Commit Graph

147 Commits

Author SHA1 Message Date
James Thomas
5e5e4f3918 Add Support for SMTP LOGIN Authentication Method (#1988)
This PR adds support for the SMTP LOGIN authentication method. Office 365 Exchange removed support for PLAIN authentication some time ago, and only supports LOGIN and an OAuth2 authentication method. This patch has been tested with a licensed O365 account. This method should also be usable with any other email server that advertises LOGIN in its 250-AUTH response.

Note: If using this with O365, the account used must not have MFA enabled.

Closes #1663
2019-01-14 12:35:23 -08:00
Zachary Wasserman
be6a16959a Fix error messages related to null users as creators of queries. (#1928)
Ensure that the queries page still loads even when users are deleted manually
in the DB.

Fixes #1911
2018-10-11 13:22:43 -07:00
Zachary Wasserman
79b2249e69
Allow update of settings page without enabling SMTP (#1903)
Fixes #1871
2018-09-07 15:37:35 -07:00
Zachary Wasserman
06832697d0
Fix deletion of labels in UI (#1848)
- Add endpoint for deletion of label by ID
- Use ID endpoint from frontend JS

Fixes #1847
2018-06-25 13:56:59 -07:00
Zachary Wasserman
08a2dc73cd
Fix bugs with packs created in UI (#1843)
- Delete duplicate queries in packs created by the UI (because the duplicates
  were causing undefined behavior). Now it is not possible to schedule
  duplicates in the UI (but is in fleetctl).
- Fix bug in which packs created in UI could not be loaded by fleetctl.
2018-06-21 17:06:44 -07:00
Zachary Wasserman
6424a029ee
Fix labels UI issues in Fleet 2.0 (#1830)
Replaces the UI endpoints for creating and modifying labels. These were removed
in #1686 because we thought we were killing the UI.

Now labels can be created and edited in the UI again.
2018-06-18 10:09:08 -07:00
Zachary Wasserman
0b7747bef0
Fix pack and query UI issues in Fleet 2.0 (#1829)
Replaces (and appropriately refactors) a number of endpoints that were removed long ago when we decided to kill the UI with the fleetctl release. We turned out not to do this, and now need to restore these missing endpoints.

This is not a straight up replacement of the existing code because of refactoring to the DB schemas that was also done in the migration.

Most of the replaced code was removed in #1670 and #1686.

