shellテストの練習

テストスクリプト

コード表示

[root@61eff46d2318 html]# cat a.sh 
#!/bin/bash -eu
fmtclr(){
  local clr_nm clr
  readonly clr_nm="$1"
  shift
  case ${clr_nm} in
    red) clr=31;;
    green) clr=32;;
    yellow) clr=33;;
    *) clr=30;;
  esac
  printf "\033[${clr}m%b\033[m\n" "$@"
}

hdlerr(){
  fmtclr yellow false
}

prt(){
  echo "______________________________________________$1______________________________________________"
  echo -e "$2"
}

ast(){
  qes=$1
	shift
  ans="$@"
  prt 'qes' "${qes}"
  rsv=$(echo ${qes} | xargs -t -I@ bash -c '@') || hdlerr
  prt 'rsv' "${rsv}"
  prt 'ans' "${ans}"
  if [[ $(echo -e "${ans}") =~ $(echo -e "${rsv}") ]]; then
  	fmtclr green true
  else
  	fmtclr yellow false
  fi
}
[root@61eff46d2318 html]# ll
total 4
-rw-r--r--. 1 root root 657 May  1 18:47 a.sh
[root@61eff46d2318 html]# chmod u+x *sh
[root@61eff46d2318 html]# ll
total 4
-rwxr--r--. 1 root root 657 May  1 18:47 a.sh

テストスクリプトを読み込む

コード表示

[root@61eff46d2318 html]# . ./a.sh

テストする

コード表示

[root@61eff46d2318 html]# ast "echo {a..c}" "a b c"
______________________________________________qes______________________________________________
echo {a..c}
bash -c echo {a..c} 
______________________________________________rsv______________________________________________
a b c
______________________________________________ans______________________________________________
a b c
true

あとがき

エスケープの癖とか見抜けるようになってくる。これでawkの練習するぞー。

dmpとかするシェルスクリプト

ディレクトリマウント

OSとORACLEをつなぐ。

コード表示

cd /mnt/18cr3/share/dump/ORCL/aine/in
cd /mnt/18cr3/share/dump/ORCL/aine/in/liz
cd /mnt/18cr3/share/dump/ORCL/aine/out
cd /mnt/18cr3/share/dump/ORCL/aine/out/liz
cd /mnt/18cr3/share/query
cd /mnt/18cr3/share/sh
--sys session
CREATE OR REPLACE DIRECTORY dp_out_aine_dir AS '/mnt/18cr3/share/dump/ORCL/aine/out';
GRANT READ ON DIRECTORY dp_out_aine_dir TO aine;
GRANT WRITE ON DIRECTORY dp_out_aine_dir TO aine;
CREATE OR REPLACE DIRECTORY dp_in_aine_dir AS '/mnt/18cr3/share/dump/ORCL/aine/in';
GRANT READ ON DIRECTORY dp_in_aine_dir TO aine;
GRANT WRITE ON DIRECTORY dp_in_aine_dir TO aine;

フォルダ構成

RACできたら、かえると思う

コード表示

[oracle@f285aba0589a mnt]$ pwd
/mnt
[oracle@f285aba0589a mnt]$ tree
.
|-- 11gr2
|   |-- init
|   |   |-- create_user.sql
|   |   `-- startup.sh
|   |-- oradata
|   `-- share
|       |-- dump
|       |   `-- xe
|       |       |-- aine
|       |       |   |-- in
|       |       |   `-- out
|       |       |-- kuraine
|       |       |   |-- in
|       |       |   `-- out
|       |       |-- mujiku
|       |       |   |-- in
|       |       |   `-- out
|       |       `-- nahato
|       |           |-- in
|       |           `-- out
|       |-- login
|       |-- query
|       |-- sh
|       `-- spool
|-- 12cr2
|   |-- init
|   |   |-- create_user.sql
|   |   `-- startup.sh
|   |-- oradata
|   `-- share
|       |-- dump
|       |   `-- ORCL
|       |       |-- aine
|       |       |   |-- in
|       |       |   `-- out
|       |       |-- kuraine
|       |       |   |-- in
|       |       |   `-- out
|       |       |-- mujiku
|       |       |   |-- in
|       |       |   `-- out
|       |       `-- nahato
|       |           |-- in
|       |           `-- out
|       |-- login
|       |-- query
|       |-- sh
|       `-- spool
`-- 18cr3
    |-- init
    |   |-- create_user.sql
    |   `-- startup.sh
    |-- oradata
    `-- share
        |-- dump
        |   `-- ORCL
        |       |-- aine
        |       |   |-- in
        |       |   |   |-- dup___test_01___.png
        |       |   |   |-- dup___test_02___.png
        |       |   |   |-- dup___test_03___.png
        |       |   |   |-- tbl___loader___.dat
        |       |   |   |-- tbl___loader___.log
        |       |   |   |-- tbl___loader____18130.log_xt
        |       |   |   `-- test.png
        |       |   `-- out
        |       |       |-- aine_user_scheduler_job_log_20190406111520.dmp
        |       |       |-- aine_user_scheduler_job_log_20190406111520.log
        |       |       |-- aine_user_scheduler_job_log_20190406111533.dmp
        |       |       |-- aine_user_scheduler_job_log_20190406111533.log
        |       |       |-- aine_user_scheduler_job_log_20190406111929.dmp
        |       |       |-- aine_user_scheduler_job_log_20190406111929.log
        |       |       |-- aine_user_scheduler_job_log_20190406113707.dmp
        |       |       |-- aine_user_scheduler_job_log_20190406113707.log
        |       |       |-- aine_user_scheduler_job_log_20190406114236.dmp
        |       |       |-- aine_user_scheduler_job_log_20190406114236.log
        |       |       |-- aine_user_scheduler_job_log_20190406115931.dmp
        |       |       |-- aine_user_scheduler_job_log_20190406115931.log
        |       |       `-- liz
        |       |           `-- tar_tbl
        |       |-- kuraine
        |       |   |-- in
        |       |   `-- out
        |       |-- mujiku
        |       |   |-- in
        |       |   `-- out
        |       `-- nahato
        |           |-- in
        |           `-- out
        |-- login
        |-- query
        |   `-- drop_create.sql
        |-- sh
        |   `-- exe.sh
        |-- spool
        |   `-- test.html
        `-- zip
            `-- v18c.zip

