非死book开源的操作系统监控工具osquery，可以用于OSX和Linux操作系统，osquery能够实现底层操作系统分析和监控。osquery把一个操作系统作为高性能的关系数据库对象。这使您可以编写基于SQL的查询，探索操作系统的各项指标数据。基于osquery，以下各种都能抽象成SQL Table如

• 正在运行的进程
• 加载的内核模块
• 打开网络连接

--------------------------------------------------------  -- get the name, pid and attached port of all processes   -- which are listening on all interfaces  --------------------------------------------------------  SELECT DISTINCT     process.name,     listening.port,     process.pid  FROM processes AS process  JOIN listening_ports AS listening  ON process.pid = listening.pid  WHERE listening.address = '0.0.0.0';    --------------------------------------------------------  -- find every launchdaemon on an OS X host which   --   * launches an executable when the operating   --     system starts  --   * keeps the executable running   -- return the name of the launchdaemon and the full   -- path (with arguments) of the executable to be ran.  --------------------------------------------------------  SELECT     name,     program || program_arguments AS executable   FROM launchd   WHERE     (run_at_load = 'true' AND keep_alive = 'true')   AND     (program != '' OR program_arguments != '');

项目主页：http://www.open-open.com/lib/view/home/1414658952450