empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Revert Backmerge from Main

Browse Source
This commit is contained in:
Tim Lee 2023-10-04 20:56:17 -06:00 committed by GitHub
parent 38af9678f4
commit 4b50cf811b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
63 changed files with 562 additions and 919 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/build-orbit.yaml vendored
View File

@ -7,7 +7,7 @@ on:
- 'orbit/**.go'
env:
ORBIT_VERSION: 1.17.0
ORBIT_VERSION: 1.16.0
# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:

2
.github/workflows/generate-desktop-targets.yml vendored
View File

@ -24,7 +24,7 @@ defaults:
shell: bash
env:
FLEET_DESKTOP_VERSION: 1.17.0
FLEET_DESKTOP_VERSION: 1.16.0
permissions:
contents: read

5
cmd/osquery-perf/agent.go
View File

@ -551,7 +551,6 @@ func (a *agent) runOrbitLoop() {
if err != nil {
a.stats.IncrementOrbitErrors()
log.Println("orbitClient.GetConfig: ", err)
continue
}
if len(cfg.Notifications.PendingScriptExecutionIDs) > 0 {
// there are pending scripts to execute on this host, start a goroutine
@ -563,7 +562,6 @@ func (a *agent) runOrbitLoop() {
if err := deviceClient.CheckToken(*a.deviceAuthToken); err != nil {
a.stats.IncrementOrbitErrors()
log.Println("deviceClient.CheckToken: ", err)
continue
}
}
case <-orbitTokenRotationTicker:
@ -572,7 +570,6 @@ func (a *agent) runOrbitLoop() {
if err := orbitClient.SetOrUpdateDeviceToken(*newToken); err != nil {
a.stats.IncrementOrbitErrors()
log.Println("orbitClient.SetOrUpdateDeviceToken: ", err)
continue
}
a.deviceAuthToken = newToken
// fleet desktop performs a burst of check token requests after a token is rotated
@ -582,13 +579,11 @@ func (a *agent) runOrbitLoop() {
if err := orbitClient.Ping(); err != nil {
a.stats.IncrementOrbitErrors()
log.Println("orbitClient.Ping: ", err)
continue
}
case <-fleetDesktopPolicyTicker:
if _, err := deviceClient.DesktopSummary(*a.deviceAuthToken); err != nil {
a.stats.IncrementDesktopErrors()
log.Println("deviceClient.NumberOfFailingPolicies: ", err)
continue
}
}
}

22
docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
View File

@ -1045,25 +1045,3 @@ spec:
purpose: Informational
tags: crowdstrike, plist, network, content filter
contributors: zwass
---
apiVersion: v1
kind: query
spec:
name: Get a list of Visual Studio Code extensions
platform: darwin
description: Get a list of installed VS Code extensions. Requires (fleetd)[https://fleetdm.com/docs/using-fleet/fleetd].
query: |
SELECT split(user_path, '/', 1) as username,
json_extract(value, '$.identifier.id') as id,
json_extract(value, '$.identifier.uuid') as uuid,
json_extract(value, '$.location.path') as path,
json_extract(value, '$.version') as version,
json_extract(value, '$.metadata.publisherDisplayName') as publisher_display_name
FROM (
SELECT file_lines.path as user_path, value
FROM file_lines, json_each(line)
WHERE file_lines.path LIKE '/Users/%/.vscode/extensions/extensions.json'
);
purpose: Informational
tags: inventory
contributors: lucasmrod,sharon-fdm,zwass

6
docs/Contributing/API-for-contributors.md
View File

@ -9,11 +9,9 @@
- [Downloadable installers](#downloadable-installers)
- [Setup](#setup)
This document includes the internal Fleet API routes that are helpful when developing or contributing to Fleet.
This document includes the Fleet API routes that are helpful when developing or contributing to Fleet.
These endpoints are used by the Fleet UI, Fleet Desktop, and `fleetctl` clients and will frequently change to reflect current functionality.
If you are interested in gathering information from Fleet in a production environment, please see the [public Fleet REST API documentation](https://fleetdm.com/docs/using-fleet/rest-api).
Unlike the [Fleet REST API documentation](https://fleetdm.com/docs/using-fleet/rest-api), only the Fleet UI, Fleet Desktop, and `fleetctl` clients use the API routes in this document:
## Packs

9
docs/Deploy/Deploy-Fleet-on-CentOS.md
View File

@ -19,15 +19,12 @@ vagrant ssh
### Installing Fleet
To install Fleet, [download](https://github.com/fleetdm/fleet/releases) the file named `Source code
(zip)`, rename, unzip, and move the latest Fleet binary to your desired install location.
To install Fleet, [download](https://github.com/fleetdm/fleet/releases), unzip, and move the latest Fleet binary to your desired install location.
For example, after downloading:
```sh
mv <filename>.zip fleet.zip
unzip fleet.zip -d fleet
sudo cp fleet /usr/bin/
sudo chmod u+x /usr/bin/fleet
unzip fleet.zip 'linux/*' -d fleet
sudo cp fleet/linux/fleet* /usr/bin/
```
### Installing and configuring dependencies

