apiVersion: v1
kind: options
spec:
  config:
    decorators:
      load:
      - SELECT uuid AS host_uuid FROM system_info;
      - SELECT hostname AS hostname FROM system_info;
    file_paths:
      binaries:
      - /usr/bin/%%
      - /usr/sbin/%%
      - /bin/%%
      - /sbin/%%
      - /usr/local/bin/%%
      - /usr/local/sbin/%%
      configuration:
      - /etc/passwd
      - /etc/shadow
      - /etc/ld.so.preload
      - /etc/ld.so.conf
      - /etc/ld.so.conf.d/%%
      - /etc/pam.d/%%
      - /etc/resolv.conf
      - /etc/rc%/%%
      - /etc/my.cnf
      - /etc/modules
      - /etc/hosts
      - /etc/hostname
      - /etc/fstab
      - /etc/crontab
      - /etc/cron%/%%
      - /etc/init/%%
      - /etc/rsyslog.conf
    options:
      audit_allow_config: true
      audit_allow_sockets: true
      audit_persist: true
      disable_audit: false
      events_expiry: 1
      events_max: 500000
      disable_distributed: false
      disable_subscribers: user_events
      distributed_interval: 10
      distributed_plugin: tls
      distributed_tls_max_attempts: 3
      distributed_tls_read_endpoint: /api/v1/osquery/distributed/read
      distributed_tls_write_endpoint: /api/v1/osquery/distributed/write
      logger_min_status: 1
      logger_plugin: tls
      logger_snapshot_event_type: true
      logger_tls_endpoint: /api/v1/osquery/log
      logger_tls_period: 10
      pack_delimiter: /
      schedule_splay_percent: 10
      watchdog_memory_limit: 350
      watchdog_utilization_limit: 130
  overrides: {}