Fixes #1811, fixes #1810
2018-06-15 10:13:11 -04:00
Mike Arpaia
abab0d4691
Add fleetctl convert command for migrating packs to Fleet's format (#1790) 2018-05-21 10:26:22 -06:00
Zachary Wasserman
b80e0a102d
Add fleetctl query command (#1784)
Allow queries targeted by hostname and label name.
2018-05-17 15:54:34 -07:00
Thordur Bjornsson
929000ba28 server: formatting (#1788) 2018-05-16 23:52:24 -06:00
Zachary Wasserman
87331b47e2
Return 404 errors where appropriate in spec endpoints (#1777) 2018-05-09 16:54:42 -07:00
Mike Arpaia
ab23e60a98
Add fleetctl get label, pack, query for individual items by name (#1768)
This PR adds support for getting resources by name.

```
$ fleetctl get queries
no queries found

$ fleetctl apply -f ./query.yaml
[+] applied 1 queries

$ fleetctl get queries
+-----------------+--------------------------------+--------------------------------+
|      NAME       |          DESCRIPTION           |             QUERY              |
+-----------------+--------------------------------+--------------------------------+
| osquery_version | The version of the Launcher    | select launcher.version,       |
|                 | and Osquery process            | osquery.version from           |
|                 |                                | kolide_launcher_info launcher, |
|                 |                                | osquery_info osquery;          |
+-----------------+--------------------------------+--------------------------------+

$ fleetctl get query osquery_version
apiVersion: v1
kind: query
spec:
  description: The version of the Launcher and Osquery process
  name: osquery_version
  query: select launcher.version, osquery.version from kolide_launcher_info launcher,
    osquery_info osquery;
```
2018-05-08 18:10:01 -06:00
Zachary Wasserman
d146412364 Implement Get methods for single entities of label, pack and query specs (#1766)
- Datastore methods (where necessary)
- Service methods
- Endpoints/Handlers
2018-05-07 19:54:29 -06:00
Zachary Wasserman
003ad9b5fa
Delete spec entities by name instead of ID (#1755)
With the UI, deleting by ID made sense. With fleetctl, we now want to delete
by name. Transition only the methods used for spec related entities, as others
will be removed soon.
2018-05-04 11:05:55 -07:00
Mike Arpaia
018e10ea66
Add fleetctl config and auth commands (#1751)
```
$ fleetctl config set address https://localhost:8080
[+] Set the "address" config key to "https://localhost:8080" in the "default" context

$ fleetctl config set ignore_tls true
[+] Set the "ignore_tls" config key to "true" in the "default" context

$ fleetctl setup --email mike@arpaia.co --password "abc123"
[+] Fleet setup successful and context configured!

$ cat ~/.fleet/config
contexts:
  default:
    address: https://localhost:8080
    email: mike@arpaia.co
    ignore_tls: true
    token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uX2tleSI6IlUvdm05Vk9wSG0xUlA4SUtjQnBhb2ovWlo1TXppSEVXcFRCNFNPb2tHQnNLUFpDQXFieVpWWnpJb0UvczQzcWkyd1pHZXJOa29SNFVIQ2hNZUc0K09RPT0ifQ.rHawSN8JvD4jjWAPTYX2Ep9ZpMt3u4mSIQcu920C-_s

$ fleetctl logout
[+] Fleet logout successful and local token cleared!

$ cat ~/.fleet/config
contexts:
  default:
    address: https://localhost:8080
    email: mike@arpaia.co
    ignore_tls: true
    token: ""
```
2018-05-04 10:53:21 -06:00
Zachary Wasserman
c5f0e5a6b4
Add endpoints for apply/get of each spec type (#1752)
- Osquery Options (to be renamed to Options after current Options removed)
- Labels
- Queries
- Packs
2018-05-03 18:01:57 -07:00
Zachary Wasserman
1d9e37b069
Pull decorators from config options (#1749)
Previously decorators were stored in a separate table. Now they are stored
directly with the config so that they can be modified on a per-platform basis.

Delete now unused decorators code.
2018-05-03 10:14:07 -07:00
Zachary Wasserman
a0d05f4e2a Merge branch 'master' into fleetctl 2018-05-01 17:26:32 -07:00
Mike Arpaia
920f4afab6
Scaffold the login command (#1748) 2018-05-01 16:58:53 -06:00
Zachary Wasserman
4784eb2322
Fix distributed query status parsing for osquery 3 (#1742)
A change from strings to integers broke the existing code. We now support
either for current and backwards compatibility.
2018-04-24 12:40:11 -07:00
Ben Coverston
d28d2cac28 Add FileAccesses to FIM Configuration (#1717)
- Close #1708
- Fix FIM interval not being stored
2018-02-26 12:54:13 -08:00
dso
c017779313 Populate network interfaces on Windows (#1700)
Add support for Windows hosts in addition to macOS and Linux.
2018-02-04 21:16:24 -08:00
Zachary Wasserman
bde7256a09
Update labels interfaces for fleetctl (#1686)
- Remove unnecessary labels code
- Remove unnecessary packs code
- Update tests as appropriate
2018-01-10 11:38:20 -08:00
Zachary Wasserman
26dc30bd25
Update query and pack interfaces for fleetctl (#1670)
- Add new Apply spec methods for queries and packs
- Remove now extraneous datastore/service methods
- Remove import service (unused, and had many dependencies that this breaks)
- Refactor tests as appropriate
2018-01-03 11:18:05 -08:00
Zachary Wasserman
d6b4de3874
Refactor osquery options interface (#1674)
After discussion with @groob and @marpaia, we have decided that the service
methods should not be aware of any YAML/JSON definitions, and should work
directly with objects. The new pattern we will use will involve converting YAML
to JSON at the client, and then sending the JSON which will be decoded using
the familiar go-kit mechanisms before being passed to the service methods.
2018-01-02 16:22:45 -08:00
ferhat elmas
d2a7e38c85 Fix documentation typos (#1682) 2017-12-21 18:37:32 -08:00
Zachary Wasserman
5e9fe9d5a1
Transition osquery options interfaces for compatibility with fleetctl (#1649)
- Refinements to options yaml definition
- Datastore and service implementations
- Migration to bring existing options into new table format
2017-12-13 18:14:54 -05:00
Victor Vrantchan
6d328ed70c
Write the raw status log to the writer (#1666)
Instead of trying to decode and re-encode status logs, we now write them directly as they come in.
This change prevents future changes to the osquery status log file format (addition and deletion of fields ) from
affecting Fleet. A similar change was implemented in #1636 for result logs.