68 directories, 30 files

シェルスクリプト

雰囲気でつくった。imp、query、spoolの場合はまだ。bash再入門してるから、もっとスマートかきたいものだ。ひっさしぶりにかいた。

コード表示

#!/bin/bash

echo "enter username number."
echo "-->1:aine 2:kuraine 3:nahato 4:mujiku"
read USR_PAT
echo "enter password number."
echo "-->1:ORACLE_PWD"
read PWD_PAT
echo "enter database connect identifer number."
echo "-->1:@pdb1 2:@pdb2 3:@pdb3 4:@pdb4"
read DB_PAT
echo "enter target table liz file name number."
echo "-->1:tar_tbl"
read FNM_PAT
echo "enter version number."
echo "-->3:18cr3 2:12cr2 1:11gr2"
read VRN_PAT
echo "enter ORACLE_SID number."
echo "-->1:ORCL"
read SID_PAT
echo 'enter usage number'
echo '1:dump_out 2:dump_in 3:spool 4:query'
read USE_PAT

case ${USR_PAT} in
    1)
        USR=aine
        ;;
    2)
        USR=kuraine
        ;;
    3)
        USR=nahato
        ;;
    4)
        USR=mujiku
        ;;
    *)
        ;;
esac

case ${PWD_PAT} in
    1)
        PWD=ORACLE_PWD
        ;;
    *)
        ;;
esac

case ${DB_PAT} in
    1)
        DB=@pdb1
        ;;
    2)
        DB=@pdb2
        ;;
    3)
        DB=@pdb3
        ;;
    4)
        DB=@pdb4
        ;;
    *)
        ;;
esac

case ${FNM_PAT} in
    1)
        FNM=tar_tbl
        ;;
    *)
        ;;
esac

case ${VRN_PAT} in
    1)
        VRN=11gr2
        ;;
    2)
        VRN=12cr2
        ;;
    3)
        VRN=18cr3
        ;;
    *)
        ;;
esac

case ${SID_PAT} in
    1)
        SID=ORCL
        ;;
    *)
        ;;
esac

USC=_
SLH=/
PFX=tmp_

MNT_DIR=/mnt/${VRN}/share

LGN_INFO=${USR}${SLH}${PWD}${DB}
SYS_DATE=`date '+%Y%m%d%H%M%S'`
DP_EXT=.dmp
LOG_EXT=.log
QRY_DIR=${MNT_DIR}${SLH}query${SLH}

case ${USE_PAT} in
    1)
        DP_DIR=${MNT_DIR}${SLH}dump${SLH}${SID}${SLH}${USR}${SLH}out${SLH}
        LZ_DIR=${DP_DIR}liz${SLH}
        while read LN
        do
            sqlplus ${LGN_INFO} @${QRY_DIR}drop_create.sql ${PFX} ${LN} <<EOF
EOF
            LOG_NM=${USR}${USC}${LN}${USC}
            expdp ${LGN_INFO} DIRECTORY=dp_out_${USR}_dir DUMPFILE=${LOG_NM}${SYS_DATE}${DP_EXT} LOG=${LOG_NM}${SYS_DATE}${LOG_EXT} TABLES=${PFX}${LN}
        done < ${LZ_DIR}${FNM}
        ;;
    2)
        DP_DIR=${MNT_DIR}${SLH}dump${SLH}${SID}${SLH}${USR}${SLH}in${SLH}
        LZ_DIR=${DP_DIR}liz${SLH}
        ;;
    *)
        ;;
esac

sqlスクリプト

シェルスクリプトのなかで@${QRY_DIR}drop_create.sqlとかしてるやつ

コード表示

drop table &1&2;
create table &1&2 nologging parallel as select * from &2;

tar_tblリスト

エキスポート対象のテーブルリスト。

コード表示

user_scheduler_job_log

実行結果

tar_tblリストはすこし増やして4つにした。できてそう。


コード表示

[oracle@f285aba0589a out]$ pwd
/mnt/18cr3/share/dump/ORCL/aine/out
[oracle@f285aba0589a out]$ ll -lt | head -9
total 4224
-rw-r-----. 1 oracle oinstall 176128 Apr  7 17:51 aine_TEST___RCP____20190407175116.dmp
-rw-r--r--. 1 oracle oinstall   1440 Apr  7 17:51 aine_TEST___RCP____20190407175116.log
-rw-r-----. 1 oracle oinstall 176128 Apr  7 17:51 aine_TEST___MST____20190407175116.dmp
-rw-r--r--. 1 oracle oinstall   1440 Apr  7 17:51 aine_TEST___MST____20190407175116.log
-rw-r-----. 1 oracle oinstall 176128 Apr  7 17:51 aine_TEST___AVL____20190407175116.dmp
-rw-r--r--. 1 oracle oinstall   1440 Apr  7 17:51 aine_TEST___AVL____20190407175116.log
-rw-r--r--. 1 oracle oinstall   1440 Apr  7 17:51 aine_TEST___STF____20190407175116.log
-rw-r-----. 1 oracle oinstall 176128 Apr  7 17:51 aine_TEST___STF____20190407175116.dmp

bash 小ネタ

参考文献

シェルスクリプトノウハウ

シェルスクリプトノウハウ  

ファイルディスクリプタの説明。分かりやすい。

1>/dev/null 2>&1と2>&1 1>/dev/nullの違い  

引数処理に関する説明。分かりやすい。

引数を処理する  

算術演算子に関する説明。

Bash $((算術式)) のすべて  
Bash $((算術式)) のすべて - A 基本編  
Bash $((算術式)) のすべて - B 罠・バグ回避編  
Bash $((算術式)) のすべて - C 応用編  

ifに関する説明。

if 文と test コマンド  

USPの会

シェルスクリプトでの標準入力の読み方  

ifとパイプ|

標準入力を受け取れるシェルスクリプト、関数の作成(パイプで繋げられるようにする)  

この思想を感じ取る

プログラマーの君! 騙されるな! シェルスクリプトはそう書いちゃ駄目だ!! という話  

xargsの使い方

xargsで複数コマンドを実行する  

xargsの使い方。サンプルいっぱい。

xargsコマンドで覚えておきたい使い方・組み合わせ7個(+1個)  

たぶんはまる

ShellScriptのダブルクォートとシングルクォートの違い  

正規表現マッチのif

bash で正規表現マッチのif も出来ます。  

これすごい。manually_complete_version.sh

bash によるオプション解析  

配列なんだな。大事なのは。

Bashで覚えておくとよいデータ構造 - 配列  

Tips集 ifと&&と||

bashのあまり知られていないけど便利な話  

すごいなー

Bashでちょっと凝ったオプションの解析をする  

回避策のやつがいい

シェルスクリプトのreturn  

callback的なやつ

ファイルの各行にコールバック関数を適用する汎用関数  

解決編がいい

パイプ出力を現在のシェル上のwhileに喰わせる上手いやり方  

プログレスバーてきなやつ

ShellScriptで使えるメソッドまとめ  

やっぱりあった

mysqldumpリカバリの進捗を表示する  

おしゃん

Linux - pv コマンドで処理進捗状況表示!  

