fleet/CHANGELOG.md
John Murphy c90368c4af Changed default osquery logging behavior
Made log rotation for osquery results and status logs optional.  This required writing the logwriter package which is a drop in replacement for lumberjack.  We still use lumberjack if the log rotation flag --osquery_enable_log_rotation flag is set. Note that the performance of the default is quite a bit better than lumberjack.


BenchmarkLogger-8       	 2000000	       747 ns/op
BenchmarkLumberjack-8   	 1000000	      1965 ns/op
PASS
BenchmarkLogger-8       	 2000000	       731 ns/op
BenchmarkLumberjack-8   	 1000000	      2040 ns/op
PASS
BenchmarkLogger-8       	 2000000	       741 ns/op
BenchmarkLumberjack-8   	 1000000	      1970 ns/op
PASS
BenchmarkLogger-8       	 2000000	       737 ns/op
BenchmarkLumberjack-8   	 1000000	      1930 ns/op
PASS
2017-04-03 16:48:50 -05:00

6.7 KiB

Kolide 1.0.2 (April 3, 2017)

  • Log rotation is no longer the default setting for Osquery status and results logs. To enable log rotation use the --osquery_enable_log_rotation flag.

  • Add a debug endpoint for collecting performance statistics and profiles.

    When kolide serve --debug is used, additional handlers will be started to provide access to profiling tools. These endpoints are authenticated with a randomly generated token that is printed to the Kolide logs at startup. These profiling tools are not intended for general use, but they may be useful when providing performance-related bug reports to the Kolide developers.

  • Add a workaround for CentOS6 detection.

    osquery 2.3.2 incorrectly reports an empty value for platform on CentOS6 hosts. We added a workaround to properly detect platform in Kolide, and also submitted a fix to upstream osquery.

  • Ensure hosts enroll in labels immediately even when distributed_interval is set to a long interval.

  • Optimizations reduce the CPU and DB usage of the manage hosts page.

  • Manage packs page now loads much quicker when a large number of hosts are enrolled.

  • Fixed bug with the "Reset Options" button.

  • Fixed 500 error resulting from saving unchanged options.

  • Improved validation for SMTP settings.

  • Added command line support for modern, intermediate, and old TLS configuration profiles. The profile is set using the following command line argument.

--server_tls_compatibility=modern

See https://wiki.mozilla.org/Security/Server_Side_TLS for more information on the different profile options.

  • The Options Configuration item in the sidebar is now only available to admin users.

    Previously this item was visible to non-admin users and if selected, a blank options page would be displayed since server side authorization constraints prevent regular users from viewing or changing options.

  • Improved validation for the Kolide server URL supplied in setup and configuration.

  • Fixed an issue importing osquery configurations with numeric values represented as strings in JSON.

Kolide 1.0.2 (March 14, 2017)

  • Fix an issue adding additional targets when querying a host

  • Show loading spinner while newly added Host Details are saved

  • Show a generic computer icon when when referring to hosts with an unknown platform instead of the text "All"

  • Kolide will now warn on startup if there are database migrations not yet completed.

  • Kolide will prompt for confirmation before running database migrations.

    To disable this, use kolide prepare db --no-prompt.

  • Kolide now supports emoji, so you can 🔥 to your heart's content.

  • When setting the platform for a scheduled query, selecting "All" now clears individually selected platforms.

  • Update Host details cards UI

  • Lower HTTP timeout settings.

    In an effort to provide a more resilient web server, timeouts are more strictly enforced by the Kolide HTTP server (regardless of whether or not you're using the built-in TLS termination). If your Kolide environment is particularly latent and you observe requests timing out, contact us at help@kolide.co.

  • Harden TLS server settings.

    For customers using Kolide's built-in TLS server (if the server.tls configuration is true), the server was hardened to only accept modern cipher suites as recommended by Mozilla.

  • Improve the mechanism used to calculate whether or not hosts are online.

    Previously, hosts were categorized as "online" if they had been seen within the past 30 minutes. To make the "online" status more representative of reality, hosts are marked "online" if the Kolide server has heard from them within two times the lowest polling interval as described by the Kolide-managed osquery configuration. For example, if you've configured osqueryd to check-in with Kolide every 10 seconds, only hosts that Kolide has heard from within the last 20 seconds will be marked "online".

  • Update Host details cards UI

  • Add support for rotating the osquery status and result log files by sending a SIGHUP signal to the kolide process.

  • Fix Distributed Query compatibility with load balancers and Safari.

    Customers running Kolide behind a web balancer lacking support for websockets were unable to use the distributed query feature. Also, in certain circumstances, Safari users with a self-signed cert for Kolide would receive an error. This release add a fallback mechanism from websockets using SockJS for improved compatibility.

  • Fix issue with Distributed Query Pack results full screen feature that broke the browser scrolling abilities.

  • Fix bug in which host counts in the sidebar did not match up with displayed hosts.

Kolide 1.0.1 (February 27, 2017)

  • Fix an issue that prevented users from replacing deleted labels with a new label of the same name.

  • Improve the reliability of IP and MAC address data in the host cards and table.

  • Add full screen support for distributed query results.

  • Enable users to double click on queries and packs in a table to see their details.

  • Reprompt for a password when a user attempts to change their email address.

  • Automatically decorate the status and result logs with the host's UUID and hostname.

  • Fix an issue where Kolide users on Safari were unable to delete queries or packs.

  • Improve platform detection accuracy.

    Previously Kolide was determing platform based on the OS of the system osquery was built on instead of the OS it was running on. Please note: Offline hosts may continue to report an erroneous platform until they check-in with Kolide.

  • Fix bugs where query links in the pack sidebar pointed to the wrong queries.

  • Improve MySQL compatibility with stricter configurations.

  • Allow users to edit the name and description of host labels.

  • Add basic table autocompletion when typing in the query composer.

  • Support MySQL client certificate authentication. More details can be found in the Configuring the Kolide binary docs

  • Improve security for user-initiated email address changes.

    This improvement ensures that only users who own an email address and are logged in as the user who initiated the change can confirm the new email.

    Previously it was possible for Administrators to also confirm these changes by clicking the confirmation link.

  • Fix an issue where the setup form rejects passwords with certain characters.

    This change resolves an issue where certain special characters like "." where rejected by the client-side JS that controls the setup form.

  • Automatically login the user once initial setup is completed.