2 releases

0.1.1	Mar 2, 2022
0.1.0	Mar 2, 2022

#4 in #osquery

28 downloads per month

MIT/Apache

120KB
3K SLoC

This project provides the bindings to osquery for Rust. It's still in its early stages. However, its continuously improved. Feel free to create an issue on Github if you are missing something or experience bugs.

Please be aware that for the time being, osquery-rust provides its own patched thrift crate as long as the upstream thrift crate does not support unix domain sockets.

Tools

Thank you to all who contributed to these tools, as they enabled me to build this.

Rust and Cargo
Manjaro Linux
Intellij Idea
Thrift
osquery
Clap (Rust library to define and parse CLI)
git

Genesis

$ pacman -sS rustup community/rustup 1.24.3-2 [installed] The Rust toolchain installer

$ cargo --version cargo 1.56.0 (4ed5d137b 2021-10-04) $ rustc --version rustc 1.56.1 (59eed8a2a 2021-11-01) $

$ sudo pacman -S thrift $ thrift -version Thrift version 0.15.0 $

$ git clone https://github.com/osquery/osquery $ cd osquery/ $ find . -name osquery.thrift ./osquery/extensions/thrift/osquery.thrift $ cp -a osquery/extensions/thrift/osquery.thrift ~/IdeaProjects/osquery-rust/ $

$ git config --global init.defaultBranch main $ git init

$ cd ~/IdeaProjects/osquery-rust/ $ thrift -out src --gen rs -r osquery.thrift $ head -1 src/osquery.rs // Autogenerated by Thrift Compiler (0.15.0) $

Roadmap

MVP: communicates with osquery via socket and provides a table with data from /proc/meminfo (Done)
Publish MVP on crates.io
Improve documentation and provide a tutorial
Rethink API and align with Rust API Guidelines
PR to Thrift to contribute the support for unix domain sockets to upstream

Naming Convention

Do not follow rust naming as usage of - / _ in package / crate names is unclear. So wie follow the naming convention of osquery, e.g. osquery-go => Go bindings.

osquery-rust