You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Osquery "apt_sources" query execution, is failing with the message "Cannot open file for reading: /etc/apt/sources.list". The error occurs as this query relies on the existence of a file that is not present on the filesystem.
# 1. adhered to Deb822-style format
# 2. delete /etc/apt/sources.list
# 3. run the following command
osqueryi --line "select name from apt_sources;"
W0125 19:24:02.123013 5283 glog_logger.cpp:34] Cannot open file for reading: /etc/apt/sources.list
What did you expect to see?
A list of repository names.
What did you see instead?
osqueryi --line "select name from apt_sources;"
W0125 19:24:02.123013 5283 glog_logger.cpp:34] Cannot open file for reading: /etc/apt/sources.list
The text was updated successfully, but these errors were encountered:
Bug report
What operating system and version are you using?
version = 12 (bookworm)
build =
platform = debian
What version of osquery are you using?
version = 5.7.0
What steps did you take to reproduce the issue?
Osquery "apt_sources" query execution, is failing with the message "Cannot open file for reading: /etc/apt/sources.list". The error occurs as this query relies on the existence of a file that is not present on the filesystem.
I've adhered to the Deb822-style format (https://repolib.readthedocs.io/en/latest/deb822-format.html), and as part of the configuration, I deliberately exclude the "etc/apt/sources.list" file.
It's noteworthy that Osquery currently does not inspect files with the ".sources" extensions.
What did you expect to see?
A list of repository names.
What did you see instead?
The text was updated successfully, but these errors were encountered: