README
¶
osctrl
Fast and efficient osquery management.
What is osctrl?
osctrl is a fast and efficient osquery management solution, implementing its remote API as TLS endpoint.
With osctrl you can monitor all your systems running osquery, distribute its configuration fast, collect all the status and result logs and allow you to run on-demand queries.
[!WARNING] osctrl is a fast evolving project, and while it is already being used in production environments, it is still under active development. Please make sure to read the documentation and understand its current state before deploying it in a critical environment.
Running osctrl with docker for development
You can use docker to run osctrl and all the components are defined in the docker-compose-dev.yml that ties all the components together, to serve a functional deployment.
Ultimately you can just execute make docker_dev and it will automagically build and run osctrl locally in docker, for development purposes.
Documentation
You can find the documentation of the project in https://osctrl.net
Slack
Find us in the #osctrl channel in the official osquery Slack community (Request an auto-invite!)
License
osctrl is licensed under the MIT License.
Contributing
Feel free to fork the repository and submit pull requests. For major changes, please open an issue first to discuss what you would like to change.
Directories
¶
| Path | Synopsis |
|---|---|
|
admin
|
|
|
auth
module
|
|
|
handlers
module
|
|
|
sessions
module
|
|
|
api
|
|
|
handlers
module
|
|
|
backend
module
|
|
|
cache
module
|
|
|
carves
module
|
|
|
cmd
|
|
|
admin
command
|
|
|
api
command
|
|
|
cli
command
|
|
|
tls
command
|
|
|
environments
module
|
|
|
logging
module
|
|
|
metrics
module
|
|
|
nodes
module
|
|
|
pkg
|
|
|
queries
module
|
|
|
settings
module
|
|
|
tags
module
|
|
|
tls
|
|
|
handlers
module
|
|
|
tools
|
|
|
fake_news_go
command
|
|
|
types
module
|
|
|
users
module
|
|
|
utils
module
|
|
|
version
module
|