Create a new Linux table for snap_packages

[allenhouchins]

• prospect-pingouin: https://fleetdm.slack.com/archives/C07GLME5P7C/p1728052663635649
• @allenhouchins: Put this together over the weekend: https://github.com/allenhouchins/fleet-stuff/tree/main/linux-mdm-snap-packages
• @allenhouchins: User requested this because they want to see software installed through Ubuntu's app store (aka Snap Store). Ubuntu comes w/ the Snap Store preloaded.
  • @noahtalerman: In the interim the user can run a shell script and add the snap_packages table as a table in agent options (auto table construction). Check out the file and setup here.
  • @noahtalerman: Eventually these apps could show up in Fleet's software inventory w/ vulnerabilities.

---

[noahtalerman]

Problem

Apps installed via the Ubuntu Software app store do not appear to be easily queryable. They do not show up in the deb_packages table since they are containerized apps and installed at /snap/ in the filesystem.

What have you tried?

I searched osquery and found this feature request: https://github.com/osquery/osquery/issues/6091

Potential solutions

Create a new table called snap_packages that contains the output of the command snap list --all

I've created a workaround for now: https://github.com/allenhouchins/fleet-stuff/tree/main/linux-mdm-snap-packages

What is the expected workflow as a result of your proposal?

A queryable table with results similar to this:	Name	Version	Rev	Tracking	Publisher	Notes
core	16-2.51.1	11060	latest/stable	canonical✓	-
core18	20210722	2128	latest/stable	canonical✓	base
my-snap	1.0.0	22	latest/stable	mypublisher	disabled