empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2dd0421f5f
fleet/articles/how-to-uninstall-osquery.md
Mike Thomas bf11f2df66
Articles housekeeping (#6389) 
* Articles housekeeping

Style tweaks:

- reduced categories-and-search margin-top
- changed color of category on cards
- removed time stamps from cards

Image updates:
- created missing images, and replaced existing with a cleaner, more vibrant style to the following categories.
    - security
    - guides
    - engineering
    - podcasts
- Normalized release thumbnails. The current graphics are over-designed, inconsistent, and too busy/hard to process.

* lint fix

* remove ")" from image caption

* remove old article images

* update cover image filenames for consistency

* add deleted image, update filenames to match naming conventions

* fix typo in filename

Co-authored-by: Eric <eashaw@sailsjs.com>
2022-06-28 16:18:41 -05:00

2.4 KiB
Raw Blame History

How to uninstall osquery

This article walks you through the steps to remove osquery from your device. Remember that if you enrolled this device in a Fleet instance, it would display as an offline host in the Fleet UI until you manually remove it.

On macOS:

Open up your terminal and paste the following commands; note that sudo is required, and youll need administrator privileges to complete this process.

sudo launchctl unload /Library/LaunchDaemons/io.osquery.agent.plist
sudo rm /Library/LaunchDaemons/io.osquery.agent.plist
sudo rm -rf /private/var/log/osquery /private/var/osquery
sudo rm /usr/local/bin/osquery*
sudo pkgutil --forget io.osquery.agent

These commands stop the running osquery daemon, remove it from your device, and delete the files created by osquery.

And thats it; you have now removed osquery from your macOS device.

On Windows:

Removing osquery on Windows 10 is a simple process. To get started, open Windows settings and go to Apps. Then find “osquery” and click Uninstall.

Uninstall osquery

Click Uninstall again to confirm, and osquery will be removed from your Windows device. You might need to restart your computer to complete the uninstall process fully.

On Linux:

  1. Open your terminal and paste the following commands to stop the running osquery service, uninstall osquery, and clean up files created by osquery.

  2. Note that sudo is required, and youll need administrative privileges to complete this process.

  3. Using Debian package manager (Debian, Ubuntu, etc.) :

sudo systemctl stop osqueryd.service
sudo apt remove osquery
rm -rf /var/osquery /var/log/osquery /etc/osquery

Using yum Package Manager (RHEL, CentOS, etc.) :

sudo systemctl stop osqueryd.service
sudo yum remove osquery
rm -rf /var/osquery /var/log/osquery /etc/osquery

Are you running into trouble uninstalling osquery on macOS, Windows, or Linux? Get help on Slack in the #fleet channel.