Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91

Update osquery flags to 5.12.2 (#19338)

Browse source 
#17375

Updating the osquery flags for 5.12.2
And making the changes so that we can just run `cd server/fleet/ && go
generate` on a macOS host every time we need to do this.

Manual tested by setting `logger_tls_backoff_max` in Fleet agent
settings (which is a 5.12.0 flag).

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality

---------

Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
This commit is contained in:
Lucas Manuel Rodriguez 2024-06-10 17:02:49 -03:00 committed by GitHub
parent 3dbdbc1bcf
commit 01dd0c7c4d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 459 additions and 321 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changes/17365-update-osquery-flags Normal file
View file

@ -0,0 +1 @@
* Update osquery flags with new flags added on 5.12.X.

309
server/fleet/agent_options.go
View file

@ -9,6 +9,8 @@ import (
"strings"
)
//go:generate go run ../../tools/osquery-agent-options agent_options_generated.go
type AgentOptions struct {
// Config is the base config options.
Config json.RawMessage `json:"config"`
@ -153,9 +155,6 @@ func validateJSONAgentOptionsExtensions(ctx context.Context, ds Datastore, optsE
// JSON definition of the available configuration options in osquery.
// See https://osquery.readthedocs.io/en/stable/deployment/configuration/#configuration-specification
//
// NOTE: Update the following line with the version used for validation.
// Current version: 5.11.0
type osqueryAgentOptions struct {
Options osqueryOptions `json:"options"`
@ -212,310 +211,6 @@ type osqueryAgentOptions struct {
} `json:"events"`
}
// NOTE: generate automatically with `go run ./tools/osquery-agent-options/main.go`
type osqueryOptions struct {
AuditAllowConfig bool `json:"audit_allow_config"`
AuditAllowFimEvents bool `json:"audit_allow_fim_events"`
AuditAllowProcessEvents bool `json:"audit_allow_process_events"`
AuditAllowSockets bool `json:"audit_allow_sockets"`
AuditAllowUserEvents bool `json:"audit_allow_user_events"`
AugeasLenses string `json:"augeas_lenses"`
AwsAccessKeyId string `json:"aws_access_key_id"`
AwsDebug bool `json:"aws_debug"`
AwsDisableImdsv1Fallback bool `json:"aws_disable_imdsv1_fallback"`
AwsEnableProxy bool `json:"aws_enable_proxy"`
AwsFirehoseEndpoint string `json:"aws_firehose_endpoint"`
AwsFirehosePeriod uint64 `json:"aws_firehose_period"`
AwsFirehoseRegion string `json:"aws_firehose_region"`
AwsFirehoseStream string `json:"aws_firehose_stream"`
AwsImdsv2RequestAttempts uint32 `json:"aws_imdsv2_request_attempts"`
AwsImdsv2RequestInterval uint32 `json:"aws_imdsv2_request_interval"`
AwsKinesisDisableLogStatus bool `json:"aws_kinesis_disable_log_status"`
AwsKinesisEndpoint string `json:"aws_kinesis_endpoint"`
AwsKinesisPeriod uint64 `json:"aws_kinesis_period"`
AwsKinesisRandomPartitionKey bool `json:"aws_kinesis_random_partition_key"`
AwsKinesisRegion string `json:"aws_kinesis_region"`
AwsKinesisStream string `json:"aws_kinesis_stream"`
AwsProfileName string `json:"aws_profile_name"`
AwsProxyHost string `json:"aws_proxy_host"`
AwsProxyPassword string `json:"aws_proxy_password"`
AwsProxyPort uint32 `json:"aws_proxy_port"`
AwsProxyScheme string `json:"aws_proxy_scheme"`
AwsProxyUsername string `json:"aws_proxy_username"`
AwsRegion string `json:"aws_region"`
AwsSecretAccessKey string `json:"aws_secret_access_key"`
AwsSessionToken string `json:"aws_session_token"`
AwsStsArnRole string `json:"aws_sts_arn_role"`
AwsStsRegion string `json:"aws_sts_region"`
AwsStsSessionName string `json:"aws_sts_session_name"`
AwsStsTimeout uint64 `json:"aws_sts_timeout"`
BufferedLogMax uint64 `json:"buffered_log_max"`
DecorationsTopLevel bool `json:"decorations_top_level"`
DisableAudit bool `json:"disable_audit"`
DisableCaching bool `json:"disable_caching"`
DisableDatabase bool `json:"disable_database"`
DisableDecorators bool `json:"disable_decorators"`
DisableDistributed bool `json:"disable_distributed"`
DisableEvents bool `json:"disable_events"`
DisableHashCache bool `json:"disable_hash_cache"`
DisableLogging bool `json:"disable_logging"`
DistributedDenylistDuration uint64 `json:"distributed_denylist_duration"`
DistributedInterval uint64 `json:"distributed_interval"`
DistributedLoginfo bool `json:"distributed_loginfo"`
DistributedPlugin string `json:"distributed_plugin"`
DistributedTlsMaxAttempts uint64 `json:"distributed_tls_max_attempts"`
DistributedTlsReadEndpoint string `json:"distributed_tls_read_endpoint"`
DistributedTlsWriteEndpoint string `json:"distributed_tls_write_endpoint"`
DockerSocket string `json:"docker_socket"`
EnableFileEvents bool `json:"enable_file_events"`
EnableForeign bool `json:"enable_foreign"`
EnableNumericMonitoring bool `json:"enable_numeric_monitoring"`
Ephemeral bool `json:"ephemeral"`
EsFimEnableOpenEvents bool `json:"es_fim_enable_open_events"`
EventsExpiry uint64 `json:"events_expiry"`
EventsMax uint64 `json:"events_max"`
EventsOptimize bool `json:"events_optimize"`
ExperimentList string `json:"experiment_list"`
ExtensionsDefaultIndex bool `json:"extensions_default_index"`
HashCacheMax uint32 `json:"hash_cache_max"`
HostIdentifier string `json:"host_identifier"`
IgnoreTableExceptions bool `json:"ignore_table_exceptions"`
KeychainAccessCache bool `json:"keychain_access_cache"`
KeychainAccessInterval uint32 `json:"keychain_access_interval"`
LoggerEventType bool `json:"logger_event_type"`
LoggerKafkaAcks string `json:"logger_kafka_acks"`
LoggerKafkaBrokers string `json:"logger_kafka_brokers"`
LoggerKafkaCompression string `json:"logger_kafka_compression"`
LoggerKafkaTopic string `json:"logger_kafka_topic"`
LoggerMinStatus int32 `json:"logger_min_status"`
LoggerMinStderr int32 `json:"logger_min_stderr"`
LoggerNumerics bool `json:"logger_numerics"`
LoggerPath string `json:"logger_path"`
LoggerRotate bool `json:"logger_rotate"`
LoggerRotateMaxFiles uint64 `json:"logger_rotate_max_files"`
LoggerRotateSize uint64 `json:"logger_rotate_size"`
LoggerSnapshotEventType bool `json:"logger_snapshot_event_type"`
LoggerSyslogFacility int32 `json:"logger_syslog_facility"`
LoggerSyslogPrependCee bool `json:"logger_syslog_prepend_cee"`
LoggerTlsCompress bool `json:"logger_tls_compress"`
LoggerTlsEndpoint string `json:"logger_tls_endpoint"`
LoggerTlsMaxLines uint64 `json:"logger_tls_max_lines"`
LoggerTlsMaxLinesize uint64 `json:"logger_tls_max_linesize"`
LoggerTlsPeriod uint64 `json:"logger_tls_period"`
Nullvalue string `json:"nullvalue"`
NumericMonitoringFilesystemPath string `json:"numeric_monitoring_filesystem_path"`
NumericMonitoringPlugins string `json:"numeric_monitoring_plugins"`
NumericMonitoringPreAggregationTime uint64 `json:"numeric_monitoring_pre_aggregation_time"`
PackDelimiter string `json:"pack_delimiter"`
PackRefreshInterval uint64 `json:"pack_refresh_interval"`
ReadMax uint64 `json:"read_max"`
ScheduleDefaultInterval uint64 `json:"schedule_default_interval"`
ScheduleEpoch uint64 `json:"schedule_epoch"`
ScheduleLognames bool `json:"schedule_lognames"`
ScheduleMaxDrift uint64 `json:"schedule_max_drift"`
ScheduleReload uint64 `json:"schedule_reload"`
ScheduleSplayPercent uint64 `json:"schedule_splay_percent"`
ScheduleTimeout uint64 `json:"schedule_timeout"`
SpecifiedIdentifier string `json:"specified_identifier"`
TableDelay uint64 `json:"table_delay"`
ThriftStringSizeLimit int32 `json:"thrift_string_size_limit"`
ThriftTimeout uint32 `json:"thrift_timeout"`
ThriftVerbose bool `json:"thrift_verbose"`
TlsDisableStatusLog bool `json:"tls_disable_status_log"`
Verbose bool `json:"verbose"`
WorkerThreads int32 `json:"worker_threads"`
YaraDelay uint32 `json:"yara_delay"`
// embed the os-specific structs
OsqueryCommandLineFlagsLinux
OsqueryCommandLineFlagsWindows
OsqueryCommandLineFlagsMacOS
OsqueryCommandLineFlagsHidden
}
// NOTE: generate automatically with `go run ./tools/osquery-agent-options/main.go`
type osqueryCommandLineFlags struct {
AlarmTimeout uint64 `json:"alarm_timeout"`
AuditAllowConfig bool `json:"audit_allow_config"`
AuditAllowFimEvents bool `json:"audit_allow_fim_events"`
AuditAllowProcessEvents bool `json:"audit_allow_process_events"`
AuditAllowSockets bool `json:"audit_allow_sockets"`
AuditAllowUserEvents bool `json:"audit_allow_user_events"`
AugeasLenses string `json:"augeas_lenses"`
AwsAccessKeyId string `json:"aws_access_key_id"`
AwsDebug bool `json:"aws_debug"`
AwsDisableImdsv1Fallback bool `json:"aws_disable_imdsv1_fallback"`
AwsEnableProxy bool `json:"aws_enable_proxy"`
AwsEnforceFips bool `json:"aws_enforce_fips"`
AwsFirehoseEndpoint string `json:"aws_firehose_endpoint"`
AwsFirehosePeriod uint64 `json:"aws_firehose_period"`
AwsFirehoseRegion string `json:"aws_firehose_region"`
AwsFirehoseStream string `json:"aws_firehose_stream"`
AwsImdsv2RequestAttempts uint32 `json:"aws_imdsv2_request_attempts"`
AwsImdsv2RequestInterval uint32 `json:"aws_imdsv2_request_interval"`
AwsKinesisDisableLogStatus bool `json:"aws_kinesis_disable_log_status"`
AwsKinesisEndpoint string `json:"aws_kinesis_endpoint"`
AwsKinesisPeriod uint64 `json:"aws_kinesis_period"`
AwsKinesisRandomPartitionKey bool `json:"aws_kinesis_random_partition_key"`
AwsKinesisRegion string `json:"aws_kinesis_region"`
AwsKinesisStream string `json:"aws_kinesis_stream"`
AwsProfileName string `json:"aws_profile_name"`
AwsProxyHost string `json:"aws_proxy_host"`
AwsProxyPassword string `json:"aws_proxy_password"`
AwsProxyPort uint32 `json:"aws_proxy_port"`
AwsProxyScheme string `json:"aws_proxy_scheme"`
AwsProxyUsername string `json:"aws_proxy_username"`
AwsRegion string `json:"aws_region"`
AwsSecretAccessKey string `json:"aws_secret_access_key"`
AwsSessionToken string `json:"aws_session_token"`
AwsStsArnRole string `json:"aws_sts_arn_role"`
AwsStsRegion string `json:"aws_sts_region"`
AwsStsSessionName string `json:"aws_sts_session_name"`
AwsStsTimeout uint64 `json:"aws_sts_timeout"`
BufferedLogMax uint64 `json:"buffered_log_max"`
CarverBlockSize uint32 `json:"carver_block_size"`
CarverCompression bool `json:"carver_compression"`
CarverContinueEndpoint string `json:"carver_continue_endpoint"`
CarverDisableFunction bool `json:"carver_disable_function"`
CarverExpiry uint32 `json:"carver_expiry"`
CarverStartEndpoint string `json:"carver_start_endpoint"`
ConfigAcceleratedRefresh uint64 `json:"config_accelerated_refresh"`
ConfigCheck bool `json:"config_check"`
ConfigDump bool `json:"config_dump"`
ConfigEnableBackup bool `json:"config_enable_backup"`
ConfigPath string `json:"config_path"`
ConfigPlugin string `json:"config_plugin"`
ConfigRefresh uint64 `json:"config_refresh"`
ConfigTlsEndpoint string `json:"config_tls_endpoint"`
ConfigTlsMaxAttempts uint64 `json:"config_tls_max_attempts"`
Daemonize bool `json:"daemonize"`
DatabaseDump bool `json:"database_dump"`
DatabasePath string `json:"database_path"`
DecorationsTopLevel bool `json:"decorations_top_level"`
DisableAudit bool `json:"disable_audit"`
DisableCaching bool `json:"disable_caching"`
DisableCarver bool `json:"disable_carver"`
DisableDatabase bool `json:"disable_database"`
DisableDecorators bool `json:"disable_decorators"`
DisableDistributed bool `json:"disable_distributed"`
DisableEnrollment bool `json:"disable_enrollment"`
DisableEvents bool `json:"disable_events"`
DisableExtensions bool `json:"disable_extensions"`
DisableHashCache bool `json:"disable_hash_cache"`
DisableLogging bool `json:"disable_logging"`
DisableReenrollment bool `json:"disable_reenrollment"`