26
docs/Deploy/Deploy-Fleet-on-Kubernetes.md
View File

@ -93,8 +93,6 @@ If you have not used Helm before, you must run the following to initialize your
helm init
```
> Note: The helm init command has been removed in Helm v3. It performed two primary functions. First, it installed Tiller which is no longer needed. Second, it set up directories and repositories where Helm configuration lived. This is now automated in Helm v3; if the directory is not present it will be created.
### Deploying Fleet with Helm
To configure preferences for Fleet for use in Helm, including secret names, MySQL and Redis hostnames, and TLS certificates, download the [values.yaml](https://raw.githubusercontent.com/fleetdm/fleet/main/charts/fleet/values.yaml) and change the settings to match your configuration.
@ -119,24 +117,16 @@ For the sake of this tutorial, we will again use Helm, this time to install MySQ
The MySQL that we will use for this tutorial is not replicated and it is not Highly Available. If you're deploying Fleet on a Kubernetes managed by a cloud provider (GCP, Azure, AWS, etc), I suggest using their MySQL product if possible as running HA MySQL in Kubernetes can be difficult. To make this tutorial cloud provider agnostic however, we will use a non-replicated instance of MySQL.
To install MySQL from Helm, run the following command. Note that there are some options that need to be defined:
To install MySQL from Helm, run the following command. Note that there are some options that are specified. These options basically just enumerate that:
- There should be a `fleet` database created
- The default user's username should be `fleet`
Helm v2
```sh
helm install \
--name fleet-database \
--set mysqlUser=fleet,mysqlDatabase=fleet \
oci://registry-1.docker.io/bitnamicharts/mysql
```
Helm v3
```sh
helm install fleet-database \
--set mysqlUser=fleet,mysqlDatabase=fleet \
oci://registry-1.docker.io/bitnamicharts/mysql
stable/mysql
```
This helm package will create a Kubernetes `Service` which exposes the MySQL server to the rest of the cluster on the following DNS address:
@ -166,19 +156,11 @@ kubectl create -f ./docs/Using-Fleet/configuration-files/kubernetes/fleet-migrat
#### Redis
Helm v2
```sh
helm install \
--name fleet-cache \
--set persistence.enabled=false \
oci://registry-1.docker.io/bitnamicharts/redis
```
Helm v3
```sh
helm install fleet-cache \
--set persistence.enabled=false \
oci://registry-1.docker.io/bitnamicharts/redis
stable/redis
```
This helm package will create a Kubernetes `Service` which exposes the Redis server to the rest of the cluster on the following DNS address:
@ -263,4 +245,4 @@ Once you have the public IP address for the load balancer, create an A record in
<meta name="title" value="Kubernetes">
<meta name="pageOrderInSection" value="800">
<meta name="description" value="A guide to deploy Fleet on Kubernetes.">
<meta name="navSection" value="Deployment guides">
<meta name="navSection" value="Deployment guides">

5
docs/Get started/FAQ.md
View File

@ -2,11 +2,6 @@
## Using Fleet
### Can you host Fleet for me?
Fleet offers managed cloud hosting for large deployments. Unfortunately, while organizations of all kinds use Fleet, from Fortune 500 companies to school districts to hobbyists, we are not currently able to provide hosting for deployments smaller than 1000 hosts. If you are comfortable doing so, you can still buy a license and host Fleet yourself.
### How can I switch to Fleet from Kolide Fleet?
To migrate to Fleet from Kolide Fleet, please follow the steps outlined in the [Upgrading Fleet section](https://fleetdm.com/docs/deploying/upgrading-fleet) of the documentation.

2
docs/REST API/rest-api.md
View File

@ -1829,7 +1829,7 @@ the `software` table.
| page | integer | query | Page number of the results to fetch. |
| per_page | integer | query | Results per page. |
| order_key | string | query | What to order results by. Can be any column in the hosts table. |
| after | string | query | The value to get results after. This needs `order_key` defined, as that's the column that would be used. **Note:** Use `page` instead of `after`. |
| after | string | query | The value to get results after. This needs `order_key` defined, as that's the column that would be used. |
| order_direction | string | query | **Requires `order_key`**. The direction of the order given the order key. Options include `asc` and `desc`. Default is `asc`. |
| status | string | query | Indicates the status of the hosts to return. Can either be `new`, `online`, `offline`, `mia` or `missing`. |
| query | string | query | Search query keywords. Searchable fields include `hostname`, `machine_serial`, `uuid`, `ipv4` and the hosts' email addresses (only searched if the query looks like an email address, i.e. contains an `@`, no space, etc.). |

31
docs/Using Fleet/CIS-Benchmarks.md
View File

@ -12,37 +12,6 @@ Fleet has implemented native support for CIS Benchmarks for the following platfo
[Where possible](#limitations), each CIS Benchmark is implemented with a [policy query](./REST-API.md#policies) in Fleet.
These benchmarks are intended to gauge your organization's security posture, rather than the current state of a given host. A host may fail a CIS Benchmark policy despite having the correct settings enabled if there is not a specific policy in place to enforce that setting. For example, this is the query for **CIS - Ensure FileVault Is Enabled (MDM Required)**:
```sql
SELECT 1 WHERE
EXISTS (
SELECT 1 FROM managed_policies WHERE
domain='com.apple.MCX' AND
name='dontAllowFDEDisable' AND
(value = 1 OR value = 'true') AND
username = ''
)
AND NOT EXISTS (
SELECT 1 FROM managed_policies WHERE
domain='com.apple.MCX' AND
name='dontAllowFDEDisable' AND
(value != 1 AND value != 'true')
)
AND EXISTS (
SELECT 1 FROM disk_encryption WHERE
user_uuid IS NOT "" AND
filevault_status = 'on'
);
```
Two things are being evaluated in this policy:
1. Is FileVault currently enabled?
2. Is there a profile in place that prevents FileVault from being disabled?
If either of these conditions fails, the host is considered to be failing the policy.
## Requirements
Following are the requirements to use the CIS Benchmarks in Fleet:

230
docs/Using Fleet/MDM-macOS-setup.md
View File

@ -32,24 +32,24 @@ Fleet UI:
2. Under **End user authentication**, enter your IdP credentials and select **Save**.
> If you've already configured [single sign-on (SSO) for logging in to Fleet](https://fleetdm.com/docs/configuration/fleet-server-configuration#okta-idp-configuration), you'll need to create a separate app in your IdP so your end users can't log in to Fleet. In this separate app, use "https://fleetserver.com/api/v1/fleet/mdm/sso/callback" for the SSO URL.
> If you've already configured [single sign-on (SSO) for logging in to Fleet](https://fleetdm.com/docs/configuration/fleet-server-configuration#okta-idp-configuration), you'll need to create a separate app in your IdP so your end users can't log in to Fleet. In this separate app, use "https://fleetserver.com/api/v1/fleet/mdm/sso/callback" for the SSO URL.
fleetctl CLI:
1. Create `fleet-config.yaml` file or add to your existing `config` YAML file:
```yaml
apiVersion: v1
kind: config
spec:
mdm:
end_user_authentication:
identity_provider_name: "Okta"
entity_id: "https://fleetserver.com"
issuer_url: "https://okta-instance.okta.com/84598y345hjdsshsfg/sso/saml/metadata"
metadata_url: "https://okta-instance.okta.com/84598y345hjdsshsfg/sso/saml/metadata"
...
```
```yaml
apiVersion: v1
kind: config
spec:
mdm:
end_user_authentication:
identity_provider_name: "Okta"
entity_id: "https://fleetserver.com"
issuer_url: "https://okta-instance.okta.com/84598y345hjdsshsfg/sso/saml/metadata"
metadata_url: "https://okta-instance.okta.com/84598y345hjdsshsfg/sso/saml/metadata"
...
```
2. Fill in the relevant information from your IdP under the `mdm.end_user_authentication` key.
@ -63,7 +63,7 @@ fleetctl CLI:
2. Under **End user license agreement (EULA)**, select **Upload** and choose your EULA.
> Uploading a EULA is optional. If you don't upload a EULA, the end user will skip this step and continue to the next step of the new Mac setup experience after they authenticate with your IdP.
> Uploading a EULA is optional. If you don't upload a EULA, the end user will skip this step and continue to the next step of the new Mac setup experience after they authenticate with your IdP.
### Step 3: enable end user authentication
@ -85,33 +85,33 @@ fleetctl CLI:
2. Create a `workstations-canary-config.yaml` file:
```yaml
apiVersion: v1
kind: team
spec:
team:
name: Workstations (canary)
mdm:
macos_setup:
enable_end_user_authentication: true
...
```
```yaml
apiVersion: v1
kind: team
spec:
team:
name: Workstations (canary)
mdm:
macos_setup:
enable_end_user_authentication: true
...
```
Learn more about team configurations options [here](./configuration-files/README.md#teams).
Learn more about team configurations options [here](./configuration-files/README.md#teams).
If you want to enable authentication on hosts that automatically enroll to "No team," we'll need to create an `fleet-config.yaml` file:
If you want to enable authentication on hosts that automatically enroll to "No team," we'll need to create an `fleet-config.yaml` file:
```yaml
apiVersion: v1
kind: config
spec:
mdm:
macos_setup:
enable_end_user_authentication: true
...
```
```yaml
apiVersion: v1
kind: config
spec:
mdm:
macos_setup:
enable_end_user_authentication: true
...
```
Learn more about "No team" configuration options [here](./configuration-files/README.md#organization-settings).
Learn more about "No team" configuration options [here](./configuration-files/README.md#organization-settings).
3. Add an `mdm.macos_setup.enable_end_user_authentication` key to your YAML document. This key accepts a boolean value.
@ -119,9 +119,9 @@ fleetctl CLI:
5. Confirm that end user authentication is enabled by running the `fleetctl get teams --name=Workstations --yaml` command.
If you enabled authentication on "No team," run `fleetctl get config`.
If you enabled authentication on "No team," run `fleetctl get config`.
You should see a `true` value for `mdm.macos_setup.enable_end_user_authentication`.
You should see a `true` value for `mdm.macos_setup.enable_end_user_authentication`.
## Bootstrap package
@ -156,20 +156,20 @@ Apple requires that your package is a distribution package. Verify that the pack
1. Run the following commands to expand you package and look at the files in the expanded folder:
```bash
$ pkgutil --expand package.pkg expanded-package
$ ls expanded-package
```
```bash
$ pkgutil --expand package.pkg expanded-package
$ ls expanded-package
```
If your package is a distribution package should see a `Distribution` file.
If your package is a distribution package should see a `Distribution` file.
2. If you don't see a `Distribution` file, run the following command to convert your package into a distribution package.
```bash
$ productbuild --package package.pkg distrbution-package.pkg
```
```bash
$ productbuild --package package.pkg distrbution-package.pkg
```
Make sure your package is a `.pkg` file.
Make sure your package is a `.pkg` file.
### Step 2: sign the package
@ -178,25 +178,25 @@ To sign the package we need a valid Developer ID Installer certificate:
1. Login to your [Apple Developer account](https://developer.apple.com/account).
2. Follow Apple's instructions to create a Developer ID Installer certificate [here](https://developer.apple.com/help/account/create-certificates/create-developer-id-certificates).
> During step 3 in Apple's instructions, make sure you choose "Developer ID Installer." You'll need this kind of certificate to sign the package.
> During step 3 in Apple's instructions, make sure you choose "Developer ID Installer." You'll need this kind of certificate to sign the package.
Confirm that certificate is installed on your Mac by opening the **Keychain Access** application. You should see your certificate in the **Certificates** tab.
Confirm that certificate is installed on your Mac by opening the **Keychain Access** application. You should see your certificate in the **Certificates** tab.
3. Run the following command in the **Terminal** application to sign your package with your Developer ID certificate:
```bash
$ productsign --sign "Developer ID Installer: Your name (Serial number)" /path/to/package.pkg /path/to/signed-package.pkg
```
```bash
$ productsign --sign "Developer ID Installer: Your name (Serial number)" /path/to/package.pkg /path/to/signed-package.pkg
```
You might be prompted to enter the password for your local account.
You might be prompted to enter the password for your local account.
Confirm that your package is signed by running the following command:
Confirm that your package is signed by running the following command:
```bash
$ pkgutil --check-signature /path/to/signed-package.pkg
```
```bash
$ pkgutil --check-signature /path/to/signed-package.pkg
```
In the output you should see that package has a "signed" status.
In the output you should see that package has a "signed" status.
### Step 3: upload the package to Fleet
@ -212,42 +212,42 @@ fleetctl CLI:
1. Upload the package to a storage location (ex. S3 or GitHub). During step 4, Fleet will retrieve the package from this storage location and host it for deployment.
> The URL must be accessible by the computer that uploads the package to Fleet.
> * This could be your local computer or the computer that runs your CI/CD workflow.
> The URL must be accessible by the computer that uploads the package to Fleet.
> * This could be your local computer or the computer that runs your CI/CD workflow.
2. Choose which team you want to add the bootstrap package to.
In this example, we'll add a bootstrap package to the "Workstations (canary)" team so that the package only gets installed on hosts that automatically enroll to this team.
In this example, we'll add a bootstrap package to the "Workstations (canary)" team so that the package only gets installed on hosts that automatically enroll to this team.
3. Create a `workstations-canary-config.yaml` file:
```yaml
apiVersion: v1
kind: team
spec:
team:
name: Workstations (canary)
mdm:
macos_setup:
bootstrap_package: https://github.com/organinzation/repository/bootstrap-package.pkg
...
```
```yaml
apiVersion: v1
kind: team
spec:
team:
name: Workstations (canary)
mdm:
macos_setup:
bootstrap_package: https://github.com/organinzation/repository/bootstrap-package.pkg
...
```
Learn more about team configurations options [here](./configuration-files/README.md#teams).
Learn more about team configurations options [here](./configuration-files/README.md#teams).
If you want to install the package on hosts that automatically enroll to "No team," we'll need to create an `fleet-config.yaml` file:
If you want to install the package on hosts that automatically enroll to "No team," we'll need to create an `fleet-config.yaml` file:
```yaml
apiVersion: v1
kind: config
spec:
mdm:
macos_setup:
bootstrap_package: https://github.com/organinzation/repository/bootstrap-package.pkg
...
```
```yaml
apiVersion: v1
kind: config
spec:
mdm:
macos_setup:
bootstrap_package: https://github.com/organinzation/repository/bootstrap-package.pkg
...
```
Learn more about "No team" configuration options [here](./configuration-files/README.md#organization-settings).
Learn more about "No team" configuration options [here](./configuration-files/README.md#organization-settings).
3. Add an `mdm.macos_setup.bootstrap_package` key to your YAML document. This key accepts the URL for the storage location of the bootstrap package.
@ -255,9 +255,9 @@ fleetctl CLI:
5. Confirm that your bootstrap package was uploaded to Fleet by running the `fleetctl get teams --name=Workstations --yaml` command.
If you uploaded the package to "No team," run `fleetctl get config`.
If you uploaded the package to "No team," run `fleetctl get config`.
You should see the URL for your bootstrap package as the value for `mdm.macos_setup.bootstrap_package`.
You should see the URL for your bootstrap package as the value for `mdm.macos_setup.bootstrap_package`.
## macOS Setup Assistant
@ -273,7 +273,7 @@ To customize the macOS Setup Assistant, we will do the following steps:
### Step 1: create an automatic enrollment profile
1. Download Fleet's example automatic enrollment profile by navigating to the example [here on GitHub](https://github.com/fleetdm/fleet/blob/main/mdm_profiles/automatic_enrollment.json) and clicking the download icon.
1. Download Fleet's example automatic enrollment profile by navigating to the example [here on GitHub](https://github.com/fleetdm/fleet/blob/main/mdm_profiles/setup_assistant.json) and clicking the download icon.
2. Open the automatic enrollment profile and replace the `profile_name` key with your organization's name.
@ -281,45 +281,45 @@ To customize the macOS Setup Assistant, we will do the following steps:
4. In your automatic enrollment profile, edit the `skip_setup_items` array so that it includes the panes you want to hide.
> You can modify properties other than `skip_setup_items`. These are documented by Apple [here](https://developer.apple.com/documentation/devicemanagement/profile).
> You can modify properties other than `skip_setup_items`. These are documented by Apple [here](https://developer.apple.com/documentation/devicemanagement/profile).
### Step 2: upload the profile to Fleet
1. Choose which team you want to add the automatic enrollment profile to.
In this example, let's assume you have a "Workstations" team as your [default team](./MDM-setup.md#step-6-optional-set-the-default-team-for-hosts-enrolled-via-abm) in Fleet and you want to test your profile before it's used in production.
In this example, let's assume you have a "Workstations" team as your [default team](./MDM-setup.md#step-6-optional-set-the-default-team-for-hosts-enrolled-via-abm) in Fleet and you want to test your profile before it's used in production.
To do this, we'll create a new "Workstations (canary)" team and add the automatic enrollment profile to it. Only hosts that automatically enroll to this team will see the custom macOS Setup Assistant.
To do this, we'll create a new "Workstations (canary)" team and add the automatic enrollment profile to it. Only hosts that automatically enroll to this team will see the custom macOS Setup Assistant.
2. Create a `workstations-canary-config.yaml` file:
```yaml
apiVersion: v1
kind: team
spec:
team:
name: Workstations (canary)
mdm:
macos_setup:
macos_setup_assistant: ./path/to/automatic_enrollment_profile.json
...
```
```yaml
apiVersion: v1
kind: team
spec:
team:
name: Workstations (canary)
mdm:
macos_setup:
macos_setup_assistant: ./path/to/automatic_enrollment_profile.json
...
```
Learn more about team configurations options [here](./configuration-files/README.md#teams).
Learn more about team configurations options [here](./configuration-files/README.md#teams).
If you want to customize the macOS Setup Assistant for hosts that automatically enroll to "No team," we'll need to create a `fleet-config.yaml` file:
If you want to customize the macOS Setup Assistant for hosts that automatically enroll to "No team," we'll need to create a `fleet-config.yaml` file:
```yaml
apiVersion: v1
kind: config
spec:
mdm:
macos_setup:
macos_setup_assistant: ./path/to/automatic_enrollment_profile.json
...
```
```yaml
apiVersion: v1
kind: config
spec:
mdm:
macos_setup:
macos_setup_assistant: ./path/to/automatic_enrollment_profile.json
...
```
Learn more about configuration options for hosts that aren't assigned to a team [here](./configuration-files/README.md#organization-settings).
Learn more about configuration options for hosts that aren't assigned to a team [here](./configuration-files/README.md#organization-settings).
3. Add an `mdm.macos_setup.macos_setup_assistant` key to your YAML document. This key accepts a path to your automatic enrollment profile.
@ -333,7 +333,7 @@ Testing requires a test Mac that is present in your Apple Business Manager (ABM)
2. In Fleet, navigate to the Hosts page and find your Mac. Make sure that the host's **MDM status** is set to "Pending."
> New Macs purchased through Apple Business Manager appear in Fleet with MDM status set to "Pending." Learn more about these hosts [here](./MDM-setup.md#pending-hosts).
> New Macs purchased through Apple Business Manager appear in Fleet with MDM status set to "Pending." Learn more about these hosts [here](./MDM-setup.md#pending-hosts).
3. Transfer this host to the "Workstations (canary)" team by selecting the checkbox to the left of the host and selecting **Transfer** at the top of the table. In the modal, choose the Workstations (canary) team and select **Transfer**.

4
docs/Using Fleet/Usage-statistics.md
View File

@ -126,8 +126,6 @@ To disable usage statistics:
3. Uncheck the "Enable usage statistics" checkbox and then select "Update settings."
Usage statistics can also be disabled via [configuration files](https://fleetdm.com/docs/configuration/configuration-files#server-settings-enable-analytics).
<meta name="pageOrderInSection" value="1100">
<meta name="description" value="Learn about Fleet's usage statistics and what information is collected.">
<meta name="navSection" value="Dig deeper">
<meta name="navSection" value="Dig deeper">

1
docs/Using Fleet/enroll-chromebooks.md
View File

@ -23,6 +23,7 @@ By default, the hostname for a Chromebook host will be blank. The hostname can b
## Debugging ChromeOS
To learn how to debug the Fleetd Chrome extension, visit [here](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Testing-and-local-development.md#fleetd-chrome-extension).
<meta name="title" value="Enroll Chromebooks">
<meta name="pageOrderInSection" value="2000">
<meta name="navSection" value="Dig deeper">

35
docs/Using Fleet/enroll-hosts.md
View File

@ -314,27 +314,9 @@ expiration setting. To configure this setting, in the Fleet UI, head to **Settin
> The fleetd Chrome browser extension is supported on ChromeOS operating systems that are managed using [Google Admin](https://admin.google.com). It is not intended for non-ChromeOS hosts with the Chrome browser installed.
### Overview
Google Admin uses organizational units (OUs) to organize devices and users.
One limitation in Google Admin is that extensions can only be configured at the user level, meaning that a user with a MacBook running Chrome, for example, will also get the fleetd Chrome extension.
When deployed on OSs other than ChromeOS, the fleetd Chrome extension will not perform any operation and will not appear in the Chrome toolbar.
However, it will appear in the "Manage Extensions" page of Chrome.
Fleet admins who are comfortable with this situation can skip step 2 below.
To install the fleetd Chrome extension on Google Admin, there are two steps:
1. Create an OU for all users who have Chromebooks and force-install the fleetd Chrome extension for those users
2. Create an OU for all non-Chromebook devices and block the fleetd Chrome extension on this OU
> More complex setups may be necessary, depending on the organization's needs, but the basic principle remains the same.
### Step 1: OU for Chromebook users
Create an [organizational unit](https://support.google.com/a/answer/182537?hl=en) where the extension should be installed. [Add all the relevant users](https://support.google.com/a/answer/182449?hl=en) to this OU.
Visit the Google Admin console. In the navigation menu, visit Devices > Chrome > Apps & Extensions > Users & browsers.
Select the relevant OU where you want the fleetd Chrome extension to be installed.
Select the relevant organizational unit, users, or group where you want the fleetd Chrome extension to be installed.
> Currently, the Chrome extension can only be installed across the entire organization. The work to enable installation for sub-groups is tracked in https://github.com/fleetdm/fleet/issues/13353.
@ -348,21 +330,6 @@ Under "Installation Policy", select "Force install". Under "Update URL", select
> For the fleetd Chrome extension to have full access to Chrome data, it must be force-installed by enterprise policy as per above
### Step 2: OU to block non-Chromebook devices
Create an [organizational unit](https://support.google.com/a/answer/182537?hl=en) to house devices where the extension should not be installed. [Add all the relevant devices](https://support.google.com/chrome/a/answer/2978876?hl=en) to this OU.
In the Google Admin console, in the navigation menu, visit Devices > Chrome > Managed Browsers.
Select the relevant OU where you want the fleetd Chrome extension to be blocked.
In the bottom right, click the yellow "+" button and select "Add Chrome app or extension by ID."
Visit your Fleet instance and select Hosts > Add Hosts and select ChromeOS in the popup modal.
Enter the "Extension ID" and "Installation URL" using the data provided in the modal.
Under "Installation Policy", select "Block".
## Grant full disk access to osquery on macOS
macOS does not allow applications to access all system files by default. If you are using MDM, which
is required to deploy these profiles, you

2
docs/Using Fleet/fleetctl-CLI.md
View File

@ -202,7 +202,7 @@ An API-only user does not have access to the Fleet UI. Instead, it's only purpos
To create your new API-only user, run `fleetctl user create` and pass values for `--name`, `--email`, and `--password`, and include the `--api-only` flag:
```sh
fleetctl user create --name "API User" --email api@example.com --password temp@pass123 --api-only
fleetctl user create --name "API User" --email api@example.com --password temp!pass --api-only
```
### Creating an API-only user

1
handbook/business-operations/README.md
View File

@ -217,7 +217,6 @@ The following table lists this department's rituals, frequency, and Directly Res
| Vanta check | Monthly | Look for any new actions in Vanta due in the upcoming months and create issues to ensure they're done on time. | Nathan Holliday |
| Investor reporting | Quarterly | Provide updated metrics for CRV in Chronograph. | Nathanael Holliday |
| Applicant forwarding | Daily | Whenever an application notification arrives in the BizOps slack channel, forward this notification to the hiring channel for that position. | Joanne Stableford |
| KPI roundup + weekly update | Weekly | Update KPI spreadsheet with BizOps KPI data by 5pm US central time every Friday. At 5pm check other department KPIs to make sure they have been updated, and if not, notify DRIs and the apprentice to the CEO which KPIs have not been updated. | Nathanael Holliday |
<!--

34
handbook/ceo.md
View File

@ -38,9 +38,8 @@ Internal meetings can sometimes be moved to make room. External meetings, blocke
- **Rescheduling:** All items on Mike's calendar are subject to change by the CEO to better serve the company. Send last-minute changes or cancellations to Mike [via direct message (DM)](#why-not-mention-the-ceo-in-slack-threads).
### Request equipment from Fleet IT
The Apprentice fulfills approved equipment requests once per week. Follow the process for [buying new equipment](https://fleetdm.com/handbook/company/communications#buying-other-new-equipment) and submit an [equipment request](https://github.com/fleetdm/confidential/issues/new?assignees=&labels=%23g-business-operations&projects=&template=equipment-request.md&title=%F0%9F%92%BB+Equipment+request+for+%7BGithub+%20username%7D).
The Apprentice fulfills equipment requests once per week. Follow the process for [buying new equipment](https://fleetdm.com/handbook/company/communications#buying-other-new-equipment) and submit an [equipment request](https://github.com/fleetdm/confidential/issues/new?assignees=&labels=%23g-business-operations&projects=&template=equipment-request.md&title=%F0%9F%92%BB+Equipment+request+for+%7BGithub+%20username%7D).
The Apprentice will [ship the approved equipment](https://fleetdm.com/handbook/ceo#ship-approved-equipment) and at-mention the requestor with tracking information.
## Why not mention the CEO in Slack threads?
Everyone else who works at Fleet is expected to read (and reply or acknowledge with an emoji reaction) every time they're mentioned in Slack, even deep inside long threads.
@ -156,20 +155,18 @@ The Apprentice will reduce the scope of Mike's inbox to only include necessary a
- Escalate actionable sales communication and update Mike directly.
- Ensure all calendar invites have the necessary documents included.
### Document performance feedback
Every Friday at 5PM a [Business Operations team member](https://fleetdm.com/handbook/business-operations#team) will look for missing data in the [KPIs spreadsheet](https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit#gid=0).
1. If KPIs are not reported on time, the BizOps Engineer will notify the Apprentice to the CEO and the DRI.
2. The Apprentice will update the "performance management" section of the appropriate individual's 1:1 doc so that the CEO can address during the next 1:1 meeting with the DRI.
### Send the weekly update
We like to be open about milestones and announcements.
- Every Friday, e-group members [report their KPIs for the week](https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit) by 5:00pm U.S. Central Time Zone.
- Every Friday at 6PM, the Apprentice will post a short update in [#general](https://fleetdm.slack.com/archives/C019FNQPA23) including:
- When KPIs are not reported on time, the BizOps Engineer will notify the Apprentice to the CEO and the DRI.
- The Apprentice will update the "performance management" section of the appropriate individual's 1:1 doc so that the CEO can address during the next 1:1 meeting with the DRI.
- Friday nights, the Apprentice will post a short update in [#general](https://fleetdm.slack.com/archives/C019FNQPA23) including:
- A link to view KPIs
- Who was on-call that week
- Fleeties who are currently onboarding
- Planned hires who haven't started yet
- Fleeties that departed that week
- Fleeties who had their lady day that week
- Change the "⚡️" to "🔭" in the beginning of the formula
@ -198,27 +195,6 @@ The Apprentice schedules all travel arrangements for the CEO including flights,
- Use the Brex card.
- Frequent flyer details of all (previously flown) airlines are in 1Password as well as important travel documents.
### Process incoming equipment
Upon receiving any device, the Apprentice will process the incoming equipment by:
1. Search for the SN of the physical device in the ["Company equipment" spreadsheet](https://docs.google.com/spreadsheets/d/1hFlymLlRWIaWeVh14IRz03yE-ytBLfUaqVz0VVmmoGI/edit#gid=0) to confirm the correct equipment was received.
- If the serial numbers do not match [create an issue](https://fleetdm.com/handbook/business-operations#contact-us) to get help from the Business Operations department.
3. Visibly inspect equipment and all related components (e.g. laptop charger) for damage.
4. Remove any stickers and clean devices and components.
5. Using the device's charger plug in the device.
6. Turn on the device and enter recovery mode using the [appropriate method](https://support.apple.com/en-us/HT204904).
7. Connect the device to WIFI.
8. Using the "Recovery assistant" tab (In the top left corner), select "Delete this Mac".
9. Follow the prompts to activate the device and reinstall the appropriate version of macOS.
### Ship approved equipment
Once the Business Operations department approves inventory to be shipped from Fleet IT, the Apprentice will ship the equipment by:
1. Compare the equipment request issue with the ["Company equipment" spreadsheet](https://docs.google.com/spreadsheets/d/1hFlymLlRWIaWeVh14IRz03yE-ytBLfUaqVz0VVmmoGI/edit#gid=0) and verify physical inventory.
2. Plug in the device and ensure inventory has been correctly processed and all components are present (e.g. charger cord, power converter).
3. package equipment for shipment and include Yubikeys (if requested).
4. Change the "Company equipment" spreadsheet to reflect the new user
5. Ship via FedEx to the address listed in the equipment request.
6. Add a comment to the equipment request issue, at-mentioning the requestor with the FedEx tracking info and close the issue.
### Prepare for the All hands
- **Every month** the Apprentice will do the prep work for the monthly "✌️ All hands 🖐👋🤲👏🙌🤘" call.

2
handbook/company/ceo.rituals.yml
View File

@ -19,7 +19,7 @@
moreInfoUrl: "https://fleetdm.com/handbook/company/ceo#process-the-ceos-email"
dri: "sampfluger88"
-
task: "Process all \"New requests\" on the #g-ceo kanban board"
task: "Process all /"New requests/" on the #g-ceo kanban board"
startedOn: "2023-07-29"
frequency: "Daily ⏰"
description: "Process and prioritize all new issues and PRs"

8
handbook/company/leadership.md
View File

@ -35,7 +35,7 @@ If you have any questions or feedback, please contact us: https://fleetdm.com/ha
- Outline the specific responsibilities of the department.
- `## Team`
- Table that displays each position and the team member(s) that fill that position, linking the Fleetie's LinkedIn to their name and GitHub to GitHub user name. See [handbook/ceo#team](https://fleetdm.com/handbook/ceo#team) for example.
- Table that displays each position and the team member(s) that fill that position, linking the Fleetie's LinkedIn to their name and GitHub to GiHub user name. See [handbook/ceo#team](https://fleetdm.com/handbook/ceo#team) for example.
- `## Contact us`
@ -345,8 +345,10 @@ Once the new team member replies and accepts their offer in writing, 🔦 Head o
```
2. **Ask hiring manager to send rejections:** Post to the `hiring-xxxxx-yyyy` Slack channel to let folks know the offer was accepted, and at-mention the _hiring manager_ to ask them to communicate with [all other interviewees](https://fleetdm.com/handbook/company#empathy) who are still in the running and [let them know that we chose a different person](https://fleetdm.com/handbook/business-operations#candidate-correspondence-email-templates).
>_**Note:** Send rejection emails quickly, within 1 business day. It only gets harder if you wait._
3. **Remove open position:** The hiring manager removes the newly-filled position from the fleetdm.com website by [making a pull request](https://fleetdm.com/handbook/company/communications#making-a-pull-request) to delete it from the [open-positions.yml](https://github.com/fleetdm/fleet/blob/main/handbook/company/open-positions.yml) file.
4. **Close Slack channel:** Then archive and close the channel.
3. **Remove open position:** Take down the newly-filled position from the fleetdm.com website by making the following two changes: (please only submit [one, single pull request that changes both of these files](https://www.loom.com/share/75da64632a93415cbe0e7752107c1af2):
- Edit the [list of open positions](https://fleetdm.com/handbook/company#open-positions) to remove the newly-filled position from the list.
- Remove the [job description file](https://github.com/fleetdm/fleet/tree/main/handbook/company) that corresponds with the newly-filled position. (This is a Markdown file named after the role, with a filename ending in `.md`.)
5. **Close Slack channel:** Then archive and close the channel.
Now what happens? 🔦 Business Operations will then follow the steps in the "Hiring" issue, which includes reaching out to the new team member within 1 business day from a separate email thread to get additional information as needed, prepare their agreement, add them to the company's payroll system, and get their new laptop and hardware security keys ordered so that everything is ready for them to start on their first day.

