For release notes please visit https://github.com/facebook/osquery/releases.

Build osquery

To take advantage of the most current features and join the osquery development community we like to suggest building from source! Head to GitHub clone and compile.

$ git clone http://github.com/facebook/osquery.git
$ cd osquery
$ make deps
$ make -j 8
$ ./build/<platform>/osquery/osqueryi

Install or package

With a working build you may install or create OS-specific packages for deployment. Using the recommended osquery-provided vagrant build environments and the build steps your packages should be as portable as possible.

# make install # optional
$ make packages
[...]
[+] package created at ./build/linux/osquery-XYZ.rpm


 macOSX Package

You can download a pre-built osquery package that contains the binaries, LaunchDaemon, and example configurations. There are no package or library dependencies needed.

osquery-2.5.0.pkg


sha256: dd68377ad5ede0da882f8489416027feb831e4e3c8cf311289a4d32610c5603e

Install with brew

The community publishes an macOS Homebrew every other week. Installing using brew is not officially supported since we cannot strictly control the build or library dependency builds.

$ brew update
$ brew install osquery
$ /usr/local/bin/osqueryi

Install yum repository

We publish osquery in a yum repository. The RPMs have extremely few dependencies and should work on *most* x86_64 Linux operating systems. You may install the "auto-repo-add" RPM or add the repository target:

curl https://s3.amazonaws.com/osquery-packages/rpm/RPM-GPG-KEY-osquery \
  | sudo tee /etc/pki/rpm-gpg/RPM-GPG-KEY-osquery
sudo yum-config-manager --add-repo https://s3.amazonaws.com/osquery-packages/rpm/osquery-s3-rpm.repo
sudo yum-config-manager --enable osquery-s3-rpm
sudo yum install osquery

RPM-based 64bit Linux

You may also download a pre-built osquery RPM that contains the binaries, an init.d script, systemd service, and example configurations. The RPMs have extremely few dependencies and should work on *most* x86_64 Linux operating systems.

rpm/osquery-2.5.0-1.linux.x86_64.rpm


sha256: 57cbb8a6e85f2ea19426970e728564422e906233a38dfd60aabbf7df6cafd97e

Install apt repository

We publish osquery in an apt repository. The DEBs have extremely few dependencies and should work on *most* x86_64 Linux operating systems.

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B
sudo add-apt-repository "deb [arch=amd64] https://osquery-packages.s3.amazonaws.com/deb deb main"
sudo apt-get update
sudo apt-get install osquery

DEB-based 64bit Linux

You may also download a pre-built osquery DEB that contains the binaries, an init.d script, systemd service, and example configurations. The DEBs have extremely few dependencies and should work on *most* x86_64 Linux operating systems.

deb/osquery_2.5.0_1.linux.amd64.deb


sha256: 96400ce5b7fd27ffa89f5327bcce4bb0bf8678c72a256c17b23a0d2febdc9ed1

 Windows Choco Package

We recommend installing and deploying Windows support using chocolatey. Please let us know if your enterprise could make use of other package formats.

C:\> choco install osquery

For details see the chocolatey project page https://chocolatey.org/packages/osquery.

Windows devkit

Version 2.0.0 is the first with Windows support. As we develop table parity with POSIX, we also recommend following along and contributing to the development effort!

C:\> git clone https://github.com/facebook/osquery
C:\> .\tools\make-win64-dev-env.bat
C:\> .\tools\make-win64-binaries.bat

Links for scripts

Every release version is published to S3 on midnight of the release day. A symlink is created for external projects, package maintainers, and integrations. You can find the latest stable package in each platform and distribution's directory on S3:

https://osquery-packages.s3.amazonaws.com/darwin/osquery.pkg
https://osquery-packages.s3.amazonaws.com/centos7/osquery.rpm
https://osquery-packages.s3.amazonaws.com/xenial/osquery.deb

Generic Linux-based OS tarball

If you're using a Linux distribution that does not support RPMs/DEBs you may untar this to /. The package layout assumes /usr is your prefix and installs the same static x86_64 ELFs found in the other packages.

