1

Is it possible to get information about the underlying host node from a container with osquery?

What I'm thinking is mounting in (via networking? or via a volume mount?) osqueryd and then having the client (and queries) inside of a container.

Is this possible? I read the docs and couldn't quite wrap my head around it.

seph
  • 813
  • 6
  • 16
aronchick
  • 6,786
  • 9
  • 48
  • 75

1 Answers1

0

Osquery works by accessing various system APIs and filesystem paths, and then presenting that information in structured SQL form. To report on a host, it much have access to the host.

I'm not familiar enough with all to corners of containers to know what's possible. But I think this is somewhat difficult.

Since you want osquery to access to the underling host, why have it in a container?

seph
  • 813
  • 6
  • 16
  • My thought was to communicate with either the host daemon and/or the data store on the host. The logic is that inside the container, I need OS Query information to take further action - across a fleet for example. – aronchick Jun 25 '23 at 18:45