- In tests and documentation, replace `@fleetdm.com` with `@example.com`
- In documentation, replace `hello@fleetdm.com` with `fleetdm.com/contact`
- In documentation, replace `security@fleetdm.com` with `fleetdm.com/contact`
- In Dockerfiles, replace `engineering@fleetdm.com` with `hello@fleetdm.com`. These two files are the only remaining files with a `@fleetdm.com` email.
- Add link to "Fleet 3.11.0 released with software inventory" to location in docs where software inventory is described.
- Change "host details" to "host vitals"
- Accept Teams as a searchable target type for the target selection API.
- Accept Teams for targets in running live queries.
- Refactoring to support these changes.
- Update API documentation.
- Move host `additional` into a separate table.
- Join when that data is needed.
- API change: `/api/v1/fleet/hosts` now returns only the requested
`additional` columns, unless `*` is provided as the sole argument.
Background:
A customer reported that MySQL binlogs grew huge and replication lag
went way up when data was stored in the `additional` column. In this
deployment MySQL was running with ROW replication. This would cause the
entire `additional` data to be copied on each update of the host checkin
time. While switching to STATEMENT or MIXED replication would likely
mitigate the issue, this was not an option in their environment.
- Include only hosts that the user has access to in search targets API.
- Add parameter to specify whether `observer` hosts should be included.
- Generate counts based on which hosts user can access.
- Update API doc.
- Add question that addresses upgrading from Kolide Fleet to FleetDM Fleet
- Edit "Automatically add hosts to packs" question and move portion about `targets` field to `fleetctl` docs
Adds the following queries to the Standard query library:
- Get authorized keys for Local Accounts
- Get authorized keys for Domain Joined Accounts
- Get current users with active shell/console on the system
- Get Disk encryption status
- Detect Unencrypted SSH Keys for Local Accounts
- Detect Unencrypted SSH Keys for Domain Joined Accounts
- Line parsed values from system and user cron/tab
- Detect Dynamic Linker Hijacking (MITRE. T1574.006)
- Get etc hosts entries
- Get Network Interfaces
- Get Local User Accounts
- Detect active user accounts on servers
- Detect Nmap Scanner
- Get docker images on a system
- Get docker running containers on a system
- Get docker running process on a system
- Create `/configuration-files/` directory inside of `/1-Using-Fleet` directory. This directory contains example Fleet configuration files in yaml format. Replaces the `/examples` directory.
- Create `/standard-query-library/` directory inside of `/1-Using-Fleet` directory. This directory contains the new `standard-query-library.yml`. This file will act as the source of community contributions to the standard query library.
- Edit references to `/examples` directory
This feature enables a new config option (redis.duplicate_results). When set to true, all Live Query results will be copied to an additional Redis pubsub channel named LQDuplicate
This is useful in a scenario that would involve shipping the Live Query results outside of Fleet, near-realtime.
This allows the host details to be refetched on the next check in,
rather than waiting for the normal interval to go by. Associated UI
changes are in-progress.
- Migration and service methods for requesting refetch.
- Expose refetch over API.
- Change detail query logic to respect this flag.
Add a config setting to allow copying message fields and decorations into Google Pub/Sub attributes, making it possible to use these values for subscription filters.
My changes to the documentation file structure made in #717 resolved all broken documentation links on the `master` branch but not on the `teams` branch. As a result, those developing on the `teams` branch always get a ❌ for the "Markdown link check" test.
- Add relative markdown links in the `teams` branch to resolve failed link test
- Add section on contributing to Fleet documentation. This section covers the use of relative links and best practices for anchor links
- Add 3 questions and their respective answers to the FAQ section in the `1-Using-Fleet` docs
- Add new `2-Orbit-osquery/` directory to the top-level `docs/` directory.
- Rename `2-Deployment/` -> `3-Deployment/` to accommodate new Orbit directory.
- Rename `3-Contribution/` -> `4-Contribution/` to accommodate new Orbit directory.
- Add FAQ section to Orbit documentation.
This PR concludes the Complete API documentation project #43
Add documentation for the following endpoints:
- api/v1/status/live_query
- api/v1/status/result_store
- api/v1/sso/callback
- Maintain software inventory with detail queries.
- Associated database migrations.
- Feature flagged off by default (see documentation for details to turn on).
- Documentation.
- New test helper for slice element comparisons skipping ID.
- Add 2 sections in `CONTRIBUTING.md` these 2 sections correspond to the "Bug report" and "Report a security vulnerability" issue templates
- Add "Is this an issue with the Fleet UI" to "Bug report" section in `CONTRIBUTING.md`. This includes a walkthrough for opening the browser's JS console and network requests
- Fix misspelled file name
This PR contains the initial implementation of the fleetctl updates commands, along with documentation on using this to self-host an agent update server.