DisableTables string `json:"disable_tables"`
DisableWatchdog bool `json:"disable_watchdog"`
DistributedDenylistDuration uint64 `json:"distributed_denylist_duration"`
DistributedInterval uint64 `json:"distributed_interval"`
DistributedLoginfo bool `json:"distributed_loginfo"`
DistributedPlugin string `json:"distributed_plugin"`
DistributedTlsMaxAttempts uint64 `json:"distributed_tls_max_attempts"`
DistributedTlsReadEndpoint string `json:"distributed_tls_read_endpoint"`
DistributedTlsWriteEndpoint string `json:"distributed_tls_write_endpoint"`
DockerSocket string `json:"docker_socket"`
EnableExtensionsWatchdog bool `json:"enable_extensions_watchdog"`
EnableFileEvents bool `json:"enable_file_events"`
EnableForeign bool `json:"enable_foreign"`
EnableNumericMonitoring bool `json:"enable_numeric_monitoring"`
EnableTables string `json:"enable_tables"`
EnableWatchdogDebug bool `json:"enable_watchdog_debug"`
EnrollAlways bool `json:"enroll_always"`
EnrollSecretEnv string `json:"enroll_secret_env"`
EnrollSecretPath string `json:"enroll_secret_path"`
EnrollTlsEndpoint string `json:"enroll_tls_endpoint"`
Ephemeral bool `json:"ephemeral"`
EsFimEnableOpenEvents bool `json:"es_fim_enable_open_events"`
EventsExpiry uint64 `json:"events_expiry"`
EventsMax uint64 `json:"events_max"`
EventsOptimize bool `json:"events_optimize"`
ExperimentList string `json:"experiment_list"`
ExtensionsAutoload string `json:"extensions_autoload"`
ExtensionsDefaultIndex bool `json:"extensions_default_index"`
ExtensionsInterval string `json:"extensions_interval"`
ExtensionsRequire string `json:"extensions_require"`
ExtensionsSocket string `json:"extensions_socket"`
ExtensionsTimeout string `json:"extensions_timeout"`
Force bool `json:"force"`
HashCacheMax uint32 `json:"hash_cache_max"`
HostIdentifier string `json:"host_identifier"`
IgnoreTableExceptions bool `json:"ignore_table_exceptions"`
Install bool `json:"install"`
KeychainAccessCache bool `json:"keychain_access_cache"`
KeychainAccessInterval uint32 `json:"keychain_access_interval"`
LoggerEventType bool `json:"logger_event_type"`
LoggerKafkaAcks string `json:"logger_kafka_acks"`
LoggerKafkaBrokers string `json:"logger_kafka_brokers"`
LoggerKafkaCompression string `json:"logger_kafka_compression"`
LoggerKafkaTopic string `json:"logger_kafka_topic"`
LoggerMinStatus int32 `json:"logger_min_status"`
LoggerMinStderr int32 `json:"logger_min_stderr"`
LoggerMode string `json:"logger_mode"`
LoggerNumerics bool `json:"logger_numerics"`
LoggerPath string `json:"logger_path"`
LoggerPlugin string `json:"logger_plugin"`
LoggerRotate bool `json:"logger_rotate"`
LoggerRotateMaxFiles uint64 `json:"logger_rotate_max_files"`
LoggerRotateSize uint64 `json:"logger_rotate_size"`
LoggerSnapshotEventType bool `json:"logger_snapshot_event_type"`
LoggerStderr bool `json:"logger_stderr"`
LoggerSyslogFacility int32 `json:"logger_syslog_facility"`
LoggerSyslogPrependCee bool `json:"logger_syslog_prepend_cee"`
LoggerTlsCompress bool `json:"logger_tls_compress"`
LoggerTlsEndpoint string `json:"logger_tls_endpoint"`
LoggerTlsMaxLines uint64 `json:"logger_tls_max_lines"`
LoggerTlsMaxLinesize uint64 `json:"logger_tls_max_linesize"`
LoggerTlsPeriod uint64 `json:"logger_tls_period"`
Logtostderr bool `json:"logtostderr"`
Nullvalue string `json:"nullvalue"`
NumericMonitoringFilesystemPath string `json:"numeric_monitoring_filesystem_path"`
NumericMonitoringPlugins string `json:"numeric_monitoring_plugins"`
NumericMonitoringPreAggregationTime uint64 `json:"numeric_monitoring_pre_aggregation_time"`
PackDelimiter string `json:"pack_delimiter"`
PackRefreshInterval uint64 `json:"pack_refresh_interval"`
Pidfile string `json:"pidfile"`
ProxyHostname string `json:"proxy_hostname"`
ReadMax uint64 `json:"read_max"`
ScheduleDefaultInterval uint64 `json:"schedule_default_interval"`
ScheduleEpoch uint64 `json:"schedule_epoch"`
ScheduleLognames bool `json:"schedule_lognames"`
ScheduleMaxDrift uint64 `json:"schedule_max_drift"`
ScheduleReload uint64 `json:"schedule_reload"`
ScheduleSplayPercent uint64 `json:"schedule_splay_percent"`
ScheduleTimeout uint64 `json:"schedule_timeout"`
SpecifiedIdentifier string `json:"specified_identifier"`
Stderrthreshold int32 `json:"stderrthreshold"`
TableDelay uint64 `json:"table_delay"`
ThriftStringSizeLimit int32 `json:"thrift_string_size_limit"`
ThriftTimeout uint32 `json:"thrift_timeout"`
ThriftVerbose bool `json:"thrift_verbose"`
TlsClientCert string `json:"tls_client_cert"`
TlsClientKey string `json:"tls_client_key"`
TlsDisableStatusLog bool `json:"tls_disable_status_log"`
TlsEnrollMaxAttempts uint64 `json:"tls_enroll_max_attempts"`
TlsEnrollMaxInterval uint64 `json:"tls_enroll_max_interval"`
TlsHostname string `json:"tls_hostname"`
TlsServerCerts string `json:"tls_server_certs"`
TlsSessionReuse bool `json:"tls_session_reuse"`
TlsSessionTimeout uint32 `json:"tls_session_timeout"`
Uninstall bool `json:"uninstall"`
Verbose bool `json:"verbose"`
WatchdogDelay uint64 `json:"watchdog_delay"`
WatchdogForcedShutdownDelay uint64 `json:"watchdog_forced_shutdown_delay"`
WatchdogLatencyLimit uint64 `json:"watchdog_latency_limit"`
WatchdogLevel int32 `json:"watchdog_level"`
WatchdogMemoryLimit uint64 `json:"watchdog_memory_limit"`
WatchdogUtilizationLimit uint64 `json:"watchdog_utilization_limit"`
WorkerThreads int32 `json:"worker_threads"`
YaraDelay uint32 `json:"yara_delay"`
// embed the os-specific structs
OsqueryCommandLineFlagsLinux
OsqueryCommandLineFlagsWindows
OsqueryCommandLineFlagsMacOS
OsqueryCommandLineFlagsHidden
}
// the following structs are for OS-specific command-line flags supported by
// osquery. They are exported so they can be used by the
// tools/osquery-agent-options script.

