非死book开源的操作系统监控工具:osquery
jopen
10年前
非死book开源的操作系统监控工具osquery,可以用于OSX和Linux操作系统,osquery能够实现底层操作系统分析和监控。osquery把一个操作系统作为高性能的关系数据库对象。这使您可以编写基于SQL的查询,探索操作系统的各项指标数据。基于osquery,以下各种都能抽象成SQL Table如
- 正在运行的进程
- 加载的内核模块
- 打开网络连接
-------------------------------------------------------- -- get the name, pid and attached port of all processes -- which are listening on all interfaces -------------------------------------------------------- SELECT DISTINCT process.name, listening.port, process.pid FROM processes AS process JOIN listening_ports AS listening ON process.pid = listening.pid WHERE listening.address = '0.0.0.0'; -------------------------------------------------------- -- find every launchdaemon on an OS X host which -- * launches an executable when the operating -- system starts -- * keeps the executable running -- return the name of the launchdaemon and the full -- path (with arguments) of the executable to be ran. -------------------------------------------------------- SELECT name, program || program_arguments AS executable FROM launchd WHERE (run_at_load = 'true' AND keep_alive = 'true') AND (program != '' OR program_arguments != '');