Self-Remediation via Okta
Engage end-users during auth to self-remediate issues
Security & Compliance Checks
Monitor your entire Linux, Mac, and Windows fleet
Device Inventory
Your fleet represented in thousands of data points
Implement Zero Trust Access
Prevent unsecure devices from accessing your apps
Achieve 100% Device Compliance
Measure, achieve, and maintain your compliance goals
Gain Fleet Visibility
Become "all knowing" across Linux, Mac, and Windows
Help / Docs Product Changelog App Security Company
From the blog
View Other Properties

Contents

View Other Properties

How to List Homebrew Packages Across All Macs

Using Kolide, you can easily view and query Mac Homebrew Packages across your fleet.

Introduction

Homebrew is a popular software package management tool for macOS and Linux. It gives users a simple way to install popular software applications and tools.

You can learn more about homebrew (and browse available packages) on the official website

What Mac Homebrew Package Data Can Kolide Collect?

Kolide's endpoint agent bundles in osquery to efficiently collect Mac Homebrew Packages from Macs in your fleet. Once collected, Kolide will parse, clean up, and centrally store this data in Inventory for your team to view, query, or export via API.

Kolide meticulously documents every piece of data returned so you can understand the results.

Mac Homebrew Packages Schema

Column Type Description
id Primary Key

Unique identifier for the object
device_id Foreign Key

Device associated with the entry
device_name Text

Display name of the device associated with the entry
name Text

Package name
path Text

Package install path
version Text

The text representation of the version
version_major Bigint

version's semver major version (ex: 4.2.1 would yield 4)
version_minor Bigint

version's semver minor version (ex: 4.2.1 would yield 2)
version_patch Bigint

version's semver patch version (ex: 4.2.1 would yield 1)
version_subpatch Bigint

version's numeric status fourth position number (ex: 4.2.1.6 would yield 6)
version_pre Text

version's semver pre-release version (ex: 1.2.3-prerelease+build would yield pre-release)
version_build Text

version's semver build version (ex: 1.2.3-prerelease+build would yield build)
collected_at Timestamp

Time the row of data was first collected in the database
updated_at Timestamp

Time the row of data was last changed in the database

What Can You Do With This Information?

Kolide enables you to write your own queries against the data the agent collects. This allows you to build your own reports and API endpoints. For example, you can:

Verify whether desired homebrew package (yarn) is installed on device
Kolide SQL
WITH
yarn_installs AS (
-- Retrieve information about yarn installations
  SELECT 
    name, version, path, device_id 
  FROM mac_homebrew_packages 
  WHERE name = 'yarn'
),
-- Retrieve list of Macs from devices table and Left Join 
-- our yarn info to show where the package is missing
merge_data AS (
  SELECT 
    d.hardware, d.name AS device_name, yi.* 
  FROM devices d 
  LEFT JOIN yarn_installs yi ON d.id = yi.device_id 
-- Restrict return devices to only Macs
  WHERE d.type = 'Mac'
  )
SELECT 
  device_name, 
  path AS yarn_path, 
  version AS yarn_version,
  CASE 
    WHEN name ISNULL 
    THEN 'false' 
    ELSE 'true' 
    END AS yarn_installed
FROM merge_data LIMIT 10
Example Results
device_name yarn_installed yarn_path yarn_version
daves-mbp true /usr/local/Cellar/yarn/ 1.19.1
Ashleys-MacBook-Pro false (NULL) (NULL)
thebobinator true /usr/local/Cellar/yarn/ 1.19.1
dev-imac true /opt/homebrew/Cellar/yarn/ 1.22.17_2
Franks-M1-MacBook true /usr/local/Cellar/yarn/ 1.3.2
glissando false (NULL) (NULL)
Nicks-MacBook-Pro true /usr/local/Cellar/yarn/ 1.22.18

Why Should I Collect Mac Homebrew Packages?

Since homebrew is a widely popular package management tool, there is the potential for malicious actors to distribute malware. Given the wide range of possible software that can be installed, it is important to regularly audit the list of installed packages on a machine.

Homebrew packages are cataloged and tracked to allow:

  • Reviewing installed packages to verify desired device configuration
  • Discovering potential malicious software
  • Identifying out-of-date or otherwise vulnerable software packages
  • Identifying unsafe or unapproved installed software

Kolide collects metadata about homebrew packages including name, version and path.

End-User Privacy Consideration

Kolide practices Honest Security. We believe that data should be collected from end-user devices transparently and with privacy in mind.

Homebrew package installations reveal a partial list of the applications and software installed on your device. While they are generally multi-purpose/generic applications, they could include software used for personal or sensitive reasons.

When you use Kolide to list Mac Homebrew Package data from end-user devices, Kolide gives the people using those devices insight into exactly what data is collected, the privacy implications, and who on the IT team can see the data. This all happens in our end-user privacy center which can be accessed directly by employees.

Share this story:

Related Device Properties:

New
Python Packages
developers, software, packages
New
NPM Packages
developers, software, packages
New
Windows Chocolatey Packages
software, packages, developers
View full list of Kolide's Device Properties
Book A Demo
Zero Trust Access
Designed for Okta
Book A Demo