Commit Graph

678 Commits

Author SHA1 Message Date
RachelElysia
34a2d3e483
UI Zendesk integrations (#5356) 2022-05-10 21:33:30 -05:00
Martin Angers
f05d2be767
Produce hosts' CSV report based on requested columns (#5656) 2022-05-10 14:25:53 -04:00
gillespi314
d172128183
Add label information to host summary response (#5573) 2022-05-10 10:32:55 -05:00
Martin Angers
1fa7bb7a19
Support async saving of hosts' last seen time (#5640) 2022-05-10 11:29:17 -04:00
Roberto Dip
cba78bdcd1
don't clear errors automatically when reading them from Redis (#5623)
this change prevents errors from being automatically cleared once they are read. A new flag `-flush` is introduced to flush errors on read if necessary.
2022-05-10 11:44:43 -03:00
Roberto Dip
33a482448b
improve messaging of fleetctl debug errors and archive commands (#5590)
Related to https://github.com/fleetdm/fleet/issues/5504, this change attempts to improve the output of the `fleetctl debug errors` command by:

- Adding a warning message to redact sensitive data
- Adding a `json` extension to the output file
- Allowing to stream the output to stdout via the `-stdout` flag or the `STDOUT` env var

The output after this changes is:

```
~/projects/fleet $ ./build/fleetctl debug errors
################################################################################
# WARNING:
#   The generated file may contain sensitive data.
#   Please review the file before sharing.
#
#   Output written to: fleet-errors-2022-05-05T12:46:42-03:00.json
################################################################################
```

It also modifies the output of `fleetctl debug archive`

```
################################################################################
# WARNING:
#   The files in the generated archive may contain sensitive data.
#   Please review them before sharing.
#
#   Archive written to: fleet-profiles-archive-2022-05-05T12:46:59-03:00.tar.gz
################################################################################
```
2022-05-10 10:44:06 -03:00
Noah Talerman
12b1a159b5
Prepare for 4.14.0 (#5589)
* Add changelog and bump versions

* Update changelog

* Bump version in example Kubernetes YAML

* Add last_opened_at entry to changelog
2022-05-09 18:14:01 -03:00
RachelElysia
e3c0e2d3b5
Fix password reset redux auth token issue (#5630)
Co-authored by: Sarah Gillespie <sarahgillespi314@gmail.com>
2022-05-09 10:16:35 -05:00
RachelElysia
55d2cf1f10
Integrations Page: Remove edit integration from UI, Render duplicate error message, Unique integration naming convention (#5577) 2022-05-06 12:31:11 -04:00
RachelElysia
36feff8456
App Settings Page: fix checkbox/dropdown validations (#5602) 2022-05-06 08:41:39 -04:00
RachelElysia
974d1fed42
Create integration UI: FE validation for https protocol (#5586) 2022-05-05 17:08:18 -04:00
RachelElysia
b85105113f
UI bug fix: Mac details > Software tooltip shows correctly on hover (#5597) 2022-05-05 16:47:09 -04:00
RachelElysia
1899db5202
Integration page can update to empty array (#5593) 2022-05-05 14:04:34 -04:00
Desmi-Dizney
93a4fec9ba
Editor pass - fix SELinux issue (#5576)
Editor pass for: https://github.com/fleetdm/fleet/pull/5335/files
2022-05-05 10:50:58 -05:00
Lucas Manuel Rodriguez
b6bbbbe186
Add (beta) support for Fleet Desktop to linux (#5221)
* Add (beta) support for Fleet Desktop to linux

* Add dependency for linux desktop

* Amend makefile uname check

* Clarify env vars used for linux in execuser

* Add final set of fixes

* Remove -it from docker run

* Add desktop to the update runner for Linux

* Re-arrange tag.gz and fix upgrade check for linux desktop
2022-05-04 11:14:12 -03:00
gillespi314
991c7ccadc
Add device_mapping to GET /hosts response (#5383) 2022-05-02 16:34:14 -05:00
gillespi314
1dabf52834
Add Zendesk external service integration for vulnerability automations (#5372) 2022-05-02 15:58:34 -05:00
Michal Nicpon
15c69058bb
fix SELinux issue (#5335)
Install orbit to /opt instead of /var/lib. When installing to /var/lib,
the default selinux context of var_lib_t gets applied, which results in
an AVC error when running via systemd.

Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
2022-05-02 12:18:59 -06:00
Martin Angers
ee4dfca476
Use a debug mux to support both fleet-authenticated and token-auth debug paths (#5424) 2022-05-02 08:58:03 -04:00
Martin Angers
5c0031c8f1
Change jira ticket type from Bug to Task (#5426) 2022-05-02 08:56:42 -04:00
Roberto Dip
a4725518ac
filter out Google Chrome profiles without an associated email before ingesting (#5440)
To add support for #400, we're using the macadmins/osquery-extension to gather Google Chrome profiles from hosts.

Under the hood, the extension looks and parses a json file in which Chrome stores a bunch of data. Given that emails are not required to create Chrome profiles, some of the profiles stored in this file and returned by the query we're using contain empty emails.

The idea after this change is to prevent empty emails from being ingested in the first place instead of filtering them after the fact. I have also included a migration to clean the rows with empty email columns.

Fixes #4780
2022-05-02 09:55:40 -03:00
RachelElysia
0aa8db3a2f
Spiffier UI: Fix empty states (#5395) 2022-04-29 15:59:27 -04:00
Lucas Manuel Rodriguez
f2e8329e57
Changes to support fleetctl preview with custom TUF server (#5418) 2022-04-27 18:17:20 -03:00
Martin Angers
0d0c17e0c6
Add osquery.min_software_last_opened_at_diff configuration option (#5394) 2022-04-27 09:47:09 -04:00
RachelElysia
ced15c2ee3
Bug fix: Display query name when editing a schedule (#5390) 2022-04-26 16:57:11 -04:00
Martin Angers
253baee657
Collect last_opened_at for macOS software, and return it in host details payload (#5376) 2022-04-26 14:16:59 -04:00
RachelElysia
6917331a1b
Host Details Page: Render better messaging for various empty states (#5294) 2022-04-26 14:00:47 -04:00
Michal Nicpon
a64982f96c
Remove use of JSON_ARRAYAGG (#5350)
Not supported in MySQL < 5.7.22
2022-04-25 14:43:08 -06:00
RachelElysia
5d1d963e5c
App Settings Page: All pages rendering as separate components on separate tabs (#5199) 2022-04-21 14:12:42 -04:00
RachelElysia
bed53535bb
Query Results Page: Show query modal (#5165) 2022-04-20 14:12:53 -04:00
Michal Nicpon
9f981f9e49
fleetctl query improve error message (#5141) 2022-04-20 11:35:46 -06:00
Martin Angers
fd0cd153ce
Fix SSO paths to always use /v1/ instead of /latest/ (#5246) 2022-04-20 12:46:45 -04:00
RachelElysia
9ea6fe5efa
New query and new policy: Identify optional fields to users (#5167) 2022-04-20 08:48:47 -04:00
Juan Fernandez
3228e1b5dc
Humanize duration values returned by fleetctl (#5123)
* Bug 5066: Format config durations

Change duration values returned by 'fleetctl get config --include-server-config' from nanoseconds to a human readable format.
2022-04-19 09:29:50 -04:00
Juan Fernandez
2479d58262
Using '@' in target search causes 422 error response (#5148)
* Bug 4852:

When searching for Labels, breakdown query strings containing '@' in multiple search terms to
avoid issues with MySQL FTS.
2022-04-19 09:28:49 -04:00
Lucas Manuel Rodriguez
2e7bbf960a
Add pre and post remove scripts for rpm and deb packages (#5150) 2022-04-19 09:32:47 -03:00
Lucas Manuel Rodriguez
5cb64edae5
Fix deprecation warning message on fleetctl package for deb/rpm (#5147) 2022-04-19 09:32:01 -03:00
Noah Talerman
1d0d92c865
Prepare for 4.13.0 (#5193) 2022-04-18 15:49:19 -07:00
Zach Wasserman
61a4d03f96
Update changelog for Fleet v4.12.1 (#4942) 2022-04-18 14:41:14 -04:00
Lucas Manuel Rodriguez
da171d3b8d
Merge pull request from GHSA-pr2g-j78h-84cr
* Fix access control issues with users