linux/osquery-2.5.0_1.linux_x86_64.tar.gz


sha256: 5a56720a22778f284238d83e2a5655418d7103ec809e8e4c21318ae22b863dfe

GPG key for RPMs and DEBs

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFTC4xABEADYBQa4v0v1UI0ikTL1neuaWYOia23TE3R4BprcztGUlzO97cqF
AKkrvs0bze0NcCKxz+5mISRnkwIp4H8JaM3yffhC2Bx3Cc7fPcuyBmZtwMVS9/p/
yjP1LSVatLbBXjymzCyv4DNlyVtVe4UeMpek82PwBzcWPWB1hiNzQUr508vFT01x
c19B4Niswqwm1OjKNVtjFoinX4aU7ZqEo+EvPPthGMxMkfwGnQLpaqAv7PLGQbHz
Dd1fTwWOcOpzcfUP/6n1G7uRIiIdRkya5UDwCfJxYzNhM/7LA4mrd5JAqAUFIZX8
XHUXAysU+09beyBqY678Ary4rIqZCXx2/IrqzFrFGZAPZ8dR2B6aUN03F23stBvJ
+z7Ge4/JUvswqjpJ7P3Ug/tSI9mTcmjaCvIRHJecRKIlvb4OeRQ3pC7BY8f6hPoH
sx/I1ZIcd2mPf4GWwK0o4PjcnyvO3qSV4NDlwMRBqTZfdtxQ5jxEHBhPSrEs6kr2
wTBnk+YC2XGHuZzmJb7HEX0MTvSuihmWXRixEwOpHmP+2fy20v/6yeNsiKV7LtS/
4M7aIy1iwG/etiWtm6k+wMTmiAl017tqVm9kni80wuG5c6jVUw5maNHXvQiRIB7e
NN5fDGQL/1lQjXucbVzagbTyYrv9Agmg89TanC3+UYSS5FQ2qGse8q3lAwARAQAB
tCJvc3F1ZXJ5IChvc3F1ZXJ5KSA8b3NxdWVyeUBmYi5jb20+iQI3BBMBCgAhBQJU
wuMQAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEJeoDGPJ2LgLEKoQAJ6w
8uKo8+WosiCbKrioPCirGH3RW703AQ+RHb5+XojpbCsuqnqDRI4dZKLhnI60kpLX
Fstz+P3PofYKFJDoSAwb0351StE6iWkCW5lWYIH/VpiYcSl5eg2+G8wd7aAL6huK
vt0NqsknmDa/4MuKFjWKSWjlApI5qu1ZV3h9C3n5qrWuMby5ooGM2VO93yKUu1l2
MVj72OCIWlG0RYfCRdyDtDfHFwtw5aKim8VpbD+w5Ge+Hyd0RCNaUPj7v6jaESjY
cH5zcpHt11j0kzfQ3byKHKuau+Yp8Nqj4fUJB+H9mILpy+AzJkxI+KbZBJ2LQ9rf
itmAy7/KjFG01i3mHMNmmRTNCfJijfP5wC/cAbG7H9QN25MsZ0oqo0NqkVYPjBAe
hY3qu35i+dH/yODy/2pK00UkobXqwsPlQyn/f7AhP7Rm+t8557LAo7GK8SyjN8Kv
zJAspACGogxx5l4fkWMKXoy5sEQyJ55jZAtC4Am3bA/hMgDycoIJ90y/Jl/mSb5k
GEcIUDI/MSWDhG8B0THyj7tGLAbWbx45nDQyrl6T9N5haDkVVIIz1UY+s1q89YXU
OK8afUibFh1drpfHx/sbHqMnAxDsA5HqYYjO5A7teKQTkvXn77zph7C/oi8g29WF
gHczO/S/I3qyGBkU+lsDG0JAVP5gMk4CKBb372svuQINBFTC4xABEAC2XUgq3NEP
4Uiz/3pWeNMvGKP+7JGZgDstgid86OYZ0aKA1vJ+khyJd3xT/dMH0wm7RVgjm9Jn
TEZvIpWpvxoVmxNUoM/DwlavYBJmsuI6jXPJBX+hfNkG9N9VlQBUZAZZIsSMLs4x
qGw1QyMcOf3KmqwmwHAqniyptZqGOt3GEPIUXHL7Cw+BVKy2Jt83z3glLEI9i+iS
dMWefMDmGxXMrTfIUxG39nFDtAV/8Jp3kbtTxduKfG12uy81ST39YjFAZzwavW3E
d5grtwJqpLA6vCK6iR2NMp2NT69HHey+cLlTqcgxPI8ptypPVF2WyvytvVLT7Hm2
Cpz6faACd5JKGWAc7Tb3ZjfG1zmJGcbu/1CFt8gSa/b0ZW1uw1fLAGBmsZq1t0XT
8IlLf1BpajgwxJRMfr+kjW8eoHnI8Gthb3PIip6bOZVTbPp67ybJ8kVPzpBY9ePo
xSF90uuvONpl7uJp7qgHNxtx4tacyzK7CEWiMXjOgmjHDjNTKFC4MNHs++Ube7o4
53CjmiFyrYObLwJPL5Gtir6owbk0jGlz8FIdp8UWMRzUR+7QDZZv10tRQ4FRg3V/
OUwE5clT8mbU66jXD6IK5+tKfYJO4cr4dhpcbyVp5ZGM9yDGmXCvwCg37jFXScGK
3FQZOFxiOeXITFq6ooLVhu0EG7yKCKSSuwARAQABiQIfBBgBCgAJBQJUwuMQAhsM
AAoJEJeoDGPJ2LgL6jkQANDHRpPX5cpfJHt/NsKYKz7ABoFkXtv+xA/AW92C+hNP
3aeo5MOGwHtJ4hQI0s2Z/r9mH8C7IQ2UOlEvl1r5GXUmoMqKbvNkjJo+kWG+3gd8
es/Ua3nuQGGuGb1TzP2ONHlsvkiKz4pTEc8Owrg3dTE065fbYxsgyCOOuMksmEll
s6ypl0nCjAcrTEvx7t/yyqR8p8GUnSXbIx5q0KMKYxiA0mV4jvoWCPkNJxVk9YY4
Ot9bl4QkPK100rEEPaMWvj01DYveZRz1Ab22zBCaj82dMEFtuulg7jNm1DNHKFd2
Z1Dy/rDJBcF59A/1K5HiZERDyGSw6p0nnMjtU+PGGT/7slzRah+IpK6XLl/2/U5k
X3T3k+2M+zT+U+/f6jHpq23ii9lPFLe3qZ3mEuDWNnV6ui6D1oCWpF2DqVLoxjjF
gDJCamKZURaPsA6GRlZhCogHKmpnShezPm4StMS7ECp7+XXMzvVIFTlfkwCfDkMK
qifLlfpRxyhQkmWdiBe9WP7mO3QIOLGzSFr+CKSWl1QOownASYD7UiQdP06Pceae
Rc7zizaDGqJKw/uiXwcq0ExiiIVdyC4PZ6nh/yISNqQDa308u0qkDxycNVHgjYSv
gaS/aDkkb7zrq/37KTGwlMHFgVNgnRw3LB0zHRw/1+FDlRCfhEedS4rsUS8EvZHm
=4n44
-----END PGP PUBLIC KEY BLOCK-----