自作力がすごい

仕事がダラけてしまったのでシェルスクリプトでプログレスバーやってみた  

自作力がすごい

さらに仕事がダラけてしまったのでpvコマンドでプログレスバー  

デバッグ

bashデバッグTips  

ステップデバッグ

Shellスクリプトをデバッグ(ステップ実行)する  

自作力がすごい

Bashの擬似シグナルを使ったデバッグ方法  

;とか&とか&&とか|とか||

Linuxコマンドを連続して使うには  

バッググラウンドジョブとかそこらへんの

バックグラウンドプロセス(ジョブ)の管理  

初心者に戻りました

初心者向け、「上手い」シェルスクリプトの書き方メモ  

シグナル

Linuxのシグナルまとめ  

curlいい

シェルスクリプトって意外と便利  

curlといば、あの記事がうかんだ。すごいなー。

SQLQL  

ハンディだ。すごいなー。こういうのほしかった。見つけられて良かった。

ShellScriptで使えるメソッドまとめ  

[パイプ + α] xargs commandA | xargs -I@ commandB @

コマンドとコマンドをつなぐ糊  

プロセス系のやつ

bashでのPID取得方法まとめ($$、$PPID、$!、$BASHPID)  

後で役立つだろう

bashスクリプトで子プロセスを全部殺すイディオム  

後で役立つだろう

シェルスクリプトでサブシェルのプロセスIDを取る方法  

後で役立つだろう

シェルスクリプトで trap を忘れちゃいませんか  

xargsだな

xargs のオプションいろいろ  

psでうろうろしてたらみつけた

TTY/PTYに関するクイズ  

クワシイイイ

標準入力・標準出力ってなに?  

すごいいい

Linuxを触りたての頃に知っておきたかったよ〜ってことのまとめ  

監視系

俺のオススメする監視ツール5選!!  

特殊パラメータ

パラメータ展開

ヒアドキュメント

コマンド置換

配列の間接展開

サンプル

スクリプト

コード表示

#!/bin/bash

arg(){
    while [ $# -gt 0 ]
    do
        echo "\$0=$0"
        echo "\$#=$#"
        echo "\$@=$@"
        echo "\$*=$*"
        echo "\$1=$1"
        shift
    done
}

arg $(seq -s ' ' 1 3)

実行例

コード表示

[oracle@f285aba0589a sh]$ ./smp.sh
$0=./smp.sh
$#=3
$@=1 2 3
$*=1 2 3
$1=1
$0=./smp.sh
$#=2
$@=2 3
$*=2 3
$1=2
$0=./smp.sh
$#=1
$@=3
$*=3
$1=3

小ネタ

ブレース展開べんりすぎる

コード表示

[oracle@centos ~]$ echo {a..z}
a b c d e f g h i j k l m n o p q r s t u v w x y z
[oracle@centos ~]$ echo {A..Z}
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
[oracle@centos ~]$ echo {a..z},{A..Z}
a,A a,B a,C a,D a,E a,F a,G a,H a,I a,J a,K a,L a,M a,N a,O a,P a,Q a,R a,S a,T a,U a,V a,W a,X a,Y a,Z b,A b,B b,C b,D b,E b,F b,G b,H b,I b,J b,K b,L b,M b,N b,O b,P b,Q b,R b,S b,T b,U b,V b,W b,X b,Y b,Z c,A c,B c,C c,D c,E c,F c,G c,H c,I c,J c,K c,L c,M c,N c,O c,P c,Q c,R c,S c,T c,U c,V c,W c,X c,Y c,Z d,A d,B d,C d,D d,E d,F d,G d,H d,I d,J d,K d,L d,M d,N d,O d,P d,Q d,R d,S d,T d,U d,V d,W d,X d,Y d,Z e,A e,B e,C e,D e,E e,F e,G e,H e,I e,J e,K e,L e,M e,N e,O e,P e,Q e,R e,S e,T e,U e,V e,W e,X e,Y e,Z f,A f,B f,C f,D f,E f,F f,G f,H f,I f,J f,K f,L f,M f,N f,O f,P f,Q f,R f,S f,T f,U f,V f,W f,X f,Y f,Z g,A g,B g,C g,D g,E g,F g,G g,H g,I g,J g,K g,L g,M g,N g,O g,P g,Q g,R g,S g,T g,U g,V g,W g,X g,Y g,Z h,A h,B h,C h,D h,E h,F h,G h,H h,I h,J h,K h,L h,M h,N h,O h,P h,Q h,R h,S h,T h,U h,V h,W h,X h,Y h,Z i,A i,B i,C i,D i,E i,F i,G i,H i,I i,J i,K i,L i,M i,N i,O i,P i,Q i,R i,S i,T i,U i,V i,W i,X i,Y i,Z j,A j,B j,C j,D j,E j,F j,G j,H j,I j,J j,K j,L j,M j,N j,O j,P j,Q j,R j,S j,T j,U j,V j,W j,X j,Y j,Z k,A k,B k,C k,D k,E k,F k,G k,H k,I k,J k,K k,L k,M k,N k,O k,P k,Q k,R k,S k,T k,U k,V k,W k,X k,Y k,Z l,A l,B l,C l,D l,E l,F l,G l,H l,I l,J l,K l,L l,M l,N l,O l,P l,Q l,R l,S l,T l,U l,V l,W l,X l,Y l,Z m,A m,B m,C m,D m,E m,F m,G m,H m,I m,J m,K m,L m,M m,N m,O m,P m,Q m,R m,S m,T m,U m,V m,W m,X m,Y m,Z n,A n,B n,C n,D n,E n,F n,G n,H n,I n,J n,K n,L n,M n,N n,O n,P n,Q n,R n,S n,T n,U n,V n,W n,X n,Y n,Z o,A o,B o,C o,D o,E o,F o,G o,H o,I o,J o,K o,L o,M o,N o,O o,P o,Q o,R o,S o,T o,U o,V o,W o,X o,Y o,Z p,A p,B p,C p,D p,E p,F p,G p,H p,I p,J p,K p,L p,M p,N p,O p,P p,Q p,R p,S p,T p,U p,V p,W p,X p,Y p,Z q,A q,B q,C q,D q,E q,F q,G q,H q,I q,J q,K q,L q,M q,N q,O q,P q,Q q,R q,S q,T q,U q,V q,W q,X q,Y q,Z r,A r,B r,C r,D r,E r,F r,G r,H r,I r,J r,K r,L r,M r,N r,O r,P r,Q r,R r,S r,T r,U r,V r,W r,X r,Y r,Z s,A s,B s,C s,D s,E s,F s,G s,H s,I s,J s,K s,L s,M s,N s,O s,P s,Q s,R s,S s,T s,U s,V s,W s,X s,Y s,Z t,A t,B t,C t,D t,E t,F t,G t,H t,I t,J t,K t,L t,M t,N t,O t,P t,Q t,R t,S t,T t,U t,V t,W t,X t,Y t,Z u,A u,B u,C u,D u,E u,F u,G u,H u,I u,J u,K u,L u,M u,N u,O u,P u,Q u,R u,S u,T u,U u,V u,W u,X u,Y u,Z v,A v,B v,C v,D v,E v,F v,G v,H v,I v,J v,K v,L v,M v,N v,O v,P v,Q v,R v,S v,T v,U v,V v,W v,X v,Y v,Z w,A w,B w,C w,D w,E w,F w,G w,H w,I w,J w,K w,L w,M w,N w,O w,P w,Q w,R w,S w,T w,U w,V w,W w,X w,Y w,Z x,A x,B x,C x,D x,E x,F x,G x,H x,I x,J x,K x,L x,M x,N x,O x,P x,Q x,R x,S x,T x,U x,V x,W x,X x,Y x,Z y,A y,B y,C y,D y,E y,F y,G y,H y,I y,J y,K y,L y,M y,N y,O y,P y,Q y,R y,S y,T y,U y,V y,W y,X y,Y y,Z z,A z,B z,C z,D z,E z,F z,G z,H z,I z,J z,K z,L z,M z,N z,O z,P z,Q z,R z,S z,T z,U z,V z,W z,X z,Y z,Z
[oracle@centos ~]$ echo {{a..z},{A..Z}}
a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

