CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-05-03 01:48:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Feature/Fleet-Standalone

Browse Source
This commit is contained in:
Josh Brower
2020-03-24 20:57:24 -04:00
parent e4e598f0be
commit 9bcba41882
49 changed files with 854 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files
salt/fleet/files/packs/palantir/Fleet/Servers/options.yaml
+57
View File
@@ -0,0 +1,57 @@
apiVersion: v1
kind: options
spec:
config:
decorators:
load:
- SELECT uuid AS host_uuid FROM system_info;
- SELECT hostname AS hostname FROM system_info;
file_paths:
binaries:
- /usr/bin/%%
- /usr/sbin/%%
- /bin/%%
- /sbin/%%
- /usr/local/bin/%%
- /usr/local/sbin/%%
configuration:
- /etc/passwd
- /etc/shadow
- /etc/ld.so.conf
- /etc/ld.so.conf.d/%%
- /etc/pam.d/%%
- /etc/resolv.conf
- /etc/rc%/%%
- /etc/my.cnf
- /etc/modules
- /etc/hosts
- /etc/hostname
- /etc/fstab
- /etc/crontab
- /etc/cron%/%%
- /etc/init/%%
- /etc/rsyslog.conf
options:
audit_allow_config: true
audit_allow_sockets: true
audit_persist: true
disable_audit: false
events_expiry: 1
events_max: 500000
disable_distributed: false
disable_subscribers: user_events
distributed_interval: 10
distributed_plugin: tls
distributed_tls_max_attempts: 3
distributed_tls_read_endpoint: /api/v1/osquery/distributed/read
distributed_tls_write_endpoint: /api/v1/osquery/distributed/write
logger_min_status: 1
logger_plugin: tls
logger_snapshot_event_type: true
logger_tls_endpoint: /api/v1/osquery/log
logger_tls_period: 10
pack_delimiter: /
schedule_splay_percent: 10
watchdog_memory_limit: 350
watchdog_utilization_limit: 130
overrides: {}