empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,850 Commits 3 Branches 0 Tags 561 MiB
6939af045d
Commit Graph

5850 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Juan Fernandez
6939af045d
Fleet desktop should use lightweight endpoint for getting failing policies count (#8159) 
Fleet desktop should use lightweight endpoint for getting failing policies count
 2022-10-12 17:13:43 -03:00
Juan Fernandez
91ea7bf244
Vulnerabilities not detected if NVD CVE feed is unavailable or rate limited (#8191) 
If there is any problem when synching NVD source, proceed with vuln scan
 2022-10-12 15:09:18 -04:00
Noah Talerman
7b44d0a97b
Remove banner from Team details > Agent options (#8170) 
- Remove info banner that links to help with `overrides`
 2022-10-12 15:08:02 -04:00
Lucas Manuel Rodriguez
b016fc8a3a
Orbit: Add retries to launchctl bootstrap to fix issue with MDM push (#8187) 
* Add retries to launchctl bootstrap to fix MDM push

* Increment retries from 5 to 30
 2022-10-12 15:59:01 -03:00
Juan Fernandez
72cfdac634
Only ingest installed deb_packages (#8160) 
Only ingest deb_packages with status = 'install ok installed'
 2022-10-12 14:27:07 -04:00
Mike McNeil
20d617ee67
Fix typo in keychain_items table schema (#8179) 
* Define "certificate authorities" + normalize capitalization

* Fix typo in keychain_items table schema

* Maybe a bad character?

* Fixing problematic comma

Co-authored-by: Guillaume Ross <guillaume@fleetdm.com>
 2022-10-12 12:17:03 -04:00
Guillaume Ross
eadb3b1081
Adding 6 example queries! (#8165) 
* Adding 6 example queries!

* Adding alf_explicit_auths + a note about a current bug with it

* Reverting sailsrc changes
 2022-10-12 11:13:44 -04:00
Lucas Manuel Rodriguez
bec3824ddb
Update mk-ca-bundle.pl tool in repository (#8184) 
* Update mk-ca-bundle.pl in repository

* Update certs.pem with new version of mk-ca-bundle.pl

* Add extra check against curl.se site
 2022-10-12 12:01:18 -03:00
Roberto Dip
4042f8d826
add browser-related security headers to HTML responses (#8180) 
related to #8031, this adds the following headers to HTML responses:

- Strict-Transport-Security: informs browsers that the site should only
  be accessed using HTTPS, and that any future attempts to access it
  using HTTP should automatically be converted to HTTPS.
- X-Frames-Options: disallows embedding the UI in other sites via
  <frame>, <iframe>, <embed> or <object>, which can prevent attacks like
  clickjacking.
- X-Content-Type-Options: prevents browsers from trying to guess the MIME
  type which can cause browsers to transform non-executable content into
  executable content.
- Referrer-Policy: prevents leaking the origin of the referrer in the
  Referer.

additionally, this ensures we set `X-Content-Type-Options` for CSV and
installer responses.
 2022-10-12 10:19:21 -03:00
Martin Angers
d321cfc68e
Add inherited policies to the team's list policies response payload (#8068) 2022-10-12 08:35:36 -04:00
Lucas Manuel Rodriguez
42c47a6fa7
Add missing return to ingestKubequeryInfo (#8178) 
* Add missing return to ingestKubequeryInfo

* No need to log error twice
 2022-10-12 09:00:49 -03:00
Lucas Manuel Rodriguez
8de3e9f258
Fix Orbit bug when setting empty command_line_flags in agent options (#8176) 2022-10-11 20:11:01 -03:00
Mike McNeil
6fa02da54b
Handbook: Add link to key review deck (#8177) 2022-10-11 15:26:05 -06:00
Frank Sievertsen
23199c3d83
Add missing display_name to getHostEndpoint (#8174) 2022-10-11 17:00:32 -04:00
Eric
831155eb9c
Website: update osquery schema pages - add evented table icons to sidenav, update code highlighting (#8168) 
* Add evented table labels, update code syntax highlighting

* update styles, lint fix

* update comment

* Update osquery-table-details.page.js
 2022-10-11 14:40:08 -05:00
Roberto Dip
174f894b53
fix migration order check by only checking additions (#8172) 
this modifies the migration order CI check to only check for added files
by:

1. Escaping the blob we give to git, so bash doesn't perform expansion,
   this lets git handle the blob matching, which for reasons I don't
   fully understand allows to find file renames.
2. Applying `--diff-filter=A`, which makes git only list file additions.
 2022-10-11 16:31:40 -03:00
Roberto Dip
2bb4ec2e6d
add script to check for migration order (#7803) 
Related to #6142, this adds a CI check for the order of migrations.

