Leonoor S
11/30/2021, 10:25 AMTomas Touceda
11/30/2021, 12:18 PMLeonoor S
11/30/2021, 1:22 PMTomas Touceda
11/30/2021, 1:33 PMfleetctl get config --include-server-config
? Also, how are you running fleet serve exactly?Leonoor S
11/30/2021, 1:35 PMapiVersion: v1
kind: config
spec:
agent_options:
config:
decorators:
load:
- SELECT uuid AS host_uuid FROM system_info;
- SELECT hostname AS hostname FROM system_info;
options:
disable_distributed: false
distributed_interval: 10
distributed_plugin: tls
distributed_tls_max_attempts: 3
logger_plugin: tls
logger_tls_endpoint: /api/v1/osquery/log
logger_tls_period: 10
pack_delimiter: /
overrides: {}
host_expiry_settings:
host_expiry_enabled: false
host_expiry_window: 0
host_settings:
enable_host_users: true
enable_software_inventory: true
license:
expiration: "0001-01-01T00:00:00Z"
tier: free
logging:
debug: false
json: true
result:
config:
enable_log_compression: false
enable_log_rotation: false
result_log_file: /tmp/osquery_result
status_log_file: /tmp/osquery_status
plugin: filesystem
status:
config:
enable_log_compression: false
enable_log_rotation: false
result_log_file: /tmp/osquery_result
status_log_file: /tmp/osquery_status
plugin: filesystem
org_info:
org_logo_url: XXXXXXX
org_name: XXXXXXX
server_settings:
deferred_save_host: false
enable_analytics: true
live_query_disabled: false
server_url: XXXXXXXXX
smtp_settings:
authentication_method: authmethod_plain
authentication_type: authtype_username_password
configured: false
domain: ""
enable_smtp: false
enable_ssl_tls: false
enable_start_tls: true
password: ""
port: 587
sender_address: ""
server: ""
user_name: ""
verify_ssl_certs: false
sso_settings:
enable_sso: false
enable_sso_idp_login: false
entity_id: ""
idp_image_url: ""
idp_name: ""
issuer_uri: ""
metadata: ""
metadata_url: ""
update_interval:
osquery_detail: 3600000000000
osquery_policy: 3600000000000
vulnerabilities:
cpe_database_url: ""
current_instance_checks: auto
cve_feed_prefix_url: ""
databases_path: /home/ubuntu/vulnfeeds
disable_data_sync: false
periodicity: 3600000000000
vulnerability_settings:
databases_path: ""
webhook_settings:
host_status_webhook:
days_count: 0
destination_url: ""
enable_host_status_webhook: false
host_percentage: 0
interval: 24h0m0s
Tomas Touceda
11/30/2021, 1:38 PMLeonoor S
11/30/2021, 1:40 PMUsing config file: /tmp/fleet.yml
{"component":"redis","level":"info","mode":"standalone","ts":"2021-11-30T13:39:19.152168268Z"}
{"component":"crons","cron":"vulnerabilities","databases-path":"/home/ubuntu/vulnfeeds","level":"info","ts":"2021-11-30T13:39:19.167740856Z"}
{"component":"crons","cron":"vulnerabilities","level":"info","periodicity":"1h0m0s","ts":"2021-11-30T13:39:19.167895617Z"}
{"address":"0.0.0.0:8080","msg":"listening","transport":"https","ts":"2021-11-30T13:39:19.198993334Z"}
Tomas Touceda
11/30/2021, 1:52 PM"cron":"vulnerabilities"
?Leonoor S
11/30/2021, 1:53 PMTomas Touceda
11/30/2021, 2:01 PMLeonoor S
11/30/2021, 2:04 PMTomas Touceda
11/30/2021, 2:07 PMLeonoor S
11/30/2021, 2:08 PMTomas Touceda
11/30/2021, 2:11 PMfleetctl get software --yaml
to get a full list of software and vulnerabilities foundLeonoor S
11/30/2021, 2:11 PM