mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
Merge pull request #6183 from Security-Onion-Solutions/delta
Upgrade FleetDM to 4.5
This commit is contained in:
Josh Brower
GitHub
@@ -17,7 +17,7 @@ fi
|
|||||||
|
|
||||||
docker exec so-fleet fleetctl config set --address https://127.0.0.1:8080 --tls-skip-verify --url-prefix /fleet
|
docker exec so-fleet fleetctl config set --address https://127.0.0.1:8080 --tls-skip-verify --url-prefix /fleet
|
||||||
docker exec so-fleet bash -c 'while [[ "$(curl -s -o /dev/null --insecure -w ''%{http_code}'' https://127.0.0.1:8080/fleet)" != "301" ]]; do sleep 5; done'
|
docker exec so-fleet bash -c 'while [[ "$(curl -s -o /dev/null --insecure -w ''%{http_code}'' https://127.0.0.1:8080/fleet)" != "301" ]]; do sleep 5; done'
|
||||||
docker exec so-fleet fleetctl setup --email $1 --password $2
|
docker exec so-fleet fleetctl setup --email $1 --password $2 --name admin --org-name SO
|
||||||
|
|
||||||
docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/MacOS/osquery.yaml
|
docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/MacOS/osquery.yaml
|
||||||
docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/Windows/osquery.yaml
|
docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/Windows/osquery.yaml
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
{% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default') %}
|
{% set ENROLLSECRET = salt['cmd.shell']('docker exec so-fleet fleetctl get enroll-secret --json | jq -r ".spec.secrets[].secret"') %}
|
||||||
|
|
||||||
so/fleet:
|
so/fleet:
|
||||||
event.send:
|
event.send:
|
||||||
|
|||||||
@@ -1,31 +1,34 @@
|
|||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: options
|
kind: config
|
||||||
spec:
|
spec:
|
||||||
config:
|
server_settings:
|
||||||
decorators:
|
enable_analytics: false
|
||||||
always:
|
config:
|
||||||
- SELECT codename FROM os_version;
|
decorators:
|
||||||
- SELECT uuid AS live_query FROM system_info;
|
always:
|
||||||
- SELECT address AS endpoint_ip1 FROM interface_addresses where address not
|
- SELECT codename FROM os_version;
|
||||||
like '%:%' and address not like '127%' and address not like '169%' order by
|
- SELECT uuid AS live_query FROM system_info;
|
||||||
interface desc limit 1;
|
- SELECT address AS endpoint_ip1 FROM interface_addresses where address not
|
||||||
- SELECT address AS endpoint_ip2 FROM interface_addresses where address not
|
like '%:%' and address not like '127%' and address not like '169%' order by
|
||||||
like '%:%' and address not like '127%' and address not like '169%' order by
|
interface desc limit 1;
|
||||||
interface asc limit 1;
|
- SELECT address AS endpoint_ip2 FROM interface_addresses where address not
|
||||||
- SELECT hardware_serial FROM system_info;
|
like '%:%' and address not like '127%' and address not like '169%' order by
|
||||||
- SELECT hostname AS hostname FROM system_info;
|
interface asc limit 1;
