Fix syntax for the following queries:
- Get user files matching a specific hash
- Check for artifacts of the Floxif trojan
- Get malicious Python backdoors
* wip
* wip
* wip
* Add performance stats
* Add docs and other self review fixes
* lint
* Update based on review comments
* Add quick cleanup first and then reset to 1hr
* Reduce the load in the test
- Add a summary to the top of the document
- Rename "Baseline Test" section to "Test parameters"
- Rename "Bare minimum setup" section to "1,000 hosts"
- Several smaller edits that call out the number of hosts tested and the results (did Fleet work?)
* Add infra for loadtest
* Move loadtest stuff to a new file and parametrize fleet min/max capacity
* wip
* wip
* wip
* wip
* wip
* wip
* wip
* Update to be ready for review
* Update link and other variables needed
* Address review comments and update links
* Start a fleetctl preview test
* Add tests for fleetctl preview
* Fix setting of fleetctl auth token in test
* Add fleet instance vulnerabilities config to response of GetAppConfig
* Add checks that fleetctl preview enables vulnerability detection
* Adjust doc for get config API response
* Add the include-server-config flag to fleetctl get config
* Update test now that some of the PRs have been merged
Co-authored-by: Tomas Touceda <chiiph@gmail.com>
* Update FAQ.md
* Update FAQ.md
* Update docs/01-Using-Fleet/FAQ.md
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
* Update docs/01-Using-Fleet/FAQ.md
I couldn't make a decision about the correct science around the mum and baby reference, so I just deleted to be safe 😅
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
* addred cropped images to replace images in configuration.md, fixed duplicated alt text, added box-shadow to images
* more cropping
* reduce padding on ordered lists, point urls in markdown to where images will be
* Update 02-Configuration.md
* Update build-static-content.js
* remove box-shadow on images
* Update 02-Configuration.md
* Added handbook entry about images
* changed img tags to markdown links to be consistent
* undo small style change
* Update build-static-content.js
* Update handbook/product.md
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
* handling redirect
* clean up redirect/notFound flow
* dynamic query titles and description
* dynamic docs titles
* Remove locals from queries and docs, updated comment and variable names
* handling FAQ page titles
* update comment, title in meta, and adjust get started title
* remove unneeded meta tag
* handbook titles
* cleaning up conditionals
* update comments
* removed added meta tags, change meta variable names
* passing in meta description if provided, update conditionals and comments
* Update FAQ.md
- Add example `team.yml` configuration file. A file with this format can be used to apply teams using `fleetctl apply`
- Add `spec/teams` API route to API docs
* Add max jitter percent config
* Fix jitter calc
* Remove comment
* Reduce test jitter to make tests less flaky
* Remove jitter entirely
* Document new config
* Fix doc link
* Add team policies
* Add team policy documentation
* Add changes file
* Update titles
* Fix lint
* Rewrite TeamAuthorize for more clarify
* Explicitly use two slices for clarity
* Simplify switch
https://github.com/fleetdm/fleet/pull/2071 (removing hardcoded widths on images) undoes what we previously did for making smaller images look good at <990px breakpoints.
Only current examples of these smaller images are on this page in the docs, although there are a couple of instances in the handbook. So I propose that we only crop images that will work at full container width sizes.
With that in mind I have replaced one of the affected images on this page.
* remove hardcoded width on images
* fix inconsistent image padding on fleet ui docs page
* Broken link fix
Fixed a couple of broken links to help this PR pass the automated tests.