Closes #1664
2017-12-12 10:43:33 -05:00
Victor Vrantchan
8291119067
use json.RawMessage for result logs (#1636)
Initially fleet decoded the incoming JSON sent to the log endpoint.
Then the log event would be written to a log writer by calling json.Encoder{}.Encode.
Re-encoding logs is lossy; whenever a new field is sent by osqueryd we don't keep up with them.
Instead of caring about the content of the OsqueryResultLog, fleet will now write all log results
exactly as sent to the server by osqueryd.

Closes #1632
Closes #1615
2017-11-18 19:59:32 -05:00
Mike Arpaia
9d21cbdb8a removing license code (#1551) 2017-09-01 10:42:46 -06:00
John Murphy
d5f9fcaeb2 Added FIM support (#1548)
This PR adds support for file integrity monitoring. This is done by providing a simplified API that can be used to PATCH/GET FIM configurations. There is also code to build the FIM configuration to send back to osquery. Each PATCH request, if successful, replaces Fleet's existing FIM configuration. For example:

curl -X "PATCH" "https://localhost:8080/api/v1/kolide/fim" \
     -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uX2tleSI6IkVhaFhvZWswMGtWSEdaTTNCWndIMnhpYWxkNWZpcVFDR2hEcW1HK2UySmRNOGVFVE1DeTNTaUlFWmhZNUxhdW1ueFZDV2JiR1Bwdm5TKzdyK3NJUzNnPT0ifQ.SDCHAUA1vTuWGjXtcQds2GZLM27HAAiOUhR4WvgvTNY" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d $'{
  "interval": 500,
  "file_paths": {
    "etc": [
      "/etc/%%"
    ],
    "users": [
      "/Users/%/Library/%%",
      "/Users/%/Documents/%%"
    ],
    "usr": [
      "/usr/bin/%%"
    ]
  }
}'
2017-08-18 10:37:33 -05:00
Mike Arpaia
018b91ab2c Rename project to Kolide Fleet (#1529) 2017-06-22 15:50:45 -04:00
Mike Arpaia
71abc38c22 Adding comments to the osquery types (#1519) 2017-06-18 12:26:08 -06:00
John Murphy
7a8f418d0f Added support for atomic imports and dry run imports (#1510)
Closes issue #1475

The command line tool that uses this endpoint -> https://github.com/kolide/configimporter

* Added support for atomic imports and dry run imports

* Added code so that imports are idempotent
2017-05-30 14:42:00 -05:00
John Murphy
151ce35e8c Front end support for decorator crud ops (#1509)
This PR closes #1448, providing front end CRUD operations for decorators.* Front end support for decorator crud ops.
2017-05-30 13:36:29 -05:00
John Murphy
019191c36b SSO Login and Configuration Support (#1506)
Closes issue #1456 This PR adds a single sign on option to the login form, exposes single sign on to the end user, and allows an admin user to set single sign on configuration options.
2017-05-17 10:58:40 -05:00
John Murphy
12d2df1f9a Add SSO support to new user activation (#1504)
Closes #1502. This PR adds support for SSO to the new user creation process. An admin now has the option to select SSO when creating a new user.  When the confirmation form is submitted, the user is automatically authenticated with the IDP, and if successful, is redirected to the Kolide home page. Password authentication, password change and password reset are not allowed for an SSO user.
2017-05-10 11:26:05 -05:00
John Murphy
368b9d774c Server Side SSO Support (#1498)
This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows.

