diff --git a/salt/fleet/files/packs/osquery-config.conf b/salt/fleet/files/packs/osquery-config.conf index 4ce82cb8d..04c286675 100644 --- a/salt/fleet/files/packs/osquery-config.conf +++ b/salt/fleet/files/packs/osquery-config.conf @@ -1,31 +1,34 @@ +--- apiVersion: v1 -kind: options +kind: config spec: - config: - decorators: - always: - - SELECT codename FROM os_version; - - SELECT uuid AS live_query FROM system_info; - - SELECT address AS endpoint_ip1 FROM interface_addresses where address not - like '%:%' and address not like '127%' and address not like '169%' order by - interface desc limit 1; - - SELECT address AS endpoint_ip2 FROM interface_addresses where address not - like '%:%' and address not like '127%' and address not like '169%' order by - interface asc limit 1; - - SELECT hardware_serial FROM system_info; - - SELECT hostname AS hostname FROM system_info; - options: - decorations_top_level: true - disable_distributed: false - distributed_interval: 10 - distributed_plugin: tls - distributed_tls_max_attempts: 3 - distributed_tls_read_endpoint: /api/v1/osquery/distributed/read - distributed_tls_write_endpoint: /api/v1/osquery/distributed/write - enable_windows_events_publisher: true - enable_windows_events_subscriber: true - logger_plugin: tls - logger_tls_endpoint: /api/v1/osquery/log - logger_tls_period: 10 - pack_delimiter: _ - overrides: {} + server_settings: + enable_analytics: true +config: + decorators: + always: + - SELECT codename FROM os_version; + - SELECT uuid AS live_query FROM system_info; + - SELECT address AS endpoint_ip1 FROM interface_addresses where address not + like '%:%' and address not like '127%' and address not like '169%' order by + interface desc limit 1; + - SELECT address AS endpoint_ip2 FROM interface_addresses where address not + like '%:%' and address not like '127%' and address not like '169%' order by + interface asc limit 1; + - SELECT hardware_serial FROM system_info; + - SELECT hostname AS hostname FROM system_info; + options: + decorations_top_level: true + disable_distributed: false + distributed_interval: 10 + distributed_plugin: tls + distributed_tls_max_attempts: 3 + distributed_tls_read_endpoint: /api/v1/osquery/distributed/read + distributed_tls_write_endpoint: /api/v1/osquery/distributed/write + enable_windows_events_publisher: true + enable_windows_events_subscriber: true + logger_plugin: tls + logger_tls_endpoint: /api/v1/osquery/log + logger_tls_period: 10 + pack_delimiter: _ +overrides: {} diff --git a/salt/fleet/init.sls b/salt/fleet/init.sls index 1bb4e73d6..b3b72b96b 100644 --- a/salt/fleet/init.sls +++ b/salt/fleet/init.sls @@ -114,20 +114,20 @@ so-fleet: - port_bindings: - 0.0.0.0:8080:8080 - environment: - - KOLIDE_MYSQL_ADDRESS={{ MAINIP }}:3306 - - KOLIDE_REDIS_ADDRESS={{ MAINIP }}:6379 - - KOLIDE_MYSQL_DATABASE=fleet - - KOLIDE_MYSQL_USERNAME=fleetdbuser - - KOLIDE_MYSQL_PASSWORD={{ FLEETPASS }} - - KOLIDE_SERVER_CERT=/ssl/server.cert - - KOLIDE_SERVER_KEY=/ssl/server.key - - KOLIDE_LOGGING_JSON=true - - KOLIDE_AUTH_JWT_KEY= {{ FLEETJWT }} - - KOLIDE_OSQUERY_STATUS_LOG_FILE=/var/log/fleet/status.log - - KOLIDE_OSQUERY_RESULT_LOG_FILE=/var/log/osquery/result.log - - KOLIDE_SERVER_URL_PREFIX=/fleet - - KOLIDE_FILESYSTEM_ENABLE_LOG_ROTATION=true - - KOLIDE_FILESYSTEM_ENABLE_LOG_COMPRESSION=true + - FLEET_MYSQL_ADDRESS={{ MAINIP }}:3306 + - FLEET_REDIS_ADDRESS={{ MAINIP }}:6379 + - FLEET_MYSQL_DATABASE=fleet + - FLEET_MYSQL_USERNAME=fleetdbuser + - FLEET_MYSQL_PASSWORD={{ FLEETPASS }} + - FLEET_SERVER_CERT=/ssl/server.cert + - FLEET_SERVER_KEY=/ssl/server.key + - FLEET_LOGGING_JSON=true + - FLEET_AUTH_JWT_KEY= {{ FLEETJWT }} + - FLEET_OSQUERY_STATUS_LOG_FILE=/var/log/fleet/status.log + - FLEET_OSQUERY_RESULT_LOG_FILE=/var/log/osquery/result.log + - FLEET_SERVER_URL_PREFIX=/fleet + - FLEET_FILESYSTEM_ENABLE_LOG_ROTATION=true + - FLEET_FILESYSTEM_ENABLE_LOG_COMPRESSION=true - binds: - /etc/pki/fleet.key:/ssl/server.key:ro - /etc/pki/fleet.crt:/ssl/server.cert:ro