user
05/11/2022, 1:19 AMuser
05/11/2022, 1:19 AMMystery Incorporated
05/11/2022, 4:07 AMGavin
05/11/2022, 5:12 PMpeanut butter
05/11/2022, 6:08 PMHello_There
05/11/2022, 6:21 PMJason
05/11/2022, 8:54 PMdeb
and rpm
seem fine with docker, but building the msi
fails. I assume I need an intel mac or a PC for this. I switched over to a PC VM running somewhere else (x86) - but it seemed to require Docker there too - is that a hard requirement, or can I just have Wix installed?Jason
05/11/2022, 10:27 PMcalhall
05/12/2022, 3:23 PMArtem
05/12/2022, 3:47 PMdisable_tables: 'curl'
osquery option via Fleet UI (inspired by https://www.tenchisecurity.com/abusing-the-osquery-curl-table-for-pivoting-into-cloud-environments/) , it continues to work!
It looks like this option only applies after restarting osqueryd service on endpoint.
Is it right behavior? Looks strange, but maybe I just do something wrong way…nick fury
05/12/2022, 8:14 PMArtem
05/13/2022, 6:07 AMusername, count
root, 10
test, 5
mysql 3
redis 1
Slackbot
05/13/2022, 8:48 AMArtem
05/14/2022, 8:06 PMjimmy
05/15/2022, 7:04 PMDaniel Cross
05/16/2022, 4:44 AMfleet prepare db
command, but it doesn’t output anything, and looks like the tables are not initialised. Any tips?
# /usr/bin/fleet prepare db --mysql_address=127.0.0.1:3306 --mysql_database=fleet --mysql_username=root --mysql_password=REDACTED
#
mysql> use fleet;
Database changed
mysql> show tables;
+-------------------------+
| Tables_in_fleet |
+-------------------------+
| migration_status_data |
| migration_status_tables |
+-------------------------+
2 rows in set (0.00 sec)
mysql> select * from migration_status_data;
+----+------------+------------+---------------------+
| id | version_id | is_applied | tstamp |
+----+------------+------------+---------------------+
| 1 | 0 | 1 | 2022-05-13 07:08:27 |
+----+------------+------------+---------------------+
1 row in set (0.00 sec)
mysql> select * from migration_status_tables;
+----+------------+------------+---------------------+
| id | version_id | is_applied | tstamp |
+----+------------+------------+---------------------+
| 1 | 0 | 1 | 2022-05-13 07:08:27 |
+----+------------+------------+---------------------+
1 row in set (0.00 sec)
Daniel Cross
05/16/2022, 4:49 AMabraham linkolan
05/16/2022, 10:43 AMMo Zhu
05/16/2022, 4:52 PMpeanut butter
05/16/2022, 6:44 PMuser
05/17/2022, 1:02 PMabraham linkolan
05/18/2022, 7:59 AMDaniel Cross
05/18/2022, 8:40 AMn8felton
05/18/2022, 2:00 PMfleetctl
once pronounced fleet-cuddle
?user
05/19/2022, 3:37 AMtokcum
05/19/2022, 5:28 PMEric23
05/21/2022, 1:39 AMfleet serve --mysql_address=127.0.0.1:3306 --mysql_database=fleet --mysql_username=root --mysql_password=password --redis_address=127.0.0.1:6379 --server_cert=/root/Fleet/cert.pem --server_key=/root/Fleet/privkey.pem --logging_json --server_address=0.0.0.0:443 --kafkarest_proxyhost=<http://10.0.0.30:30082> --kafkarest_result_topic=osquery --osquery_result_log_plugin=kafkarest --kafkarest_content_type_value='application/vnd.kafka.json.v2+json'
Error message :
Failed to start: running root command: unknown flag: --kafkarest_content_type_value
Any ideas, thanks.Peet McKinney
05/22/2022, 7:41 AMpeanut butter
05/22/2022, 5:43 PMnick fury
05/22/2022, 6:42 PM