CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update to FleetDM 4.5

Browse Source
This commit is contained in:
Josh Brower
2021-11-08 15:05:58 -05:00
parent 2561480371
commit 083d467aa9
2 changed files with 46 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
salt/fleet/files/packs/osquery-config.conf
View File

@@ -1,31 +1,34 @@
---
apiVersion: v1
kind: options
kind: config
spec:
config:
decorators:
always:
- SELECT codename FROM os_version;
- SELECT uuid AS live_query FROM system_info;
- SELECT address AS endpoint_ip1 FROM interface_addresses where address not
like '%:%' and address not like '127%' and address not like '169%' order by
interface desc limit 1;
- SELECT address AS endpoint_ip2 FROM interface_addresses where address not
like '%:%' and address not like '127%' and address not like '169%' order by
interface asc limit 1;
- SELECT hardware_serial FROM system_info;
- SELECT hostname AS hostname FROM system_info;
options:
decorations_top_level: true
disable_distributed: false
distributed_interval: 10
distributed_plugin: tls
distributed_tls_max_attempts: 3
distributed_tls_read_endpoint: /api/v1/osquery/distributed/read
distributed_tls_write_endpoint: /api/v1/osquery/distributed/write
enable_windows_events_publisher: true
enable_windows_events_subscriber: true
logger_plugin: tls
logger_tls_endpoint: /api/v1/osquery/log
logger_tls_period: 10
pack_delimiter: _
overrides: {}
server_settings:
enable_analytics: true
config:
decorators:
always:
- SELECT codename FROM os_version;
- SELECT uuid AS live_query FROM system_info;
- SELECT address AS endpoint_ip1 FROM interface_addresses where address not
like '%:%' and address not like '127%' and address not like '169%' order by
interface desc limit 1;
- SELECT address AS endpoint_ip2 FROM interface_addresses where address not
like '%:%' and address not like '127%' and address not like '169%' order by
interface asc limit 1;
- SELECT hardware_serial FROM system_info;
- SELECT hostname AS hostname FROM system_info;
options:
decorations_top_level: true
disable_distributed: false
distributed_interval: 10
distributed_plugin: tls
distributed_tls_max_attempts: 3
distributed_tls_read_endpoint: /api/v1/osquery/distributed/read
distributed_tls_write_endpoint: /api/v1/osquery/distributed/write
enable_windows_events_publisher: true
enable_windows_events_subscriber: true
logger_plugin: tls
logger_tls_endpoint: /api/v1/osquery/log
logger_tls_period: 10
pack_delimiter: _
overrides: {}

28
salt/fleet/init.sls
View File

@@ -114,20 +114,20 @@ so-fleet:
- port_bindings:
- 0.0.0.0:8080:8080
- environment:
- KOLIDE_MYSQL_ADDRESS={{ MAINIP }}:3306
- KOLIDE_REDIS_ADDRESS={{ MAINIP }}:6379
- KOLIDE_MYSQL_DATABASE=fleet
- KOLIDE_MYSQL_USERNAME=fleetdbuser
- KOLIDE_MYSQL_PASSWORD={{ FLEETPASS }}
- KOLIDE_SERVER_CERT=/ssl/server.cert
- KOLIDE_SERVER_KEY=/ssl/server.key
- KOLIDE_LOGGING_JSON=true
- KOLIDE_AUTH_JWT_KEY= {{ FLEETJWT }}
- KOLIDE_OSQUERY_STATUS_LOG_FILE=/var/log/fleet/status.log
- KOLIDE_OSQUERY_RESULT_LOG_FILE=/var/log/osquery/result.log
- KOLIDE_SERVER_URL_PREFIX=/fleet
- KOLIDE_FILESYSTEM_ENABLE_LOG_ROTATION=true
- KOLIDE_FILESYSTEM_ENABLE_LOG_COMPRESSION=true
- FLEET_MYSQL_ADDRESS={{ MAINIP }}:3306
- FLEET_REDIS_ADDRESS={{ MAINIP }}:6379
- FLEET_MYSQL_DATABASE=fleet
- FLEET_MYSQL_USERNAME=fleetdbuser
- FLEET_MYSQL_PASSWORD={{ FLEETPASS }}
- FLEET_SERVER_CERT=/ssl/server.cert
- FLEET_SERVER_KEY=/ssl/server.key
- FLEET_LOGGING_JSON=true
- FLEET_AUTH_JWT_KEY= {{ FLEETJWT }}
- FLEET_OSQUERY_STATUS_LOG_FILE=/var/log/fleet/status.log
- FLEET_OSQUERY_RESULT_LOG_FILE=/var/log/osquery/result.log
- FLEET_SERVER_URL_PREFIX=/fleet
- FLEET_FILESYSTEM_ENABLE_LOG_ROTATION=true
- FLEET_FILESYSTEM_ENABLE_LOG_COMPRESSION=true
- binds:
- /etc/pki/fleet.key:/ssl/server.key:ro
- /etc/pki/fleet.crt:/ssl/server.cert:ro