Crate osquery_rust

With osquery-rust, we strive to make Osquery extension development a breeze. If you have ideas how to improve developer experience, reach out to us on GitHub.

If you encounter any issue with this crate, please raise an issue. We are here to support you and your venture.

As this is the crate’s documentation, we focus here on the lib itself. However, osquery-rust is more than just the lib. Please check out the project’s README on GitHub to see the whole picture.

Include osquery-rust in your Rust project

Make sure to include osquery-rust as a dependency in your Cargo.toml. As osquery-rust is in its early stages and might evolve fast, please check for the latest version often. We adhere to semver. So you can rely on caret notation when selecting the version.

[dependencies]
osquery-rust = "^0.1"

Get started

Annotate main with #[osquery_rust::args] to import code defining the CLI of your extension.

use osquery_rust::prelude::*;

#[osquery_rust::args]
fn main() -> std::io::Result<()> {

    // Args available due to annotation
    let args = Args::parse();

    // Have a look at the example folder for more details.

    Ok(())
}

Modules

• plugin
• prelude
  Expose all structures required in virtually any osquery extension

Structs

• Server

Type Aliases

• ExtensionPluginRequest
• ExtensionPluginResponse
• ExtensionResponse
• ExtensionStatus

Attribute Macros

• args
  Defines a CLI for an osquery-rust based extension which is compliant to osquery interface.