empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 00:45:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Normalize sql statements throughout the docs (#5487)

Browse Source 
* feat: normalize SQL statements in API-for-contributors.md

* feat: normalize SQL statements in Adding-hosts.md

* feat: normalize SQL statements in fleetctl-CLI.md

* feat: normalize SQL statements in REST-API.md

* feat: normalize SQL statements in Vulnerability-Processing.md

* feat: normaize SQL statemetns in Using Fleet ReadMe

* feat: normalize SQL statements in tools/api README

* fix: revert adding hosts page
This commit is contained in:
Kelvin Oghenerhoro Omereshone 2022-05-03 15:47:31 +01:00 committed by GitHub
parent 0d53ac94bc
commit 25ce199f34
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 50 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
docs/Contributing/API-for-contributors.md
View File

@ -52,9 +52,9 @@ None.
{
"name": "osquery_schedule",
"description": "Report performance stats for each file in the query schedule.",
"query": "select name, interval, executions, output_size, wall_time, (user_time/executions) as avg_user_time, (system_time/executions) as avg_system_time, average_memory, last_executed from osquery_schedule;"
"query": "SELECT name, interval, executions, output_size, wall_time, (user_time/executions) AS avg_user_time, (system_time/executions) AS avg_system_time, average_memory, last_executed FROM osquery_schedule;"
}
]
]
}
```
@ -536,7 +536,7 @@ If the `label_membership_type` is set to `manual`, the `hosts` property must als
{
"name": "Ubuntu",
"description": "Filters ubuntu hosts",
"query": "select 1 from os_version where platform = 'ubuntu';",
"query": "SELECT 1 FROM os_version WHERE platform = 'ubuntu';",
"label_membership_type": "dynamic"
},
{
@ -576,7 +576,7 @@ None.
"id": 6,
"name": "All Hosts",
"description": "All hosts which have enrolled in Fleet",
"query": "select 1;",
"query": "SELECT 1;",
"label_type": "builtin",
"label_membership_type": "dynamic"
},
@ -584,7 +584,7 @@ None.
"id": 7,
"name": "macOS",
"description": "All macOS hosts",
"query": "select 1 from os_version where platform = 'darwin';",
"query": "SELECT 1 FROM os_version WHERE platform = 'darwin';",
"platform": "darwin",
"label_type": "builtin",
"label_membership_type": "dynamic"
@ -593,7 +593,7 @@ None.
"id": 8,
"name": "Ubuntu Linux",
"description": "All Ubuntu hosts",
"query": "select 1 from os_version where platform = 'ubuntu';",
"query": "SELECT 1 FROM os_version WHERE platform = 'ubuntu';",
"platform": "ubuntu",
"label_type": "builtin",
"label_membership_type": "dynamic"
@ -602,7 +602,7 @@ None.
"id": 9,
"name": "CentOS Linux",
"description": "All CentOS hosts",
"query": "select 1 from os_version where platform = 'centos' or name like '%centos%'",
"query": "SELECT 1 FROM os_version WHERE platform = 'centos' OR name LIKE '%centos%'",
"label_type": "builtin",
"label_membership_type": "dynamic"
},
@ -610,7 +610,7 @@ None.
"id": 10,
"name": "MS Windows",
"description": "All Windows hosts",
"query": "select 1 from os_version where platform = 'windows';",
"query": "SELECT 1 FROM os_version WHERE platform = 'windows';",
"platform": "windows",
"label_type": "builtin",
"label_membership_type": "dynamic"
@ -619,7 +619,7 @@ None.
"id": 11,
"name": "Ubuntu",
"description": "Filters ubuntu hosts",
"query": "select 1 from os_version where platform = 'ubuntu';",
"query": "SELECT 1 FROM os_version WHERE platform = 'ubuntu';",
"label_membership_type": "dynamic"
}
]
@ -787,7 +787,7 @@ One of `query` and `query_id` must be specified.
```json
{
"query": "select instance_id from system_info",
"query": "SELECT instance_id FROM system_info",
"selected": {
"hosts": [171]
}
@ -826,7 +826,7 @@ One of `query` and `query_id` must be specified.
```json
{
"query": "select instance_id from system_info;",
"query": "SELECT instance_id FROM system_info;",
"selected": {
"labels": [7]
}
@ -922,7 +922,7 @@ One of `query` and `query_id` must be specified.
```json
{
"query": "select instance_id from system_info",
"query": "SELECT instance_id FROM system_info",
"selected": {
"labels": ["All Hosts"]
}

4
docs/Using-Fleet/Adding-hosts.md
View File

@ -225,7 +225,7 @@ On a system with osquery installed via the Fleet osquery installer (Orbit), obta
codesign -dr - /opt/orbit/bin/orbit/macos/edge/orbit
```
The output should be similar or identical to:
The output should be similar or identical to:
```
Executable=/opt/orbit/bin/orbit/macos/edge/orbit
@ -243,7 +243,7 @@ Osqueryd will inherit the privileges from Orbit and does not need explicit permi
Depending on your MDM, this might be possible in the UI or require a custom profile. If your MDM has a feature to configure *Policy Preferences*, follow these steps:
1. Configure the identifier type to “path”
2. Paste the full path to Orbit as the identifier.
2. Paste the full path to Orbit as the identifier.
3. Paste the full code signing identifier into the code requirement field.
4. Allow “Access all files”. Access to Downloads, Documents etc is inherited from this.

