Fleet Module - Add Config

salt/fleet/etc/osquery.conf

@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: options
+spec:
+  config:
+    decorators:
+      always:
+      - SELECT codename FROM os_version;
+      - SELECT uuid AS LiveQuery FROM system_info;
+      - SELECT address AS EndpointIP1 FROM interface_addresses where address not
+        like '%:%' and address not like '127%' and address not like '169%' order by
+        interface desc limit 1;
+      - SELECT address AS EndpointIP2 FROM interface_addresses where address not
+        like '%:%' and address not like '127%' and address not like '169%' order by
+        interface asc limit 1;
+      - SELECT hardware_serial FROM system_info;
+      - SELECT hostname AS hostname FROM system_info;
+    options:
+      decorations_top_level: true
+      disable_distributed: false
+      distributed_interval: 10
+      distributed_plugin: tls
+      distributed_tls_max_attempts: 3
+      distributed_tls_read_endpoint: /api/v1/osquery/distributed/read
+      distributed_tls_write_endpoint: /api/v1/osquery/distributed/write
+      logger_plugin: tls
+      logger_tls_endpoint: /api/v1/osquery/log
+      logger_tls_period: 10
+      pack_delimiter: _
+  overrides: {}

salt/fleet/init.sls

@@ -10,6 +10,13 @@ fleetcdir:
     - group: 939
     - makedirs: True
 
+fleetconf:
+  file.managed:
+    - name: /opt/so/conf/fleet/etc/osquery.conf
+    - source: salt://fleet/etc/osquery.conf
+    - user: 939
+    - group: 939
+
 fleetlogdir:
   file.directory:
     - name: /opt/so/log/fleet
@@ -57,5 +64,6 @@ so-fleet:
       - /etc/pki/fleet.key:/ssl/server.key:ro
       - /etc/pki/fleet.crt:/ssl/server.cert:ro
       - /opt/so/log/fleet:/var/log/osquery
+      - /opt/so/conf/fleet/etc/osquery.conf:/tmp/osquery.conf
     - watch:
       - /opt/so/conf/fleet/etc