31
handbook/company/open-positions.yml
View File

@ -113,6 +113,37 @@
- 🛠️ Technical: You understand the software development processes. You understand that software quality matters.
- 🟣 Openness: You are flexible and open to new ideas and ways of working.
- Bonus: Cybersecurity or IT background.
- jobTitle: 🐋 Account Executive
department: Customers
hiringManagerName: Alex Mitchell
hiringManagerLinkedInUrl: https://www.linkedin.com/in/alexandercmitchell/
hiringManagerGithubUsername: alexmitchelliii
responsibilities: |
- 🎯 Direct and participate in prospecting target companies, identifying key decision makers and influencers, leading when assigned/necessary/appropriate
- 📈 Use available data to identify opportunities and trends with individual prospects
- 📣 Actively promote FleetDM product and services on social media
- 🖥️ Actively present and demonstrate the value of FleetDM products and services and upgrades targeting customer expansion opportunities
- ❔ Appropriately use and follow MEDDPPICC process to qualify and progress opportunities to best help prospects solve problems
- 🤔 Anticipate market trends and identify new opportunities for growth
- 🕴️ Utilize systems and tools such as salesforce to analyze pipeline and opportunity data and keep all information up to date for leadership reporting
- 🚀 Work collaboratively with the product management, customer support, and engineering teams to facilitate feature development based on customer asks
- 🧑‍💻 Collaborate with the marketing team to plan, execute and track impactful marketing campaigns, in order to meet and/or exceed quarterly pipeline and revenue targets
- 🤝 Work with prospects to find win-win commercial agreements
experience: |
- 🦉 5+ years experience selling to enterprise customers
- 📣 Have excellent communication and interpersonal skills
- 🧑‍💻 Love technology and can explain how things work in detail
- 🧪 Extensive experience with Slack, Salesforce, Zendesk, Google Suite, and GitHub
- ⏩ Thrive in a complex, fast-paced, results driven environment with the ability to pivot to organizational changes easily
- 🤝 Decisive with the ability to shift gears between thinking and doing
- 📈 Ability to partner with various teams and stakeholders to drive sales
- 👀 Strong understanding of the enterprise procurement process
- Bonus: Direct experience with Fleet, MDM, osquery or SQL query writing, and working with SRE,CPE, or SecOps teams
- 💭 You know how to manage complex sales, difficult escalations, and challenging procurement processes with the utmost care and organization
- 💖 You know how to manage your time and priorities between leads, opportunities other day-to-day responsibilities
- ✍ You have the ability to effectively influence key stakeholders, from senior executives to day-to-day engineering contacts, and drive Fleet's value with them
- 🧬 You care about delivering an outstanding customer experience and advocating for the customer's needs within Fleet
- Bonus: You are comfortable with concepts like security, APIs, and DevOps
- jobTitle: 🐋 Sales Development Representative (SDR)
department: Customers
hiringManagerName: Alex Mitchell

2
handbook/company/pricing-features-table.yml
View File

@ -15,7 +15,7 @@
- name: Zero-touch setup for macOS computers
tier: Premium
comingSoon: false
- name: Safely execute custom scripts (macOS, Windows, and Linux)
- name: Safely execute custom scripts
tier: Premium
comingSoon: false
- name: End-user macOS update reminders (via Nudge)

