非死book開源的操作系統監控工具:osquery
非死book開源的操作系統監控工具osquery,可以用于OSX和Linux操作系統,osquery能夠實現底層操作系統分析和監控。osquery把一個操作系統作為高性能的關系數據庫對象。這使您可以編寫基于SQL的查詢,探索操作系統的各項指標數據。基于osquery,以下各種都能抽象成SQL Table如
- 正在運行的進程
- 加載的內核模塊
- 打開網絡連接 </ul> SQL Table通過一個易于擴展的API來實現。已經有存在各種表,還有更多的表正在編寫。為了更好地理解osquery,下面是一個SQL查詢示例:
-------------------------------------------------------- -- get the name, pid and attached port of all processes-- which are listening on all interfaces
SELECT DISTINCT process.name, listening.port, process.pid FROM processes AS process JOIN listening_ports AS listening ON process.pid = listening.pid WHERE listening.address = '0.0.0.0';
-- find every launchdaemon on an OS X host which -- launches an executable when the operating -- system starts -- keeps the executable running -- return the name of the launchdaemon and the full
-- path (with arguments) of the executable to be ran.
SELECT name, program || program_arguments AS executable FROM launchd WHERE (run_at_load = 'true' AND keep_alive = 'true') AND (program != '' OR program_arguments != '');</pre>
本文由用戶 jopen 自行上傳分享,僅供網友學習交流。所有權歸原作者,若您的權利被侵害,請聯系管理員。
轉載本站原創文章,請注明出處,并保留原始鏈接、圖片水印。
本站是一個以用戶分享為主的開源技術平臺,歡迎各類分享!