* Fix access control issues with packs

* Fix access control issues with software

* Changes suggested by Martin

* All users can access the global schedule

* Restrict access to activities

* Add explicit test for team admin escalation vuln

* All global users should be able to read all software

* Handbook editor pass - Security - GitHub Security (#5108)

* Update security.md

All edits are recorded by line:

395 replaced “open-source” with “open source”
411 replaced “open-source” with “open source”
439 added “the” before “comment”; replaced “repositories,” with “repositories”
445 deleted “being” before “located”
458 added “and” after “PR”
489 replaced “on” with “in”
493 replaced “open-source” with “open source”; Replaced “privileges,” with “privileges”

* Update security.md

line 479

* Update security.md

added (static analysis tools used to identify problems in code) to line 479

* Fix UI

* Fix UI

* revert api v1 to latest in documentation (#5149)

* revert api v1 to latest in documentation

* Update fleetctl doc page

Co-authored-by: Noah Talerman <noahtal@umich.edu>

* Add team admin team policy automation; fix e2e

* Update to company page of the handbook (#5164)

Updated "Why do we use a wireframe-first approach?" section of company.md

* removed extra data on smaller screens (#5154)

* Update for team automations; e2e

* Jira Integration: Cypress e2e tests only (#5055)

* Update company.md (#5170)

This is to update the formatting under "empathy" and to fix the spelling of "help text."
This was done as per @mikermcneil .
This is related to #https://github.com/fleetdm/fleet/pull/4941 and https://github.com/fleetdm/fleet/issues/4902

* fix update updated_at for aggregated_stats (#5112)

Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators

* Fix e2e test

* Fix tests in server/authz

Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Desmi-Dizney <99777687+Desmi-Dizney@users.noreply.github.com>
Co-authored-by: Michal Nicpon <39177923+michalnicp@users.noreply.github.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Martavis Parker <47053705+martavis@users.noreply.github.com>
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
2022-04-18 10:27:30 -07:00
Lucas Manuel Rodriguez
254c2c0208
Fix policies in standard query library (#5177) 2022-04-15 19:22:48 -03:00
Michal Nicpon
2dbf1d7975
fix update updated_at for aggregated_stats (#5112)
Update the updated_at column when using ON DUPLICATE UPDATE so that
the counts_updated_at is up to date

* basic sql formatting in code ie whitespace around operators
2022-04-15 14:09:47 -06:00
Zach Wasserman
f28d5ab5be
Skip Docker interfaces for host primary IP (#5119)
See #4754
2022-04-13 11:04:38 -07:00
Martin Angers
36702ede8d
Make recent vulnerabilities max age configurable. (#5081) 2022-04-12 14:48:15 -04:00
Katheryn Satterlee
1a103c52c0
Remove required password reset flag when creating new API-only user (#4666)
* Remove required password reset flag when creating new API-only user

* Add test for 'fleetctl user create' command

* Set NewUserFuncInvoked to false in between tests

Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
2022-04-12 10:57:57 -03:00
Martavis Parker
3a326cd0ac
Team policy automation (#5004)
* added teams webhook calls

* split global admin and team admin tests; added policy automation

* changes file

* fixed type errors

* fixed e2e test

* fixed typo

* fixed admin test syntax

* fixed test logic for team maintainer

* lint fixes

* more admin e2e test fixes

* fixed team policy test

* removed duplicate test
2022-04-11 14:46:35 -07:00
RachelElysia
2eeb9142b3
UI: Sort live queries/policies (#5060) 2022-04-11 17:17:24 -04:00
Martin Angers
7187f1adac
Queue jobs for Jira integration when enabled and new vulnerabilities are found. (#4975) 2022-04-11 16:42:16 -04:00
Luke Heath
d75cf11cec
Indicate that a policy's data is not yet accurate (#5031) 2022-04-11 15:21:34 -05:00
Martin Angers
5483adc26b
Detect the NOPERM error to mean redis cluster is disabled (#5058) 2022-04-11 16:17:30 -04:00
RachelElysia
d885758a6a
UI: Settings > Integrations tab, Software Vulnerabilities Webhook v. Integration (#4874) 2022-04-11 15:04:41 -04:00
RachelElysia
d1860ad86d
UI: Enter button presses action button for forms/modals (#4939) 2022-04-07 20:07:38 -05:00
gillespi314
1a2123a358
Improve UI responsiveness for tables at narrower screen sizes (#4926) 2022-04-07 14:12:38 -05:00
Lucas Manuel Rodriguez
60b7425bef
Add http basic auth to /metrics (#4974)
* Add http basic auth to /metrics

