mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 17:05:18 +00:00
28 lines
853 B
Bash
Executable File
28 lines
853 B
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# Exit if no input file provided.
|
|
[ -z $1 ] && >&2 echo "Error: Input file must be provided" && exit 1
|
|
|
|
# Read lines from input file.
|
|
cat "$1" | while read -r line
|
|
do
|
|
# Ignore comments (lines starting with #) and empty lines in the input file.
|
|
if [ "${line:0:1}" = "#" ] || [ -z "$line" ]; then
|
|
continue
|
|
fi
|
|
|
|
IFS=': ' read -r table_name query <<< "$line"
|
|
|
|
# Print the query to run.
|
|
echo "$table_name"
|
|
echo
|
|
echo sudo osqueryi --line \""$query limit 3"\"
|
|
echo
|
|
|
|
# Run the query ('2>&1' sends stderr to stdout)
|
|
sudo osqueryi --disable_events=false --disable_audit=false --audit_allow_user_events=true --audit_allow_process_events=true --audit_allow_config=true --enable_keyboard_events=true --enable_mouse_events=true --line "$query limit 3" 2>&1
|
|
echo
|
|
echo "---"
|
|
echo
|
|
done
|