- Fix Windows MSI generation by changing permissions (#2655).
- Refactor temp directory initialization.
- Use root user for Wine in WiX Docker container.
- Support .pkg packaging on Linux without dependencies (besides Docker)
* Add infra for loadtest
* Move loadtest stuff to a new file and parametrize fleet min/max capacity
* wip
* wip
* wip
* wip
* wip
* wip
* wip
* Update to be ready for review
* Update link and other variables needed
* Address review comments and update links
* Rename core->free and basic->premium
* Fix lint js
* Comment out portion of test that seems to timeout
* Rename tier to premium if basic is still loaded
* Add global policies
* Update documentation and add extra parameter to config
* Fix failing tests
* Store historic policy records
* Address review comments
And also remove other inmem references I saw by chance
* Add documentation for get by id request
* Add parameter doc
* Move schema generation to a cmd instead of a test
Otherwise it messes up running all tests sometimes depending on how parallel it does
* Remove brain dump for another task
* Make migration tests a separate beast
* Make schema generation idempotent and move dbutils cmd to tools
* Allow all filters and add counts to Policy
* Add test for Policy
- Use goreleaser to automate release process.
- Add new dockerfiles for fleet (with fleetctl) and fleetctl (only).
- Add GitHub Action Workflow to run goreleaser on new tag.
- Update NPM to match new archive naming.
* Remove username from UI code
* Remove username from tests
* Remove username from database
* Modify server endpoints for removing username
* Implement backend aspects of removing username
* Update API docs
* Add name to fleetctl
- Update names/roles of users in `make e2e-setup`.
- Update test SSO user info.
- Add Cypress commands for seeding users/Teams.
- Stub Cypress tests for team/tier matrix.
- In tests and documentation, replace `@fleetdm.com` with `@example.com`
- In documentation, replace `hello@fleetdm.com` with `fleetdm.com/contact`
- In documentation, replace `security@fleetdm.com` with `fleetdm.com/contact`
- In Dockerfiles, replace `engineering@fleetdm.com` with `hello@fleetdm.com`. These two files are the only remaining files with a `@fleetdm.com` email.
- Include only hosts that the user has access to in search targets API.
- Add parameter to specify whether `observer` hosts should be included.
- Generate counts based on which hosts user can access.
- Update API doc.
- Add new `2-Orbit-osquery/` directory to the top-level `docs/` directory.
- Rename `2-Deployment/` -> `3-Deployment/` to accommodate new Orbit directory.
- Rename `3-Contribution/` -> `4-Contribution/` to accommodate new Orbit directory.
- Add FAQ section to Orbit documentation.
Ubuntu 20.04 uses an older version of Node by default that does not
support the rmSync method we were using previously. This should extend
compatibility.
We found in some environments users run `sudo npm install -g fleetctl`
to install via NPM, and NPM does not execute postinstall scripts when
run as root.
This new approach should be compatible with more environments as the
download of fleetctl is done as necessary when the script is invoked.
- Support both /api/v1/fleet and /api/v1/kolide routes in server.
- Add logging for use of deprecated routes.
- Rename routes in frontend JS.
- Rename routes and add notes in documentation.
Providing a Helm chart makes it easier for users to deploy to Kubernetes.
I think this is good to go, and I've tested deploying to Kind and GKE using the GKE ingress, sql proxy, and managed certificate, but I haven't tested anything AWS related.
Somewhere around osquery 4.4.0 these messages were added to query
responses. We can now expose them to the API clients rather than using
the placeholder text.
Required for #192
- Add endpoints for osquery to register and continue a carve.
- Implement client functionality for retrieving carve details and contents in fleetctl.
- Add documentation on using file carving with Fleet.
Addresses kolide/fleet#1714
* Perform migration to delete any entries with `deleted` set, and
subsequently drop columns `deleted` and `deleted_at`.
* Remove `deleted` and `deleted_at` references.
Closes#2146
* Use YAML anchors to avoid repeating config blocks
* Use docker volumes to persist data for mysql
* Allow setting `FLEET_SERVER` (fixes#2127) when using the docker-compose file to spin up multiple osquery clients
Almost two years ago, we began referring to the project as Fleet, but there are
many occurences of the term "Kolide" throughout the UI and documentation. This
PR attempts to clear up those uses where it is easily achievable.
The term "Kolide" is used throughout the code as well, but modifying this would
be more likely to introduce bugs.
Add a gRPC server that will interact with osquery through Launcher. This endpoint will expose the osquery configuration suitable for use via the Launcher plugin, and collect log and query results.
- Add SSH configuration to allow checkout of Kolide private repos in CI
- Add kolide/agent-api repo to glide.yaml
- Update testify version to fix broken test build
Closes#1545
This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows.
A Kolide user attempts to access a protected resource and is directed to log in.
If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in.
The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end.
The IDP calls the server, invoking CallbackSSO with the auth response.
We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL.