osquery install docker

https://osquery.io/docs/tables/

[oracle@centos7 ~]$ docker exec --interactive --tty --user root --workdir / orcl_12cr2 bash
bash-4.2# whoami
root
bash-4.2# yum -y install https://osquery-packages.s3.amazonaws.com/centos7/noarch/osquery-s3-centos7-repo-1-0.0.noarch.rpm
Loaded plugins: ovl
osquery-s3-centos7-repo-1-0.0.noarch.rpm                                                                                       | 5.7 kB  00:00:00     
Examining /var/tmp/yum-root-e42ejR/osquery-s3-centos7-repo-1-0.0.noarch.rpm: osquery-s3-centos7-repo-1-0.0.noarch
Marking /var/tmp/yum-root-e42ejR/osquery-s3-centos7-repo-1-0.0.noarch.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package osquery-s3-centos7-repo.noarch 0:1-0.0 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================
 Package                                  Arch                    Version                Repository                                              Size
======================================================================================================================================================
Installing:
 osquery-s3-centos7-repo                  noarch                  1-0.0                  /osquery-s3-centos7-repo-1-0.0.noarch                  3.2 k

Transaction Summary
======================================================================================================================================================
Install  1 Package

Total size: 3.2 k
Installed size: 3.2 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : osquery-s3-centos7-repo-1-0.0.noarch                                                                                               1/1 
  Verifying  : osquery-s3-centos7-repo-1-0.0.noarch                                                                                               1/1 

Installed:
  osquery-s3-centos7-repo.noarch 0:1-0.0                                                                                                              

Complete!
bash-4.2# yum -y install osquery
Loaded plugins: ovl
ol7_UEKR4                                                                                                                      | 1.2 kB  00:00:00     
ol7_latest                                                                                                                     | 1.4 kB  00:00:00     
osquery-s3-centos7-repo                                                                                                        |  951 B  00:00:00     
osquery-s3-centos7-repo/x86_64/primary                                                                                         | 6.7 kB  00:00:01     
osquery-s3-centos7-repo                                                                                                                         69/69
Resolving Dependencies
--> Running transaction check
---> Package osquery.x86_64 0:3.2.6-1.linux will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================
 Package                       Arch                         Version                               Repository                                     Size
======================================================================================================================================================
Installing:
 osquery                       x86_64                       3.2.6-1.linux                         osquery-s3-centos7-repo                       8.0 M

Transaction Summary
======================================================================================================================================================
Install  1 Package

Total download size: 8.0 M
Installed size: 23 M
Downloading packages:
warning: /var/cache/yum/x86_64/7Server/osquery-s3-centos7-repo/packages/osquery-3.2.6-1.linux.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID c9d8b80b: NOKEY
Public key for osquery-3.2.6-1.linux.x86_64.rpm is not installed
osquery-3.2.6-1.linux.x86_64.rpm                                                                                               | 8.0 MB  00:00:21     
Retrieving key from file:///etc/pki/rpm-gpg/OSQUERY-S3-RPM-REPO-GPGKEY
Importing GPG key 0xC9D8B80B:
 Userid     : "osquery (osquery) "
 Fingerprint: 1484 120a c4e9 f8a1 a577 aeee 97a8 0c63 c9d8 b80b
 Package    : osquery-s3-centos7-repo-1-0.0.noarch (installed)
 From       : /etc/pki/rpm-gpg/OSQUERY-S3-RPM-REPO-GPGKEY
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : osquery-3.2.6-1.linux.x86_64                                                                                                       1/1 
  Verifying  : osquery-3.2.6-1.linux.x86_64                                                                                                       1/1 

Installed:
  osquery.x86_64 0:3.2.6-1.linux                                                                                                                      

Complete!
bash-4.2# 

bash-4.2# osqueryi
Using a virtual database. Need help, type '.help'
osquery> .help
Welcome to the osquery shell. Please explore your OS!
You are connected to a transient 'in-memory' virtual database.

