Getting started with osquery development on Linux using CLion and QtCreator

Here’s a quick how-to to answer a question that was posted in the osquery Slack.

Setting up the base development environment

What follows is just a TLDR containing the bare minimum to get to the second part of the post. The osquery project has a lot of good documentation that you should really check out.

Prerequisites

osquery can be run pretty much on any distribution, but for development I’d suggest to go with Ubuntu. The bootstrap procedure will take care of everything, but you will at least need the following packages installed: sudo, make, python, ruby, bash (your login shell doesn’t matter) and of course git.

Getting the source and initializing the environment

  1. Clone the repository: git clone https://github.com/facebook/osquery.git.
  2. Boostrap the environment: make sysprep

The bootstrap procedure will actually perform the following tasks:

  • Updating the system
  • Installing required packages from the repository
  • Initialize the third-party git submodule referenced by the CMake project
  • Install the osquery toolchain and the required libraries inside /usr/local/osquery using Linuxbrew

Using CMake without the Makefile wrapper

When running the make command, the provided Makefile will set a couple of environment variables that CMake will in turn automatically pick up when it is launched to configure the project.

export PATH="/usr/local/osquery/bin:${PATH}"

export DEPS_DIR="/usr/local/osquery"
export LDFLAGS="-L${DEPS_DIR}/legacy/lib -L${DEPS_DIR}/lib -B${DEPS_DIR}/legacy/lib -rtlib=compiler-rt -fuse-ld=lld"

export CC="${DEPS_DIR}/bin/clang"
export CXX="${DEPS_DIR}/bin/clang++"

If everything is working as intended, you should now be able to compile the project without calling make:

$ mkdir osquery-build
$ cd osquery-build
$ cmake ../osquery
$ cmake --build . --config Release -- -j `nproc`

Setting up the IDE

QtCreator

QtCreator does not allow you to configure the environment because it prevents you from opening the project if the CMake configuration fails. You can work around this issue by launching it from the command line.

CLion

First of all, configure the variables:

  1. Open the CMakeLists.txt file and select Open as Project.
  2. Open the Settings dialog from the File menu, and then click on CMake under Build, Execution, Deployment.
  3. Click on the small folder icon on the right of the Environment input field.
Variable Value
LDFLAGS -L/usr/local/osquery/legacy/lib -L/usr/local/osquery/lib -B/usr/local/osquery/legacy/lib -rtlib=compiler-rt -fuse-ld=lld
CXX /usr/local/osquery/bin/clang++
CC /usr/local/osquery/bin/clang
PATH /usr/local/osquery/bin:<YOUR_ORIGINAL_PATH>

You should now reset your CMake cache and select the all target:

  1. Click on Reset Cache and Reload Project from the Tools, CMake menu.
  2. Select Build All from the top-right.

You should now be able to build osquery!