Co-authored-by: Mike Thomas <mthomas@fleetdm.com>
* remove concept of "Detection", for now (in favor of what's coming)
* remove extra --- to make YAML parse properly
* Simplify the check to remove remediation check for now
* Run compile script any time docs or handbook is changed
* Implement fleetctl get software and the underlying API
* Add documentation
* Simplify list software implementation
* Lint fixes
* Make team name unique
* Address review comments
* Fix lint
* Fix tests
* Update standard-query-library.yml
Added new queries to library
* sentence-case capitalization + standardize first word in name
* andrewbare => alphabrevity (so your picture shows up correctly on the website)
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
* Skeleton UI
* Rebase to main
* Work towards config API request modification
* Nest and unnest when formatting for server and frontend
* Changelog
* Add validation to UI, fix ? vertical spacing
* Rebase e2e
* 1 of 2 passing unit tests for config
* Update REST-API.md to include webhook_settings
* Destructure / flatten config webhook in unit test
* Merge advance options e2e conflict
* x and y example not x and x
* Fix observer e2e
* Add new data to read only example request
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Martavis Parker <martavis@auraticdevelopment.com>
* Add extra debug logging for hosts
* Add changes file
* Ignore if appconfig is nil
* Use slice of uints instead of a string
* Debug response request for enabled hosts
* Add host-id to request/response
* Lint fixes
* Add missing AppConfigFuncs
* added package command from orbit as fleetctl command
* update deployment docs
* add changes file
* added tests for package command, run go mod tidy & go mod verify
* validate that package files exist
* comment out msi packaging test until we can investigate github runner permission issues
* Rename core->free and basic->premium
* Fix lint js
* Comment out portion of test that seems to timeout
* Rename tier to premium if basic is still loaded
* adjusted isUnsupportedBrowser to include all versions of internet explorer and changed unsupported browser message for ie11
* removed ie11 from supported browsers docs page
* Create vuln path if possible
* Make sure we skip creation if static instance is selected
* Document behavior
* Fix return in crons and test without sleeps
- Add item and link to all "Reported bugs" (GitHub issues with the "bug" and ":reproduce" label). This way, the individual on call can navigate to a list of bugs that need reproduction.
- Add a link to the open pull requests. This way, the individual on call can identify any PRs that have been opened by the community.
* wip
* Add tests and finish implementation
* Add proper default for periodicity, changes file, and documentation
* Fix tests and add defaults also to new installs
* EnableHostUsers should be true if undefined as well
* In some cases, periodicity can be zero because of the migrations
* Apply defaults when migrating appconfig
* Fix lint
* lint
* Address review comments
* Add global policies
* Update documentation and add extra parameter to config
* Fix failing tests
* Store historic policy records
* Address review comments
And also remove other inmem references I saw by chance
* Add documentation for get by id request
* Add parameter doc
* Move schema generation to a cmd instead of a test
Otherwise it messes up running all tests sometimes depending on how parallel it does
* Remove brain dump for another task
* Make migration tests a separate beast
* Make schema generation idempotent and move dbutils cmd to tools
* Allow all filters and add counts to Policy
* Add test for Policy
* minor clarifications
* further expand comments and stubs
* absorb custom titles embedded in metadata, plus further comment expansion and a followup fix for something i left hanging in f8cbc14829d91e7577c63307fd9c4346dbc229bb
* Skip non-markdown files and use real path maths
* Prep for running in parallel (Remove `continue` so this isn't dependent on the `for` loop)
* determine + track unique HTML output paths
* Compile markdown + spit out real HTML (without involving any but the crunchy nougaty dependency from the very center of everything)
* add md metadata parsing
* add timestamp
* Update build-static-content.js
* attach misc metadata as "other"
* how doc images might should work (this also aligns with how the select few images in the sailsjs.com docs work)
* add file extension to generated HTML files
* "options"=>"meta"
* Make "htmlId" useful for alphabetically sorting pages within their bottom-level section
See recent comments on https://github.com/fleetdm/fleet/issues/706 for more information.
* list out the most important, specific build-time transformations
* Omit ordering prefixes like "1-" from expected content page URLs
* add a little zone for consolidating backwards compatible permalinks
* interpret README.md files by mapping their URLs to match their containing folder
* clarify plan for images
* decrease probability of collisions
* Make capitalization smarter using known acronyms, proper nouns, and a smarter numeric word trim
* Resolve app path in case pwd is different in prod
* Delete HTML output from previous runs, if any
* condense the stuff about github emojis
* got rid of "permalink" thing, since id gets automatically attached during markdown compilation anyway
Also "permalink" isn't even a good name for what this is. See https://github.com/fleetdm/fleet/issues/706#issuecomment-884693931
* …and that eliminates the need for the cheerio dep!