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
This PR includes various fixes to anchor links used in the documentation.
There are certain characters GitHub doesn't support for the use of anchor links in markdown files. The general rule I've found is to only use a-z or A-Z characters in anchor links. All other characters should be removed.
For example, consider the section title How do I connect to the Mailhog simulated server?. The valid GitHub anchor link for this section is #how-do-i-connect-to-the-mailhog-simulated-server. Notice no ?.
Closes#494
The api/v1/fleet/queries/run_by_names endpoint was incorrectly documented as discussed in #409. This PR includes the fix.
- Add the query parameter to the queries/run_by_names endpoint and edit the example requests to include this parameter.
This PR includes two documentation fixes.
1. Remove the support property from the osquery queries spec in the fleetctl docs. The support property is not a feature of osquery or Fleet.
2. Edit the api/v1/fleet/queries/run_by_names with accurate examples. This endpoint sends query targets (hosts and labels) by name (hostname and label name). Contrast this with the api/v1/fleet/queries/run which sends query targets by id (host id and label id)
Resolves#409
This PR is part of the Complete documentation for Fleet API project #43.
The endpoint included in these changes:
- POST /api/v1/fleet/reset_password
- GET /api/v1/fleet/sessions/{id}
- DELETE /api/v1/fleet/sessions/{id}
- POST /api/v1/fleet/queries/delete
- GET /api/v1/fleet/email/change/{token}
The enrollment cooldown period was sometimes causing problems when
osquery (probably unintentionally, see
https://github.com/osquery/osquery/issues/6993) tried to enroll more
than once from the same osqueryd process.
We now set this to default to off and make it configurable. With #417
this feature may be unnecessary for most deployments.
Osquery now exposes more information during host enrollment than Fleet
previously handled. We can use this to provide more options to users in
problematic enrollment scenarios.
Users can configure --osquery_host_identifier in Fleet to set which
identifier is used to determine uniqueness of hosts. The
default (provided) replicates existing behavior in Fleet. For many
users, setting this to instance will provide better enrollment
stability.
Closes#373
Add documentation on the websocket endpoints in the Fleet API. These endpoints allow users to retrieve live query results.
Endpoints added include:
- `api/v1/fleet/results`
- `api/v1/fleet/results/websockets`
- Fix api/v1/fleet/queries/run endpoint. Prior the fix, the endpoint was incorrectly documented as api/v1/fleet/spec/queries/run
- Fix api/v1/fleet/queries/run_by_names endpoint. Prior the fix, the endpoint was incorrectly documented as api/v1/fleet/queries/run
The endpoint included in these changes:
- /api/v1/kolide/carves GET
- /api/v1/kolide/carves/{id} GET
- /api/v1/kolide/users/{id} PATCH
- /api/v1/kolide/users/{id}/enable POST
- /api/v1/kolide/users/{id}/admin POST
- /api/v1/kolide/users/{id}/require_password_reset POST
- /api/v1/kolide/users/{id}/sessions GET
- /api/v1/kolide/users/{id}/sessions DELETE
- Add query parameter to the /api/v1/fleet/hosts endpoint and edit the example request and response.
- Add query parameter to the /api/v1/fleet/labels/{id}/hosts endpoint
These changes support the ability to perform a search on the Hosts table by hostname, machine_serial, and ipv4.
This PR is part of the Complete documentation for Fleet API project #43.
The endpoint included in these changes:
- `POST api/v1/fleet/targets`
Additional changes:
- Now order_key and order_direction are included in the parameters table for endpoints that support them. Fixes#326
- Change endpoints to `api/v1/fleet` naming
This PR is part of the Complete documentation for Fleet API project #43.
The endpoints included in these changes:
- /labels POST
- /labels/{id} PATCH
- /labels/{id} GET
- /labels GET
- /labels/{id}/hosts GET
- /labels/{name} DELETE
- /labels/id/{id} DELETE
- /spec/labels POST
- /spec/labels GET
- /spec/labels/{name} GET
- Support both /api/v1/fleet and /api/v1/kolide routes in server.
- Add logging for use of deprecated routes.
- Rename routes in frontend JS.
- Rename routes and add notes in documentation.
In #212 these settings were updated and caused connectivity issues for
users in common environment configurations. The new changes are
aggressive (modern enforces TLS 1.3) and Mozilla indicates that
intermediate is an appropriate default. This will ensure better
compatibility for common deployments while still allowing the option to
use the strictest settings.