42
docs/Using-Fleet/REST-API.md
View File

@ -2022,7 +2022,7 @@ If the scheduled queries haven't run on the host yet, the stats have zero values
"id": 6,
"name": "All Hosts",
"description": "All hosts which have enrolled in Fleet",
"query": "select 1;",
"query": "SELECT 1;",
"platform": "",
"label_type": "builtin",
"label_membership_type": "dynamic"
@ -2033,7 +2033,7 @@ If the scheduled queries haven't run on the host yet, the stats have zero values
"id": 9,
"name": "CentOS Linux",
"description": "All CentOS hosts",
"query": "select 1 from os_version where platform = 'centos' or name like '%centos%'",
"query": "SELECT 1 FROM os_version WHERE platform = 'centos' OR name LIKE '%centos%'",
"platform": "",
"label_type": "builtin",
"label_membership_type": "dynamic"
@ -2057,7 +2057,7 @@ If the scheduled queries haven't run on the host yet, the stats have zero values
{
"id": 1,
"name": "SomeQuery",
"query": "select * from foo;",
"query": "SELECT * FROM foo;",
"description": "this is a query",
"resolution": "fix with these steps...",
"platform": "windows,linux",
@ -2066,7 +2066,7 @@ If the scheduled queries haven't run on the host yet, the stats have zero values
{
"id": 2,
"name": "SomeQuery2",
"query": "select * from bar;",
"query": "SELECT * FROM bar;",
"description": "this is another query",
"resolution": "fix with these other steps...",
"platform": "darwin",
@ -2075,7 +2075,7 @@ If the scheduled queries haven't run on the host yet, the stats have zero values
{
"id": 3,
"name": "SomeQuery3",
"query": "select * from baz;",
"query": "SELECT * FROM baz;",
"description": "",
"resolution": "",
"platform": "",
@ -2600,7 +2600,7 @@ Creates a dynamic label.
{
"name": "Ubuntu hosts",
"description": "Filters ubuntu hosts",
"query": "select 1 from os_version where platform = 'ubuntu';",
"query": "SELECT 1 FROM os_version WHERE platform = 'ubuntu';",
"platform": ""
}
```
@ -2617,7 +2617,7 @@ Creates a dynamic label.
"id": 1,
"name": "Ubuntu hosts",
"description": "Filters ubuntu hosts",
"query": "select 1 from os_version where platform = 'ubuntu';",
"query": "SELECT 1 FROM os_version WHERE platform = 'ubuntu';",
"label_type": "regular",
"label_membership_type": "dynamic",
"display_text": "Ubuntu hosts",
@ -2667,7 +2667,7 @@ Modifies the specified label. Note: Label queries and platforms are immutable. T
"id": 1,
"name": "Ubuntu hosts",
"description": "Filters ubuntu hosts",
"query": "select 1 from os_version where platform = 'ubuntu';",
"query": "SELECT 1 FROM os_version WHERE platform = 'ubuntu';",
"platform": "darwin",
"label_type": "regular",
"label_membership_type": "dynamic",
@ -2706,7 +2706,7 @@ Returns the specified label.
"id": 12,
"name": "Ubuntu",
"description": "Filters ubuntu hosts",
"query": "select 1 from os_version where platform = 'ubuntu';",
"query": "SELECT 1 FROM os_version WHERE platform = 'ubuntu';",
"label_type": "regular",
"label_membership_type": "dynamic",
"display_text": "Ubuntu",
@ -2747,7 +2747,7 @@ Returns a list of all the labels in Fleet.
"id": 6,
"name": "All Hosts",
"description": "All hosts which have enrolled in Fleet",
"query": "select 1;",
"query": "SELECT 1;",
"label_type": "builtin",
"label_membership_type": "dynamic",
"host_count": 7,
@ -2761,7 +2761,7 @@ Returns a list of all the labels in Fleet.
"id": 7,
"name": "macOS",
"description": "All macOS hosts",
"query": "select 1 from os_version where platform = 'darwin';",
"query": "SELECT 1 FROM os_version WHERE platform = 'darwin';",
"platform": "darwin",
"label_type": "builtin",
"label_membership_type": "dynamic",
@ -2776,7 +2776,7 @@ Returns a list of all the labels in Fleet.
"id": 8,
"name": "Ubuntu Linux",
"description": "All Ubuntu hosts",
"query": "select 1 from os_version where platform = 'ubuntu';",
"query": "SELECT 1 FROM os_version WHERE platform = 'ubuntu';",
"platform": "ubuntu",
"label_type": "builtin",
"label_membership_type": "dynamic",
@ -2791,7 +2791,7 @@ Returns a list of all the labels in Fleet.
"id": 9,
"name": "CentOS Linux",
"description": "All CentOS hosts",
"query": "select 1 from os_version where platform = 'centos' or name like '%centos%'",
"query": "SELECT 1 FROM os_version WHERE platform = 'centos' OR name LIKE '%centos%'",
"label_type": "builtin",
"label_membership_type": "dynamic",
"host_count": 3,
@ -2805,7 +2805,7 @@ Returns a list of all the labels in Fleet.
"id": 10,
"name": "MS Windows",
"description": "All Windows hosts",
"query": "select 1 from os_version where platform = 'windows';",
"query": "SELECT 1 FROM os_version WHERE platform = 'windows';",
"platform": "windows",
"label_type": "builtin",
"label_membership_type": "dynamic",
@ -3246,7 +3246,7 @@ Delete pack by name.
"name": "osquery_info",
"query_id": 22,
"query_name": "osquery_info",
"query": "select i.*, p.resident_size, p.user_time, p.system_time, time.minutes as counter from osquery_info i, processes p, time where p.pid = i.pid;",
"query": "SELECT i.*, p.resident_size, p.user_time, p.system_time, time.minutes AS counter FROM osquery_info i, processes p, time WHERE p.pid = i.pid;",
"interval": 6667,
"snapshot": true,
"removed": false,
@ -3309,7 +3309,7 @@ Delete pack by name.