.all [TABLE]     Select all from a table
.bail ON|OFF     Stop after hitting an error
.echo ON|OFF     Turn command echo on or off
.exit            Exit this program
.features        List osquery's features and their statuses
.headers ON|OFF  Turn display of headers on or off
.help            Show this message
.mode MODE       Set output mode where MODE is one of:
                   csv      Comma-separated values
                   column   Left-aligned columns see .width
                   line     One value per line
                   list     Values delimited by .separator string
                   pretty   Pretty printed SQL results (default)
.nullvalue STR   Use STRING in place of NULL values
.print STR...    Print literal STRING
.quit            Exit this program
.schema [TABLE]  Show the CREATE statements
.separator STR   Change separator used by output mode
.socket          Show the osquery extensions socket path
.show            Show the current values for various settings
.summary         Alias for the show meta command
.tables [TABLE]  List names of tables
.width [NUM1]+   Set column widths for "column" mode
.timer ON|OFF      Turn the CPU timer measurement on or off
osquery> 

osquery> select name,version from os_version;
+---------------------------------+-----------------------------------------------------+
| name                            | version                                             |
+---------------------------------+-----------------------------------------------------+
| Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server release 7.6 (Maipo) |
+---------------------------------+-----------------------------------------------------+
osquery> 


osquery> select hostname, cpu_brand, hardware_vendor, hardware_model from system_info; 
+--------------+----------------------------------------+-----------------+----------------+
| hostname     | cpu_brand                              | hardware_vendor | hardware_model |
+--------------+----------------------------------------+-----------------+----------------+
| 609a69bc0b21 | Intel(R) Celeron(R) CPU B800 @ 1.50GHz |                 |                |
+--------------+----------------------------------------+-----------------+----------------+
osquery> 


osquery> select * from users;
+-------+-------+------------+------------+-----------------+----------------------------+------------------+----------------+------+
| uid   | gid   | uid_signed | gid_signed | username        | description                | directory        | shell          | uuid |
+-------+-------+------------+------------+-----------------+----------------------------+------------------+----------------+------+
| 0     | 0     | 0          | 0          | root            | root                       | /root            | /bin/bash      |      |
| 1     | 1     | 1          | 1          | bin             | bin                        | /bin             | /sbin/nologin  |      |
| 2     | 2     | 2          | 2          | daemon          | daemon                     | /sbin            | /sbin/nologin  |      |
| 3     | 4     | 3          | 4          | adm             | adm                        | /var/adm         | /sbin/nologin  |      |
| 4     | 7     | 4          | 7          | lp              | lp                         | /var/spool/lpd   | /sbin/nologin  |      |
| 5     | 0     | 5          | 0          | sync            | sync                       | /sbin            | /bin/sync      |      |
| 6     | 0     | 6          | 0          | shutdown        | shutdown                   | /sbin            | /sbin/shutdown |      |
| 7     | 0     | 7          | 0          | halt            | halt                       | /sbin            | /sbin/halt     |      |
| 8     | 12    | 8          | 12         | mail            | mail                       | /var/spool/mail  | /sbin/nologin  |      |
| 11    | 0     | 11         | 0          | operator        | operator                   | /root            | /sbin/nologin  |      |
| 12    | 100   | 12         | 100        | games           | games                      | /usr/games       | /sbin/nologin  |      |
| 14    | 50    | 14         | 50         | ftp             | FTP User                   | /var/ftp         | /sbin/nologin  |      |
| 99    | 99    | 99         | 99         | nobody          | Nobody                     | /                | /sbin/nologin  |      |
| 192   | 192   | 192        | 192        | systemd-network | systemd Network Management | /                | /sbin/nologin  |      |
| 81    | 81    | 81         | 81         | dbus            | System message bus         | /                | /sbin/nologin  |      |
| 32    | 32    | 32         | 32         | rpc             | Rpcbind Daemon             | /var/lib/rpcbind | /sbin/nologin  |      |
| 29    | 29    | 29         | 29         | rpcuser         | RPC Service User           | /var/lib/nfs     | /sbin/nologin  |      |
| 65534 | 65534 | 65534      | 65534      | nfsnobody       | Anonymous NFS User         | /var/lib/nfs     | /sbin/nologin  |      |
| 54321 | 54321 | 54321      | 54321      | oracle          |                            | /home/oracle     | /bin/bash      |      |
+-------+-------+------------+------------+-----------------+----------------------------+------------------+----------------+------+
osquery> 


osquery> select * from cpu_time; 
+------+---------+-------+---------+----------+--------+-----+---------+-------+-------+------------+
| core | user    | nice  | system  | idle     | iowait | irq | softirq | steal | guest | guest_nice |
+------+---------+-------+---------+----------+--------+-----+---------+-------+-------+------------+
| 0    | 1579161 | 10306 | 1155039 | 17294224 | 20470  | 0   | 8705    | 0     | 0     | 0          |
| 1    | 1628500 | 23079 | 1157443 | 52210    | 248    | 0   | 5020    | 0     | 0     | 0          |
+------+---------+-------+---------+----------+--------+-----+---------+-------+-------+------------+
osquery> 


osquery> select * from crontab;
+-------+--------+------+--------------+-------+-------------+---------------------------------+---------------------+
| event | minute | hour | day_of_month | month | day_of_week | command                         | path                |
+-------+--------+------+--------------+-------+-------------+---------------------------------+---------------------+
|       | 01     | *    | *            | *     | *           | root run-parts /etc/cron.hourly | /etc/cron.d/0hourly |
|       | */10   | *    | *            | *     | *           | root /usr/lib64/sa/sa1 1 1      | /etc/cron.d/sysstat |
|       | 53     | 23   | *            | *     | *           | root /usr/lib64/sa/sa2 -A       | /etc/cron.d/sysstat |
+-------+--------+------+--------------+-------+-------------+---------------------------------+---------------------+
osquery> 



osquery> select * from process_events;
W1226 11:58:28.851143 28937 virtual_table.cpp:565] Table process_events is event-based but events are disabled
W1226 11:58:28.851416 28937 virtual_table.cpp:572] Please see the table documentation: https://osquery.io/schema/#process_events
osquery> select * from routes;
+-----------------+---------+------------+------------+-------+-----------+-----+--------+-----------+
| destination     | netmask | gateway    | source     | flags | interface | mtu | metric | type      |
+-----------------+---------+------------+------------+-------+-----------+-----+--------+-----------+
| 0.0.0.0         | 0       | 172.17.0.1 |            | 0     | eth0      | 0   | 0      | gateway   |
| 172.17.0.0      | 16      |            | 172.17.0.2 | 0     | eth0      | 0   | 0      | gateway   |
| 127.0.0.0       | 0       |            | 127.0.0.1  | 0     | lo        | 0   | 0      | broadcast |
| 127.0.0.0       | 8       |            | 127.0.0.1  | 0     | lo        | 0   | 0      | local     |
| 127.0.0.1       | 0       |            | 127.0.0.1  | 0     | lo        | 0   | 0      | local     |
| 127.255.255.255 | 0       |            | 127.0.0.1  | 0     | lo        | 0   | 0      | broadcast |
| 172.17.0.0      | 0       |            | 172.17.0.2 | 0     | eth0      | 0   | 0      | broadcast |
| 172.17.0.2      | 0       |            | 172.17.0.2 | 0     | eth0      | 0   | 0      | local     |
| 172.17.255.255  | 0       |            | 172.17.0.2 | 0     | eth0      | 0   | 0      | broadcast |
| 0.0.0.0         | 0       |            |            | 0     | lo        | 0   | -1     | other     |
| 0.0.0.0         | 0       |            |            | 0     | lo        | 0   | -1     | other     |
+-----------------+---------+------------+------------+-------+-----------+-----+--------+-----------+
osquery> 



