Commit Graph

42 Commits

Author SHA1 Message Date
John Murphy
1e92f8fcfd gRPC Server for Launcher (#1544)
Add a gRPC server that will interact with osquery through Launcher. This endpoint will expose the osquery configuration suitable for use via the Launcher plugin, and collect log and query results.
2017-08-17 16:43:02 -05:00
Zachary Wasserman
68522c3c09 Add agent-api and appropriate changes to builder image (#1546)
- Add SSH configuration to allow checkout of Kolide private repos in CI
- Add kolide/agent-api repo to glide.yaml
- Update testify version to fix broken test build

Closes #1545
2017-08-10 12:45:55 -07:00
John Murphy
990c911867 Fix user menu on Firefox (#1542)
Closes #1536

Firefox doesn't propagate mouse events to components nested inside a button element. So we switch button to a div to fix.
2017-08-02 14:02:09 -05:00
Mike Arpaia
018b91ab2c Rename project to Kolide Fleet (#1529) 2017-06-22 15:50:45 -04:00
John Murphy
019191c36b SSO Login and Configuration Support (#1506)
Closes issue #1456 This PR adds a single sign on option to the login form, exposes single sign on to the end user, and allows an admin user to set single sign on configuration options.
2017-05-17 10:58:40 -05:00
John Murphy
368b9d774c Server Side SSO Support (#1498)
This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows.

A Kolide user attempts to access a protected resource and is directed to log in.
If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in.
The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end.
The IDP calls the server, invoking CallbackSSO with the auth response.
We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL.
I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test
2017-05-08 19:43:48 -05:00
Zachary Wasserman
5a69cf1530 Update TLS cert documentation (#1499) 2017-04-27 14:11:04 -04:00
John Murphy
2945031a86 Fix bug in Osquery import and updated import docs (#1478)
This PR contains a fix for a bug that turned up when I was testing configimporter. If the platform field is not specified, its supposed to default to all per the osquery configuration spec. The default was not properly implemented, and if the platform value was missing from the imported configuration it failed. The PR also added instructions to the api documentation describing how to import an osquery configuration.
2017-04-23 19:41:27 -05:00
Zachary Wasserman
629a740b45 Require JWT Key to be specified for server startup (#1480)
If server is started without a JWT key, a message like the following is printed:
```
################################################################################
# ERROR:
#   A value must be supplied for --auth_jwt_key. This value is used to create
#   session tokens for users.
#
#   Consider using the following randomly generated key:
#   om3w95gMA2drT5xAdLd2Q5oE8fLw+Miz
################################################################################
```

Closes #1480.
2017-04-12 15:05:56 -07:00
Mike Arpaia
40610e508f Removing app_token_key from documentation (#1489)
d3eb3b7272 removed `app_token_key` from
the application, but not the docs.
2017-04-12 09:57:19 -06:00
John Murphy
c90368c4af Changed default osquery logging behavior
Made log rotation for osquery results and status logs optional.  This required writing the logwriter package which is a drop in replacement for lumberjack.  We still use lumberjack if the log rotation flag --osquery_enable_log_rotation flag is set. Note that the performance of the default is quite a bit better than lumberjack.


BenchmarkLogger-8       	 2000000	       747 ns/op
BenchmarkLumberjack-8   	 1000000	      1965 ns/op
PASS
BenchmarkLogger-8       	 2000000	       731 ns/op
BenchmarkLumberjack-8   	 1000000	      2040 ns/op
PASS
BenchmarkLogger-8       	 2000000	       741 ns/op
BenchmarkLumberjack-8   	 1000000	      1970 ns/op
PASS
BenchmarkLogger-8       	 2000000	       737 ns/op
BenchmarkLumberjack-8   	 1000000	      1930 ns/op
PASS
2017-04-03 16:48:50 -05:00
Zachary Wasserman
be34ecc557 Add a debug endpoint for collecting performance statistics and profiles. (#1461)
When `kolide serve --debug` is used, additional handlers will be started to
 provide access to profiling tools. These endpoints are authenticated with a
 randomly generated token that is printed to the Kolide logs at startup. The
 profiling tools are not intended for general use, but they may be useful when
 providing performance-related bug reports to the Kolide developers.
2017-03-31 09:56:38 -07:00
Victor Vrantchan
cab8ed7c00 remove references to missing bits (#1434) 2017-03-20 10:42:47 -04:00
Kyle Knight
a64d88ff67 Update Webpack to v2 (#1393) 2017-03-13 15:13:33 -04:00
Zachary Wasserman
b4e40cf466 Warn before running migrations (#1385)
- Refactor MigrationStatus() to return relevant info
- Warn before running migrations

Closes #1368
2017-03-09 10:40:52 -08:00
Mike Stone
a56dba63a2 Get app to work in IE (#1344)
* Use lodash for endsWith support
* Fix IE Promise and Object.assign
2017-03-03 12:21:07 -05:00
Zachary Wasserman
3d6ca7d5a4 Use sockjs to gracefully degrade websockets (#1255)
Use the [SockJS Protocol](https://github.com/sockjs/sockjs-protocol) to handle
bidirectional communication instead of plain websockets. This allows
distributed queries to function in situations in which they previously failed
(Load balancers not supporting websockets, issues with Safari and self-signed
certs, etc.).