306
server/fleet/agent_options_generated.go Normal file
View file

@ -0,0 +1,306 @@
// Automatically generated by tools/osquery-agent-options for osquery 5.12.2. DO NOT EDIT!
// To update flags for a new osquery version, update the osqueryVersion variable in
// "tools/osquery-agent-options/main.go" and run "cd server/fleet/ && go generate".
package fleet
type osqueryOptions struct {
AuditAllowConfig bool `json:"audit_allow_config"`
AuditAllowFimEvents bool `json:"audit_allow_fim_events"`
AuditAllowProcessEvents bool `json:"audit_allow_process_events"`
AuditAllowSockets bool `json:"audit_allow_sockets"`
AuditAllowUserEvents bool `json:"audit_allow_user_events"`
AugeasLenses string `json:"augeas_lenses"`
AwsAccessKeyId string `json:"aws_access_key_id"`
AwsDebug bool `json:"aws_debug"`
AwsDisableImdsv1Fallback bool `json:"aws_disable_imdsv1_fallback"`
AwsEnableProxy bool `json:"aws_enable_proxy"`
AwsFirehoseEndpoint string `json:"aws_firehose_endpoint"`
AwsFirehosePeriod uint64 `json:"aws_firehose_period"`
AwsFirehoseRegion string `json:"aws_firehose_region"`
AwsFirehoseStream string `json:"aws_firehose_stream"`
AwsImdsv2RequestAttempts uint32 `json:"aws_imdsv2_request_attempts"`
AwsImdsv2RequestInterval uint32 `json:"aws_imdsv2_request_interval"`
AwsKinesisDisableLogStatus bool `json:"aws_kinesis_disable_log_status"`
AwsKinesisEndpoint string `json:"aws_kinesis_endpoint"`
AwsKinesisPeriod uint64 `json:"aws_kinesis_period"`
AwsKinesisRandomPartitionKey bool `json:"aws_kinesis_random_partition_key"`
AwsKinesisRegion string `json:"aws_kinesis_region"`
AwsKinesisStream string `json:"aws_kinesis_stream"`
AwsProfileName string `json:"aws_profile_name"`
AwsProxyHost string `json:"aws_proxy_host"`
AwsProxyPassword string `json:"aws_proxy_password"`
AwsProxyPort uint32 `json:"aws_proxy_port"`
AwsProxyScheme string `json:"aws_proxy_scheme"`
AwsProxyUsername string `json:"aws_proxy_username"`
AwsRegion string `json:"aws_region"`
AwsSecretAccessKey string `json:"aws_secret_access_key"`
AwsSessionToken string `json:"aws_session_token"`
AwsStsArnRole string `json:"aws_sts_arn_role"`
AwsStsRegion string `json:"aws_sts_region"`
AwsStsSessionName string `json:"aws_sts_session_name"`
AwsStsTimeout uint64 `json:"aws_sts_timeout"`
BufferedLogMax uint64 `json:"buffered_log_max"`
DecorationsTopLevel bool `json:"decorations_top_level"`
DisableAudit bool `json:"disable_audit"`
DisableCaching bool `json:"disable_caching"`
DisableDatabase bool `json:"disable_database"`
DisableDecorators bool `json:"disable_decorators"`
DisableDistributed bool `json:"disable_distributed"`
DisableEvents bool `json:"disable_events"`
DisableHashCache bool `json:"disable_hash_cache"`
DisableLogging bool `json:"disable_logging"`
DistributedDenylistDuration uint64 `json:"distributed_denylist_duration"`
DistributedInterval uint64 `json:"distributed_interval"`
DistributedLoginfo bool `json:"distributed_loginfo"`
DistributedPlugin string `json:"distributed_plugin"`
DistributedTlsMaxAttempts uint64 `json:"distributed_tls_max_attempts"`
DistributedTlsReadEndpoint string `json:"distributed_tls_read_endpoint"`
DistributedTlsWriteEndpoint string `json:"distributed_tls_write_endpoint"`
DockerSocket string `json:"docker_socket"`
EnableFileEvents bool `json:"enable_file_events"`
EnableForeign bool `json:"enable_foreign"`
EnableNumericMonitoring bool `json:"enable_numeric_monitoring"`
Ephemeral bool `json:"ephemeral"`
EsFimEnableOpenEvents bool `json:"es_fim_enable_open_events"`
EventsExpiry uint64 `json:"events_expiry"`
EventsMax uint64 `json:"events_max"`
EventsOptimize bool `json:"events_optimize"`
ExperimentList string `json:"experiment_list"`
ExtensionsDefaultIndex bool `json:"extensions_default_index"`
HashCacheMax uint32 `json:"hash_cache_max"`
HostIdentifier string `json:"host_identifier"`
IgnoreTableExceptions bool `json:"ignore_table_exceptions"`
KeychainAccessCache bool `json:"keychain_access_cache"`
KeychainAccessInterval uint32 `json:"keychain_access_interval"`
LoggerEventType bool `json:"logger_event_type"`
LoggerKafkaAcks string `json:"logger_kafka_acks"`
LoggerKafkaBrokers string `json:"logger_kafka_brokers"`
LoggerKafkaCompression string `json:"logger_kafka_compression"`
LoggerKafkaTopic string `json:"logger_kafka_topic"`
LoggerMinStatus int32 `json:"logger_min_status"`
LoggerMinStderr int32 `json:"logger_min_stderr"`
LoggerNumerics bool `json:"logger_numerics"`
LoggerPath string `json:"logger_path"`
LoggerRotate bool `json:"logger_rotate"`
LoggerRotateMaxFiles uint64 `json:"logger_rotate_max_files"`
LoggerRotateSize uint64 `json:"logger_rotate_size"`
LoggerSnapshotEventType bool `json:"logger_snapshot_event_type"`
LoggerSyslogFacility int32 `json:"logger_syslog_facility"`
LoggerSyslogPrependCee bool `json:"logger_syslog_prepend_cee"`
LoggerTlsBackoffMax uint64 `json:"logger_tls_backoff_max"`
LoggerTlsCompress bool `json:"logger_tls_compress"`
LoggerTlsEndpoint string `json:"logger_tls_endpoint"`
LoggerTlsMaxLines uint64 `json:"logger_tls_max_lines"`
LoggerTlsMaxLinesize uint64 `json:"logger_tls_max_linesize"`
LoggerTlsPeriod uint64 `json:"logger_tls_period"`
Nullvalue string `json:"nullvalue"`
