empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Docs: Add disk encryption section to MDM page

Browse Source 
- Add disk encryption section
- Update transparency section of website under here's what osquery can see on your device > file contents dropdown
This commit is contained in:
RachelElysia 2023-02-03 10:37:02 -05:00 committed by GitHub
parent 7f2ff02801
commit f721e0daf5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 51 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
docs/Using-Fleet/Mobile-device-management.md
View File

@ -80,5 +80,53 @@ Fleet UI:
The Apple Business Manager server token expires after a year or whenever the account that downloaded the token has their password changed. To renew the token, follow the [instructions documented in this FAQ](https://fleetdm.com/docs/using-fleet/faq#how-can-i-renew-my-apple-business-manager-server-token).
## Disk encryption
<meta name="pageOrderInSection" value="1500">
In Fleet, you can turn on disk encryption on your macOS hosts. Apple calls this [FileVault](https://support.apple.com/en-us/HT204837). If turned on, hosts disk encryption keys will be stored in Fleet.
The disk encryption key allows you to unlock a Mac if you forgot login credentials. This key can be accessed by Fleet admin, maintainers, and observers. An event is tracked in the activity feed when a user views the key in Fleet.
### Viewing a disk encryption key
To view the disk encryption key, select a host on the **Hosts** page. On the **Host details** page, select **Actions > Show disk encryption key**.
### Unlock a device using the disk encryption key
1. Restart the device while holding Command + R
2. Open Terminal
3. Unlock the disk encryption key by executing a command similar to:
```
security unlock-keychain <path to the secure copy of the
FileVaultMaster.keychain file>
```
4. Locate the Logical Volume UUID of the encrypted disk by executing:
```
diskutil cs list
```
5. Unlock the encrypted drive with the Logical Volume UUID and disk encryption key by executing a command similar to:
```
diskutil cs unlockVolume <UUID> -recoveryKeychain <path to the secure copy of the FileVaultMaster.keychain file>
```
6. Turn off disk encryption by executing a command similar to:
```
diskutil cs revert <UUID> -recoveryKeychain <path to the secure copy of the FileVaultMaster.keychain file>
```
Once successful, you can reset the account password using the Reset Password utility and recover data by either logging in to the users account or using the command line.
1. Restart the device while pressing Command + R.
2. Open Terminal and launch the Reset Password utility by executing:
```
resetpassword
```
3. Use the Reset Password utility to reset the accounts password.
4. Restart the computer and log in using the new password.
<meta name="pageOrderInSection" value="1500">

3
website/views/pages/transparency.ejs vendored
View File

@ -105,7 +105,8 @@
<span style="color: #6A67FE; right: 0; top: 24px;" class="position-absolute fa fa-angle-down"></span>
</p>
<p id="accordion__body11" class="collapse" aria-labelledby="accordion__header11">
In the case of a cyber attack, it is possible with osquery to gain read access to files on your system. This is not a feature designed for privacy invasion, but rather a means for security teams to locate files on your device that may have been created or affected by a malicious virus.
In the case of a cyber attack, it is possible with osquery to gain read access to files on your system. This is not a feature designed for privacy invasion, but rather a means for security teams to locate files on your device that may have been created or affected by a malicious virus.<br/><br/>
Additionally, Fleet can be configured to store disk encryption keys that can be used to recover encrypted data from a macOS device.
</p>
</div>
</div>