Commit Graph

25 Commits

Author SHA1 Message Date
RachelElysia
981028705e
Sentence Case: Throughout UI, tests, validators, docs (#2455) 2021-10-11 10:58:27 -04:00
Zach Wasserman
229a9afed2
Change name of localstorage auth token (#980) 2021-06-06 18:28:37 -07:00
Zach Wasserman
7a68e3de65
Deprecate /api/v1/kolide routes (#297)
- Support both /api/v1/fleet and /api/v1/kolide routes in server.
- Add logging for use of deprecated routes.
- Rename routes in frontend JS.
- Rename routes and add notes in documentation.
2021-02-10 12:13:11 -08:00
Zach Wasserman
c78209dd51
Clean up development files (#259)
Remove unused files and update with new developer defaults
2021-02-01 19:21:17 -08:00
Zach Wasserman
416235f4b8
Clean up unused test/demo SQL data (#117) 2020-12-10 11:44:02 -08:00
Zach Wasserman
6cbd10965c
Add dev infrastructure and docs for Prometheus monitoring (#33)
- Set up a simple example of Prometheus monitoring in the development
  docker-compose.yml.
- Add documentation for configuring Prometheus.
2020-11-12 19:06:56 -08:00
Mike Arpaia
af96e52a00
Update the Go import paths to new repo name (#27) 2020-11-11 09:59:12 -08:00
Brendan Shaklovitz
c6b285c56e
Remove soft-deletion pattern (#2327)
* Perform migration to delete any entries with `deleted` set, and
subsequently drop columns `deleted` and `deleted_at`.
* Remove `deleted` and `deleted_at` references.

Closes #2146
2020-10-22 10:51:26 -07:00
Mike Arpaia
018b91ab2c Rename project to Kolide Fleet (#1529) 2017-06-22 15:50:45 -04:00
John Murphy
368b9d774c Server Side SSO Support (#1498)
This PR partially addresses #1456, providing SSO SAML support. The flow of the code is as follows.

A Kolide user attempts to access a protected resource and is directed to log in.
If SSO identity providers (IDP) have been configured by an admin, the user is presented with SSO log in.
The user selects SSO, which invokes a call the InitiateSSO passing the URL of the protected resource that the user was originally trying access. Kolide server loads the IDP metadata and caches it along with the URL. We then build an auth request URL for the IDP which is returned to the front end.
The IDP calls the server, invoking CallbackSSO with the auth response.
We extract the original request id from the response and use it to fetch the cached metadata and the URL. We check the signature of the response, and validate the timestamps. If everything passes we get the user id from the IDP response and use it to create a login session. We then build a page which executes some javascript that will write the token to web local storage, and redirect to the original URL.
I've created a test web page in tools/app/authtest.html that can be used to test and debug new IDP's which also illustrates how a front end would interact with the IDP and the server. This page can be loaded by starting Kolide with the environment variable KOLIDE_TEST_PAGE_PATH to the full path of the page and then accessed at https://localhost:8080/test
2017-05-08 19:43:48 -05:00
Zachary Wasserman
629a740b45 Require JWT Key to be specified for server startup (#1480)
If server is started without a JWT key, a message like the following is printed:
```
################################################################################
# ERROR:
#   A value must be supplied for --auth_jwt_key. This value is used to create
#   session tokens for users.
#
#   Consider using the following randomly generated key:
#   om3w95gMA2drT5xAdLd2Q5oE8fLw+Miz
################################################################################
```

Closes #1480.
2017-04-12 15:05:56 -07:00
Mike Arpaia
a000751bfe renaming kolide-ose to kolide (#1143) 2017-02-01 10:20:50 -07:00
Mike Arpaia
444aa96c06 Demo database dump (#1058)
This PR includes:

- `make demo-dump` which dumps all tables from your running development Kolide instance into `./tools/app/demo.sql`

```
$> make demo-dump
mysqldump --extended-insert=FALSE --skip-dump-date \
        -u kolide -p \
        -h 192.168.99.100 kolide \
        > ./tools/app/demo.sql
Enter password: ******
$>
```
- `make demo-restore` which restores `./tools/app/demo.sql` into your MySQL database, to be demo'd and extended by your running Kolide instance

```
$> make demo-restore
mysql --binary-mode -u kolide -p \
        -h 192.168.99.100 kolide \
        < ./tools/app/demo.sql
Enter password: ******
```

This included demo dump contains the following content:

## Queries

- 34 queries shared as ~70 scheduled queries

## Packs

- 8 Packs
- 13 Scheduled Queries in the "Intrusion Detection" pack
- 7 Scheduled Queries in the "Osquery Monitoring" pack
- 4 Scheduled Queries in the "Asset Management" pack
- 12 Scheduled Queries in the "Hardware Monitoring" pack
- 8 Scheduled Queries in the "Incident Response" pack
- 8 Scheduled Queries in the "Compliance" pack
- 6 Scheduled Queries in the "Vulnerability Management" pack
- 10 Scheduled Queries in the "Systems Monitoring" pack

## Labels

- 2 Labels

## Hosts

There are intentionally no hosts. Live hosts should be fabricated using Docker and attached to a running demo instance, to better look and behave like a real infrastructure.
2017-01-23 10:32:19 -07:00
Mike Arpaia
cab34eb46c Moving development docker-compose out of root (#125) 2016-09-06 17:09:25 -04:00
Mike Arpaia
6bdf3fba4b cleaning up some development files (#115) 2016-09-05 17:58:49 -04:00
Mike Arpaia
8ca6504688 New flag to disable banner: --disable-banner (#80)
* New flag to disable banner: --disable-banner

* Move globals into configuration

* Changing tool category name to logging
2016-08-17 16:53:28 -07:00
Zachary Wasserman
503ae54f46 Ingest status and result logs (#77)
* Implement log endpoint for status/result log ingestion
* Define interface for log handlers: OsqueryResultHandler and OsqueryStatusHandler
* Initial implementation of file logger handlers
* Unit + integration tests

Closes #7
2016-08-17 12:45:29 -07:00
Mike Arpaia
736bce5033 Email-based password reset (#54)
* No more hard deletes

* scaffolding for password reset endpoint

* Ensure password reset state is accounted for in VC checks

* password reset endpoints and data structures

* ability to change password with reset token

* smtp server connection pool management

* stubbing out the sending of the email

* adding mailhog via docker

* HTML emails with confgurable host name

* fixing typo in the comments

* Fixing merge which undid DatabaseError replacement

* documentation in the readme

* webpack shortcut for components

* removing a sneaky merge line that snuck in

* temporary email content api

* tests for password reset flow

* fixing go vet

* comments and making all db use `&value` rather than `reference`

* more correct usage of the errors library and moving email sending to it's own method

* using the wrong error

* fixing email mock object error

* less incorrect error usage

* rebasing and merging

* http constants for status code

* using ParseAndValidateJSON instead of BindJSON

* validate instead of binding in struct tags

* NewFromError instead of New
2016-08-12 12:20:29 -07:00
Mike Arpaia
45dbac4354 Using viper and cobra for config/commands (#67) 2016-08-12 11:05:48 -07:00
Zachary Wasserman
809a010a1d Initial implementation of osqueryd enrollment + tests (#36)
*EnrollHost now generates a node key and stores host information into the DB
* Unit and integration tests

Closes #6
2016-08-11 13:50:03 -07:00
Mike Arpaia
64d16b8a16 README and workflow updates (#62) 2016-08-10 08:31:27 -07:00
Mike Arpaia
3a9381c5b3 React Base (#61)
* Add sensible React base to the app for frontend

This PR attempts to "reactify" Kolide and provide a sane development environment
that a front-end engineer would probably expect.

This PR accomplishes by doing the following:

1. Reorganizes the app into a `server/` and `client/` folders to keep golang
logic separated from react logic.

2. Adds an "asset pipeline" via webpack which knows how to build a js
and css bundle.

3. Packages up all static assets in a go-bindata file so that the binary
remains portable without external file dependencies.

1. Add a Makefile with several targets that will be common in everyday
development. For example, we have `serve` target which spins up a nodejs
reverse proxy on port 8081 which then watches for changed files, automatically
rebuilds the app, and hot loads the new JS/CSS in.

 **Note:** Please use `make` to build the app, not `go build` as there are
now several things that need to be orchestrated beyond the go code to build the app.

* Create build if it doesn't exist, and use `go get`

* Improve README to reflect new dev workflow

* Document css vars and funcs and use alias paths

* makefile and structure modifications
2016-08-09 22:15:44 -07:00
Mike Arpaia
b6ac5b1bdb Updating README and documentation to reflect local building and testing (#58) 2016-08-09 19:17:07 -07:00
Zachary Wasserman
2c15647b6e Fix certificate path in development config (#55)
Also adds error checking to `RunTLS`
2016-08-09 16:18:03 -07:00
Mike Arpaia
2d2d667f4a Attempt to clean the codebase (#53) 2016-08-09 10:24:29 -07:00