* Bring in bubbles+syntax highlighting into build script, and remove sails.helpers.compileMarkdownContent() -- this leaves link munging as a todo though
* trivial (condense comments)
* Remove unused code from toHtml() helper
* Implemented target="_blank" and root-relative-ification
* remove todo about emojis after testing and verifying it works just fine
* trivial: add link to comment in case github emojis matter at some point
* consolidate "what ifs" in comments
* Leave this up to Sarah, for now. (Either bring it back here in the build script or do it all on the frontend)
* Enable /docs and /handbook routes, and add example of a redirect for a legacy/deprecated URL
* implement routing
* Upgrade deps
this takes advantages of the latest work from @eashaw, @rachaelshaw, and the rest of the Sails community
* tweak var names and comments
* make readme pages use their folder names to determine their default (fallback) titles
as discussed in https://github.com/fleetdm/fleet/issues/706#issuecomment-884788002
* first (good enough for now) pass at link rewriting
as discussed in https://github.com/fleetdm/fleet/issues/706#issuecomment-884742072
* Adapt docs pages to build from markdown output
* Continue work on docs pages
* Add landing page
* Remove unused code; minor changes
* Replace regex
* fixes https://github.com/fleetdm/fleet/pull/1380#issuecomment-891429581
* Don't rely on "path" being a global var
* Syle fleetdm doc pages
* Continue work on docs pages
* Fix linting error
* Disable lesshint style warnings
* parasails-has-no-page-script attribute
Added a parasails-has-no-page-script attribute to the docs template, added a check for that attribute in parasails.js and removed the empty page script for 498
* bring in latest parasails dep
* trivial
* Update links to dedupe and not open in new tab unless actually external
* Disable handbook for now til styles are ready
* fix CTA links
* trivial
* make sitemap.xml get served in prod
* hide search boxes for now, remove hard-coded version and make releases open in new tab
* clean out unused files
Co-authored-by: gillespi314 <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: eashaw <caglc@live.com>
- Remove "How to add Fleet's standard query library" section from the "Ask questions about your devices" walkthrough.
- Add `license`, `vulnerability_settings`, and `logging` properties to the example response for the `GET /api/v1/fleet/config` and `PATCH /api/v1/fleet/config` API routes
* Make receive calls to redis conn thread safe
Also removes REDIS_TEST env var. Redis is lightweight and fast, no need
to skip these tests.
* No need to increase the wait
* Add safe mkdirall and open
* Use secure as much as possible and merge gomodules for orbit to fleet
* Improve openfile and mkdirall to check for permissiveness instead of equality
* Don't shift
* Fix links
* Address review comments
Checked and fixed a couple of typos here and there, and made some edits to some of the sentence structure to improve the flow, and to soften the tone a bit.
- Specify valid time units of `s`, `m`, and `h` for the `session_duration`, `osquery_label_update_interval`, and `osquery_detail_update_interval` configuration options.
This tutorial is the first step at bridging the gaps between trying Fleet, getting to know Fleet in an enterprise setting, and deploying Fleet.
- Add "tutorials" subdirectory
- Add walkthrough
- Remove duplicate documentation from "Fleet UI" section
- Link to walkthrough from top-level README
- Remove changes files that were collected during the 4.1.0 release cycle
- Add removing changes files step to release process documentation
- Update support process docs to reflect the change to discussing the last on-call rotation at 🍽️ Daily standup meeting
- The included query populates the `users` property in the `/api/v1/fleet/hosts/{id}` response object.
- This information also populates the new "Users" table on the Host details page
* update .gitattributes to be explicit about line endings with regards to the test certs
* update building-fleet guide to include python2 dependency on windows
* update configuration to default to OS specific temporary directories
- Remove "Connecting a host" from fleetctl documentation
- Remove queries from REST API examples
- Point to Launcher documentation
- Update community projects
- Move configuration files examples from 2-fleetctl-CLI.md into /configuration-files/README.md.
- Update example configuration files with "agent options" and remove all references to "osquery options"
- Update numbering for documentation files
- Use goreleaser to automate release process.
- Add new dockerfiles for fleet (with fleetctl) and fleetctl (only).
- Add GitHub Action Workflow to run goreleaser on new tag.
- Update NPM to match new archive naming.
- Update enroll secret config file with updated fields for Fleet 4.0.0
- Remove agent options config file. In Fleet 4.0.0, agent options are part of the organization settings configuration
* Remove username from UI code
* Remove username from tests
* Remove username from database
* Modify server endpoints for removing username
* Implement backend aspects of removing username
* Update API docs
* Add name to fleetctl
- Add "Configuring agent options" section to `/1-Using-Fleet/1-Fleet-UI.md`
- Add 2 screenshots: 1. Global agent options form 2. Team agent options form
- Move instructions for connecting to the Mailhog simulated server out of the FAQ
- Merge instructions found in FAQ with existing instructions in `Testing.md`
-Modify build-static-content back-end script to implement GitHub Users API and build contributor profile information into query library pages
-Remove related functionality from client-side page scripts
-Add dropdown menu to select filters
-Refine html and css
- No longer detecting for OS make commands
- Using the same internal commands for every OS
- go.sum auto-updated during build
- Document build process on Windows
- Move team-related service methods to `ee/server/service`.
- Instantiate different service on startup based on license key.
- Refactor service errors into separate package.