* Fixes after testing applying of a --config sample.yml

* Add unit test
2022-04-07 09:40:53 -03:00
Tomas Touceda
f2aba83a73
Extend vulnerability age to 30 (#4901) 2022-04-06 11:42:02 -03:00
RachelElysia
5642981086
Homepage & Manage Host Page: Improved empty software messages (#4953) 2022-04-06 10:08:11 -04:00
Martin Angers
193843a97d
Make a test request to Jira when saving AppConfig with an enabled jira integration (#4954) 2022-04-06 07:55:25 -04:00
gillespi314
d6e900db4b
Add macOS version information to UI dashboard (#4719) 2022-04-05 15:04:00 -05:00
Zach Wasserman
bc2137e132
Add optimization to Windows software query (#4952)
This optimizes the query in particular for Domain Controllers, where
there are a number of users with no local accounts and don't need to be
searched for software.

See #4261
2022-04-05 10:56:47 -07:00
Martin Angers
90b15071a4
Introduce API version 2022-04, deprecate use of /global in paths (#4731) 2022-04-05 11:35:53 -04:00
Lucas Manuel Rodriguez
57816592ba
Add read replica testing helpers and fix non-sso login bug (#4908)
not set on the INSERT.
- OUT: Only sets the ID on the passed session and returns it. (`CreatedAt`, `AccessedAt`, are not set.)

New version:

```go
func (ds *Datastore) NewSession(ctx context.Context, userID uint, sessionKey string) (*fleet.Session, error) {
	sqlStatement := `
		INSERT INTO sessions (
			user_id,
			` + "`key`" + `
		)
		VALUES(?,?)
	`
	result, err := ds.writer.ExecContext(ctx, sqlStatement, userID, sessionKey)
	if err != nil {
		return nil, ctxerr.Wrap(ctx, err, "inserting session")
	}

	id, _ := result.LastInsertId() // cannot fail with the mysql driver
	return ds.sessionByID(ctx, ds.writer, uint(id))
}
```

- IN: Define arguments that are truly used when creating a session.
- OUT: Load and return the fleet.Session struct with all values set (using the `ds.writer` to support read replicas correctly).

PS: The new `NewSession` version mimics what we already do with other entities, like policies (`Datastore.NewGlobalPolicy`).
2022-04-04 16:52:05 -07:00
RachelElysia
53ca15e93b
Manage Host Page: Export hosts as CSV (#4917) 2022-04-04 14:53:14 -04:00
RachelElysia
5cce257e1e
Host Details Page: Software vulnerability column (#4836) 2022-04-04 12:33:02 -04:00
RachelElysia
b834e7d2f5
Remove viewing enroll secrets on app settings page, add changelog (#4896) 2022-04-04 12:27:13 -04:00
Lucas Manuel Rodriguez
c82c580716
Orbit: Add Fleet Desktop support to Windows (#4873)
* Orbit: Add Fleet Desktop support to Windows

* Rename workflow, fix linux build

* Do not compile systray on linux

* nolint on unused

* Fix lint properly

* nolint both checkers

* Fix monitor logic in desktopRunner

* Fix interrupt and execute order
2022-04-01 17:28:51 -03:00
Michal Nicpon
d8d582760d
fix rename tmp file (#4862)
Renaming a temporary file to the final destination does not always work.
Specifically, if the source and destination paths are on different file
systems, you will get the following error