|
||||||
options:
|
- SELECT hardware_serial FROM system_info;
|
||||||
decorations_top_level: true
|
- SELECT hostname AS hostname FROM system_info;
|
||||||
disable_distributed: false
|
options:
|
||||||
distributed_interval: 10
|
decorations_top_level: true
|
||||||
distributed_plugin: tls
|
disable_distributed: false
|
||||||
distributed_tls_max_attempts: 3
|
distributed_interval: 10
|
||||||
distributed_tls_read_endpoint: /api/v1/osquery/distributed/read
|
distributed_plugin: tls
|
||||||
distributed_tls_write_endpoint: /api/v1/osquery/distributed/write
|
distributed_tls_max_attempts: 3
|
||||||
enable_windows_events_publisher: true
|
distributed_tls_read_endpoint: /api/v1/osquery/distributed/read
|
||||||
enable_windows_events_subscriber: true
|
distributed_tls_write_endpoint: /api/v1/osquery/distributed/write
|
||||||
logger_plugin: tls
|
enable_windows_events_publisher: true
|
||||||
logger_tls_endpoint: /api/v1/osquery/log
|
enable_windows_events_subscriber: true
|
||||||
logger_tls_period: 10
|
logger_plugin: tls
|
||||||
pack_delimiter: _
|
logger_tls_endpoint: /api/v1/osquery/log
|
||||||
overrides: {}
|
logger_tls_period: 10
|
||||||
|
pack_delimiter: _
|
||||||
|
overrides: {}
|
||||||
|
|||||||
@@ -115,20 +115,20 @@ so-fleet:
|
|||||||
- port_bindings:
|
- port_bindings:
|
||||||
- 0.0.0.0:8080:8080
|
- 0.0.0.0:8080:8080
|
||||||
- environment:
|
- environment:
|
||||||
- KOLIDE_MYSQL_ADDRESS={{ MAINIP }}:3306
|
- FLEET_MYSQL_ADDRESS={{ MAINIP }}:3306
|
||||||
- KOLIDE_REDIS_ADDRESS={{ MAINIP }}:6379
|
- FLEET_REDIS_ADDRESS={{ MAINIP }}:6379
|
||||||
- KOLIDE_MYSQL_DATABASE=fleet
|
- FLEET_MYSQL_DATABASE=fleet
|
||||||
- KOLIDE_MYSQL_USERNAME=fleetdbuser
|
- FLEET_MYSQL_USERNAME=fleetdbuser
|
||||||
- KOLIDE_MYSQL_PASSWORD={{ FLEETPASS }}
|
- FLEET_MYSQL_PASSWORD={{ FLEETPASS }}
|
||||||
- KOLIDE_SERVER_CERT=/ssl/server.cert
|
- FLEET_SERVER_CERT=/ssl/server.cert
|
||||||
- KOLIDE_SERVER_KEY=/ssl/server.key
|
- FLEET_SERVER_KEY=/ssl/server.key
|
||||||
- KOLIDE_LOGGING_JSON=true
|
- FLEET_LOGGING_JSON=true
|
||||||
- KOLIDE_AUTH_JWT_KEY= {{ FLEETJWT }}
|
- FLEET_AUTH_JWT_KEY= {{ FLEETJWT }}
|
||||||
- KOLIDE_OSQUERY_STATUS_LOG_FILE=/var/log/fleet/status.log
|
- FLEET_OSQUERY_STATUS_LOG_FILE=/var/log/fleet/status.log
|
||||||
- KOLIDE_OSQUERY_RESULT_LOG_FILE=/var/log/osquery/result.log
|
- FLEET_OSQUERY_RESULT_LOG_FILE=/var/log/osquery/result.log
|
||||||
- KOLIDE_SERVER_URL_PREFIX=/fleet
|
- FLEET_SERVER_URL_PREFIX=/fleet
|
||||||
- KOLIDE_FILESYSTEM_ENABLE_LOG_ROTATION=true
|
- FLEET_FILESYSTEM_ENABLE_LOG_ROTATION=true
|
||||||
- KOLIDE_FILESYSTEM_ENABLE_LOG_COMPRESSION=true
|
- FLEET_FILESYSTEM_ENABLE_LOG_COMPRESSION=true
|
||||||
- binds:
|
- binds:
|
||||||
- /etc/pki/fleet.key:/ssl/server.key:ro
|
- /etc/pki/fleet.key:/ssl/server.key:ro
|
||||||
- /etc/pki/fleet.crt:/ssl/server.cert:ro
|
- /etc/pki/fleet.crt:/ssl/server.cert:ro
|
||||||
|
|||||||
Reference in New Issue
Block a user