26
handbook/customers/README.md
View File

@ -32,6 +32,28 @@ The Fleet Customer team embodies [our values](https://fleetdm.com/handbook/compa
Fleet's main source for prospects to learn about the company and its offerings is our website, fleetdm.com. There are many places across the website for prospects to ask for more information, request merchandise, try the product and even purchase licenses directly. If the user experience in any of these locations asks for an email address or other contact information, Fleet may use that contact information for follow-up, including sales and marketing purposes. That contact information is for Fleet's sole use, and we do not give or sell that information to any third parties.
## Contacting Fleet
In the case of a prospect or customer request, we strive to adhere to the following response times:
- Web chat: 1 hour response during working hours, 8 hours otherwise
- Talk to an expert: prospects can schedule chats via our calendar tool
- All other enquiries: 1-2 days
If you're using a free version of Fleet, you can access free community support by opening an issue in the [Fleet GitHub repository](https://github.com/fleetdm/fleet/).
Customers on a paid tier of Fleet can get in touch directly for commercial support:
| Level of impact | Response time - premium tier | Response time - ultimate tier |
| :--- | :--- | :--- |
| Low to medium impact </br> Email/chat support during business hours </br> Email: Support email address </br> Chat: Dedicated Slack channel (confidential) </br>| **1 business day** | **1 business day** |
| High to emergency impact </br> Expedited phone/chat/email support </br> Call or text: Fleet support phone number </br> Email: Emergency support email address </br> | **4 business hours** | **≤1 hour during business hours** </br> **≤2 hours outside business hours**
| Level of impact | Type of support |
| :--- | :--- |
| Low to medium impact | Chat support during business hours Chat: Dedicated Slack channel (confidential) </br> Response time: **≤1 business day** |
| High to emergency impact | Expedited phone/chat support during business hours </br> Call or text [the Fleet phone number](https://docs.google.com/document/d/1tE-NpNfw1icmU2MjYuBRib0VWBPVAdmq4NiCrpuI0F0/edit) that was provided in the invoice. </br> Response time: **≤4 hours** |
## Customer codenames
Occasionally, we will need to track public issues for customers that wish to remain anonymous on our public issue tracker. To do this, we choose an appropriate minor planet name from this [Wikipedia page](https://en.wikipedia.org/wiki/List_of_named_minor_planets_(alphabetical)) and create a label which we attach to the issue and any future issues for this customer.
@ -49,7 +71,7 @@ Fleet's intro deck adds additional detail to our pitch. Find it in [pdf](https:/
Fleet's intro video shows how to get started with Fleet as an admin. Find it on [YouTube](https://www.youtube.com/watch?v=rVxSgvKjrWo).
## Contacting Fleet: customer support service level agreements (SLA's)
## Customer support service level agreements (SLA's)
### Fleet Free
| Impact Level | Definition | Preferred Contact | Response Time |
@ -66,7 +88,7 @@ Note: If you're using Fleet Free, you can also access community support by openi
| Medium (P2) | Something is preventing normal Fleet operation, and there may or may not be minor business impact. | Standard email/chat support | ≤1 business day |
| Low (P3) | Questions or clarifications around features, documentation, deployments, or 'how to's'. | Standard email/chat support | 1-2 business days |
Note: Fleet business hours for support are Monday-Friday, 7AM-4PM Pacific Time, excluding current U.S. federal holidays during which responses may be delayed for Medium and Low impact issues. Fleeties can find Fleet general contact information [here](https://docs.google.com/document/d/1tE-NpNfw1icmU2MjYuBRib0VWBPVAdmq4NiCrpuI0F0/edit).
Note: Fleet business hours for support are Monday-Friday, 7AM-4PM Pacific Time, excluding current U.S. federal holidays during which responses may be delayed for Medium and Low impact issues.
### Fleet Ultimate

27
handbook/product/README.md
View File

@ -308,7 +308,7 @@ We track competitors' capabilities and adjacent (or commonly integrated) product
## Intake
- [Making a request](#making-a-request)
- [How feature requests are evaluated](#how-feature-requests-are-evaluated)
- [How features are evaluated](#how-features-are-evaluated)
- [After the feature is accepted](#after-the-feature-is-accepted)
- [Why this way?](#why-this-way)
@ -316,7 +316,7 @@ To stay in-sync with our customers' needs, Fleet accepts feature requests from c
### Making a request
To make a feature request or advocate for a feature request from a customer or community member, [create an issue](https://github.com/fleetdm/fleet/issues/new?assignees=&labels=~customer+request&projects=&template=feature-request.md&title=) and attend the next scheduled 🎁🗣 Feature Fest meeting.
To make a feature request or advocate for a feature request from a customer or community member, add your request to the list in the [🎁🗣 Feature Fest agenda](https://docs.google.com/document/d/1mwu5WfdWBWwJ2C3zFDOMSUC9QCyYuKP4LssO_sIHDd0/edit#heading=h.zahrflvvks7q) and attend the next scheduled 🎁🗣 Feature Fest meeting.
Requests are weighed from top to bottom while prioritizing attendee requests. This means that if the individual that added a feature request is not in attendance, the feature request will be discussed towards the end of the call if there's time.
@ -330,20 +330,16 @@ To help the product team, other pieces of information can be optionally included
- How does this change fit into the requester's overall usage of Fleet?
- What other potential changes to the product have you considered?
To ensure your request appears on the ["Feature Fest" board](https://app.zenhub.com/workspaces/-feature-fest-651b2962605ba29209324c57/board):
- Add the `~feature fest` label to your issue
- Add the relevant customer label (if applicable)
To maximize your chances of having a feature accepted, requesters can visit the [🗣 Product office hours](#rituals) meeting to get feedback on requests prior to being accepted.
### How feature requests are evaluated
Digestion of these new product ideas (requests) happens at the **🎁🗣 Feature Fest** meeting.
At the **🎁🗣 Feature Fest** meeting, the DRI (Head of Product) weighs all requests on the board. When the team weighs a request, it is immediately prioritized or put to the side.
At the **🎁🗣 Feature Fest** meeting, the DRI (Head of Product) weighs all requests in the agenda. When the team weighs a request, it is immediately prioritized or put to the side.
- A _request is prioritized_ when the DRI decides it is a priority. When this happens, the team sets the request to be estimated within five business days.
- A _request is put to the side_ when the business perceives competing priorities as more pressing in the immediate moment.
If a feature is not prioritized during a 🎁🗣 Feature Fest meeting, it only means the feature has been rejected _at that time_. Requestors will be notified by the Head of Product, and they can resubmit their request at a future meeting.
If a feature is not prioritized, it only means that the feature has been rejected _at that time_. It is up to the requestor to bring the request back again at another 🎁🗣 Feature Fest meeting.
Requests are weighed by:
- The completeness of the request (see [making a request](#making-a-request))
@ -352,16 +348,11 @@ Requests are weighed by:
- How well the request fits within Fleet's product vision and roadmap
- Whether the feature seems like it can be designed, estimated, and developed in 6 weeks, given its individual complexity and when combined with other work already accepted
### Customer feature requests
The product team's goal is to prioritize 16 customer feature requests at Feature Fest, then take them from settled to shipped. The customer success team is responsible for providing the Head of Product a live count during the Feature Fest meeting. Product Operations is responsible for monitoring this KPI and raising alarms throughout the design and engineering sprints.
> Customer stories should be estimated at 1-3 points each to count as 1 request. If a feature request spans across multiple customers, it will be counted as the number of customers involved.
### After the feature is accepted
After the 🎁🗣 Feature Fest meeting, Product Operations will clear the Feature Fest board as follows:
**Prioritized features:** Remove `feature fest` label, add `:product` label, and assign the group Product Manager.
**Put to the side features:** Remove `feature fest` label and close the issue.
Group Product Managers will then develop user stories for the prioritized features.
- After the 🎁🗣 Feature Fest meeting, the Head of Product resets the agenda to blank by doing the following:
- Create issues for accepted items
- Notify absent requesters of decisions
- Move that week's feature requests to the backup journal document
> The product team's commitment to the requester is that a prioritized feature will be delivered within 6 weeks or the requester will be notified within 1 business day of the decision to de-prioritize the feature.
@ -432,7 +423,7 @@ Directly Responsible Individuals (DRI) engage in the ritual(s) below at the freq
| Quality check | Daily | Every day, Product Operations will review the "Settled" column on the drafting board to ensure all product action items are complete. | Isabell Reedy |
| Bug de-prioritization | Mid-sprint | CEO, Head of Product, and Director of Product Development review the bugs which did not meet the 6-week delivery timeline. Align on next steps for which bugs to schedule into the next sprint and which can be de-prioritized. | Mo Zhu |
| Product confirm and celebrate | Weekly (Wednesday) | The Head of Product meets with the designers and product managers to discuss completed user stories. They also verify all updates to documentation, communications, guides, and the pricing and transparency pages, ensuring everything is set for the next steps. | Mo Zhu |
| Pre-sprint prioritization call (CX) | Sprintly (Monday) | The product manager, engineering manager, and product operations meet before each sprint to align on priorities and note what wasn't completed in the previous sprint. Product operations then informs the customer success team about related customer requests. | Mo Zhu |
| Pre-sprint prioritization call (CX) | Sprintly (Monday) | The product manager and engineering manager meet to confirm alignment on prioritization for the upcoming sprint. | Mo Zhu |
| Bug review (CX) | Weekly (Tuesday) | The product manager meets with the engineering manager and a product quality engineer to ensure synchronization on bug prioritization and actions preceding CX estimation sessions. | Mo Zhu |
| Bug round-up | Mid-sprint | Product Operations will compile a list of churned bugs, including issue numbers, specifics, and age. They will also notify the Customer Success team of any churned bugs that have customer tags | Isabell Reedy |
| Churned bug review | Mid-sprint | The Head of Product meets with the group product managers to examine churned bugs and categorize them as either schedule, needs prioritization, or de-prioritize. | Mo Zhu |

8
orbit/CHANGELOG.md
View File

@ -1,11 +1,3 @@
## Orbit 1.17.0 (Sep 28, 2023)
* Updated the image and the overall layout of the migration dialog
* Added a mechanism to retry a Fleet Desktop token when the Fleet server response indicates it has expired or is invalid.
* Upgraded Go version to 1.21.1
## Orbit 1.16.0 (Sep 6, 2023)
* Updated the default TUF update roots with the newest metadata in the server. (#13381)

1
orbit/changes/13715-bump-go-version Normal file
View File

@ -0,0 +1 @@
* Upgrade Go version to 1.21.1

1
orbit/changes/13858-migration-tweaks Normal file
View File

@ -0,0 +1 @@
* Updated the image and the overall layout of the migration dialog

1
orbit/changes/issue-13635-retry-invalid-token Normal file
View File

@ -0,0 +1 @@
* Added a mechanism to retry a Fleet Desktop token when the Fleet server response indicates it has expired or is invalid.

5
orbit/cmd/desktop/desktop.go
View File

@ -158,13 +158,12 @@ func main() {
log.Fatal().Err(err).Msg("unable to initialize request client")
}
client.WithInvalidTokenRetry(func() string {
log.Debug().Msg("refetching token from disk for API retry")
newToken, err := tokenReader.Read()
if err != nil {
log.Error().Err(err).Msg("refetch token from disk for API retry")
log.Error().Err(err).Msg("refetch token")
return ""
}
log.Debug().Msg("successfully refetched the token from disk for API retry")
log.Debug().Msg("successfully refetched the token from disk")
return newToken
})

1
orbit/cmd/orbit/orbit.go
View File

@ -786,7 +786,6 @@ func main() {
// check again when the token will expire, which will happen
// before the next rotation check
rotationTicker.Reset(remain)
log.Debug().Msgf("token will expire soon, checking again in: %s", remain)
}
case <-remoteCheckTicker.C:

1
server/datastore/mysql/hosts.go
View File

@ -465,6 +465,7 @@ var hostRefs = []string{
"host_disk_encryption_keys",
"host_software_installed_paths",
"host_script_results",
"query_results",
}
// NOTE: The following tables are explicity excluded from hostRefs list and accordingly are not

5
server/datastore/mysql/hosts_test.go
View File

@ -5713,6 +5713,11 @@ func testHostsDeleteHosts(t *testing.T, ds *Datastore) {
Query: "select * from time",
})
require.NoError(t, err)
// update policy_results
_, err = ds.writer(context.Background()).Exec(`INSERT INTO query_results (host_id, query_id, last_fetched, data) VALUES (?, ?, ?, ?)`, host.ID, policy.ID, time.Now(), `{"foo": "bar"}`)
require.NoError(t, err)
require.NoError(t, ds.RecordPolicyQueryExecutions(context.Background(), host, map[uint]*bool{policy.ID: ptr.Bool(true)}, time.Now(), false))
// Update host_mdm.
err = ds.SetOrUpdateMDMData(context.Background(), host.ID, false, true, "foo.mdm.example.com", false, "")

34
server/datastore/mysql/migrations/tables/20231004144338_CreateTableQueryReports.go Normal file
View File

@ -0,0 +1,34 @@
package tables
import (
"database/sql"
"fmt"
)
func init() {
MigrationClient.AddMigration(Up_20231004144338, Down_20231004144338)
}
func Up_20231004144338(tx *sql.Tx) error {
_, err := tx.Exec(`
CREATE TABLE query_results (
id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
query_id INT(10) UNSIGNED NOT NULL,
host_id INT(10) UNSIGNED NOT NULL,
osquery_version VARCHAR(50),
error TEXT COLLATE utf8mb4_unicode_ci DEFAULT NULL,
last_fetched TIMESTAMP NOT NULL,
data JSON,
FOREIGN KEY (query_id) REFERENCES queries(id) ON DELETE CASCADE
);
`)
if err != nil {
return fmt.Errorf("failed to create table query_results: %w", err)
}
return nil
}
func Down_20231004144338(tx *sql.Tx) error {
return nil
}