NumericMonitoringFilesystemPath string `json:"numeric_monitoring_filesystem_path"`
NumericMonitoringPlugins string `json:"numeric_monitoring_plugins"`
NumericMonitoringPreAggregationTime uint64 `json:"numeric_monitoring_pre_aggregation_time"`
PackDelimiter string `json:"pack_delimiter"`
PackRefreshInterval uint64 `json:"pack_refresh_interval"`
ReadMax uint64 `json:"read_max"`
ScheduleDefaultInterval uint64 `json:"schedule_default_interval"`
ScheduleEpoch uint64 `json:"schedule_epoch"`
ScheduleLognames bool `json:"schedule_lognames"`
ScheduleMaxDrift uint64 `json:"schedule_max_drift"`
ScheduleReload uint64 `json:"schedule_reload"`
ScheduleSplayPercent uint64 `json:"schedule_splay_percent"`
ScheduleTimeout uint64 `json:"schedule_timeout"`
SpecifiedIdentifier string `json:"specified_identifier"`
TableDelay uint64 `json:"table_delay"`
ThriftStringSizeLimit int32 `json:"thrift_string_size_limit"`
ThriftTimeout uint32 `json:"thrift_timeout"`
ThriftVerbose bool `json:"thrift_verbose"`
TlsDisableStatusLog bool `json:"tls_disable_status_log"`
Verbose bool `json:"verbose"`
YaraDelay uint32 `json:"yara_delay"`
// embed the os-specific structs
OsqueryCommandLineFlagsLinux
OsqueryCommandLineFlagsWindows
OsqueryCommandLineFlagsMacOS
OsqueryCommandLineFlagsHidden
}
type osqueryCommandLineFlags struct {
AlarmTimeout uint64 `json:"alarm_timeout"`
AuditAllowConfig bool `json:"audit_allow_config"`
AuditAllowFimEvents bool `json:"audit_allow_fim_events"`
AuditAllowProcessEvents bool `json:"audit_allow_process_events"`
AuditAllowSockets bool `json:"audit_allow_sockets"`
AuditAllowUserEvents bool `json:"audit_allow_user_events"`
AugeasLenses string `json:"augeas_lenses"`
AwsAccessKeyId string `json:"aws_access_key_id"`
AwsDebug bool `json:"aws_debug"`
AwsDisableImdsv1Fallback bool `json:"aws_disable_imdsv1_fallback"`
AwsEnableProxy bool `json:"aws_enable_proxy"`
AwsEnforceFips bool `json:"aws_enforce_fips"`
AwsFirehoseEndpoint string `json:"aws_firehose_endpoint"`
AwsFirehosePeriod uint64 `json:"aws_firehose_period"`
AwsFirehoseRegion string `json:"aws_firehose_region"`
AwsFirehoseStream string `json:"aws_firehose_stream"`
AwsImdsv2RequestAttempts uint32 `json:"aws_imdsv2_request_attempts"`
AwsImdsv2RequestInterval uint32 `json:"aws_imdsv2_request_interval"`
AwsKinesisDisableLogStatus bool `json:"aws_kinesis_disable_log_status"`
AwsKinesisEndpoint string `json:"aws_kinesis_endpoint"`
AwsKinesisPeriod uint64 `json:"aws_kinesis_period"`
AwsKinesisRandomPartitionKey bool `json:"aws_kinesis_random_partition_key"`
AwsKinesisRegion string `json:"aws_kinesis_region"`
AwsKinesisStream string `json:"aws_kinesis_stream"`
AwsProfileName string `json:"aws_profile_name"`
AwsProxyHost string `json:"aws_proxy_host"`
AwsProxyPassword string `json:"aws_proxy_password"`
AwsProxyPort uint32 `json:"aws_proxy_port"`
AwsProxyScheme string `json:"aws_proxy_scheme"`
AwsProxyUsername string `json:"aws_proxy_username"`
AwsRegion string `json:"aws_region"`
AwsSecretAccessKey string `json:"aws_secret_access_key"`
AwsSessionToken string `json:"aws_session_token"`
AwsStsArnRole string `json:"aws_sts_arn_role"`
AwsStsRegion string `json:"aws_sts_region"`
AwsStsSessionName string `json:"aws_sts_session_name"`
AwsStsTimeout uint64 `json:"aws_sts_timeout"`
BufferedLogMax uint64 `json:"buffered_log_max"`
CarverBlockSize uint32 `json:"carver_block_size"`
CarverCompression bool `json:"carver_compression"`
CarverContinueEndpoint string `json:"carver_continue_endpoint"`
CarverDisableFunction bool `json:"carver_disable_function"`
CarverExpiry uint32 `json:"carver_expiry"`
CarverStartEndpoint string `json:"carver_start_endpoint"`
ConfigAcceleratedRefresh uint64 `json:"config_accelerated_refresh"`
ConfigCheck bool `json:"config_check"`
ConfigDump bool `json:"config_dump"`
ConfigEnableBackup bool `json:"config_enable_backup"`
ConfigPath string `json:"config_path"`
ConfigPlugin string `json:"config_plugin"`
ConfigRefresh uint64 `json:"config_refresh"`
ConfigTlsEndpoint string `json:"config_tls_endpoint"`
ConfigTlsMaxAttempts uint64 `json:"config_tls_max_attempts"`
Daemonize bool `json:"daemonize"`
DatabaseDump bool `json:"database_dump"`
DatabasePath string `json:"database_path"`
DecorationsTopLevel bool `json:"decorations_top_level"`
DisableAudit bool `json:"disable_audit"`
DisableCaching bool `json:"disable_caching"`
DisableCarver bool `json:"disable_carver"`
DisableDatabase bool `json:"disable_database"`
DisableDecorators bool `json:"disable_decorators"`
DisableDistributed bool `json:"disable_distributed"`
DisableEnrollment bool `json:"disable_enrollment"`
DisableEvents bool `json:"disable_events"`
DisableExtensions bool `json:"disable_extensions"`
DisableHashCache bool `json:"disable_hash_cache"`
DisableLogging bool `json:"disable_logging"`
DisableReenrollment bool `json:"disable_reenrollment"`
DisableTables string `json:"disable_tables"`
DisableWatchdog bool `json:"disable_watchdog"`
DistributedDenylistDuration uint64 `json:"distributed_denylist_duration"`
DistributedInterval uint64 `json:"distributed_interval"`
DistributedLoginfo bool `json:"distributed_loginfo"`
DistributedPlugin string `json:"distributed_plugin"`
DistributedTlsMaxAttempts uint64 `json:"distributed_tls_max_attempts"`