Also includes fixes to the JS message handling logic where slightly different
message delivery semantics (when using XHR) were exposing bugs.

Fixes #1241, #1327.
2017-03-01 13:14:26 -08:00
Zachary Wasserman
d0bc2e5a87 Add updating kolide documentation (#1302)
Also add quickstart script information to install docs.

Closes #1300
2017-02-24 11:11:46 -08:00
Victor Vrantchan
8d4d6fa486 update flag documentation (#1280)
updates documentation to account for changes introduced in #1266
2017-02-23 13:46:34 -05:00
Victor Vrantchan
1ee94d4f75 add mysql client certificate support (#1240) 2017-02-16 17:14:00 -07:00
Mike Arpaia
a90bb0f623 Updating the migrations docs (#1218) 2017-02-14 13:16:26 -07:00
Mike Arpaia
e8f1285364 Removing glide instructions from building code docs (#1217)
I think these were useful when none of us knew how to use glide except
@groob and needed copy-pasteable commands to run, but this seems like
it's much less useful now.
2017-02-14 13:16:16 -07:00
Mike Arpaia
b8805803fd Installation docs (#1214)
* Adding infrastructure install documentation

* publishing the latest tag on releases
2017-02-13 15:57:16 -07:00
Mike Arpaia
77243b36e3 Linking to the wiki page for public domain licenses (#1206) 2017-02-10 15:51:40 -07:00
Zachary Wasserman
672aaaad6c Proper handling of link for Public Domain in lint-license (#1205) 2017-02-10 14:28:52 -08:00
Mike Arpaia
c16230dac8 Adding a README to the third-party docs and renaming a file (#1204) 2017-02-10 15:11:36 -07:00
Zachary Wasserman
728c2c3475 Add license linting and dependencies.md (#1184)
Adds a `make lint-license` command that will crawl through the Golang and
Javascript dependencies, trying to automatically determine the license of each
dependency. If any dependencies have incompatible licensing (or if the
automatic detection fails), the tool will print an error and exit with a
non-zero status code. After a successful run, the
docs/third-party/dependencies.md file will be updated with attribution
information as determined by the crawl.

The configuration file has been bootstrapped with the manual analysis needed for
all of the existing dependencies.
2017-02-10 12:51:33 -08:00
Zachary Wasserman
f4060402f4 Migrate NPM to Yarn (#1197)
- Modify `make deps` to use yarn
- Add `yarn.lock`
- Add yarn to `kolide-builder` docker image
- Remove `npm-shrinkwrap.json`
- Remove build for `node-sass` (fixes #1151)
2017-02-10 10:22:26 -08:00
Victor Vrantchan
838c73ff0a add graceful server shutdown (#1185)
* add graceful server shutdown

Also refactors server to use `http.Server` instead of the global
http.ListenAndServe method. In the future it allows us to set
ratelimits and timeouts for http connections.
2017-02-07 16:02:08 -05:00
Mike Arpaia
25b56e6ee5 Making the case of section headers more consistent in application docs (#1173) 2017-02-05 11:44:32 -07:00
Mike Arpaia
646574c874 Fixing broken docs links (#1169) 2017-02-03 09:47:45 -07:00
Mike Arpaia
22118dfdac Force links to README (#1166) 2017-02-02 15:51:02 -07:00
Mike Arpaia
8f433d81ae Cursory application documentation (#1165)
* Running Queries

* Scheduling Queries

* Configuring Osquery Options

* Working With Osquery Logs

* kolide for the osquery user
2017-02-02 15:13:54 -07:00
Mike Arpaia
a000751bfe renaming kolide-ose to kolide (#1143) 2017-02-01 10:20:50 -07:00
Mike Arpaia
ee7c12e36e Filling in some forgotten descriptions (#1136) 2017-01-30 22:13:08 -07:00
Mike Arpaia
e17ab76cff Setting up and using Kolide (#1133) 2017-01-30 18:51:10 -07:00
Mike Arpaia
e23d081a89 State of affairs API docs (#1106) 2017-01-26 11:16:13 -07:00
Mike Arpaia
2938a8438f installing kolide documentation (#1107) 2017-01-26 11:15:40 -07:00
Mike Arpaia
a4d9fe8dfd Documentation Structure (#1101)
Initial structure and content for the Kolide documentation.
2017-01-25 14:51:00 -07:00
Victor Vrantchan
3e5ff9060f make mac enrollment package (#1088)
* make mac enrollment package

* add doc

* validate certificate and load the launchd without restarting
2017-01-25 16:29:24 -05:00
Jason Meller
b0587a958e Add initial host documentation (#1049) 2017-01-20 10:14:53 -05:00
Jason Meller
4a7e74fdfa Add Contrived Documentation (#736)
* Add some contrived documentation for testing

* Fix broken images
2017-01-04 14:22:38 -07:00