91
server/datastore/mysql/migrations/tables/20231004144338_CreateTableQueryReports_test.go Normal file
View File

@ -0,0 +1,91 @@
package tables
import (
"encoding/json"
"testing"
"time"
"github.com/stretchr/testify/require"
)
func TestUp_20231004144338(t *testing.T) {
db := applyUpToPrev(t)
// Apply current migration.
applyNext(t, db)
// Insert a record into query_results
insertStmt := `INSERT INTO query_results (
query_id, host_id, osquery_version, error, last_fetched, data
) VALUES (?, ?, ?, ?, ?, ?)`
queryID := insertQuery(t, db)
hostID := insertHost(t, db)
osqueryVersion := "5.9.1"
lastFetched := time.Now().UTC()
// Example JSON data for data field
osqueryData := map[string]string{
"model": "USB Keyboard",
"vendor": "Apple Inc.",
}
jsonData, err := json.Marshal(osqueryData)
require.NoError(t, err)
res, err := db.Exec(insertStmt, queryID, hostID, osqueryVersion, "", lastFetched, jsonData)
require.NoError(t, err)
id, _ := res.LastInsertId()
// Insert a sample error result containing a NULL data field
errorMessage := "Some error message"
_, err = db.Exec(insertStmt, queryID, hostID, osqueryVersion, errorMessage, lastFetched, nil)
require.NoError(t, err)
type QueryResult struct {
ID uint `db:"id"`
QueryID uint `db:"query_id"`
HostID uint `db:"host_id"`
OsqueryVersion string `db:"osquery_version"`
Error string `db:"error"`
LastFetched time.Time `db:"last_fetched"`
OsqueryResultData *json.RawMessage `db:"data"`
}
// Load the 1st result
var queryReport []QueryResult
selectStmt := `
SELECT id, query_id, host_id, osquery_version, error, last_fetched, data
FROM query_results
WHERE query_id = ? AND host_id = ?
ORDER BY id ASC
`
err = db.Select(&queryReport, selectStmt, queryID, hostID)
require.NoError(t, err)
require.Equal(t, queryID, queryReport[0].QueryID)
require.Equal(t, hostID, queryReport[0].HostID)
require.Equal(t, osqueryVersion, queryReport[0].OsqueryVersion)
require.Empty(t, queryReport[0].Error)
require.True(t, lastFetched.Sub(queryReport[0].LastFetched) < time.Second)
require.JSONEq(t, string(jsonData), string(*queryReport[0].OsqueryResultData))
// Error results should be loaded as well
require.Equal(t, queryID, queryReport[1].QueryID)
require.Equal(t, hostID, queryReport[1].HostID)
require.Equal(t, osqueryVersion, queryReport[1].OsqueryVersion)
require.Equal(t, errorMessage, queryReport[1].Error)
require.True(t, lastFetched.Sub(queryReport[1].LastFetched) < time.Second) // allow a 1 sec difference to account for time to run the query
require.Empty(t, queryReport[1].OsqueryResultData)
// Delete the query we just created to test the ON DELETE CASCADE
deleteQueryStmt := `DELETE FROM queries WHERE id = ?`
_, err = db.Exec(deleteQueryStmt, queryID)
require.NoError(t, err)
// Verify that both query_result records were deleted
var count int
err = db.Get(&count, "SELECT COUNT(*) FROM query_results WHERE id = ?", id)
require.NoError(t, err)
require.Equal(t, 0, count)
}

60
server/datastore/mysql/migrations/tables/migration_test.go
View File

@ -89,3 +89,63 @@ func applyNext(t *testing.T, db *sqlx.DB) {
err := MigrationClient.UpByOne(db.DB, gooseNoDir)
require.NoError(t, err)
}
func insertQuery(t *testing.T, db *sqlx.DB) uint {
// Insert a record into queries table
insertQueryStmt := `
INSERT INTO queries (
name, description, query, observer_can_run, platform, logging_type
) VALUES (?, ?, ?, ?, ?, ?)
`
queryName := "Test Query"
queryDescription := "A test query for the test suite"
queryValue := "SELECT * FROM apps;"
observerCanRun := 0
platform := "mac" // Just a placeholder, adjust as needed
loggingType := "snapshot"
res, err := db.Exec(insertQueryStmt, queryName, queryDescription, queryValue, observerCanRun, platform, loggingType)
require.NoError(t, err)
id, err := res.LastInsertId()
require.NoError(t, err)
return uint(id)
}
func insertHost(t *testing.T, db *sqlx.DB) uint {
// Insert a minimal record into hosts table
insertHostStmt := `
INSERT INTO hosts (
hostname, uuid, platform, osquery_version, os_version, build, platform_like, code_name,
cpu_type, cpu_subtype, cpu_brand, hardware_vendor, hardware_model, hardware_version,
hardware_serial, computer_name
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
`
hostName := "Dummy Hostname"
hostUUID := "12345678-1234-1234-1234-123456789012"
hostPlatform := "windows"
osqueryVer := "5.9.1"
osVersion := "Windows 10"
buildVersion := "10.0.19042.1234"
platformLike := "windows"
codeName := "20H2"
cpuType := "x86_64"
cpuSubtype := "x86_64"
cpuBrand := "Intel"
hwVendor := "Dell Inc."
hwModel := "OptiPlex 7090"
hwVersion := "1.0"
hwSerial := "ABCDEFGHIJ"
computerName := "DESKTOP-TEST"
res, err := db.Exec(insertHostStmt, hostName, hostUUID, hostPlatform, osqueryVer, osVersion, buildVersion, platformLike, codeName, cpuType, cpuSubtype, cpuBrand, hwVendor, hwModel, hwVersion, hwSerial, computerName)
require.NoError(t, err)
id, err := res.LastInsertId()
require.NoError(t, err)
return uint(id)
}

19
server/datastore/mysql/schema.sql
View File

File diff suppressed because one or more lines are too long

2
server/fleet/users.go
View File

@ -353,7 +353,7 @@ func ValidatePasswordRequirements(password string) error {
return nil
}
return errors.New("Password does not meet required criteria: Must include 12 characters, at least 1 number (e.g. 0 - 9), and at least 1 symbol (e.g. &*#).")
return errors.New("Password does not meet required criteria")
}
// ValidateEmail checks that the provided email address is valid, this function

13
server/service/device_client.go
View File

@ -12,7 +12,6 @@ import (
"github.com/fleetdm/fleet/v4/pkg/retry"
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/fleetdm/fleet/v4/server/ptr"
"github.com/rs/zerolog/log"
)
// Device client is used consume the `device/...` endpoints and meant to be used by Fleet Desktop
@ -48,7 +47,6 @@ func NewDeviceClient(addr string, insecureSkipVerify bool, rootCA string, fleetC
// ErrUnauthenticated. The client will call this function to get a fresh token
// and retry if it returns a different, non-empty token.
func (dc *DeviceClient) WithInvalidTokenRetry(fn func() string) {
log.Debug().Msg("setting invalid token retry hook")
dc.invalidTokenRetryFunc = fn
}
@ -57,7 +55,7 @@ func (dc *DeviceClient) WithInvalidTokenRetry(fn func() string) {
// (the pathFmt is used as-is as path). It will retry if the request fails due
// to an invalid token and the invalidTokenRetryFunc field is set.
func (dc *DeviceClient) request(verb, pathFmt, token, query string, params interface{}, responseDest interface{}) error {
const maxAttempts = 4
const maxAttempts = 3
var attempt int
for {
attempt++
@ -69,18 +67,11 @@ func (dc *DeviceClient) request(verb, pathFmt, token, query string, params inter
reqErr := dc.requestAttempt(verb, path, query, params, responseDest)
if attempt >= maxAttempts || dc.invalidTokenRetryFunc == nil || token == "-" || !errors.Is(reqErr, ErrUnauthenticated) {
// no retry possible, return the result
if reqErr != nil {
log.Debug().Msgf("not retrying API error; attempt=%d, hook set=%t, token unset=%t, error is auth=%t",
attempt, dc.invalidTokenRetryFunc != nil, token == "-", errors.Is(reqErr, ErrUnauthenticated))
}
return reqErr
}
delay := time.Duration(attempt) * time.Second
log.Debug().Msgf("retrying API error in %s", delay)
time.Sleep(delay)
time.Sleep(time.Duration(attempt) * time.Second)
newToken := dc.invalidTokenRetryFunc()
log.Debug().Msgf("retrying API error; token is different=%t", newToken != "" && newToken != token)
if newToken != "" {
token = newToken
}

2
server/service/device_client_test.go
View File

@ -162,6 +162,6 @@ func TestDeviceClientRetryInvalidToken(t *testing.T) {
_, err = client.DesktopSummary("bad")
require.Error(t, err)
require.ErrorIs(t, err, ErrUnauthenticated)
require.Equal(t, int64(4), callCounts.Load())
require.Equal(t, int64(3), callCounts.Load())
})
}

2
server/service/users.go
View File

@ -863,7 +863,7 @@ func (svc *Service) PerformRequiredPasswordReset(ctx context.Context, password s
}
if err := fleet.ValidatePasswordRequirements(password); err != nil {
return nil, fleet.NewInvalidArgumentError("new_password", "Password does not meet required criteria: Must include 12 characters, at least 1 number (e.g. 0 - 9), and at least 1 symbol (e.g. &*#).")
return nil, fleet.NewInvalidArgumentError("new_password", "Password does not meet required criteria")
}
user.AdminForcedPasswordReset = false

4
terraform/addons/saml-auth-proxy/outputs.tf
View File

@ -11,7 +11,3 @@ output "name" {
output "lb_target_group_arn" {
value = module.saml_auth_proxy_alb.target_group_arns[0]
}
output "secretsmanager_secret_id" {
value = aws_secretsmanager_secret.saml_auth_proxy_cert.id
}

18
website/api/helpers/strings/to-html.js vendored
View File

@ -98,18 +98,12 @@ module.exports = {
};
}
// Creating a custom codeblock renderer function to add syntax highlighting keywords and render mermaid code blocks (```mermaid```) without the added <pre> tags.
customRenderer.code = function(code, infostring) {
if(infostring === 'mermaid') {
return `<code class="mermaid">${_.escape(code)}</code>`;
} else if(infostring === 'js') {// Interpret `js` as `javascript`
return `<pre><code class="hljs javascript">${_.escape(code)}</code></pre>`;
} else if(infostring === 'bash' || infostring === 'sh') {// Interpret `sh` and `bash` as `bash`
return `<pre><code class="hljs bash">${_.escape(code)}</code></pre>`;
} else if(infostring !== '') {// leaving the code language as-is if the infoString is anything else.
return `<pre><code class="hljs ${_.escape(infostring)}">${_.escape(code)}</code></pre>`;
} else {// When unspecified, default to `text`
return `<pre><code class="nohighlight">${_.escape(code)}</code></pre>`;
// Creating a custom codeblock renderer function to render mermaid code blocks (```mermaid```) without the added <pre> tags.
customRenderer.code = function(code) {
if(code.match(/\<!-- __LANG=\%mermaid\%__ --\>/g)) {
return '<code>'+_.escape(code)+'\n</code>';
} else {
return '<pre><code>'+_.escape(code)+'\n</code></pre>';
}
};

BIN
website/assets/images/logo-atlassian-140x18@2x.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.2 KiB

BIN
website/assets/images/logo-fastly-75x30@2x.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.8 KiB

BIN
website/assets/images/logo-gusto-64x24@2x.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.6 KiB

BIN
website/assets/images/logo-segment-112x24@2x.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.5 KiB

BIN
website/assets/images/logo-snowflake-117x28@2x.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 5.1 KiB

BIN
website/assets/images/logo-uber-70x24@2x.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.4 KiB

BIN
website/assets/images/logo-wayfair-110x24@2x.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.5 KiB

BIN
website/assets/images/quote-icon-18x12@2x.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 814 B

BIN
website/assets/images/video-testimonial-austin-anderson-1440x810@2x.jpg vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 897 KiB

BIN
website/assets/images/video-testimonial-nick-fohs-1440x810@2x.jpg vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 894 KiB

9
website/assets/js/pages/homepage.page.js vendored
View File

@ -8,7 +8,6 @@ parasails.registerPage('homepage', {
numberOfTweetPages: 0,
numberOfTweetsPerPage: 0,
tweetCardWidth: 0,
modal: undefined,
},
// ╦ ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦ ╔═╗
@ -32,13 +31,5 @@ parasails.registerPage('homepage', {
window.HubSpotConversations.widget.open();
}
},
clickOpenVideoModal: function(modalName) {
this.modal = modalName;
},
closeModal: function() {
this.modal = undefined;
}
}
});

7
website/assets/js/pages/vulnerability-management.page.js vendored
View File

@ -3,7 +3,6 @@ parasails.registerPage('vulnerability-management', {
// ║║║║║ ║ ║╠═╣║ ╚═╗ ║ ╠═╣ ║ ║╣
// ╩╝╚╝╩ ╩ ╩╩ ╩╩═╝ ╚═╝ ╩ ╩ ╩ ╩ ╚═╝
data: {
modal: undefined,
},
// ╦ ╦╔═╗╔═╗╔═╗╦ ╦╔═╗╦ ╔═╗
@ -25,11 +24,5 @@ parasails.registerPage('vulnerability-management', {
window.HubSpotConversations.widget.open();
}
},
clickOpenVideoModal: function() {
this.modal = 'video';
},
closeModal: function() {
this.modal = undefined;
}
}
});