osquery> select * from processes;
+-------+---------------+-------------------+---------------------------------------------------------------------+-------+-----+------+-------+-------+-------+-------+-------+-------+---------+------------+---------------+------------+-----------+-------------+-----------------+--------------------+------------+--------+--------+---------+------+------------------+---------------+---------------+---------------+---------------+----------------+---------------+
| pid   | name          | path              | cmdline                                                             | state | cwd | root | uid   | gid   | euid  | egid  | suid  | sgid  | on_disk | wired_size | resident_size | total_size | user_time | system_time | disk_bytes_read | disk_bytes_written | start_time | parent | pgroup | threads | nice | cgroup_namespace | ipc_namespace | mnt_namespace | net_namespace | pid_namespace | user_namespace | uts_namespace |
+-------+---------------+-------------------+---------------------------------------------------------------------+-------+-----+------+-------+-------+-------+-------+-------+-------+---------+------------+---------------+------------+-----------+-------------+-----------------+--------------------+------------+--------+--------+---------+------+------------------+---------------+---------------+---------------+---------------+----------------+---------------+
| 1     | runOracle.sh  |                   | /bin/bash /opt/oracle/runOracle.sh                                  | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 624000        | 11688000   | 26        | 179         |                 | 0                  | 23181      | 0      | 1      | 1       | 0    |                  |               |               |               |               |                |               |
| 2491  | ora_pmon_orcl |                   | ora_pmon_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 17108000      | 2007792000 | 563       | 1683        |                 | 0                  | 24198      | 1      | 2491   | 1       | 0    |                  |               |               |               |               |                |               |
| 2493  | ora_clmn_orcl |                   | ora_clmn_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 14272000      | 2007796000 | 229       | 547         |                 | 0                  | 24198      | 1      | 2493   | 1       | 0    |                  |               |               |               |               |                |               |
| 2495  | ora_psp0_orcl |                   | ora_psp0_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 14240000      | 2007792000 | 1071      | 5086        |                 | 0                  | 24198      | 1      | 2495   | 1       | 0    |                  |               |               |               |               |                |               |
| 2497  | ora_vktm_orcl |                   | ora_vktm_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 13708000      | 2007796000 | 2514      | 4127        |                 | 0                  | 24199      | 1      | 2497   | 1       | 0    |                  |               |               |               |               |                |               |
| 2501  | ora_gen0_orcl |                   | ora_gen0_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 47668000      | 2009652000 | 1551      | 1791        |                 | 0                  | 24200      | 1      | 2501   | 1       | 0    |                  |               |               |               |               |                |               |
| 2503  | ora_mman_orcl |                   | ora_mman_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 450452000     | 2007792000 | 394       | 519         |                 | 0                  | 24200      | 1      | 2503   | 1       | 0    |                  |               |               |               |               |                |               |
| 2507  | ora_scmn_orcl |                   | ora_gen1_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 31160000      | 2228732000 | 6520      | 5162        |                 | 0                  | 24200      | 1      | 2507   | 3       | 0    |                  |               |               |               |               |                |               |
| 2511  | ora_diag_orcl |                   | ora_diag_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 17800000      | 2007888000 | 997       | 720         |                 | 0                  | 24200      | 1      | 2511   | 1       | 0    |                  |               |               |               |               |                |               |
| 2513  | ora_scmn_orcl |                   | ora_ofsd_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 15924000      | 2228728000 | 304       | 444         |                 | 0                  | 24200      | 1      | 2513   | 3       | 0    |                  |               |               |               |               |                |               |
| 2517  | ora_dbrm_orcl |                   | ora_dbrm_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 152736000     | 2024748000 | 11850     | 11669       |                 | 0                  | 24200      | 1      | 2517   | 1       | 0    |                  |               |               |               |               |                |               |
| 2519  | ora_vkrm_orcl |                   | ora_vkrm_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 17064000      | 2007796000 | 3890      | 3349        |                 | 0                  | 24200      | 1      | 2519   | 1       | 0    |                  |               |               |               |               |                |               |
| 2521  | ora_svcb_orcl |                   | ora_svcb_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 13812000      | 2008304000 | 652       | 1036        |                 | 0                  | 24200      | 1      | 2521   | 1       | 0    |                  |               |               |               |               |                |               |
| 2523  | ora_pman_orcl |                   | ora_pman_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 14236000      | 2007796000 | 3417      | 1872        |                 | 0                  | 24200      | 1      | 2523   | 1       | 0    |                  |               |               |               |               |                |               |
| 2525  | ora_dia0_orcl |                   | ora_dia0_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 24396000      | 2010936000 | 22581     | 65          |                 | 0                  | 24200      | 1      | 2525   | 1       | 0    |                  |               |               |               |               |                |               |
| 2527  | ora_dbw0_orcl |                   | ora_dbw0_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 292272000     | 2019436000 | 1481      | 1061        |                 | 0                  | 24200      | 1      | 2527   | 1       | 0    |                  |               |               |               |               |                |               |
| 2529  | ora_lgwr_orcl |                   | ora_lgwr_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 23624000      | 2008316000 | 1322      | 2007        |                 | 0                  | 24200      | 1      | 2529   | 1       | 0    |                  |               |               |               |               |                |               |
| 2531  | ora_ckpt_orcl |                   | ora_ckpt_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 40204000      | 2008316000 | 3984      | 3215        |                 | 0                  | 24200      | 1      | 2531   | 1       | 0    |                  |               |               |               |               |                |               |
| 2533  | ora_lg00_orcl |                   | ora_lg00_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 21800000      | 2007800000 | 361       | 799         |                 | 0                  | 24200      | 1      | 2533   | 1       | 0    |                  |               |               |               |               |                |               |
| 2535  | ora_smon_orcl |                   | ora_smon_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 57756000      | 2010724000 | 701       | 71          |                 | 0                  | 24200      | 1      | 2535   | 1       | 0    |                  |               |               |               |               |                |               |
| 2537  | ora_lg01_orcl |                   | ora_lg01_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 18636000      | 2007800000 | 159       | 296         |                 | 0                  | 24201      | 1      | 2537   | 1       | 0    |                  |               |               |               |               |                |               |
| 2539  | ora_smco_orcl |                   | ora_smco_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 15388000      | 2007800000 | 1157      | 1071        |                 | 0                  | 24201      | 1      | 2539   | 1       | 0    |                  |               |               |               |               |                |               |
| 2541  | ora_reco_orcl |                   | ora_reco_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 35844000      | 2009624000 | 242       | 114         |                 | 0                  | 24201      | 1      | 2541   | 1       | 0    |                  |               |               |               |               |                |               |
| 25441 | ora_w002_orcl |                   | ora_w002_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 56816000      | 2010364000 | 21        | 12          |                 | 0                  | 197432     | 1      | 25441  | 1       | 0    |                  |               |               |               |               |                |               |
| 2545  | ora_lreg_orcl |                   | ora_lreg_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 23716000      | 2013516000 | 897       | 487         |                 | 0                  | 24201      | 1      | 2545   | 1       | 0    |                  |               |               |               |               |                |               |
| 2549  | ora_pxmn_orcl |                   | ora_pxmn_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 14572000      | 2007792000 | 249       | 457         |                 | 0                  | 24201      | 1      | 2549   | 1       | 0    |                  |               |               |               |               |                |               |
| 2553  | ora_mmon_orcl |                   | ora_mmon_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 183800000     | 2032004000 | 54770     | 5823        |                 | 0                  | 24201      | 1      | 2553   | 1       | 0    |                  |               |               |               |               |                |               |
