On Wednesday, Facebook said it is open sourcing a software framework called osquery that lets users see their operating system as a relational database, supposedly making it easier for them to learn how their OS is functioning.
Using osquery, common operating system characteristics like running processes, drivers and open network connections can be viewed as SQL tables, which allows users to run SQL queries on them to discover potential problems and troubleshoot errors.
You can even use osquery as a security tool to help discover malicious activity lurking about in your OS. For example, you can run a custom SQL query that displays all of the running processes on your OS that originally launched from a binary that doesn’t exist on your OS filesystem — a common trait of shady processes.
The social networking giant also created some handy tools (also part of the open-source release) based from the osquery framework that can help users learn about their OS performance. The osqueryi query console works as an SQL interface for users to experiment with queries and the host-monitoring daemon osqueryd lets folks schedule those queries.
From the [company]Facebook[/company] blog:
[blockquote person=”Facebook” attribution=”Facebook”]The daemon takes care of aggregating the query results over time, and generates logs which indicate state changes in your infrastructure. You can use this to maintain insight into the security, performance, configuration and state of your entire infrastructure. Osqueryd’s logging can integrate into your existing internal log aggregation pipeline, regardless of your technology stack, via a robust plugin architecture.[/blockquote]
The osquery codebase is comprised of many different software components and public APIs that users can play around with to make their own tools and applications. It’s also supposedly cross platform so both Linux and Mac OS users should be satisfied.
Facebook said that it let a couple of companies give osquery a test ride and has so far received good reactions.