DistributedTlsReadEndpoint string `json:"distributed_tls_read_endpoint"`
DistributedTlsWriteEndpoint string `json:"distributed_tls_write_endpoint"`
DockerSocket string `json:"docker_socket"`
EnableExtensionsWatchdog bool `json:"enable_extensions_watchdog"`
EnableFileEvents bool `json:"enable_file_events"`
EnableForeign bool `json:"enable_foreign"`
EnableNumericMonitoring bool `json:"enable_numeric_monitoring"`
EnableTables string `json:"enable_tables"`
EnableWatchdogDebug bool `json:"enable_watchdog_debug"`
EnrollAlways bool `json:"enroll_always"`
EnrollSecretEnv string `json:"enroll_secret_env"`
EnrollSecretPath string `json:"enroll_secret_path"`
EnrollTlsEndpoint string `json:"enroll_tls_endpoint"`
Ephemeral bool `json:"ephemeral"`
EsFimEnableOpenEvents bool `json:"es_fim_enable_open_events"`
EventsExpiry uint64 `json:"events_expiry"`
EventsMax uint64 `json:"events_max"`
EventsOptimize bool `json:"events_optimize"`
ExperimentList string `json:"experiment_list"`
ExtensionsAutoload string `json:"extensions_autoload"`
ExtensionsDefaultIndex bool `json:"extensions_default_index"`
ExtensionsInterval string `json:"extensions_interval"`
ExtensionsRequire string `json:"extensions_require"`
ExtensionsSocket string `json:"extensions_socket"`
ExtensionsTimeout string `json:"extensions_timeout"`
Force bool `json:"force"`
HashCacheMax uint32 `json:"hash_cache_max"`
HostIdentifier string `json:"host_identifier"`
IgnoreTableExceptions bool `json:"ignore_table_exceptions"`
Install bool `json:"install"`
KeychainAccessCache bool `json:"keychain_access_cache"`
KeychainAccessInterval uint32 `json:"keychain_access_interval"`
LoggerEventType bool `json:"logger_event_type"`
LoggerKafkaAcks string `json:"logger_kafka_acks"`
LoggerKafkaBrokers string `json:"logger_kafka_brokers"`
LoggerKafkaCompression string `json:"logger_kafka_compression"`
LoggerKafkaTopic string `json:"logger_kafka_topic"`
LoggerMinStatus int32 `json:"logger_min_status"`
LoggerMinStderr int32 `json:"logger_min_stderr"`
LoggerMode string `json:"logger_mode"`
LoggerNumerics bool `json:"logger_numerics"`
LoggerPath string `json:"logger_path"`
LoggerPlugin string `json:"logger_plugin"`
LoggerRotate bool `json:"logger_rotate"`
LoggerRotateMaxFiles uint64 `json:"logger_rotate_max_files"`
LoggerRotateSize uint64 `json:"logger_rotate_size"`
LoggerSnapshotEventType bool `json:"logger_snapshot_event_type"`
LoggerStderr bool `json:"logger_stderr"`
LoggerSyslogFacility int32 `json:"logger_syslog_facility"`
LoggerSyslogPrependCee bool `json:"logger_syslog_prepend_cee"`
LoggerTlsBackoffMax uint64 `json:"logger_tls_backoff_max"`
LoggerTlsCompress bool `json:"logger_tls_compress"`
LoggerTlsEndpoint string `json:"logger_tls_endpoint"`
LoggerTlsMaxLines uint64 `json:"logger_tls_max_lines"`
LoggerTlsMaxLinesize uint64 `json:"logger_tls_max_linesize"`
LoggerTlsPeriod uint64 `json:"logger_tls_period"`
Logtostderr bool `json:"logtostderr"`
Nullvalue string `json:"nullvalue"`
NumericMonitoringFilesystemPath string `json:"numeric_monitoring_filesystem_path"`
NumericMonitoringPlugins string `json:"numeric_monitoring_plugins"`
NumericMonitoringPreAggregationTime uint64 `json:"numeric_monitoring_pre_aggregation_time"`
PackDelimiter string `json:"pack_delimiter"`
PackRefreshInterval uint64 `json:"pack_refresh_interval"`
Pidfile string `json:"pidfile"`
ProxyHostname string `json:"proxy_hostname"`
ReadMax uint64 `json:"read_max"`
ScheduleDefaultInterval uint64 `json:"schedule_default_interval"`
ScheduleEpoch uint64 `json:"schedule_epoch"`
ScheduleLognames bool `json:"schedule_lognames"`
ScheduleMaxDrift uint64 `json:"schedule_max_drift"`
ScheduleReload uint64 `json:"schedule_reload"`
ScheduleSplayPercent uint64 `json:"schedule_splay_percent"`
ScheduleTimeout uint64 `json:"schedule_timeout"`
SpecifiedIdentifier string `json:"specified_identifier"`
Stderrthreshold int32 `json:"stderrthreshold"`
TableDelay uint64 `json:"table_delay"`
ThriftStringSizeLimit int32 `json:"thrift_string_size_limit"`
ThriftTimeout uint32 `json:"thrift_timeout"`
ThriftVerbose bool `json:"thrift_verbose"`
TlsClientCert string `json:"tls_client_cert"`
TlsClientKey string `json:"tls_client_key"`
TlsDisableStatusLog bool `json:"tls_disable_status_log"`
TlsEnrollMaxAttempts uint64 `json:"tls_enroll_max_attempts"`
TlsEnrollMaxInterval uint64 `json:"tls_enroll_max_interval"`
TlsHostname string `json:"tls_hostname"`
TlsServerCerts string `json:"tls_server_certs"`
TlsSessionReuse bool `json:"tls_session_reuse"`
TlsSessionTimeout uint32 `json:"tls_session_timeout"`
Uninstall bool `json:"uninstall"`
Verbose bool `json:"verbose"`
WatchdogDelay uint64 `json:"watchdog_delay"`
WatchdogForcedShutdownDelay uint64 `json:"watchdog_forced_shutdown_delay"`
WatchdogLatencyLimit uint64 `json:"watchdog_latency_limit"`
WatchdogLevel int32 `json:"watchdog_level"`
WatchdogMemoryLimit uint64 `json:"watchdog_memory_limit"`
WatchdogUtilizationLimit uint64 `json:"watchdog_utilization_limit"`
YaraDelay uint32 `json:"yara_delay"`
// embed the os-specific structs
OsqueryCommandLineFlagsLinux
OsqueryCommandLineFlagsWindows
OsqueryCommandLineFlagsMacOS
OsqueryCommandLineFlagsHidden
}