As I noted in a comment on the workflow file, it's important to keep in mind that some migrations might still go unnoticed even with this check, example:

1. PR1 adds a migration, CI check pass
2. PR2 adds a migration, CI pass, gets merged
3. PR1 can still be merged because the CI checks aren't run again

The check will fail in `main` however, so if we find the current script to be reliable, we could setup a Slack ping or something similar, to make sure somebody takes a look
 2022-10-11 15:36:15 -03:00
Lucas Manuel Rodriguez
28744bf57e
Consistently log migrations (#8154) 
* Consistently log migrations

* Fix name and update goose version
 2022-10-11 15:20:12 -03:00
Juan Fernandez
351d2c93c4
Add new page explaining how osquery children process are terminated (#8134) 
Add new page explaining how osquery children process are terminated
 2022-10-11 14:09:56 -04:00
Tomas Touceda
d912376f02
Handle tcp read timeouts (#8163) 
* Handle tcp read timeouts properly

* Add changes file

* Fix bad mini refactor after nailing the test

* Update based on review

* Update comment
 2022-10-11 13:58:52 -03:00
Zay Hanlon
dca77054c5
Onboarding: Add 'zayhanlon' to Humans (#8166) 
As part of onboarding issue, add 'zayhanlon' to Humans within receive-from-github.js
 2022-10-11 11:35:23 -05:00
Zay Hanlon
cadcb5e784
Handbook: Remove rotation schedule from CEO shadow (#8164) 
Removed the rotation schedule from CEO shadow program section, per Mike's request. We'll track this via Google Sheets
 2022-10-11 09:56:54 -06:00
Mo Zhu
a6cf95495c
fix formatting and spelling of handbook quality section (#8078) 2022-10-11 11:47:24 -04:00
RachelElysia
7de1b847ea
Fleet UI: Host's software details links to software, improved responsiveness (#8080) 2022-10-11 09:27:20 -04:00
Charlie Chance
6e91039d09
Update ceo-handbook.md (#8158) 2022-10-10 16:35:40 -06:00
dependabot[bot]
35ae71502f
Bump actions/setup-go from 3.2.1 to 3.3.0 (#7470) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.2.1 to 3.3.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](84cbf80943...268d8c0ca0)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-10 18:55:13 -03:00
dependabot[bot]
c307800718
Bump github.com/oschwald/geoip2-golang from 1.6.1 to 1.8.0 (#7767) 
Bumps [github.com/oschwald/geoip2-golang](https://github.com/oschwald/geoip2-golang) from 1.6.1 to 1.8.0.
- [Release notes](https://github.com/oschwald/geoip2-golang/releases)
- [Commits](https://github.com/oschwald/geoip2-golang/compare/v1.6.1...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/oschwald/geoip2-golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-10 18:53:19 -03:00
dependabot[bot]
52b298ff69
Bump gopkg.in/guregu/null.v3 from 3.4.0 to 3.5.0 (#7768) 
Bumps [gopkg.in/guregu/null.v3](https://github.com/guregu/null) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/guregu/null/releases)
- [Commits](https://github.com/guregu/null/compare/v3.4.0...v3.5.0)