Document unintentional mismatched yaml key.
Fixes#269
- Add --dev flag that will set default flag values. This simplifies the
invocation of Fleet in a development environment.
- Change defaults in docker-compose to use `fleet` in place of `kolide`.
- Skip prompt in `prepare db` when `--dev` specified.
- Update developer documentation.
Updates to MySQL configuration in docker-compose.yml may require
existing development containers and volumes to be deleted (this will
delete data in MySQL):
```shell
docker-compose rm -sf
docker volume rm fleet_mysql-persistent-volume
```
Closes#170
Reformat the anchor links for specific endpoints by moving these links to their respective sections.
The endpoints included in these changes:
- /api/v1/kolide/packs POST
- /api/v1/kolide/packs/{id} PATCH "modify_pack"
- /api/v1/kolide/packs/{id} GET "get_pack"
- /api/v1/kolide/packs GET "list_packs"
- /api/v1/kolide/packs/{name} DELETE "delete_pack"
- /api/v1/kolide/packs/id/{id} DELETE "delete_pack_by_id"
- /api/v1/kolide/packs/{id}/scheduled GET "get_scheduled_queries_in_pack"
- /api/v1/kolide/schedule POST "schedule_query"
- /api/v1/kolide/schedule/{id} GET "get_scheduled_query"
- /api/v1/kolide/schedule/{id} PATCH "modify_scheduled_query"
- /api/v1/kolide/schedule/{id} DELETE "delete_scheduled_query"
- /api/v1/kolide/spec/packs POST "apply_pack_specs"
- /api/v1/kolide/spec/packs GET "get_pack_specs"
- /api/v1/kolide/spec/packs/{name} GET "get_pack_spec"
The endpoints included in these changes:
- /api/v1/kolide/queries/{id} GET
- /api/v1/kolide/queries/{id} PATCH
- /api/v1/kolide/queries/{name} DELETE
- /api/v1/kolide/queries GET
- /api/v1/kolide/queries POST
- /api/v1/kolide/queries/id/{id} DELETE
- /api/v1/kolide/spec/queries POST
- /api/v1/kolide/spec/queries GET
- /api/v1/kolide/spec/queries/{name} GET
- /api/v1/kolide/queries/run POST
- /api/v1/kolide/queries/run_by_names POST
The endpoints included in these changes:
- /api/v1/kolide/host_summary GET
- /api/v1/kolide/hosts/{id} GET
- /api/v1/kolide/hosts/identifier/{identifier} GET
- /api/v1/kolide/hosts/{id} DELETE
- /api/v1/kolide/spec/osquery_options POST
- /api/v1/kolide/spec/osquery_options GET
Mozilla's recommended settings have changed since this was last updated.
We now link directly to the relevant revision in the Mozilla wiki to
avoid confusion if this is updated.
This PR is part of the Complete documentation for Fleet API project #43.
The endpoints included in these changes:
- /api/v1/kolide/config/certificate GET
- /api/v1/kolide/config GET
- /api/v1/kolide/config PATCH
- /api/v1/kolide/spec/enroll_secret POST
- /api/v1/kolide/spec/enroll_secret GET
- /api/v1/kolide/invites POST
- /api/v1/kolide/invites GET
- /api/v1/kolide/invites/{id} DELETE
- /api/v1/kolide/invites/{token} GET
- Quick attempt to alleviate potential confusion for how the osquery configuration overrides option works
- Leave in the commented explanation in the sample yaml file
- Split the array of objects to separate objects for each pattern in ignorePatterns. Rename the key in each object to "pattern." The documentation for the example config file is poor.
- Add hello@fleetdm.com and /server/datastore/mysql/migrations/ to ignorePatterns
- Add 999 to aliveStatucCodes (Seems to be a LinkedIn edge case)
- Fix all broken markdown links
The current implementation of FleetDM doesn't support Docker secrets for supplying the MySQL password and JWT key. This PR provides the ability for a file path to read in secrets. The goal of this PR is to avoid storing secrets in a static config or in an environment variable.
Example config for Docker:
```yaml
mysql:
address: mysql:3306
database: fleet
username: fleet
password_path: /run/secrets/mysql-fleetdm-password
redis:
address: redis:6379
server:
address: 0.0.0.0:8080
cert: /run/secrets/fleetdm-tls-cert
key: /run/secrets/fleetdm-tls-key
auth:
jwt_key_path: /run/secrets/fleetdm-jwt-key
filesystem:
status_log_file: /var/log/osquery/status.log
result_log_file: /var/log/osquery/result.log
enable_log_rotation: true
logging:
json: true
```