"name": "osquery_events",
"query_id": 23,
"query_name": "osquery_events",
"query": "select name, publisher, type, subscriptions, events, active from osquery_events;",
"query": "SELECT name, publisher, type, subscriptions, events, active FROM osquery_events;",
"interval": 120,
"snapshot": false,
"removed": true,
@ -3348,7 +3348,7 @@ Delete pack by name.
"name": "osquery_events",
"query_id": 23,
"query_name": "osquery_events",
"query": "select name, publisher, type, subscriptions, events, active from osquery_events;",
"query": "SELECT name, publisher, type, subscriptions, events, active FROM osquery_events;",
"interval": 120,
"snapshot": false,
"removed": true,
@ -3402,7 +3402,7 @@ Delete pack by name.
"name": "osquery_events",
"query_id": 23,
"query_name": "osquery_events",
"query": "select name, publisher, type, subscriptions, events, active from osquery_events;",
"query": "SELECT name, publisher, type, subscriptions, events, active FROM osquery_events;",
"interval": 120,
"snapshot": false,
"removed": true,
@ -5122,7 +5122,7 @@ The returned lists are filtered based on the hosts the requesting user has acces
"id": 6,
"name": "All Hosts",
"description": "All hosts which have enrolled in Fleet",
"query": "select 1;",
"query": "SELECT 1;",
"label_type": "builtin",
"label_membership_type": "dynamic",
"host_count": 5,
@ -5383,8 +5383,8 @@ _Available in Fleet Premium_
},
"decorators": {
"load": [
"select uuid as host_uuid from system_info;",
"select hostname as hostname from system_info;"
"SELECT uuid AS host_uuid FROM system_info;",
"SELECT hostname AS hostname FROM system_info;"
]
}
},

12
docs/Using-Fleet/Vulnerability-Processing.md
View File

@ -8,14 +8,14 @@
Vulnerability processing is enabled by default for new installations.
Fleet checks for vulnerabilities using the National Vulnerability Database (NVD).
Fleet checks for vulnerabilities using the National Vulnerability Database (NVD).
First, Fleet retrieves the installed software for each host using osquery queries. Then, Fleet
translates each installed software into [Common Platform Enumeration (CPE)](https://en.wikipedia.org/wiki/Common_Platform_Enumeration) names.
Then, using the CPEs, Fleet searches the list of [Common Vulnerabilities and Exposure
(CVE)](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) identifiers listed in the NVD
to detect the CVEs that match the defined CPEs.
to detect the CVEs that match the defined CPEs.
If matches are found, they are exposed on each host's
**Host details** page and on the **Home** page in the Fleet UI. The CVEs are also exposed in the
@ -81,7 +81,7 @@ https://nvd.nist.gov/products/cpe. This CPE dictionary is typically updated once
The matching occurs server-side to make the processing as fast as possible, but the whole process is both CPU and memory intensive.
For example, when running a development instance of Fleet on an Apple Macbook Pro with 16 cores, matching 200,000 CPEs against the CVE database will take around 10 seconds and consume about 3GBs of RAM.
For example, when running a development instance of Fleet on an Apple Macbook Pro with 16 cores, matching 200,000 CPEs against the CVE database will take around 10 seconds and consume about 3GBs of RAM.
The CPU and memory usages are in burst once every hour (or the configured periodicity) on the instance that does the processing. RAM spikes are expected to not exceed the 2GBs.
@ -148,10 +148,10 @@ Let's look into some examples of this stage.
#### tmux
tmux is a Unix terminal utility to multiplex ttys. It appears listed like this in macOS:
tmux is a Unix terminal utility to multiplex ttys. It appears listed like this in macOS:
```
osquery> select * from homebrew_packages where name='tmux';
osquery> SELECT * FROM homebrew_packages WHERE name='tmux';
+------+----------------------------+---------+
| name | path | version |
+------+----------------------------+---------+
@ -188,7 +188,7 @@ This is great for developers, because they don't have to be versed in all the in
Linux distributions do security patches. These patches sometimes are old versions of software that is in the list of a long term maintenance distribution versions (sometimes abbreviated as LTS) with a vulnerability fix from a newer version.
In this case, the software developer might release version, say, 2.5, but in Ubuntu version 2.3-ubuntu2 is what's available. This version is not the vulnerable 2.3, but 2.3 with the patch that fixes that security vulnerability. That same fix might be version `2.4-1` in CentOS because that's what happened to be in the LTS version.
In this case, the software developer might release version, say, 2.5, but in Ubuntu version 2.3-ubuntu2 is what's available. This version is not the vulnerable 2.3, but 2.3 with the patch that fixes that security vulnerability. That same fix might be version `2.4-1` in CentOS because that's what happened to be in the LTS version.
So Fleet with a pipeline up until the section above would see `some_app-2.4` and mark it as vulnerable. In reality, this is a false positive that needs to be discarded based on the data we parse for the changelogs for each distribution.