12
website/assets/styles/pages/articles/basic-article.less vendored
View File

@ -40,10 +40,10 @@
font-size: 16px;
}
&:hover {
background-color: rgba(25, 33, 71, 0.05);
background-color: rgba(25,33,71,.05);
}
&:active {
background-color: rgba(25, 33, 71, 0.1);
&:active{
background-color: rgba(25,33,71,.1);
}
}
[purpose='edit-button'] {
@ -62,10 +62,10 @@
line-height: 21px;
border-radius: 6px;
&:hover {
background-color: rgba(25, 33, 71, 0.05);
background-color: rgba(25,33,71,.05);
}
&:active {
background-color: rgba(25, 33, 71, 0.1);
&:active{
background-color: rgba(25,33,71,.1);
}
}
[purpose='article-details'] {

326
website/assets/styles/pages/homepage.less vendored
View File

@ -1,8 +1,8 @@
#homepage {
h1 {
font-weight: 800;
font-size: 64px;
line-height: 76px;
font-size: 56px;
line-height: 54px;
}
h3 {
font-weight: 800;
@ -64,6 +64,7 @@
p {
margin-bottom: 40px;
font-size: 18px;
max-width: 520px;
}
[purpose='button-row'] {
margin-bottom: 40px;
@ -73,34 +74,30 @@
[purpose='hero-logos'] {
margin-top: 32px;
margin-bottom: 120px;
max-width: 1080px;
[purpose='snowflake-logo'] {
height: 28px;
height: 30px;
}
[purpose='wayfair-logo'] {
height: 24px;
height: 33px;
}
[purpose='uber-logo'] {
height: 24px;
}
[purpose='fastly-logo'] {
height: 30px;
}
[purpose='atlassian-logo'] {
height: 18px;
}
[purpose='gusto-logo'] {
height: 24px;
height: 21px;
}
[purpose='segment-logo'] {
height: 24px;
height: 32px;
}
[purpose='bottom-row-uber-logo'] {
display: none;
}
}
[purpose='logo-column'] {
img {
// margin-right: 35px;
// margin-left: 35px;
margin-right: 35px;
margin-left: 35px;
}
}
@ -355,139 +352,8 @@
}
}
[purpose='testimonials'] {
margin-bottom: 80px;
}
[purpose='testimonial'] {
border-radius: 12px;
border: 1px solid #E2E4EA;
background: #FFF;
cursor: pointer;
max-width: 550px;
[purpose='testimonial-text'] {
width: 320px;
padding: 40px;
p {
font-size: 12px;
font-style: normal;
font-weight: 400;
line-height: 18px;
}
[purpose='testimonial-quote'] {
font-size: 16px;
font-style: normal;
font-weight: 500;
line-height: 24px;
}
}
[purpose='testimonial-video'] {
width: 230px;
border-top-right-radius: 12px;
border-bottom-right-radius: 12px;
display: flex;
flex-direction: column;
align-items: center;
justify-content: center;
margin-bottom: 0px;
}
&:hover {
box-shadow: 0px 4px 16px 0px #E2E4EA;
}
&:first-of-type {
[purpose='testimonial-video'] {
background: url('/images/video-testimonial-austin-anderson-1440x810@2x.jpg');
background-position: center;
background-size: cover;
}
margin-right: 20px;
margin-left: 0px;
}
&:last-of-type {
[purpose='testimonial-video'] {
background: url('/images/video-testimonial-nick-fohs-1440x810@2x.jpg');
background-position: center;
background-size: cover;
}
margin-right: 0px;
margin-left: 20px;
}
}
[purpose='video-modal'] {
[purpose='modal-dialog'] {
width: 100%;
max-width: 100%;
}
[purpose='modal-content'] {
max-width: 1140px;
height: 641px;
background-color: transparent;
box-shadow: none;
border: none;
padding: 0px;
margin-top: 150px;
margin-left: auto;
margin-right: auto;
[purpose='modal-close-button'] {
top: -40px;
right: 0px;
border-radius: 50%;
width: 32px;
height: 32px;
padding: 0px 0px 4px 0px;
background-color: #192147;
color: #FFF;
opacity: 1;
}
}
iframe {
width: 1140px;
height: 641px;
}
}
@media (max-width: 1400px) {
[purpose='hero-logos'] {
margin-top: 32px;
margin-bottom: 120px;
padding-right: 60px;
padding-left: 60px;
[purpose='snowflake-logo'] {
height: 28px;
}
[purpose='wayfair-logo'] {
height: 24px;
}
[purpose='uber-logo'] {
height: 24px;
}
[purpose='fastly-logo'] {
height: 30px;
}
[purpose='atlassian-logo'] {
height: 18px;
}
[purpose='gusto-logo'] {
height: 24px;
}
[purpose='segment-logo'] {
height: 24px;
}
}
[purpose='logo-column'] {
width: 100%;
img {
margin-right: auto;
margin-left: auto;
}
}
}
@media (max-width: 1199px) {
@media (max-width: 1200px) {
[purpose='hero-background-image'] {
background-size: 1600px auto;
@ -505,44 +371,6 @@
padding-right: 60px;
padding-left: 60px;
}
[purpose='testimonial'] {
border-radius: 12px;
border: 1px solid #E2E4EA;
background: #FFF;
cursor: pointer;
max-width: 460px;
[purpose='testimonial-text'] {
width: 100%;
padding: 40px;
}
[purpose='testimonial-video'] {
height: 200px;
width: 100%;
border-top-right-radius: 12px;
border-top-left-radius: 12px;
border-bottom-right-radius: 0px;
display: flex;
flex-direction: column;
align-items: center;
justify-content: center;
}
}
[purpose='video-modal'] {
[purpose='modal-dialog'] {
width: 100%;
max-width: 100%;
}
[purpose='modal-content'] {
max-width: 960px;
height: 540px;
}
iframe {
width: 960px;
height: 540px;
}
}
}
@media (max-width: 991px) {
@ -556,39 +384,35 @@
max-width: 100%;
height: 720px;
}
[purpose='hero-text'] {
padding-top: 20px;
max-width: 450px;
}
[purpose='hero-logos'] {
max-width: 688px;
margin-top: 24px;
padding-left: 40px;
padding-right: 40px;
img {
display: inline;
}
[purpose='snowflake-logo'] {
height: 22px;
width: auto;
}
[purpose='wayfair-logo'] {
height: 22px;
width: auto;
}
[purpose='uber-logo'] {
height: 22px;
width: auto;
}
[purpose='atlassian-logo'] {
height: 16px;
width: auto;
}
[purpose='segment-logo'] {
height: 24px;
}
}
[purpose='logo-column'] {
margin-bottom: 32px;
img {
// margin-right: 20px;
// margin-left: 20px;
margin-right: 20px;
margin-left: 20px;
}
}
@ -613,26 +437,13 @@
}
}
[purpose='bottom-cloud-city-banner'] {
max-height: 375px;
height: auto;
width: 100%;
}
[purpose='video-modal'] {
[purpose='modal-dialog'] {
width: 100%;
max-width: 100%;
}
[purpose='modal-content'] {
max-width: 720px;
height: 405px;
}
iframe {
width: 720px;
height: 405px;
}
}
}
@media (max-width: 767px) {
@ -665,9 +476,26 @@
}
[purpose='hero-logos'] {
margin-top: 32px;
margin-bottom: 120px;
margin-bottom: 80px;
[purpose='snowflake-logo'] {
height: 30px;
}
[purpose='wayfair-logo'] {
height: 33px;
}
[purpose='uber-logo'] {
height: 30px;
}
[purpose='atlassian-logo'] {
height: 21px;
}
[purpose='segment-logo'] {
height: 32px;
}
[purpose='bottom-row-uber-logo'] {
display: none;
}
}
[purpose='homepage-text-block'] {
margin-bottom: 80px;
p {
@ -727,40 +555,6 @@
[purpose='three-column-features'] {
margin-bottom: 120px;
}
[purpose='testimonial'] {
&:first-of-type {
[purpose='testimonial-video'] {
background: url('/images/video-testimonial-austin-anderson-1440x810@2x.jpg');
background-position: center;
background-size: cover;
}
margin-right: auto;
margin-left: auto;
margin-bottom: 40px;
}
&:last-of-type {
[purpose='testimonial-video'] {
background: url('/images/video-testimonial-nick-fohs-1440x810@2x.jpg');
background-position: center;
background-size: cover;
}
margin-right: auto;
margin-left: auto;
}
}
[purpose='video-modal'] {
[purpose='modal-dialog'] {
max-width: 97vw;
}
[purpose='modal-content'] {
max-width: 540px;
height: 304px;
}
iframe {
width: 540px;
height: 304px;
}
}
}
@media (max-width: 575px) {
@ -779,13 +573,13 @@
h1 {
font-weight: 800;
font-size: 40px;
line-height: 48px;
line-height: 60px;
}
[purpose='hero-text'] {
padding-bottom: 260px;
h1 {
font-size: 40px;
line-height: 48px;
line-height: 60px;
}
h4 {
font-size: 14px;
@ -859,23 +653,30 @@
}
}
[purpose='hero-logos'] {
max-width: 335px;
padding-left: 20px;
padding-right: 20px;
img {
display: inline;
}
}
[purpose='video-modal'] {
[purpose='modal-content'] {
width: 95vw;
height: calc(~'9/16 * 95vw');
[purpose='snowflake-logo'] {
height: 22px;
width: auto;
}
iframe {
width: 95vw;
height: calc(~'9/16 * 95vw');
[purpose='wayfair-logo'] {
height: 22px;
width: auto;
}
[purpose='uber-logo'] {
height: 22px;
width: auto;
}
[purpose='atlassian-logo'] {
height: 16px;
width: auto;
}
[purpose='segment-logo'] {
height: 24px;
}
}
}
@media (max-width: 375px) {
@ -914,6 +715,13 @@
img {
display: inline;
}
[purpose='uber-logo'] {
display: none;
}
[purpose='bottom-row-uber-logo'] {
margin-top: 24px;
display: flex;
}
}

8
website/assets/styles/pages/query-library.less vendored
View File

@ -67,14 +67,6 @@
line-height: 18px;
}
}
[purpose='query-list-empty-state'] {
margin-top: 40px;
margin-right: 30px;
margin-left: 30px;
a {
font-size: 16px;
}
}
.input-group {
&.search {

165
website/assets/styles/pages/vulnerability-management.less vendored
View File

@ -138,84 +138,6 @@
padding-right: 40px;
padding-bottom: 120px;
}
[purpose='testimonials'] {
margin-top: 120px;
margin-bottom: 120px;
}
[purpose='testimonial'] {
border-radius: 12px;
border: 1px solid #E2E4EA;
background: #FFF;
cursor: pointer;
max-width: 550px;
margin-left: auto;
margin-right: auto;
[purpose='testimonial-text'] {
width: 320px;
padding: 40px;
p {
font-size: 12px;
font-style: normal;
font-weight: 400;
line-height: 18px;
}
[purpose='testimonial-quote'] {
font-size: 16px;
font-style: normal;
font-weight: 500;
line-height: 24px;
}
}
[purpose='testimonial-video'] {
width: 230px;
border-top-right-radius: 12px;
border-bottom-right-radius: 12px;
display: flex;
flex-direction: column;
align-items: center;
justify-content: center;
margin-bottom: 0px;
background: url('/images/video-testimonial-austin-anderson-1440x810@2x.jpg');
background-position: center;
background-size: cover;
}
&:hover {
box-shadow: 0px 4px 16px 0px #E2E4EA;
}
}
[purpose='video-modal'] {
[purpose='modal-dialog'] {
width: 100%;
max-width: 100%;
}
[purpose='modal-content'] {
max-width: 1140px;
height: 641px;
background-color: transparent;
box-shadow: none;
border: none;
padding: 0px;
margin-top: 150px;
margin-left: auto;
margin-right: auto;
[purpose='modal-close-button'] {
top: -40px;
right: 0px;
border-radius: 50%;
width: 32px;
height: 32px;
padding: 0px 0px 4px 0px;
background-color: #192147;
color: #FFF;
opacity: 1;
}
}
iframe {
width: 1140px;
height: 641px;
}
}
[purpose='feature'] {
margin-top: 120px;
@ -283,7 +205,7 @@
}
}
@media (max-width: 1199px) {
@media (max-width: 1200px) {
[purpose='logos'] {
height: 58px;
margin-left: auto;
@ -310,43 +232,6 @@
height: 22px;
}
}
[purpose='testimonial'] {
border-radius: 12px;
border: 1px solid #E2E4EA;
background: #FFF;
cursor: pointer;
max-width: 460px;
[purpose='testimonial-text'] {
width: 100%;
padding: 40px;
}
[purpose='testimonial-video'] {
height: 200px;
width: 100%;
border-top-right-radius: 12px;
border-top-left-radius: 12px;
border-bottom-right-radius: 0px;
display: flex;
flex-direction: column;
align-items: center;
justify-content: center;
}
}
[purpose='video-modal'] {
[purpose='modal-dialog'] {
width: 100%;
max-width: 100%;
}
[purpose='modal-content'] {
max-width: 960px;
height: 540px;
}
iframe {
width: 960px;
height: 540px;
}
}
}
@media (max-width: 991px) {
@ -374,28 +259,9 @@
padding-right: 10px;
}
}
[purpose='testimonials'] {
margin-top: 80px;
margin-bottom: 80px;
}
[purpose='video-modal'] {
[purpose='modal-dialog'] {
width: 100%;
max-width: 100%;
}
[purpose='modal-content'] {
max-width: 720px;
height: 405px;
}
iframe {
width: 720px;
height: 405px;
}
}
}
@media (max-width: 767px) {
@media (max-width: 768px) {
h1 {
font-size: 48px;
@ -446,19 +312,6 @@
[purpose='logos'] {
height: auto;
}
[purpose='video-modal'] {
[purpose='modal-dialog'] {
max-width: 97vw;
}
[purpose='modal-content'] {
max-width: 540px;
height: 304px;
}
iframe {
width: 540px;
height: 304px;
}
}
}
@media (max-width: 575px) {
@ -492,20 +345,6 @@
[parasails-component='scrollable-tweets'] [purpose='tweets'] {
margin-top: 40px;
}
[purpose='testimonials'] {
margin-top: 40px;
margin-bottom: 40px;
}
[purpose='video-modal'] {
[purpose='modal-content'] {
width: 95vw;
height: calc(~'9/16 * 95vw');
}
iframe {
width: 95vw;
height: calc(~'9/16 * 95vw');
}
}
}