10
server/fleet/agent_options_test.go
View file

@ -184,6 +184,16 @@ func TestValidateAgentOptions(t *testing.T) {
"orbit": "foobar"
}
}`, true, ``},
{"setting osquery 5.12.X flag in config.options and command_line_flags", `{
"config": {
"options": {
"logger_tls_backoff_max": 100
}
},
"command_line_flags": {
"logger_tls_backoff_max": 200
}
}`, true, ``},
}
for _, c := range cases {

8
tools/osquery-agent-options/README.md
View file

@ -1,12 +1,12 @@
# osquery-agent-options
This directory contains a script (a Go command) that generates the struct needed to unmarshal the Agent Options' `options` values that the current version of osquery supports. It extracts this information from `osqueryd --help` to identify which osquery command-line flags can be set via the options and which are only for the command-line (i.e. require a restart), and running a query in `osqueryi` to get the data type of those options.
This directory contains a script (a Go command) that generates the struct needed to unmarshal the Agent Options' `options` values that the current version of osquery supports. It extracts this information from `osqueryd --help` to identify which osquery command-line flags can be set via the options and which are only for the command-line (i.e. require a restart), and running a query in `osqueryi` (`osqueryd -S`) to get the data type of those options.
It prints the resulting Go code to stdout (the `osqueryOptions` and the `osqueryCommandLineFlags` structs), you can just copy it and insert it in the proper location in the source code to replace the existing struct (in `server/fleet/agent_options.go`).
It writes the resulting Go code to stdout (the `osqueryOptions` and the `osqueryCommandLineFlags` structs) to a file provided as argument.
Note that the latest version of osquery should be installed for this tool to work properly (`osqueryd` and `osqueryi` must be in your $PATH).
This command only supports macOS.
The system that you use to run this on makes a difference. On 5.11.0, this flow was run on macOS.
Whenever there's a new version of osquery, just update the variable `osqueryVersion`.
## OS-specific flags

