empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
29580a242d
fleet/schema/tables/find_cmd.yml
Lucas Manuel Rodriguez 810eb58b95
macOS CIS: Use find command (exposed as fleetd table) instead of relying on the osquery core file table (#12560) 
#10292, #12554

When scanning tens of thousands of files for permissions, using the
`find` command exposed as a fleetd table is more performant than trying
to use the `file` table. This change caused the watchdog to *stop*
killing osquery because of exceeding memory or CPU limit.

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-06-29 16:22:41 -03:00

30 lines
868 B
YAML
Raw Blame History

name: find_cmd
platforms:
- darwin
description: Uses the /usr/bin/find command to list files and directories.
columns:
- name: directory
type: text
required: true
description: |
The directory passed to find as first argument.
- name: type
type: text
required: false
description: |
Sets the value of the `-type` flag.
- name: perm
type: text
required: false
description: |
Sets the value of the `-perm` flag.
- name: path
type: text
required: false
description: |
Contains the found paths.
notes: |
This table is not a core osquery table. It is included as part of [Fleetd](https://fleetdm.com/docs/using-fleet/orbit), the osquery manager from Fleet.
Fleetd installers can be built with [fleetctl](https://fleetdm.com/docs/using-fleet/adding-hosts#osquery-installer).
evented: false
Reference in New Issue View Git Blame Copy Permalink