25
website/scripts/build-static-content.js vendored
View File

@ -255,9 +255,32 @@ module.exports = {
if(mdString.match(/\{\{([^}]+)\}\}/gi)) {
throw new Error(`A Markdown file (${pageSourcePath}) contains a Vue template (${mdString.match(/\{\{([^}]+)\}\}/gi)[0]}) that will cause client-side javascript errors when converted to HTML. To resolve this error, change or remove the double curly brackets in this file.`);
}
mdString = mdString.replace(/(```)([a-zA-Z0-9\-]*)(\s*\n)/g, '$1\n' + '<!-- __LANG=%' + '$2' + '%__ -->' + '$3'); // « Based on the github-flavored markdown's language annotation, (e.g. ```js```) add a temporary marker to code blocks that can be parsed post-md-compilation when this is HTML. Note: This is an HTML comment because it is easy to over-match and "accidentally" add it underneath each code block as well (being an HTML comment ensures it doesn't show up or break anything). For more information, see https://github.com/uncletammy/doc-templater/blob/2969726b598b39aa78648c5379e4d9503b65685e/lib/compile-markdown-tree-from-remote-git-repo.js#L198-L202
mdString = mdString.replace(/(<call-to-action[\s\S]+[^>\n+])\n+(>)/g, '$1$2'); // « Removes any newlines that might exist before the closing `>` when the <call-to-action> compontent is added to markdown files.
// [?] Looking for code that used to be here related to syntax highlighting? Please see https://github.com/fleetdm/fleet/pull/14124/files -mikermcneil, 2023-09-25
let htmlString = await sails.helpers.strings.toHtml(mdString);
htmlString = (// « Add the appropriate class to the `<code>` based on the temporary "LANG" markers that were just added above
htmlString
.replace(// Interpret `js` as `javascript`
// $1 $2 $3 $4
/(<code)([^>]*)(>\s*)(\&lt;!-- __LANG=\%js\%__ --\&gt;)\s*/gm,
'$1 class="javascript"$2$3'
)
.replace(// Interpret `sh` and `bash` as `bash`
// $1 $2 $3 $4
/(<code)([^>]*)(>\s*)(\&lt;!-- __LANG=\%(bash|sh)\%__ --\&gt;)\s*/gm,
'$1 class="bash"$2$3'
)
.replace(// When unspecified, default to `text`
// $1 $2 $3 $4
/(<code)([^>]*)(>\s*)(\&lt;!-- __LANG=\%\%__ --\&gt;)\s*/gm,
'$1 class="nohighlight"$2$3'
)
.replace(// Finally, nab the rest, leaving the code language as-is.
// $1 $2 $3 $4 $5 $6
/(<code)([^>]*)(>\s*)(\&lt;!-- __LANG=\%)([^%]+)(\%__ --\&gt;)\s*/gm,
'$1 class="$5"$2$3'
)
);
// Throw an error if the compiled Markdown contains nested codeblocks (nested codeblocks meaning 3 backtick codeblocks nested inside a 4 backtick codeblock, or vice versa). Note: We're checking this after the markdown has been compiled because backticks (`) within codeblocks will be replaced with HTML entities (&#96;) and nested triple backticks can be easy to overmatch.
if(htmlString.match(/(&#96;){3,4}[\s\S]+(&#96;){3}/g)){
throw new Error('The compiled markdown has a codeblock (\`\`\`) nested inside of another codeblock (\`\`\`\`) at '+pageSourcePath+'. To resolve this error, remove the codeblock nested inside another codeblock from this file.');

2
website/views/pages/articles/basic-article.ejs vendored
View File

@ -13,7 +13,7 @@
</div>
<div class="d-flex flex-row align-items-center pt-3 pt-sm-1">
<a purpose="rss-button" target="_blank" :href="'/rss/'+articleCategorySlug"><span>Subscribe</span></a>
<a purpose="edit-button" class="d-flex flex-row align-items-center" target="_blank" :href="'https://github.com/fleetdm/fleet/edit/main/articles/'+thisPage.sectionRelativeRepoPath"><img alt="A pencil icon" src="/images/pencil-16x16@2x.png">Edit page</a>
<a purpose="edit-button" class="d-flex flex-row align-items-center" target="_blank" :href="'https://github.com/fleetdm/fleet/edit/main/articles/'+thisPage.sectionRelativeRepoPath"><img alt="A pencil icon" src="/images/pencil-16x16@2x.png">Edit page</span></a>
</div>
</div>
<div purpose="article-content" class="d-flex flex-column" parasails-has-no-page-script>

88
website/views/pages/homepage.ejs vendored
View File

@ -6,9 +6,9 @@
<div class="d-flex flex-row justify-content-center align-items-start">
<%/* Hero text */%>
<div purpose="hero-text" class="d-flex flex-column justify-content-center">
<h4>For teams with thousands of computers</h4>
<h1>Untangle your endpoints</h1>
<p>Replace the sprawl you inherited with open-source code that works the way you want.</p>
<h4>Open-source device management</h4>
<h1>Lighter than air</h1>
<p>Lightweight management for laptops and servers.<br class="d-sm-block d-none"> Designed for APIs, GitOps, webhooks, YAML, and humans.</p>
<div purpose="button-row" class="d-flex flex-sm-row flex-column justify-content-center align-items-center">
<a purpose="cta-button" href="/try-fleet/register?tryitnow">Try it out</a>
<a @click="clickOpenChatWidget()" purpose="animated-arrow-button-red">Talk to an expert</a>
@ -19,71 +19,22 @@
</div>
</div>
<%/* Row of logos */%>
<div purpose="hero-logos" class="mx-auto d-flex flex-column align-items-center justify-content-center">
<%/* >991px logos all on one row */%>
<div purpose="logo-column" class="w-100 flex-row d-lg-flex d-none justify-content-between align-items-center">
<a href="/guides/delivering-data-to-snowflake-from-fleet-and-osquery"><img purpose="snowflake-logo" class="ml-auto" alt="Snowflake logo" src="/images/logo-snowflake-117x28@2x.png"></a>
<a href="#community"><img purpose="wayfair-logo" alt="Wayfair logo" src="/images/logo-wayfair-110x24@2x.png"></a>
<a class="d-block" href="#community"><img purpose="uber-logo" alt="Uber logo" class="" src="/images/logo-uber-70x24@2x.png"></a>
<a class="d-block" href="#community"><img purpose="fastly-logo" alt="Fastly logo" class="" src="/images/logo-fastly-75x30@2x.png"></a>
<a href="#community"><img purpose="atlassian-logo" alt="Atlassian logo" src="/images/logo-atlassian-140x18@2x.png"></a>
<a href="https://segment.com/blog/hosting-fleetdm-on-aws-eks/" target="_blank"><img purpose="gusto-logo" alt="Gusto logo" src="/images/logo-gusto-64x24@2x.png"></a>
<a href="https://segment.com/blog/hosting-fleetdm-on-aws-eks/" target="_blank"><img purpose="segment-logo" alt="Segment logo" class="mr-auto" src="/images/logo-segment-112x24@2x.png"></a>
<div purpose="hero-logos" style="max-width: 1080px;" class="mx-auto d-flex flex-md-row flex-column align-items-center justify-content-center">
<div purpose="logo-column" class="flex-row d-flex justify-content-between align-items-center mb-4 mb-md-0">
<a href="/guides/delivering-data-to-snowflake-from-fleet-and-osquery"><img purpose="snowflake-logo" class="ml-md-auto" alt="Snowflake logo" src="/images/logo-snowflake-167x40@2x.png"></a>
<a href="#community"><img purpose="wayfair-logo" alt="Wayfair logo" src="/images/logo-wayfair-color-147x32@2x.png"></a>
<a class="d-block" href="#community"><img purpose="uber-logo" alt="Uber logo" class="" src="/images/logo-uber-dark-84x30@2x.png"></a>
</div>
<%/* >576px logos - two rows */%>
<div purpose="logo-column" class="d-sm-flex d-none d-lg-none flex-row justify-content-between align-items-start align-items-md-center">
<a href="/guides/delivering-data-to-snowflake-from-fleet-and-osquery"><img purpose="snowflake-logo" class="ml-md-auto" alt="Snowflake logo" src="/images/logo-snowflake-117x28@2x.png"></a>
<a href="#community"><img purpose="wayfair-logo" alt="Wayfair logo" src="/images/logo-wayfair-110x24@2x.png"></a>
<a class="d-block" href="#community"><img purpose="uber-logo" alt="Uber logo" class="" src="/images/logo-uber-70x24@2x.png"></a>
<a class="d-block" href="#community"><img purpose="fastly-logo" alt="Fastly logo" class="" src="/images/logo-fastly-75x30@2x.png"></a>
<div purpose="logo-column" class="d-flex flex-row justify-content-between align-items-start align-items-md-center">
<a href="#community"><img purpose="atlassian-logo" alt="Atlassian logo" src="/images/logo-atlassian-194x24@2x.png"></a>
<a href="https://segment.com/blog/hosting-fleetdm-on-aws-eks/" target="_blank"><img purpose="segment-logo" alt="Segment logo" class="mr-md-auto" src="/images/logo-segment-139x30@2x.png"></a>
</div>
<div purpose="logo-column" class="d-sm-flex d-none d-lg-none flex-row justify-content-between align-items-center mb-0">
<a href="#community"><img purpose="atlassian-logo" alt="Atlassian logo" src="/images/logo-atlassian-140x18@2x.png"></a>
<a href="https://segment.com/blog/hosting-fleetdm-on-aws-eks/" target="_blank"><img purpose="gusto-logo" alt="Gusto logo" src="/images/logo-gusto-64x24@2x.png"></a>
<a href="https://segment.com/blog/hosting-fleetdm-on-aws-eks/" target="_blank"><img purpose="segment-logo" alt="Segment logo" class="mr-md-auto" src="/images/logo-segment-112x24@2x.png"></a>
</div>
<%/* <576px logos - three rows */%>
<div purpose="logo-column" class="d-flex d-sm-none flex-row justify-content-center align-items-center">
<a class="mr-3" href="/guides/delivering-data-to-snowflake-from-fleet-and-osquery"><img purpose="snowflake-logo" alt="Snowflake logo" src="/images/logo-snowflake-117x28@2x.png"></a>
<a class="ml-3" href="#community"><img purpose="wayfair-logo" alt="Wayfair logo" src="/images/logo-wayfair-110x24@2x.png"></a>
</div>
<div purpose="logo-column" class="d-flex d-sm-none flex-row justify-content-between align-items-center">
<a class="d-block" href="#community"><img class="mx-0" purpose="uber-logo" alt="Uber logo" src="/images/logo-uber-70x24@2x.png"></a>
<a class="d-block" href="#community"><img class="mx-auto" purpose="fastly-logo" alt="Fastly logo" src="/images/logo-fastly-75x30@2x.png"></a>
<a href="#community"><img class="mx-0" purpose="atlassian-logo" alt="Atlassian logo" src="/images/logo-atlassian-140x18@2x.png"></a>
</div>
<div purpose="logo-column" class="d-flex d-sm-none flex-row justify-content-center align-items-center mb-0">
<a class="mr-3" href="https://segment.com/blog/hosting-fleetdm-on-aws-eks/" target="_blank"><img purpose="gusto-logo" alt="Gusto logo" src="/images/logo-gusto-64x24@2x.png"></a>
<a class="ml-3" href="https://segment.com/blog/hosting-fleetdm-on-aws-eks/" target="_blank"><img purpose="segment-logo" alt="Segment logo" class="mr-md-auto" src="/images/logo-segment-112x24@2x.png"></a>
<div purpose="logo-column" class="d-flex flex-row justify-content-between align-items-center">
<a purpose="bottom-row-uber-logo" href="#community" target="_blank"><img style="height: 20px; width: auto" alt="Uber logo" src="/images/logo-uber-dark-84x30@2x.png"></a>
</div>
</div>
<%/* Homepage content */%>
<div purpose="homepage-content" class="container">
<%/* Testimonial videos */%>
<div purpose="testimonials" class="d-flex flex-md-row flex-column justify-content-center card-deck">
<div purpose="testimonial" class="d-flex flex-xl-row flex-column-reverse card" @click="clickOpenVideoModal('austin-anderson')">
<div purpose="testimonial-text" class="card-body">
<img alt="an opening quotation mark" style="width:18px; margin-bottom: 16px;" src="/images/quote-icon-18x12@2x.png">
<p purpose="testimonial-quote">We can build it exactly the way we want it. Which is just not possible on other platforms.</p>
<p class="mb-0"><strong>Austin Anderson</strong></p>
<p>Cybersecurity team senior manager</p>
</div>
<div purpose="testimonial-video" class="card-title">
</div>
</div>
<div purpose="testimonial" class="d-flex flex-xl-row flex-column-reverse card" @click="clickOpenVideoModal('nick-fohs')">
<div purpose="testimonial-text" class="card-body">
<img alt="an opening quotation mark" style="width:18px; margin-bottom: 16px;" src="/images/quote-icon-18x12@2x.png">
<p purpose="testimonial-quote">Context is king for device data, and Fleet provides a way to surface that information to our other teams and partners.</p>
<p class="mb-0"><strong>Nick Fohs</strong></p>
<p>Systems and infrastructure manager</p>
</div>
<div purpose="testimonial-video" class="card-title">
</div>
</div>
</div>
<%/* Device management block */%>
<div purpose="platform-block" class="d-flex flex-md-row flex-column justify-content-between mx-auto align-items-center">
@ -135,7 +86,7 @@
<%/* Supported platforms */%>
<div purpose="supported-platforms" class="d-flex flex-column">
<h2>An open API for every endpoint</h2>
<h2>Supported platforms</h2>
<div class="card-deck d-flex flex-row flex-wrap justify-content-center mx-auto">
<div purpose="supported-platform" class="">
<img alt="Linux" src="/images/homepage-platform-linux-41x48@2x.png">
@ -224,7 +175,7 @@
</div>
<div purpose="homepage-text-block" class="text-center mx-auto">
<h2>Open by design</h2>
<h2>Open through and through</h2>
<p>Fleet is dedicated to flexibility, accessibility, and clarity. We think everyone can contribute and that tools should be as easy as possible for everyone to understand.</p>
</div>
@ -234,7 +185,7 @@
<div purpose="feature" class="ml-sm-0">
<img alt="transparency" src="/images/homepage-icon-transparency-54x64@2x.png" class="mx-auto mx-sm-0">
<h5>Scope transparency</h5>
<p>Let end users see the source code for exactly <a href="/docs/using-fleet/fleet-desktop">how they are being monitored</a>, and set clear expectations about what is and isnt acceptable use of work computers.</p>
<p>Fleet champions a user-first transparency model with its open-source software, allowing users to see what's being monitored and how. Read more on Fleets <a href="/transparency">transparency</a> page. </p>
</div>
<div purpose="feature">
@ -316,12 +267,5 @@
<img alt="A glass city floating on top of fluffy white clouds" class="d-none d-md-flex d-lg-none" src="/images/homepage-cloud-city-banner-md-990x375@2x.png">
<img alt="A glass city floating on top of fluffy white clouds" class="d-flex d-md-none" src="/images/homepage-cloud-city-banner-sm-375x168@2x.png">
</div>
<modal purpose="video-modal" v-if="modal === 'austin-anderson'" @close="closeModal()">
<iframe width="560" height="315" src="https://www.youtube.com/embed/G5Ry_vQPaYc?si=vv0AfRe30yssWWRM&amp;controls=0" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
</modal>
<modal purpose="video-modal" v-if="modal === 'nick-fohs'" @close="closeModal()">
<iframe width="560" height="315" src="https://www.youtube.com/embed/fs5ULAR4e4A?si=pChZBt_sSNj13goP&amp;controls=0" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
</modal>
</div>
<%- /* Expose locals as `window.SAILS_LOCALS` :: */ exposeLocalsToBrowser() %>