 invalid cross-device link

Instead, create temporary file in the destination directory.
2022-04-01 09:03:11 -06:00
Luke Heath
dbaef5a37b
Fix table headers showing or misaligned when selection is active (#4892) 2022-03-31 16:10:11 -05:00
Martin Angers
71f2690ada
Add Jira integrations config support (#4863) 2022-03-30 09:10:02 -04:00
RachelElysia
118ae6499b
UI Accessibility: Ability to tab through app (#4699) 2022-03-28 17:31:36 -04:00
Michal Nicpon
a6902cc083
Add os versions endpoint (#4749) 2022-03-28 09:15:45 -06:00
Noah Talerman
8e9a814d4b
Prepare for 4.12.0 (#4797)
- Update CHANGELOG
- Bump versioning
- Tweak documentation
  - Default `session_duration` to `5d`
  - Add extra `#` to "Team policies" section so it doesn't show up in top level nav for docs
2022-03-24 17:24:08 -07:00
Martin Angers
c4946335ff
Add migration to cleanup host-related tables (#4778)
#4448
2022-03-23 15:22:10 -07:00
Lucas Manuel Rodriguez
eeb73a42db
Fleetctl preview to clean up osquery socket before starting orbit (#4729)
* Fleetctl preview to clean up osquery socket before starting orbit

* Use os.Remove
2022-03-22 18:00:00 -03:00
RachelElysia
dc8921fed1
Remove fleet desktop checkbox (#4730) 2022-03-22 11:23:59 -04:00
gillespi314
eb5c9bf7b7
Add advanced installer info to add hosts modal (#4644) 2022-03-21 17:08:13 -05:00
Michal Nicpon
7b671ac2a3
Add team failing policies webhook (#4633)
* add config to teams
* update api docs
* update tests
2022-03-21 13:16:47 -06:00
Lucas Manuel Rodriguez
ecdfd627b6
Fleet Desktop MVP (#4530)
* WIP

* WIP2

* Fix orbit and fleetctl tests

* Amend macos-app default

* Add some fixes

* Use fleetctl updates roots command

* Add more fixes to Updater

* Fixes to app publishing and downloading

* Add more changes to support fleetctl cross generation

* Amend comment

* Add pkg generation to ease testing

* Make more fixes

* Add changes entry

* Add legacy targets (until our TUF system exposes the new app)

* Fix fleetctl preview

* Fix bool flag

* Fix orbit logic for disabled-updates and dev-mode

* Fix TestPreview

* Remove constant and fix zip-slip attack (codeql)

* Return unknown error

* Fix updater's checkExec

* Add support for executable signing in init_tuf.sh

* Try only signing orbit

* Fix init_tuf.sh targets, macos-app only for osqueryd

* Specify GOARCH to support M1s

* Add workflow to generate osqueryd.app.tar.gz

* Use 5.2.2 on init_tuf.sh

* Add unit test for tar.gz target

* Use artifacts instead of releases

* Remove copy paste residue

* Fleet Desktop Packaging WIP

* Ignore gosec warning

* Trigger on PR too

* Install Go in workflow

* Pass url parameter to desktop app

* Fix fleetctl package

* Final set of changes for v1 of Fleet Desktop

* Add changes

* PR fixes

* Fix CI build

* add larger menu bar icon

* Add transparency item

* Delete host_device_auth entry on host deletion

* Add SetTargetChannel

* Update white logo and add desktop to update runner

* Add fleet-desktop monitoring to orbit

* Define fleet-desktop app exec name

* Fix update runner creation

* Add API test before enabling the My device menu item

Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2022-03-21 14:53:53 -03:00
gillespi314
deeaf9d036
Add ability to detect compatibility and update which hosts are checked for a policy (#4703)
Add new usePlatformSelector custom hook
Add new usePlatformCompatibility custom hook
Add new PlatformSelector global component
Refactor PlatformCompatibility as global component
Refactor sql_tools to TypeScript
Improve type definitions for context/policy
Align PolicyPage and QueryPage with platform compatibility changes
2022-03-21 11:51:00 -05:00
Benjamin Edwards
74bb559645
Add public ip to hosts & derive geolocation when rendering host (#4652)
* geoip wip
* return nil if ip is empty string or if ParseIP returns nil
* add ui component to render geolocation if available, address PR feedback
* render public ip if available
* add changes file, document geoip in deployment guide
* update rest-api docs
2022-03-21 12:29:52 -04:00
RachelElysia
84de0b7db0
Fleet Desktop device user page (#4589) 2022-03-21 09:38:59 -04:00
RachelElysia
d661d23956
New/Edit Packs Page: Fix hover of pack's target selector (#4592) 2022-03-18 16:01:29 -04:00
gillespi314
c12098577b
Add UI for global admin to reset user passwords (#4613) 2022-03-16 11:05:05 -05:00
Lucas Manuel Rodriguez
d2ba34c8fc
Add distributed discovery query support for detail queries, add orbit… (#4597)
* Add distributed discovery query support for detail queries, add orbit_info ingestion

