.. | ||
_data | ||
_docs | ||
_includes | ||
_layouts | ||
_posts | ||
_sass | ||
_schema | ||
css | ||
downloads | ||
doxygen | ||
fonts | ||
img | ||
js | ||
news | ||
redirects | ||
schema | ||
static/docs | ||
wiki | ||
_config.yml | ||
.gitignore | ||
404.html | ||
favicon.ico | ||
Gemfile | ||
icomoon-selection.json | ||
index.html | ||
README.md |
osquery site
This is a redesign from the old Django https://osquery.io site.
Initially it is a clone of the Jekyll docs sites. The goal is to provide a community blog, a unified user guide (documentation), and transparency about the content hosted at https://osquery.io. Having a monolithic repository is helpful.
Adding a new news/blog article
You will find all of the blog posts in the _posts
directory.
- Make a new file in the form
YYYY-MM-DD-title.markdown
in_posts/
- Add the metadata below to the top of the file. Then compose your post.
- Use the Running locally directions to preview your post.
- Commit.
Your post should use the following form:
---
title: "This is your title"
date: 2017-08-20 00:46:48 -0700
categories: fim auditing update
---
Your content here.
Feel free to use any markdown.
Adding a community article
The community articles are "external" links to community resources. If you would like to compose a community resource, please consider if it would be appropriate as a "wiki" document or a "new" or blog article. If you'd like to compose a doc see the Adding a new wiki page, if you'd like to compose a news item see Adding a new blog article.
To add a community resource link:
- Edit the
_data/resources.yml
file. - Add your link metadata.
- Use the Running locally directions to preview your post.
- Commit.
The added metadata uses the following format:
- speaker: Firstname Lastname
twitter_handle: the_persons_twitter_handle
link: https://complete/link/to/resource
topic: Friendly title for the resource
year: 2017
Running locally
You can preview your contributions before opening a pull request by running from within the directory:
bundle install --without test test_legacy benchmark
bundle exec jekyll serve
It's just a Jekyll site, afterall!
This GitHub guide was helpful for getting started.
To test the site use:
bundle exec htmlproofer ./_site --only-4xx --check-favicon --check-html
This will be run in the Code Audit
Jenkins job.
Updating Font Awesome
- Go to https://icomoon.io/app/
- Choose Import Icons and load
icomoon-selection.json
- Choose Generate Font → Download
- Copy the font files and adapt the CSS to the paths we use in Jekyll
Website Todo
- Update code in
/tools
to produce the correctversion.yml
for new releases. - Convert the deprecated ReadTheDocs wiki pages to Jekyll docs.
- Look for existing common redirects for backwards compatibility.
ReadTheDocs Wiki (deprecated)
The ReadTheDocs wiki (https://osquery.readthedocs.org/en/stable) is generated using a RTD-configured osquery project and associated GitHub Service. This Service is documented by RTD and more-or-less setup automatically with the project. RTD generates documentation for every version (git tag). It calls the most recent tag 'stable', the most recent commit to master 'devel', and includes links to every past version. The project settings and sidebar for RTD is kept in the root as mkdocs.yml.
Adding a new page
New wiki pages should be organized into one of the following categories:
- Introduction: Overview of the project or a tool.
- Installation: Deep dives into OS-specifics, packaging, and switches that control starting tools.
- Deployment: Tool concepts and all the wonderful goodies of making osquery useful.
- Development: Help and guides for starting with osquery development and build.
Make a new "filename.md" within the category folder withing /docs/wiki/CATEGORY/
. Then add the friendly page title and path to mkdocs.yml, in the order the page should appear within the wiki sidebar.
Wiki style tips
- Inline code highlighing (
$ echo 'this is inline'
) does not look the best in RTD, try to have as little inline syntax highlighting as possible. - osqueryd, osqueryi and other tool names should be in bold. Use
inline highligh
when a tool or script is mentioned for the first time. - Filesystem paths and non-clickable URI examples should also be bold.
- Flag names are usually in quotes,
inline highlight
when introduced for the first time or used as an example.
Doxygen
The Doxygen documentation is not hosted anywhere, each developer must build and view-locally. To build the docs use make docs
.
The output HTML documentation is written to ./build/docs/html/
. Use index.html
to begin exploring.
Tables and Packs
Table schema, the osquery user API, is created using the Python-based ".spec" files in ./specs
. More documentation on how specs work can be found in the Creating New Tables developer documentation. These files are used to build osquery, but can be parsed to create JSON-based API schema. This JSON is published to the homepage at [https://osquery.io/schema/].
Use: ./tools/codegen/genapi.py
to generate the amalgamated schema. To generate a "change log" between tags, use the same script but use --diff
and supply the two JSON imputs.
./tools/codegen/genapi.py > ./build/docs/CURRENT.json
./tools/codegen/genapi.py --diff ./build/docs/OLD.json ./build/docs/CURRENT.json
We keep the table schema in osquery/osquery
's /schema
directory.
This protects the facebook/osquery
repo from 1000+ LoC checkins of generated JSON.
The /docs/_data/packs.yml
holds the name of each pack and a friendly title.
The Jekyll site will fetch each title from the /packs
directory in facebook/osquery
.