Facebook has released an open-source tool for monitoring operating system state changes across very large infrastructures, which could help engineers quickly diagnose performance and security issues.
The tool, called Osquery, allows administrators to run SQL-based queries on operating system characteristics stored in a high-performance database, collecting data such as running processes, loaded kernel modules and open networking connections, wrote Mike Arpaia, a Facebook software engineer.
In the last few months, Facebook let other companies try Osquery after “it became clear to us that maintaining insight into the low-level behavior of operating systems is not a problem which is unique to Facebook,” he wrote.
In a separate post, Arpaia described one component of Osquery, which is a low-footprint, distributed host daemon. An admin can schedule queries, and the daemon collects the results and creates logs showing OS state changes, which give an indication of the network’s health.
Since Osquery will have a deep reach, Facebook wants to make sure its code doesn’t have any bugs. It has made Osquery eligible for its bug hunting program, which pays a minimum of US$2,500 for valid vulnerability submissions, Arpaia wrote.
Privilege escalation and remote code execution vulnerabilities are examples of types of problems Facebook wants to find, he wrote.
Osquery is cross platform and will work with a variety of operating systems such as Mac OS X, CentOS and Ubuntu.