* Amend changes file
2022-03-15 16:51:00 -03:00
Martin Angers
bb678b6b2e
Add support for downloading a list of hosts in CSV format (#4596) 2022-03-15 15:14:42 -04:00
Lucas Manuel Rodriguez
f4d3159cc9
Fleetctl to package .app bundles for osquery (and changes for orbit to support them) (#4393)
* WIP

* WIP2

* Fix orbit and fleetctl tests

* Amend macos-app default

* Add some fixes

* Use fleetctl updates roots command

* Add more fixes to Updater

* Fixes to app publishing and downloading

* Add more changes to support fleetctl cross generation

* Amend comment

* Add pkg generation to ease testing

* Make more fixes

* Add changes entry

* Add legacy targets (until our TUF system exposes the new app)

* Fix fleetctl preview

* Fix bool flag

* Fix orbit logic for disabled-updates and dev-mode

* Fix TestPreview

* Remove constant and fix zip-slip attack (codeql)

* Return unknown error

* Fix updater's checkExec

* Add support for executable signing in init_tuf.sh

* Try only signing orbit

* Fix init_tuf.sh targets, macos-app only for osqueryd

* Specify GOARCH to support M1s

* Add workflow to generate osqueryd.app.tar.gz

* Use 5.2.2 on init_tuf.sh

* Add unit test for tar.gz target

* Use artifacts instead of releases

* Remove copy paste residue

* Trigger workflow on PR

* Fixes to ease handling of artifact

* Fix, do not use target name as dir

* Remove workaround
2022-03-15 16:04:12 -03:00
Martin Angers
fc01947ae7
Allow global admin to change anyone's password. (#4582) 2022-03-15 08:11:53 -04:00
RachelElysia
bb6db2434e
Fleet UI: Enable and disable automation slider (#4554) 2022-03-11 11:56:14 -06:00
Michele Preziuso
68330bd38f
Add support for Amazon Linux 2 (#4555) 2022-03-10 15:47:24 -07:00
RachelElysia
5e3bcc4a61
React tab focus bug fix (#4538) 2022-03-10 16:16:07 -06:00
RachelElysia
a022a11ebf
Frontend Tech Debt: Typescript types (#4319) 2022-03-10 10:10:44 -05:00
Benjamin Edwards
f8cf6ea91c
make context type value header configurable (#4441)
* make context type value header configurable
* populate config
2022-03-09 17:22:29 -05:00
Martin Angers
a1c67547b3
Add new endpoints to retrieve device information by orbit identifier (#4531) 2022-03-09 16:13:56 -05:00
RachelElysia
e21299c124
Add Host Modal: Generate fleet installer with fleet desktop (#4522) 2022-03-09 10:49:19 -05:00
RachelElysia
8935515a08
App Settings Page: Align global secret buttons (#4519) 2022-03-09 09:16:45 -05:00
Michal Nicpon
1aa7b96837
change session duration to 5 days (#4480) 2022-03-07 15:37:54 -07:00
RachelElysia
02fa778788
Refactor Query/Policy UX (#4334) 2022-03-07 15:10:23 -05:00
Noah Talerman
937cd7f2eb
Update changelog and bump versioning (#4497) 2022-03-07 11:08:51 -06:00
RachelElysia
082dc4d755
Fix diff overriding agent options (#4479) 2022-03-04 16:20:22 -06:00
RachelElysia
91a6b38851
Replace github docs with fleetdm docs (#4458) 2022-03-04 14:00:27 -05:00
RachelElysia
c79c9030f1
Bug fix: Whitespace on remaining label tooltips (#4454) 2022-03-04 11:36:12 -05:00