https://github.com/osquery/osquery logo
#fleet
Title
# fleet
m

Marc Roelofs

03/30/2022, 12:04 PM
Struggling a bit with the vulnerability scanning still, while troubleshooting I tried to download the CVE db and files and used the following command:
/fleet-cve $ fleetctl vulnerability-data-stream  --dir /fleet-cve/
I got the following result :
[-] Downloading CPE database...Error: rename /tmp/cpe.sqlite2494941906 /fleet-cve/cpe.sqlite: invalid cross-device link
when choosing a different path like /tmp it seems to work fine
/fleet-cve $ fleetctl vulnerability-data-stream  --dir /tmp
[-] Downloading CPE database... Done
[-] Downloading CVE data streams... Done
[+] Data streams successfully downloaded!
After that it was a simple mv from /tmp/<cvefiles> to /fleet-cve/ as the fleet user Trying to figure out if the invalid cross-device link is a Fleetdm issue or elsewhere. The /fleet-cve directory is mounted based on a kubernetes volumemount to a GCE persistent disk, and awful as it is , the dirs permissions are 777 Version 4.11.0 Any idea anyone ? Meanwhile waiting if the Home page results in a succesfull software capturing with the vulnerabilities ,( it says to wait an hour now 😉 )
b

Benjamin Edwards

03/30/2022, 1:21 PM
This seems related to your issue https://github.com/fleetdm/fleet/pull/4862
m

Marc Roelofs

03/30/2022, 1:53 PM
great , seems to be fixed in a coming release I fixed it now temporarily with the mv , and I will check tomorrow if has updated timestamps automatically. Then now back to why my Home page will not show software and vulnerabilities anymore after updating from 4.7 to 4.10 and 4.11 .. Its bugging me and for the life of me I don't see why ...
n

Noah Talerman

03/30/2022, 2:49 PM
Home page will not show software and vulnerabilities anymore after updating from 4.7 to 4.10 and 4.11 .. Its bugging me and for the life of me I don’t see why ...
Hey Marc, sorry that you’re experiencing this issue. As of 4.10, Fleet includes a “Hosts” count for each software item (see image below). Because calculating these counts on each request introduces significant load time, Fleet updates these counts at a configurable interval. Fleet also updates the list of software and “Vulnerabilities” at the same interval. This is why, when upgrading, it may take time for software to show at all. Thank you for your feedback. Hearing that the current “wait an hour” experience is frustrating is very helpful. This is something we’ll likely to improve in later Fleet versions. Please follow up in this thread if the software still does not show up. If so, there may be a different, unexpected issue going on.
m

Marc Roelofs

03/30/2022, 3:06 PM
Thanks @Noah Talerman I've now been able to match the config of my prod env ( runnign on v 4.7.0 still) and my test env running 4.11.0 . Using
fleetctl get config --include-server-config
The output is exactly the same (aside from user and url of course) and a few newer parameters in 4.11.0 . Prod runs 590 clients , and test only 4 . I restarted ( scaled to 0 and 1 in K8s) after applying some "patches" to the vulnerabilities path, making both envs exactly the same. At this moment only 20 minutes to hit the 1 hour mark , but still no show on the home page yet ...
k

Kathy Satterlee

03/30/2022, 5:14 PM
Hoping no news is good news here, @Marc Roelofs. Is software inventory up and running for you?
m

Marc Roelofs

03/30/2022, 6:13 PM
Hi @Kathy Satterlee unfortunately not ☹️. 🤷🤷‍♂️
k

Kathy Satterlee

03/30/2022, 11:25 PM
Are you seeing any errors in the fleet server logs or the browser’s network requests?
m

Marc Roelofs

03/31/2022, 6:03 AM
JS Console , Network (all 200's), and the Fleet k8s pods log
On test I get the following when running fleetctl get software , where as prod dumps a complete software list .
2 Views