptZqGOt3GEPIUXHL7Cw+BVKy2Jt83z3glLEI9i+iS
dMWefMDmGxXMrTfIUxG39nFDtAV/8Jp3kbtTxduKfG12uy81ST39YjFAZzwavW3E
d5grtwJqpLA6vCK6iR2NMp2NT69HHey+cLlTqcgxPI8ptypPVF2WyvytvVLT7Hm2
Cpz6faACd5JKGWAc7Tb3ZjfG1zmJGcbu/1CFt8gSa/b0ZW1uw1fLAGBmsZq1t0XT
8IlLf1BpajgwxJRMfr+kjW8eoHnI8Gthb3PIip6bOZVTbPp67ybJ8kVPzpBY9ePo
xSF90uuvONpl7uJp7qgHNxtx4tacyzK7CEWiMXjOgmjHDjNTKFC4MNHs++Ube7o4
53CjmiFyrYObLwJPL5Gtir6owbk0jGlz8FIdp8UWMRzUR+7QDZZv10tRQ4FRg3V/
OUwE5clT8mbU66jXD6IK5+tKfYJO4cr4dhpcbyVp5ZGM9yDGmXCvwCg37jFXScGK
3FQZOFxiOeXITFq6ooLVhu0EG7yKCKSSuwARAQABiQIfBBgBCgAJBQJUwuMQAhsM
AAoJEJeoDGPJ2LgL6jkQANDHRpPX5cpfJHt/NsKYKz7ABoFkXtv+xA/AW92C+hNP
3aeo5MOGwHtJ4hQI0s2Z/r9mH8C7IQ2UOlEvl1r5GXUmoMqKbvNkjJo+kWG+3gd8
es/Ua3nuQGGuGb1TzP2ONHlsvkiKz4pTEc8Owrg3dTE065fbYxsgyCOOuMksmEll
s6ypl0nCjAcrTEvx7t/yyqR8p8GUnSXbIx5q0KMKYxiA0mV4jvoWCPkNJxVk9YY4
Ot9bl4QkPK100rEEPaMWvj01DYveZRz1Ab22zBCaj82dMEFtuulg7jNm1DNHKFd2
Z1Dy/rDJBcF59A/1K5HiZERDyGSw6p0nnMjtU+PGGT/7slzRah+IpK6XLl/2/U5k
X3T3k+2M+zT+U+/f6jHpq23ii9lPFLe3qZ3mEuDWNnV6ui6D1oCWpF2DqVLoxjjF
gDJCamKZURaPsA6GRlZhCogHKmpnShezPm4StMS7ECp7+XXMzvVIFTlfkwCfDkMK
qifLlfpRxyhQkmWdiBe9WP7mO3QIOLGzSFr+CKSWl1QOownASYD7UiQdP06Pceae
Rc7zizaDGqJKw/uiXwcq0ExiiIVdyC4PZ6nh/yISNqQDa308u0qkDxycNVHgjYSv
gaS/aDkkb7zrq/37KTGwlMHFgVNgnRw3LB0zHRw/1+FDlRCfhEedS4rsUS8EvZHm
=4n44
-----END PGP PUBLIC KEY BLOCK-----

Debug packages (also in package repos)

These packages contain debug binaries or the debuginfo symbols. The packages are available in yum/apt using the respective debug name.

darwin/osquery-debug-2.6.1.pkg


sha256: c2350b21b5a0204a2e1f4fc553b1b208b0252300afd9675fbad2c6804a6b0ebc

rpm/osquery-debuginfo-2.6.1-1.linux.x86_64.rpm


sha256: 53eca871a0784d5e5d8b842dc919da4709b06f06b21e180ef866362a78f36e6c

deb/osquery-dbg_2.6.1_1.linux.amd64.deb


sha256: 0663462d1309a81f12a249db837c18907b5c00c684df39bcf8f655531bfb3938