I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test
If server is started without a JWT key, a message like the following is printed:
```
################################################################################
# ERROR:
# A value must be supplied for --auth_jwt_key. This value is used to create
# session tokens for users.
#
# Consider using the following randomly generated key:
# om3w95gMA2drT5xAdLd2Q5oE8fLw+Miz
################################################################################
```
Closes#1480.
On CentOS6 there is a bug in which osquery incorrectly reports an empty string
for platform. This PR fixes our detection of centos in this case.
Fixes#1339
the scripts in tools/pkgrepos can be used to update apt and yum repositories as well as create zip archives for a release.
The dl.kolide.co repository is archived as a static bucket on GCP.
Adds a `make lint-license` command that will crawl through the Golang and
Javascript dependencies, trying to automatically determine the license of each
dependency. If any dependencies have incompatible licensing (or if the
automatic detection fails), the tool will print an error and exit with a
non-zero status code. After a successful run, the
docs/third-party/dependencies.md file will be updated with attribution
information as determined by the crawl.
The configuration file has been bootstrapped with the manual analysis needed for
all of the existing dependencies.
This PR includes:
- `make demo-dump` which dumps all tables from your running development Kolide instance into `./tools/app/demo.sql`
```
$> make demo-dump
mysqldump --extended-insert=FALSE --skip-dump-date \
-u kolide -p \
-h 192.168.99.100 kolide \
> ./tools/app/demo.sql
Enter password: ******
$>
```
- `make demo-restore` which restores `./tools/app/demo.sql` into your MySQL database, to be demo'd and extended by your running Kolide instance
```
$> make demo-restore
mysql --binary-mode -u kolide -p \
-h 192.168.99.100 kolide \
< ./tools/app/demo.sql
Enter password: ******
```
This included demo dump contains the following content:
## Queries
- 34 queries shared as ~70 scheduled queries
## Packs
- 8 Packs
- 13 Scheduled Queries in the "Intrusion Detection" pack
- 7 Scheduled Queries in the "Osquery Monitoring" pack
- 4 Scheduled Queries in the "Asset Management" pack
- 12 Scheduled Queries in the "Hardware Monitoring" pack
- 8 Scheduled Queries in the "Incident Response" pack
- 8 Scheduled Queries in the "Compliance" pack
- 6 Scheduled Queries in the "Vulnerability Management" pack
- 10 Scheduled Queries in the "Systems Monitoring" pack
## Labels
- 2 Labels
## Hosts
There are intentionally no hosts. Live hosts should be fabricated using Docker and attached to a running demo instance, to better look and behave like a real infrastructure.
* No more hard deletes
* scaffolding for password reset endpoint
* Ensure password reset state is accounted for in VC checks
* password reset endpoints and data structures
* ability to change password with reset token
* smtp server connection pool management
* stubbing out the sending of the email
* adding mailhog via docker
* HTML emails with confgurable host name
* fixing typo in the comments
* Fixing merge which undid DatabaseError replacement
* documentation in the readme
* webpack shortcut for components
* removing a sneaky merge line that snuck in
* temporary email content api
* tests for password reset flow
* fixing go vet
* comments and making all db use `&value` rather than `reference`
* more correct usage of the errors library and moving email sending to it's own method
* using the wrong error
* fixing email mock object error
* less incorrect error usage
* rebasing and merging
* http constants for status code
* using ParseAndValidateJSON instead of BindJSON
* validate instead of binding in struct tags
* NewFromError instead of New
* Add sensible React base to the app for frontend
This PR attempts to "reactify" Kolide and provide a sane development environment
that a front-end engineer would probably expect.
This PR accomplishes by doing the following:
1. Reorganizes the app into a `server/` and `client/` folders to keep golang
logic separated from react logic.
2. Adds an "asset pipeline" via webpack which knows how to build a js
and css bundle.
3. Packages up all static assets in a go-bindata file so that the binary
remains portable without external file dependencies.
1. Add a Makefile with several targets that will be common in everyday
development. For example, we have `serve` target which spins up a nodejs
reverse proxy on port 8081 which then watches for changed files, automatically
rebuilds the app, and hot loads the new JS/CSS in.
**Note:** Please use `make` to build the app, not `go build` as there are
now several things that need to be orchestrated beyond the go code to build the app.
* Create build if it doesn't exist, and use `go get`
* Improve README to reflect new dev workflow
* Document css vars and funcs and use alias paths
* makefile and structure modifications
* Sessions in MySQL
* Reclaiming some names
* session renewal without new cookies on every request
* comments and docstrings
* light organization in vc generation
* go vet
* endpoints for session management
* Merging @zwass' commit with mine
* Updating salt generation to use crypt/rand
* use getRandomText for session keys
* VC no longer needs a DB or to return an error
* getRandomText docstring
* Only use session via the SessionBackend API
* Set session backend with the request, similar to db
This commit adds both a Dockerfile and updates the docker-compose.yml with local mounting so that you can standup a consistent dev environment. Please view the project README for more information.
