This project provides the bindings to osquery for Rust. It's still in its early stages. However, its continuously improved. Feel free to create an issue on Github if you are missing something or experience bugs.
Please be aware that for the time being, osquery-rust provides its own patched thrift crate as long as the upstream thrift crate does not support unix domain sockets.
Thank you to all who contributed to these tools, as they enabled me to build this.
$ pacman -sS rustup community/rustup 1.24.3-2 [installed] The Rust toolchain installer
$ cargo --version cargo 1.56.0 (4ed5d137b 2021-10-04) $ rustc --version rustc 1.56.1 (59eed8a2a 2021-11-01) $
$ sudo pacman -S thrift $ thrift -version Thrift version 0.15.0 $
$ git clone https://github.com/osquery/osquery $ cd osquery/ $ find . -name osquery.thrift ./osquery/extensions/thrift/osquery.thrift $ cp -a osquery/extensions/thrift/osquery.thrift ~/IdeaProjects/osquery-rust/ $
$ git config --global init.defaultBranch main $ git init
$ cd ~/IdeaProjects/osquery-rust/ $ thrift -out src --gen rs -r osquery.thrift $ head -1 src/osquery.rs // Autogenerated by Thrift Compiler (0.15.0) $
Do not follow rust naming as usage of - / _ in package / crate names is unclear. So wie follow the naming convention of osquery, e.g. osquery-go => Go bindings.
https://github.com/osquery osquery GitHub repo
https://github.com/osquery/osquery-go osquery Go bindings GitHub repo
https://github.com/apache/thrift thrift GitHub Repo https://github.com/apache/thrift/tree/master/tutorial/rs Rust Language Bindings for Thrift Tutorial
https://prateeknischal.github.io/posts/apache-thrift-over-unix-sockets/ Unix Socket
https://github.com/clap-rs/clap/blob/v3.0.13/examples/tutorial_derive/README.md Clap is so cool!