This week Facebook open sourced a project called osquery, which offers the ability to access low-level operating system information through simple SQL queries (more precisely SQL as understood by SQLite). More information for how to navigate through the tables can be found in the github page.
Installing/building osquery in Linux (in my case Ubuntu 14.04 LTS) is as follows:
git clone https://github.com/facebook/osquery
Testing the project: make test
Deploying and running it: make install
make deps will take care of installing everything you need to compile osquery.
If you have any errors in your source list make deps will end with errors and osquery will not be installed, because the used packages are not available. Therefore make sure that you have the latest packages and don’t get any errors in the source.list: sudo apt-get update (also sudo apt-get upgrade). In case of errors, you can fix the source.list by editing: sudo gedit /etc/apt/sources.list
Here is another good tutorial on installing and using osquery.
The easiest way to install fresh version of MariaDB is trough the OurDelta Package. First add the repository to your system:
wget -O- http://ourdelta.org/deb/ourdelta.gpg | sudo apt-key add -
sudo wget http://ourdelta.org/deb/sources/lucid-mariadb-ourdelta.list
\ -O /etc/apt/sources.list.d/ourdelta.list
Afterwards, don’t forget to fetch the new lists with:
$sudo aptitude update
Then install MariaDB with :
$sudo apt-get install mariadb-server-5.1
In my case I was missing some dependencies ,so I have to run
$sudo apt-get -f install
which installed additionally mariadb-server-core-5.1 and then all the other packages.
By default the number of open files pro user in Ubuntu 8.04 is 1024. In my case this number was too small so I have to increase it.This is done with the ulimit command:
$ulimit -a # see all the kernel parameters
$ulimit -n #see the number of open files
$ulimit -n 9000 # set the number open files to 9000
The problem with this way is that the ulimit parameter is only set currently for this command terminal and user.If you open a new tab and type again ulimit -a you will see that the number of open files is 1024.This means that after a reboot you’ll need to set the parameter again.
First, in order to set this options automatically you have to edit the etc/security/limits.conf file.
$sudo gedit /etc/security/limits.conf #open the file in gedit
The # means that this part is commented.The wildcard * means for all users.We need to set the nofile option meaning maximum number of open files.If you want to change the number of files of user, you should add this line in the limits.conf:
user soft nofile 9000
user hard nofile 65000
If you want to set the nofile only for superuser you just write root instead of user.
root soft nofile 9000
root hard nofile 65000
Second you have to add a line in the /etc/pam.d/common-session file:
$ sudo gedit /etc/pam.d/common-session #open the file in gedit
Then add the line:
session required pam_limits.so
Now after rebooting you can see in the terminal with ulimit -a the change.
The option with wildcard *didn’t work for me , because I used root accout to run my programms and wildcard option doesn’t affect the superuser.
Remark: Using the same steps you should be able to set and change other parameters ( core file size, max user processes, stack size ….) from the ulimit options.