mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 00:45:19 +00:00
Update docker osqueryd flags to use server provided config (#822)
This commit is contained in:
parent
cb23dab4be
commit
f11da7b05b
@ -7,7 +7,6 @@ services:
|
||||
volumes:
|
||||
- ./kolide.crt:/etc/osquery/kolide.crt
|
||||
- ./example_osquery.flags:/etc/osquery/osquery.flags
|
||||
- ./example_osquery.conf:/etc/osquery/osquery.conf
|
||||
extra_hosts:
|
||||
- "dockerhost:${LOCALHOST}"
|
||||
environment:
|
||||
@ -19,7 +18,6 @@ services:
|
||||
volumes:
|
||||
- ./kolide.crt:/etc/osquery/kolide.crt
|
||||
- ./example_osquery.flags:/etc/osquery/osquery.flags
|
||||
- ./example_osquery.conf:/etc/osquery/osquery.conf
|
||||
extra_hosts:
|
||||
- "dockerhost:${LOCALHOST}"
|
||||
environment:
|
||||
|
@ -1,50 +0,0 @@
|
||||
{
|
||||
"options": {
|
||||
"disable_distributed": "false",
|
||||
"distributed_plugin": "tls",
|
||||
"distributed_interval": 10,
|
||||
"distributed_tls_max_attempts": 3,
|
||||
"distributed_tls_read_endpoint": "/api/v1/osquery/distributed/read",
|
||||
"distributed_tls_write_endpoint": "/api/v1/osquery/distributed/write",
|
||||
"logger_plugin": "tls",
|
||||
"logger_tls_endpoint": "/api/v1/osquery/log",
|
||||
"logger_tls_period": 60
|
||||
},
|
||||
|
||||
"schedule": {
|
||||
// This is a simple example query that outputs basic system information.
|
||||
"system_info": {
|
||||
// The exact query to run.
|
||||
"query": "SELECT hostname, cpu_brand, physical_memory FROM system_info;",
|
||||
// The interval in seconds to run this query, not an exact interval.
|
||||
"interval": 60
|
||||
}
|
||||
},
|
||||
|
||||
// Decorators are normal queries that append data to every query.
|
||||
"decorators": {
|
||||
"load": [
|
||||
"SELECT uuid AS host_uuid FROM system_info;",
|
||||
"SELECT user AS username FROM logged_in_users ORDER BY time DESC LIMIT 1;"
|
||||
]
|
||||
},
|
||||
|
||||
// Add default osquery packs or install your own.
|
||||
//
|
||||
// There are several 'default' packs installed with 'make install' or via
|
||||
// packages and/or Homebrew.
|
||||
//
|
||||
// Linux: /usr/share/osquery/packs
|
||||
// OS X: /var/osquery/packs
|
||||
// Homebrew: /usr/local/share/osquery/packs
|
||||
// make install: {PREFIX}/share/osquery/packs
|
||||
//
|
||||
"packs": {
|
||||
// "osquery-monitoring": "/usr/share/osquery/packs/osquery-monitoring.conf",
|
||||
// "incident-response": "/usr/share/osquery/packs/incident-response.conf",
|
||||
// "it-compliance": "/usr/share/osquery/packs/it-compliance.conf",
|
||||
// "osx-attacks": "/usr/share/osquery/packs/osx-attacks.conf",
|
||||
// "vuln-management": "/usr/share/osquery/packs/vuln-management.conf",
|
||||
// "hardware-monitoring": "/usr/share/osquery/packs/hardware-monitoring.conf"
|
||||
}
|
||||
}
|
@ -1,9 +1,25 @@
|
||||
--force=true
|
||||
--config_path=/etc/osquery/osquery.conf
|
||||
--enroll_secret_env=ENROLL_SECRET
|
||||
--enroll_tls_endpoint=/api/v1/osquery/enroll
|
||||
--tls_hostname=dockerhost:8080
|
||||
--tls_server_certs=/etc/osquery/kolide.crt
|
||||
--host_identifier=hostname
|
||||
--verbose=true
|
||||
--tls_dump=true
|
||||
--host_identifier=hostname
|
||||
|
||||
--tls_hostname=dockerhost:8080
|
||||
--tls_server_certs=/etc/osquery/kolide.crt
|
||||
|
||||
--enroll_secret_env=ENROLL_SECRET
|
||||
--enroll_tls_endpoint=/api/v1/osquery/enroll
|
||||
|
||||
--config_plugin=tls
|
||||
--config_tls_endpoint=/api/v1/osquery/config
|
||||
--config_tls_refresh=10
|
||||
|
||||
--disable_distributed=false
|
||||
--distributed_plugin=tls
|
||||
--distributed_interval=10
|
||||
--distributed_tls_max_attempts=3
|
||||
--distributed_tls_read_endpoint=/api/v1/osquery/distributed/read
|
||||
--distributed_tls_write_endpoint=/api/v1/osquery/distributed/write
|
||||
|
||||
--logger_plugin=tls
|
||||
--logger_tls_endpoint=/api/v1/osquery/log
|
||||
--logger_tls_period=10
|
Loading…
Reference in New Issue
Block a user