A Kolide user attempts to access a protected resource and is directed to log in.
If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in.
The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end.
The IDP calls the server, invoking CallbackSSO with the auth response.
We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL.
I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test
2017-05-08 19:43:48 -05:00
John Murphy
2945031a86 Fix bug in Osquery import and updated import docs (#1478)
This PR contains a fix for a bug that turned up when I was testing configimporter. If the platform field is not specified, its supposed to default to all per the osquery configuration spec. The default was not properly implemented, and if the platform value was missing from the imported configuration it failed. The PR also added instructions to the api documentation describing how to import an osquery configuration.
2017-04-23 19:41:27 -05:00
Zachary Wasserman
dfa2d83855 Update online status calculation to use per-host intervals (#1494)
Replaces the existing calculation that uses a global online interval. This method was lacking due to the fact that different hosts may have different checkin intervals set.

The new calculation uses `min(distributed_interval, config_tls_refresh) + 30` as the interval. This is calculated with the stored values for each host.

Closes #1321
2017-04-18 10:39:50 -07:00
John Murphy
789596a78e SAML Database Support
Partially addresses #1456. This PR provides datastore support for SSO by creating a new entity IdentityProvider. This entity is an abstraction of the SAML IdentityProvider and contains the data needed to perform SAML authentication.
2017-04-12 15:42:10 -05:00
Zachary Wasserman
d7cd91c0e4 Retrieve and store host checkin intervals (#1473)
We now track the `config_tls_refresh`, `distributed_interval` and
`logger_tls_period` flag values for each host. Each value is updated by a
detail query agains the `osquery_flags` table, because they may be specified
outside of Kolide. The flags that can be specified within Kolide are also
updated when a config is returned to the host that changes their value.

This will enable us to do a more accurate per-host online status calculation as
discussed in #1419.
2017-04-06 11:55:24 -07:00
Zachary Wasserman
6a3ea3fc8c Remove remaining uses of golang.org/x/net/context (#1464) 2017-04-05 12:25:34 -07:00
John Murphy
d533931799 Addresses Issue where the reset button doesn't work on options page (#1447)
Closes issue #1388. The problem here is that previously, the reset button loaded a hard coded list of default options into the component state, instead of the proper behavior which is to reset the options to default values on the back end, and then load them back into the redux store. This PR adds a ResetOptions endpoint on the server, and wires up the UI so that it triggers the endpoint, then loads the default options from the backend server.
2017-03-30 18:56:11 -05:00
Zachary Wasserman
60607cb366 Speed up manage packs page loading (#1429)
Push the calculation of target counts into the SQL query, rather than loading
all of the targets and then counting them. This provides a dramatic (>100x)
speedup in loading of the manage packs page when large numbers of hosts are
present.

Closes #1426
2017-03-30 08:31:28 -07:00
John Murphy
693600ba2b Decorator support (#1430)
* Added migrations

* Added handler for decorators

* Added logging and metrics for decorators

* WIP decorators

* Wip added decorator service

* Added service implementation

* Added mock decorator

* Added modify decorator

* Added testing

* Addressed code review issues raised by @zwass

* Added logging for missing type per @zwass
2017-03-28 16:45:18 -05:00
John Murphy
404afe3e22 Fix issue where config interval can be number or string (#1432)
* Fix issue where config interval can be number or string

* Implemented @groob code review suggestions

* Added type assertions with graceful failure if something slips through validation

* Implemented code review changes per @zwass
2017-03-21 12:02:13 -05:00
Zachary Wasserman
b59cd2b48b Accelerate checkins when hosts enroll (#1423)
Return `accelerate: 10` with distributed queries if we do not have host
details. This facilitates the host quickly joining all expected labels, as
`platform` gated label queries will not be returned until the detail queries
return with the platform.

Fixes #1421.
2017-03-21 09:17:38 -07:00
Zachary Wasserman
715d908613 Update go-kit to 0.4.0 (#1411)
Notable refactoring:
- Use stdlib "context" in place of "golang.org/x/net/context"
- Go-kit no longer wraps errors, so we remove the unwrap in transport_error.go
- Use MakeHandler when setting up endpoint tests (fixes test bug caught during
  this refactoring)

Closes #1411.
2017-03-15 08:55:30 -07:00
Zachary Wasserman
b4e40cf466 Warn before running migrations (#1385)
- Refactor MigrationStatus() to return relevant info
- Warn before running migrations

Closes #1368
2017-03-09 10:40:52 -08:00