145
tools/osquery-agent-options/main.go
View file

@ -1,26 +1,41 @@
package main
import (
"archive/tar"
"bufio"
"bytes"
"compress/gzip"
"encoding/json"
"errors"
"fmt"
"io"
"log"
"net/http"
"net/url"
"os"
"os/exec"
"path/filepath"
"regexp"
"runtime"
"strings"
"text/template"
"github.com/fleetdm/fleet/v4/orbit/pkg/constant"
"github.com/fleetdm/fleet/v4/pkg/download"
"github.com/fleetdm/fleet/v4/server/fleet"
)
var (
rxOption = regexp.MustCompile(`\-\-(\w+)\s`)
rxOption = regexp.MustCompile(`\-\-(\w+)\s`)
osqueryVersion = "5.12.2"
structTpl = template.Must(template.New("struct").Funcs(template.FuncMap{
"camelCase": camelCaseOptionName,
}).Parse(`
// NOTE: generate automatically with ` + "`go run ./tools/osquery-agent-options/main.go`" + `
}).Parse(`// Automatically generated by tools/osquery-agent-options for osquery {{ .OsqueryVersion }}. DO NOT EDIT!
// To update flags for a new osquery version, update the osqueryVersion variable in
// "tools/osquery-agent-options/main.go" and run "cd server/fleet/ && go generate".
package fleet
type osqueryOptions struct { {{ range $name, $type := .Options }}
{{camelCase $name}} {{$type}} ` + "`json:\"{{$name}}\"`" + `{{end}}
@ -31,7 +46,6 @@ type osqueryOptions struct { {{ range $name, $type := .Options }}
OsqueryCommandLineFlagsHidden
}
// NOTE: generate automatically with ` + "`go run ./tools/osquery-agent-options/main.go`" + `
type osqueryCommandLineFlags struct { {{ range $name, $type := .Flags }}
{{camelCase $name}} {{$type}} ` + "`json:\"{{$name}}\"`" + `{{end}}
@ -45,11 +59,35 @@ type osqueryCommandLineFlags struct { {{ range $name, $type := .Flags }}
)
type templateData struct {
Options map[string]string
Flags map[string]string
OsqueryVersion string
Options map[string]string
Flags map[string]string
}
func main() {
fmt.Printf("Generating osquery flags for version: %s\n", osqueryVersion)
if runtime.GOOS != "darwin" {
log.Fatal("Currently only supported on macOS")
}
urlStr := fmt.Sprintf("https://tuf.fleetctl.com/targets/osqueryd/macos-app/%s/osqueryd.app.tar.gz", osqueryVersion)
osqueryTUFURL, err := url.Parse(urlStr)
if err != nil {
log.Fatalf("parse osquery TUF URL: %q: %s", urlStr, err)
}
tmpDir, err := os.MkdirTemp("", "")
if err != nil {
log.Fatalf("create temp dir: %s", err)
}
defer os.RemoveAll(tmpDir)
osquerydAppTarGzPath := filepath.Join(tmpDir, "osqueryd.app.tar.gz")
if err := download.Download(http.DefaultClient, osqueryTUFURL, osquerydAppTarGzPath); err != nil {
log.Fatalf("download osqueryd.app.tar.gz to %s: %s", osquerydAppTarGzPath, err)
}
if err := extractTarGz(osquerydAppTarGzPath); err != nil {
log.Fatalf("extract tar.gz %q: %s", osquerydAppTarGzPath, err)
}
osquerydPath := filepath.Join(filepath.Dir(osquerydAppTarGzPath), "osquery.app", "Contents", "MacOS", "osqueryd")
// marshal/unmarshal the OS-specific structs into a map so we have all their
// keys and we can ignore them in the auto-generated structs (because we
// can't auto- generate those, we'd only see the ones that exist on the
@ -71,7 +109,7 @@ func main() {
}
// get the list of flags that are valid as configuration options
b, err = exec.Command("osqueryd", "--help").Output()
b, err = exec.Command(osquerydPath, "--help").Output()
if err != nil {
log.Fatalf("failed to run osqueryd --help: %v", err)
}
@ -118,7 +156,7 @@ func main() {
Name string
Type string
}
b, err = exec.Command("osqueryi", "--json", "SELECT name, type FROM osquery_flags").Output()
b, err = exec.Command(osquerydPath, "-S", "--json", "SELECT name, type FROM osquery_flags").Output()
if err != nil {
log.Fatalf("failed to run osqueryi query: %v", err)
}
@ -159,9 +197,24 @@ func main() {
}
}
if err := structTpl.Execute(os.Stdout, templateData{Options: validOptions, Flags: validFlags}); err != nil {
outputFilePath := os.Args[1]
outputFile, err := os.OpenFile(outputFilePath, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0o644)
if err != nil {
log.Fatalf("open output file %q: %s", outputFilePath, err)
}
defer outputFile.Close()
if err := structTpl.Execute(outputFile, templateData{
OsqueryVersion: osqueryVersion,
Options: validOptions,
Flags: validFlags,
}); err != nil {
log.Fatalf("failed to execute template: %v", err)
}
if err := outputFile.Close(); err != nil {
log.Fatalf("close file %q: %s", outputFilePath, err)
}
}
func camelCaseOptionName(s string) string {
@ -171,3 +224,77 @@ func camelCaseOptionName(s string) string {
}
return strings.Join(parts, "")
}
// sanitizeArchivePath sanitizes the archive file pathing from "G305: Zip Slip vulnerability"
func sanitizeArchivePath(d, t string) (string, error) {
v := filepath.Join(d, t)
if strings.HasPrefix(v, filepath.Clean(d)) {
return v, nil
}
return "", fmt.Errorf("%s: %s", "content filepath is tainted", t)
}
// extractTagGz extracts the contents of the provided tar.gz file.
func extractTarGz(path string) error {
tarGzFile, err := os.OpenFile(path, os.O_RDONLY, 0o755)
if err != nil {
return fmt.Errorf("open %q: %w", path, err)
}
defer tarGzFile.Close()
gzipReader, err := gzip.NewReader(tarGzFile)
if err != nil {
return fmt.Errorf("gzip reader %q: %w", path, err)
}
defer gzipReader.Close()
tarReader := tar.NewReader(gzipReader)
for {
header, err := tarReader.Next()
switch {
case err == nil:
// OK
case errors.Is(err, io.EOF):
return nil
default:
return fmt.Errorf("tar reader %q: %w", path, err)
}
// Prevent zip-slip attack.
if strings.Contains(header.Name, "..") {
return fmt.Errorf("invalid path in tar.gz: %q", header.Name)
}
targetPath, err := sanitizeArchivePath(filepath.Dir(path), header.Name)
if err != nil {
return fmt.Errorf("sanitize failed: %s", err)
}
switch header.Typeflag {
case tar.TypeDir:
if err := os.MkdirAll(targetPath, constant.DefaultDirMode); err != nil {
return fmt.Errorf("mkdir %q: %w", header.Name, err)
}
case tar.TypeReg:
err := func() error {
outFile, err := os.OpenFile(targetPath, os.O_CREATE|os.O_WRONLY, header.FileInfo().Mode())
if err != nil {
return fmt.Errorf("failed to create %q: %w", header.Name, err)
}
defer outFile.Close()
// Ignoring G110 because we are using this on tooling.
if _, err := io.Copy(outFile, tarReader); err != nil { //nolint:gosec
return fmt.Errorf("failed to copy %q: %w", header.Name, err)
}
return nil
}()
if err != nil {
return err
}
default:
return fmt.Errorf("unknown flag type %q: %d", header.Name, header.Typeflag)
}
}
}

1
tools/osquery-agent-options/osquery_5.11.0_codeflags.txt → tools/osquery-agent-options/osquery_5.12.2_codeflags.txt
View file

@ -1,4 +1,3 @@
alarm_timeout
allow_unsafe
alsologtostderr