| 2555  | ora_mmnl_orcl |                   | ora_mmnl_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 33552000      | 2008604000 | 6256      | 854         |                 | 0                  | 24201      | 1      | 2555   | 1       | 0    |                  |               |               |               |               |                |               |
| 2557  | ora_d000_orcl |                   | ora_d000_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 12636000      | 2010596000 | 216       | 207         |                 | 0                  | 24201      | 1      | 2557   | 1       | 0    |                  |               |               |               |               |                |               |
| 2559  | ora_s000_orcl |                   | ora_s000_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 12468000      | 2009892000 | 178       | 186         |                 | 0                  | 24201      | 1      | 2559   | 1       | 0    |                  |               |               |               |               |                |               |
| 2561  | ora_tmon_orcl |                   | ora_tmon_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 14528000      | 2007796000 | 127       | 314         |                 | 0                  | 24201      | 1      | 2561   | 1       | 0    |                  |               |               |               |               |                |               |
| 2571  | ora_tt00_orcl |                   | ora_tt00_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 22740000      | 2030972000 | 66        | 377         |                 | 0                  | 24206      | 1      | 2571   | 1       | 0    |                  |               |               |               |               |                |               |
| 2573  | ora_tt01_orcl |                   | ora_tt01_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 13748000      | 2007792000 | 131       | 204         |                 | 0                  | 24206      | 1      | 2573   | 1       | 0    |                  |               |               |               |               |                |               |
| 2575  | ora_tt02_orcl |                   | ora_tt02_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 14064000      | 2007792000 | 628       | 561         |                 | 0                  | 24206      | 1      | 2575   | 1       | 0    |                  |               |               |               |               |                |               |
| 2577  | ora_aqpc_orcl |                   | ora_aqpc_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 24408000      | 2009620000 | 147       | 247         |                 | 0                  | 24208      | 1      | 2577   | 1       | 0    |                  |               |               |               |               |                |               |
| 2581  | ora_p000_orcl |                   | ora_p000_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 320548000     | 2017456000 | 13959     | 1685        |                 | 0                  | 24210      | 1      | 2581   | 1       | 0    |                  |               |               |               |               |                |               |
| 2583  | ora_p001_orcl |                   | ora_p001_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 480856000     | 2017460000 | 13912     | 1773        |                 | 0                  | 24210      | 1      | 2583   | 1       | 0    |                  |               |               |               |               |                |               |
| 2585  | ora_p002_orcl |                   | ora_p002_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 236996000     | 2013472000 | 11400     | 2277        |                 | 0                  | 24210      | 1      | 2585   | 1       | 0    |                  |               |               |               |               |                |               |
| 2587  | ora_p003_orcl |                   | ora_p003_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 241076000     | 2012904000 | 10077     | 1944        |                 | 0                  | 24210      | 1      | 2587   | 1       | 0    |                  |               |               |               |               |                |               |
| 2589  | ora_p004_orcl |                   | ora_p004_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 87560000      | 2010716000 | 1681      | 363         |                 | 0                  | 24210      | 1      | 2589   | 1       | 0    |                  |               |               |               |               |                |               |
| 2591  | ora_p005_orcl |                   | ora_p005_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 109820000     | 2012892000 | 1721      | 357         |                 | 0                  | 24210      | 1      | 2591   | 1       | 0    |                  |               |               |               |               |                |               |
| 2593  | ora_p006_orcl |                   | ora_p006_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 96940000      | 2010680000 | 1791      | 302         |                 | 0                  | 24210      | 1      | 2593   | 1       | 0    |                  |               |               |               |               |                |               |
| 2595  | ora_p007_orcl |                   | ora_p007_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 98428000      | 2010680000 | 1802      | 266         |                 | 0                  | 24210      | 1      | 2595   | 1       | 0    |                  |               |               |               |               |                |               |
| 26    | tnslsnr       |                   | /opt/oracle/product/12.2.0.1/dbhome_1/bin/tnslsnr LISTENER -inherit | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 5120000       | 215568000  | 169       | 817         |                 | 0                  | 23182      | 1      | 26     | 2       | 0    |                  |               |               |               |               |                |               |
| 2648  | ora_cjq0_orcl |                   | ora_cjq0_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 197876000     | 2019032000 | 38740     | 20810       |                 | 0                  | 24212      | 1      | 2648   | 1       | 0    |                  |               |               |               |               |                |               |
| 2753  | ora_qm02_orcl |                   | ora_qm02_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 18016000      | 2007792000 | 165       | 312         |                 | 0                  | 24219      | 1      | 2753   | 1       | 0    |                  |               |               |               |               |                |               |
| 2770  | ora_q003_orcl |                   | ora_q003_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 19396000      | 2008308000 | 169       | 220         |                 | 0                  | 24221      | 1      | 2770   | 1       | 0    |                  |               |               |               |               |                |               |
| 28502 | ora_q005_orcl |                   | ora_q005_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 22464000      | 2007792000 | 2         | 4           |                 | 0                  | 276912     | 1      | 28502  | 1       | 0    |                  |               |               |               |               |                |               |
| 28661 | bash          |                   | bash                                                                | S     |     |      | 0     | 0     | 0     | 0     | 0     | 0     | -1      | 0          | 1748000       | 11820000   | 6         | 1           |                 | 0                  | 277073     | 0      | 28661  | 1       | 0    |                  |               |               |               |               |                |               |
| 28802 | ora_w007_orcl |                   | ora_w007_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 24632000      | 2007804000 | 1         | 2           |                 | 0                  | 277196     | 1      | 28802  | 1       | 0    |                  |               |               |               |               |                |               |
| 28804 | ora_w001_orcl |                   | ora_w001_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 27044000      | 2008308000 | 2         | 3           |                 | 0                  | 277199     | 1      | 28804  | 1       | 0    |                  |               |               |               |               |                |               |
| 28814 | ora_w005_orcl |                   | ora_w005_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 27636000      | 2009332000 | 2         | 2           |                 | 0                  | 277223     | 1      | 28814  | 1       | 0    |                  |               |               |               |               |                |               |
| 28816 | ora_w000_orcl |                   | ora_w000_ORCL                                                       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 27764000      | 2009328000 | 2         | 2           |                 | 0                  | 277226     | 1      | 28816  | 1       | 0    |                  |               |               |               |               |                |               |
| 28937 | osqueryi      | /usr/bin/osqueryd | osqueryi                                                            | R     | /   | /    | 0     | 0     | 0     | 0     | 0     | 0     | 1       | 0          | 10880000      | 200624000  | 10        | 7           | 2433024         | 24576              | 277409     | 28661  | 28937  | 4       | 0    |                  | 4026532482    | 4026532480    | 4026532485    | 4026532483    | 4026531837     | 4026532481    |
| 2913  | tail          |                   | tail -f /opt/oracle/diag/rdbms/orcl/ORCL/trace/alert_ORCL.log       | S     |     |      | 54321 | 54321 | 54321 | 54321 | 54321 | 54321 | -1      | 0          | 116000        | 4400000    | 223       | 683         |                 | 0                  | 24252      | 1      | 1      | 1       | 0    |                  |               |               |               |               |                |               |
+-------+---------------+-------------------+---------------------------------------------------------------------+-------+-----+------+-------+-------+-------+-------+-------+-------+---------+------------+---------------+------------+-----------+-------------+-----------------+--------------------+------------+--------+--------+---------+------+------------------+---------------+---------------+---------------+---------------+----------------+---------------+
osquery>