10
docs/Using-Fleet/configuration-files/README.md
View File

@ -50,7 +50,7 @@ kind: query
spec:
name: docker_processes
description: The docker containers processes that are running on a system.
query: select * from docker_container_processes;
query: SELECT * FROM docker_container_processes;
```
To define multiple queries in a file, concatenate multiple `query` resources together in a single file with `---`. For example, consider a file that you might store at `queries/osquery_monitoring.yml`:
@ -131,7 +131,7 @@ kind: label
spec:
name: slack_not_running
query: >
SELECT * from system_info
SELECT * FROM system_info
WHERE NOT EXISTS (
SELECT *
FROM processes
@ -235,8 +235,8 @@ spec:
# must take care to keep the data returned by these queries small in
# order to mitigate potential performance impacts on the Fleet server.
additional_queries:
time: select * from time
macs: select mac from interface_details
time: SELECT * FROM time
macs: SELECT mac FROM interface_details
org_info:
org_logo_url: "https://example.org/logo.png"
org_name: Example Org
@ -389,7 +389,7 @@ spec:
darwin:
auto_table_construction:
tcc_system_entries:
query: "select service, client, allowed, prompt_count, last_modified from access"
query: "SELECT service, client, allowed, prompt_count, last_modified FROM access"
path: "/Library/Application Support/com.apple.TCC/TCC.db"
columns:
- "service"

4
docs/Using-Fleet/fleetctl-CLI.md
View File

@ -142,7 +142,7 @@ It's possible to specify the password via the `--password` flag or the `$PASSWOR
To run a simple query against all hosts, you might run something like the following:
```
fleetctl query --query 'select * from osquery_info;' --labels='All Hosts' > results.json
fleetctl query --query 'SELECT * FROM osquery_info;' --labels='All Hosts' > results.json
⠂ 100% responded (100% online) | 1/1 targeted hosts (1/1 online)
^C
```
@ -248,7 +248,7 @@ apiVersion: v1
kind: query
spec:
name: processes
query: select * from processes
query: SELECT * FROM processes
```
## Using fleetctl with an API-only user

4
tools/api/README.md
View File

@ -43,7 +43,7 @@ export FLEET_ENV_PATH=/Users/victor/fleet_env
2
# create a query
./tools/api/fleet/queries/create 'system_info' 'select * from system_info;'
./tools/api/fleet/queries/create 'system_info' 'SELECT * FROM system_info;'
{
"query": {
"created_at": "0001-01-01T00:00:00Z",
@ -51,7 +51,7 @@ export FLEET_ENV_PATH=/Users/victor/fleet_env
"id": 4,
"name": "system_info",
"description": "",
"query": "select * from system_info;",
"query": "SELECT * FROM system_info;",
"saved": true,
"author_id": 1,
"author_name": "admin",