---
updated-dependencies:
- dependency-name: gopkg.in/guregu/null.v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-10 18:52:07 -03:00
dependabot[bot]
ddc47b3096
Bump golang from 1.19.1-bullseye to 1.19.2-bullseye (#8091) 
Bumps golang from 1.19.1-bullseye to 1.19.2-bullseye.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-10 18:45:01 -03:00
Roberto Dip
e630fabf89
token rotation for fleet desktop (#7779) 
This implements what's described in detail here https://github.com/fleetdm/fleet/blob/main/proposals/fleet-desktop-token-rotation.md
 2022-10-10 17:15:35 -03:00
gillespi314
ca379e7459
Fix directIngestOSWindows error in query ingestion for non-Windows hosts (#8148) 2022-10-10 13:27:15 -05:00
RachelElysia
858bb75609
Documentation: Seeding data links to creating test hosts (#8131) 2022-10-10 14:08:18 -04:00
RachelElysia
6d94472224
Fleet UI: Move status from route param to query param (#8035) 2022-10-10 14:07:47 -04:00
Robert Fairburn
dc0427117e
Add loadtesting ECR Cleanup one-liner (#8041) 2022-10-10 10:02:11 -05:00
Ivan Panteleev
2dae3aa62b
Add extraVolumes and extraVolumeMounts to fleet (#7684) 2022-10-10 10:01:45 -05:00
Gabriel Hernandez
bc194d18c7
Feat/update live query states (#8122) 
* add awaitng results state to live query search

* make spinner more reusable and add it to query page awaiting results

* create common QueryResultsHeader component to use on query policy flows
 2022-10-10 15:39:49 +01:00
Noah Talerman
91f02f31ca
Product handbook: Update projects (#8143) 
- Add link to Roadmap project
- Remove retired projects
 2022-10-10 10:12:17 -04:00
Frank Sievertsen
1eacecf637
Add new missing value to existing status URL parameter at the GET /hosts endpoint (#7916) 2022-10-10 07:45:39 -04:00
Charlie Chance
03e9a2d778
Handbook: slack channel update (#8126) 
| `#help-key-review-prep`     | Charlie Chance
 2022-10-10 17:13:18 +09:00
Chris McGillicuddy
6e0854b4ef
Adding turnaround time for deck revisions.md (#8133) 2022-10-10 16:52:30 +09:00
Frank Sievertsen
b25e74b285
add missing_30_days_count to host_summary response (#7915) 2022-10-08 08:58:27 -04:00
Frank Sievertsen
e9f7066d87
7135 host display name (#7873) 2022-10-08 08:57:46 -04:00
Chris McGillicuddy
0a5c2656f6
Adding details about contacting the CEO.md (#8132) 
Revised and carried over content from the Slack thread about contacting the CEO. Addresses this issue: https://github.com/fleetdm/confidential/issues/1630.
 2022-10-07 15:41:45 -06:00
Mike McNeil
c36e1cc4ad
Update Supported-host-operating-systems.md (#8130) 2022-10-07 16:13:03 -05:00
Mo Zhu
1810578e13
Link to documentation improvement backlog (#7814) 2022-10-07 16:32:53 -04:00
Lucas Manuel Rodriguez
832b29f8c7
Update go-tuf to v0.5.0 (bis) (#8112) 
* Update go-tuf to v0.5.0

This was triggered by the security advisory
[GHSA-3633-5h82-39pq](https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-3633-5h82-39pq).
Fleet's use of go-tuf is not vulnerable to this issue due to not using
key thresholds greater than 1.

There were some API changes that necessitate changing the initialization
code for the TUF client. See
https://github.com/theupdateframework/go-tuf/issues/379 for further
discussion.

* Add changes file

* Update default root metadata

* Add review changes to update-go-tuf branch

* Update tests

* Add more checks to roots output

Co-authored-by: Zach Wasserman <zach@fleetdm.com>
 2022-10-07 17:03:39 -03:00
gillespi314
4c0456be73
Update documentation for automations (#8084) 2022-10-07 12:24:24 -05:00
Eric
2408dc0298
remove platforms attribute, update query library to use platform (#8116) 2022-10-07 12:10:30 -05:00
Eric
588c9abef3
modify markdown links on table pages (#8123) 2022-10-07 11:48:37 -05:00
Michal Nicpon
9056b22874
set default shell in workflows (#8108) 
* wait for mysql in workflows
 2022-10-07 09:43:56 -06:00