- Add support for running E2E tests in both Core and Basic tiers.
- Add `team_id` field to secrets.
- Remove secret `name` and `active` fields (migration deletes inactive secrets).
- Assign hosts to Team based on secret provided.
- Add API for retrieving secrets by Team.
* /sandbox/queries becomes /queries, etc
* Publish fleetdm.com/queries
Expose query library routes the rest of the way, move remediation data sanitization to the point of entry, and update query library to match (pairing w/ @gillespi314)
* Fix accidental commit of sailsrc (again)
- In tests and documentation, replace `@fleetdm.com` with `@example.com`
- In documentation, replace `hello@fleetdm.com` with `fleetdm.com/contact`
- In documentation, replace `security@fleetdm.com` with `fleetdm.com/contact`
- In Dockerfiles, replace `engineering@fleetdm.com` with `hello@fleetdm.com`. These two files are the only remaining files with a `@fleetdm.com` email.
- Add link to "Fleet 3.11.0 released with software inventory" to location in docs where software inventory is described.
- Change "host details" to "host vitals"
- Accept Teams as a searchable target type for the target selection API.
- Accept Teams for targets in running live queries.
- Refactoring to support these changes.
- Update API documentation.
- Move host `additional` into a separate table.
- Join when that data is needed.
- API change: `/api/v1/fleet/hosts` now returns only the requested
`additional` columns, unless `*` is provided as the sole argument.
Background:
A customer reported that MySQL binlogs grew huge and replication lag
went way up when data was stored in the `additional` column. In this
deployment MySQL was running with ROW replication. This would cause the
entire `additional` data to be copied on each update of the host checkin
time. While switching to STATEMENT or MIXED replication would likely
mitigate the issue, this was not an option in their environment.
- Include only hosts that the user has access to in search targets API.
- Add parameter to specify whether `observer` hosts should be included.
- Generate counts based on which hosts user can access.
- Update API doc.
- Add question that addresses upgrading from Kolide Fleet to FleetDM Fleet
- Edit "Automatically add hosts to packs" question and move portion about `targets` field to `fleetctl` docs
Adds the following queries to the Standard query library:
- Get authorized keys for Local Accounts
- Get authorized keys for Domain Joined Accounts
- Get current users with active shell/console on the system
- Get Disk encryption status
- Detect Unencrypted SSH Keys for Local Accounts
- Detect Unencrypted SSH Keys for Domain Joined Accounts
- Line parsed values from system and user cron/tab
- Detect Dynamic Linker Hijacking (MITRE. T1574.006)
- Get etc hosts entries
- Get Network Interfaces
- Get Local User Accounts
- Detect active user accounts on servers
- Detect Nmap Scanner
- Get docker images on a system
- Get docker running containers on a system
- Get docker running process on a system
- Create `/configuration-files/` directory inside of `/1-Using-Fleet` directory. This directory contains example Fleet configuration files in yaml format. Replaces the `/examples` directory.
- Create `/standard-query-library/` directory inside of `/1-Using-Fleet` directory. This directory contains the new `standard-query-library.yml`. This file will act as the source of community contributions to the standard query library.
- Edit references to `/examples` directory
This feature enables a new config option (redis.duplicate_results). When set to true, all Live Query results will be copied to an additional Redis pubsub channel named LQDuplicate
This is useful in a scenario that would involve shipping the Live Query results outside of Fleet, near-realtime.
This allows the host details to be refetched on the next check in,
rather than waiting for the normal interval to go by. Associated UI
changes are in-progress.
- Migration and service methods for requesting refetch.
- Expose refetch over API.
- Change detail query logic to respect this flag.
Add a config setting to allow copying message fields and decorations into Google Pub/Sub attributes, making it possible to use these values for subscription filters.
My changes to the documentation file structure made in #717 resolved all broken documentation links on the `master` branch but not on the `teams` branch. As a result, those developing on the `teams` branch always get a ❌ for the "Markdown link check" test.
- Add relative markdown links in the `teams` branch to resolve failed link test
- Add section on contributing to Fleet documentation. This section covers the use of relative links and best practices for anchor links
- Add 3 questions and their respective answers to the FAQ section in the `1-Using-Fleet` docs
- Add new `2-Orbit-osquery/` directory to the top-level `docs/` directory.
- Rename `2-Deployment/` -> `3-Deployment/` to accommodate new Orbit directory.
- Rename `3-Contribution/` -> `4-Contribution/` to accommodate new Orbit directory.
- Add FAQ section to Orbit documentation.