osquery> select * from listening_ports;
+-------+-------+----------+--------+-----------+----+----------+----------------------------+---------------+
| pid   | port  | protocol | family | address   | fd | socket   | path                       | net_namespace |
+-------+-------+----------+--------+-----------+----+----------+----------------------------+---------------+
| -1    | 1521  | 6        | 2      | 0.0.0.0   | -1 | 352599   |                            | 0             |
| -1    | 33371 | 6        | 2      | 0.0.0.0   | -1 | 383090   |                            | 0             |
| -1    | 5500  | 6        | 2      | 0.0.0.0   | -1 | 384079   |                            | 0             |
| -1    | 38365 | 17       | 2      | 0.0.0.0   | -1 | 384521   |                            | 0             |
| -1    | 46666 | 17       | 2      | 127.0.0.1 | -1 | 383085   |                            | 0             |
| -1    | 42601 | 17       | 2      | 0.0.0.0   | -1 | 25442397 |                            | 0             |
| -1    | 34923 | 17       | 2      | 127.0.0.1 | -1 | 383100   |                            | 0             |
| -1    | 55504 | 17       | 2      | 127.0.0.1 | -1 | 382554   |                            | 0             |
| -1    | 37303 | 17       | 2      | 0.0.0.0   | -1 | 25443523 |                            | 0             |
| -1    | 0     | 0        | 1      |           | -1 | 0        | /var/tmp/.oracle/sEXTPROC1 | 0             |
| -1    | 0     | 0        | 1      |           | -1 | 0        | /var/tmp/.oracle/s#26.1    | 0             |
| -1    | 0     | 0        | 1      |           | -1 | 0        | /var/tmp/.oracle/s#26.2    | 0             |
| 28937 | 0     | 0        | 1      |           | 7  | 0        | /root/.osquery/shell.em    | 0             |
| -1    | 1521  | 6        | 2      | 0.0.0.0   | -1 | 352599   |                            | 4026532485    |
| -1    | 33371 | 6        | 2      | 0.0.0.0   | -1 | 383090   |                            | 4026532485    |
| -1    | 5500  | 6        | 2      | 0.0.0.0   | -1 | 384079   |                            | 4026532485    |
| -1    | 38365 | 17       | 2      | 0.0.0.0   | -1 | 384521   |                            | 4026532485    |
| -1    | 46666 | 17       | 2      | 127.0.0.1 | -1 | 383085   |                            | 4026532485    |
| -1    | 42601 | 17       | 2      | 0.0.0.0   | -1 | 25442397 |                            | 4026532485    |
| -1    | 34923 | 17       | 2      | 127.0.0.1 | -1 | 383100   |                            | 4026532485    |
| -1    | 55504 | 17       | 2      | 127.0.0.1 | -1 | 382554   |                            | 4026532485    |
| -1    | 37303 | 17       | 2      | 0.0.0.0   | -1 | 25443523 |                            | 4026532485    |
| -1    | 0     | 0        | 1      |           | -1 | 0        | /var/tmp/.oracle/sEXTPROC1 | 4026532485    |
| -1    | 0     | 0        | 1      |           | -1 | 0        | /var/tmp/.oracle/s#26.1    | 4026532485    |
| -1    | 0     | 0        | 1      |           | -1 | 0        | /var/tmp/.oracle/s#26.2    | 4026532485    |
| 28937 | 0     | 0        | 1      |           | 7  | 0        | /root/.osquery/shell.em    | 4026532485    |
+-------+-------+----------+--------+-----------+----+----------+----------------------------+---------------+
osquery>