3
website/views/pages/query-library.ejs vendored
View File

@ -139,9 +139,6 @@
<div class="divider"></div>
</div>
</div>
<div purpose="query-list-empty-state" v-if="queriesList.length === 0">
<p class="mb-0">There are no results that match your filters. <a target="_blank" href="https://github.com/fleetdm/fleet/edit/main/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml">Everyone can contribute</a>.</p>
</div>
</div>
</div>
</div>

39
website/views/pages/transparency.ejs vendored
View File

@ -56,82 +56,73 @@
</div>
<div style="border-bottom: 1px solid #E2E4EA; padding-right: 20px;" class="position-relative">
<p id="accordion__header3" style="cursor: pointer;" class="accordion pt-3 mb-3" data-toggle="collapse" data-target="#accordion__body3" aria-controls="accordion__body3">
Shell scripts
<span style="color: #6A67FE; right: 0; top: 24px;" class="position-absolute fa fa-angle-down"></span>
</p>
<p id="accordion__body3" class="collapse" aria-labelledby="accordion__header3">
Fleet can run any shell script on your device remotely. This is useful for IT teams to help you troubleshoot remotely if you run into any issues with your device.
</p>
</div>
<div style="border-bottom: 1px solid #E2E4EA; padding-right: 20px;" class="position-relative">
<p id="accordion__header4" style="cursor: pointer;" class="accordion pt-3 mb-3" data-toggle="collapse" data-target="#accordion__body4" aria-controls="accordion__body4">
User account logins
<span style="color: #6A67FE; right: 0; top: 24px;" class="position-absolute fa fa-angle-down"></span>
</p>
<p id="accordion__body4" class="collapse" aria-labelledby="accordion__header4">
<p id="accordion__body3" class="collapse" aria-labelledby="accordion__header3">
Fleet can see details about the user accounts associated with your device, including which accounts have logged in recently. This is useful for IT and security teams to identify logins from suspicious accounts.
</p>
</div>
<div style="border-bottom: 1px solid #E2E4EA; padding-right: 20px;" class="position-relative">
<p id="accordion__header5" style="cursor: pointer;" class="accordion pt-3 mb-3" data-toggle="collapse" data-target="#accordion__body5" aria-controls="accordion__body5">
<p id="accordion__header4" style="cursor: pointer;" class="accordion pt-3 mb-3" data-toggle="collapse" data-target="#accordion__body4" aria-controls="accordion__body4">
Device health & performance
<span style="color: #6A67FE; right: 0; top: 24px;" class="position-absolute fa fa-angle-down"></span>
</p>
<p id="accordion__body5" class="collapse" aria-labelledby="accordion__header5">
<p id="accordion__body4" class="collapse" aria-labelledby="accordion__header4">
Fleet can see details about your devices hardware. E.g., what processor is used, how much memory is installed, storage capacity, battery health, etc. This allows IT teams to preemptively address device health problems, which can mitigate data loss and reduce disruption to your workflow caused by IT related issues.
</p>
</div>
<div style="border-bottom: 1px solid #E2E4EA; padding-right: 20px;" class="position-relative">
<p id="accordion__header6" style="cursor: pointer;" class="accordion pt-3 mb-3" data-toggle="collapse" data-target="#accordion__body6" aria-controls="accordion__body6">
<p id="accordion__header5" style="cursor: pointer;" class="accordion pt-3 mb-3" data-toggle="collapse" data-target="#accordion__body5" aria-controls="accordion__body5">
Installed software packages
<span style="color: #6A67FE; right: 0; top: 24px;" class="position-absolute fa fa-angle-down"></span>
</p>
<p id="accordion__body6" class="collapse" aria-labelledby="accordion__header6">
<p id="accordion__body5" class="collapse" aria-labelledby="accordion__header5">
Fleet can access a detailed list of the software installed on your device. With this information, IT teams can better manage software update schedules, and reduce disruption to your workflow. Security teams can also use this data to determine if any of your software has been compromised, by referencing your softwares version number against known vulnerable software databases.
</p>
</div>
<div style="border-bottom: 1px solid #E2E4EA; padding-right: 20px;" class="position-relative">
<p id="accordion__header7" style="cursor: pointer;" class="accordion pt-3 mb-3" data-toggle="collapse" data-target="#accordion__body7" aria-controls="accordion__body7">
<p id="accordion__header6" style="cursor: pointer;" class="accordion pt-3 mb-3" data-toggle="collapse" data-target="#accordion__body6" aria-controls="accordion__body6">
Running processes
<span style="color: #6A67FE; right: 0; top: 24px;" class="position-absolute fa fa-angle-down"></span>
</p>
<p id="accordion__body7" class="collapse" aria-labelledby="accordion__header7">
<p id="accordion__body6" class="collapse" aria-labelledby="accordion__header6">
Fleet can access a list of processes running on your device. These are processes you interact with graphically i.e., opened software; and processes that are running tasks in the background, such as sending data over network connections, running backups, or scheduled auto-updates. IT and security teams can use osquery to view this list in order to detect suspicious activity that may be a threat to your system.
</p>
</div>
<div style="border-bottom: 1px solid #E2E4EA; padding-right: 20px;" class="position-relative">
<p id="accordion__header8" style="cursor: pointer;" class="accordion pt-3 mb-3" data-toggle="collapse" data-target="#accordion__body8" aria-controls="accordion__body8">
<p id="accordion__header7" style="cursor: pointer;" class="accordion pt-3 mb-3" data-toggle="collapse" data-target="#accordion__body7" aria-controls="accordion__body7">
Security configurations
<span style="color: #6A67FE; right: 0; top: 24px;" class="position-absolute fa fa-angle-down"></span>
</p>
<p id="accordion__body8" class="collapse" aria-labelledby="accordion__header8">
<p id="accordion__body7" class="collapse" aria-labelledby="accordion__header7">
Fleet can see information about the status of firewalls and other security software installed on your device.
</p>
</div>
<div style="border-bottom: 1px solid #E2E4EA; padding-right: 20px;" class="position-relative">
<p id="accordion__header9" style="cursor: pointer;" class="accordion pt-3 mb-3" data-toggle="collapse" data-target="#accordion__body9" aria-controls="accordion__body9">
<p id="accordion__header8" style="cursor: pointer;" class="accordion pt-3 mb-3" data-toggle="collapse" data-target="#accordion__body8" aria-controls="accordion__body8">
Connected hardware devices
<span style="color: #6A67FE; right: 0; top: 24px;" class="position-absolute fa fa-angle-down"></span>
</p>
<p id="accordion__body9" class="collapse" aria-labelledby="accordion__header9">
<p id="accordion__body8" class="collapse" aria-labelledby="accordion__header8">
Fleet can see information about connected hardware devices. This is typically limited to only the type of hardware connected, and not specific details about the device. E.g., connected smartphones, USB devices, network devices, audio/visual hardware.
</p>
</div>
<div style="border-bottom: 1px solid #E2E4EA; padding-right: 20px;" class="position-relative">
<p id="accordion__header10" style="cursor: pointer;" class="accordion pt-3 mb-3" data-toggle="collapse" data-target="#accordion__body10" aria-controls="accordion__body10">
<p id="accordion__header9" style="cursor: pointer;" class="accordion pt-3 mb-3" data-toggle="collapse" data-target="#accordion__body9" aria-controls="accordion__body9">
Device location
<span style="color: #6A67FE; right: 0; top: 24px;" class="position-absolute fa fa-angle-down"></span>
</p>
<p id="accordion__body10" class="collapse" aria-labelledby="accordion__header10">
<p id="accordion__body9" class="collapse" aria-labelledby="accordion__header9">
Fleet uses IP geolocation to provide an approximate location of your device. Accuracy of IP geolocation services vary depending on where you are, but can typically be pinpointed within the nearest state or city. Organizations typically use this feature to track stolen or misplaced devices, and in some cases to ensure the safety of employees.
</p>
</div>
<div style="border-bottom: 1px solid #E2E4EA; padding-right: 20px;" class="position-relative">
<p id="accordion__header11" style="cursor: pointer;" class="accordion pt-3 mb-3" data-toggle="collapse" data-target="#accordion__body11" aria-controls="accordion__body11">
<p id="accordion__header10" style="cursor: pointer;" class="accordion pt-3 mb-3" data-toggle="collapse" data-target="#accordion__body10" aria-controls="accordion__body10">
File contents
<span style="color: #6A67FE; right: 0; top: 24px;" class="position-absolute fa fa-angle-down"></span>
</p>
<p id="accordion__body11" class="collapse" aria-labelledby="accordion__header11">
<p id="accordion__body10" class="collapse" aria-labelledby="accordion__header10">
In the case of a cyber attack, it is possible with Fleet to gain read access to files on your system. This is not a feature designed for privacy invasion, but rather a means for security teams to locate files on your device that may have been created or affected by a malicious virus.<br/><br/>
Additionally, Fleet can be configured to store disk encryption keys that can be used to recover encrypted data from a macOS device.
</p>

16
website/views/pages/vulnerability-management.ejs vendored
View File

@ -60,19 +60,6 @@
</div>
</div>
<div purpose="testimonials" class="d-flex flex-row justify-content-center">
<div purpose="testimonial" class="d-flex flex-xl-row flex-column-reverse card" @click="clickOpenVideoModal()">
<div purpose="testimonial-text" class="card-body">
<img alt="an opening quotation mark" style="width:18px; margin-bottom: 16px;" src="/images/quote-icon-18x12@2x.png">
<p purpose="testimonial-quote">We can build it exactly the way we want it. Which is just not possible on other platforms.</p>
<p class="mb-0"><strong>Austin Anderson</strong></p>
<p>Cybersecurity team senior manager</p>
</div>
<div purpose="testimonial-video" class="card-title">
</div>
</div>
</div>
<div purpose="button-row" style="margin-top: 60px;" class="d-flex flex-sm-row flex-column justify-content-center align-items-center mx-auto">
<a purpose="cta-button" href="/try-fleet/register?tryitnow">Try Fleet today</a>
<a @click="clickOpenChatWidget()" purpose="animated-arrow-button-red">Talk to an expert</a>
@ -108,8 +95,5 @@
<img alt="A glass city floating on top of fluffy white clouds" class="d-none d-md-flex d-lg-none" src="/images/homepage-cloud-city-banner-md-990x375@2x.png">
<img alt="A glass city floating on top of fluffy white clouds" class="d-flex d-md-none" src="/images/homepage-cloud-city-banner-sm-375x168@2x.png">
</div>
<modal purpose="video-modal" v-if="modal === 'video'" @close="closeModal()">
<iframe width="560" height="315" src="https://www.youtube.com/embed/G5Ry_vQPaYc?si=vv0AfRe30yssWWRM&amp;controls=0" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
</modal>
</div>
<%- /* Expose server-rendered data as window.SAILS_LOCALS :: */ exposeLocalsToBrowser() %>