From 531ef1eddcead954f1fa9c0394797df478d1060b Mon Sep 17 00:00:00 2001 From: Guillaume Ross Date: Tue, 15 Feb 2022 14:35:11 -0500 Subject: [PATCH] Adding disk encryption policy query for Linux (#4211) On website + constants.ts. Does not support all Linux encryption scenarios, we will add more to this query as we discover the patterns people need. Closes #4208 --- .../standard-query-library.yml | 10 +++++++++ frontend/utilities/constants.ts | 21 ++++++++++++++----- 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml index 6931bf1b66..e235c514ea 100644 --- a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml +++ b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml @@ -670,6 +670,16 @@ spec: --- apiVersion: v1 kind: policy +spec: + name: Full disk encryption enabled (Linux) + query: SELECT 1 FROM disk_encryption WHERE encrypted=1 AND name LIKE '/dev/dm-1'; + description: Checks if the root drive is encrypted. There are many ways to encrypt Linux systems. This is the default on distributions such as Ubuntu. + resolution: "Ensure the image deployed to your Linux workstation includes full disk encryption." + platforms: Linux + contributors: GuillaumeRoss +--- +apiVersion: v1 +kind: policy spec: name: System Integrity Protection enabled (macOS) query: SELECT 1 FROM sip_config WHERE config_flag = 'sip' AND enabled = 1; diff --git a/frontend/utilities/constants.ts b/frontend/utilities/constants.ts index 4fa1d4ed6f..2d89091d69 100644 --- a/frontend/utilities/constants.ts +++ b/frontend/utilities/constants.ts @@ -59,6 +59,17 @@ export const DEFAULT_POLICIES = [ }, { key: 5, + query: + "SELECT 1 FROM disk_encryption WHERE encrypted=1 AND name LIKE '/dev/dm-1';", + name: "Full disk encryption enabled (Linux)", + description: + "Checks if the dm-1 device is encrypted. There are many ways to encrypt Linux systems. This is the default on distributions such as Ubuntu. You may need to adapt this query, or submit an issue in the Fleet repo.", + resolution: + "Ensure the image deployed to your Linux workstation includes full disk encryption.", + platform: "linux", + }, + { + key: 6, query: "SELECT 1 FROM disk_encryption WHERE user_uuid IS NOT '' AND filevault_status = 'on' LIMIT 1;", name: "Full disk encryption enabled (macOS)", @@ -69,7 +80,7 @@ export const DEFAULT_POLICIES = [ platform: "darwin", }, { - key: 6, + key: 7, query: "SELECT 1 FROM bitlocker_info WHERE protection_status = 1;", name: "Full disk encryption enabled (Windows)", description: @@ -79,7 +90,7 @@ export const DEFAULT_POLICIES = [ platform: "windows", }, { - key: 7, + key: 8, query: "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;", name: "Gatekeeper enabled (macOS)", description: @@ -89,7 +100,7 @@ export const DEFAULT_POLICIES = [ platform: "darwin", }, { - key: 8, + key: 9, query: "SELECT 1 FROM managed_policies WHERE domain = 'com.apple.MCX' AND name = 'DisableGuestAccount' AND value = 1 LIMIT 1;", name: "Guest users disabled (macOS)", @@ -100,7 +111,7 @@ export const DEFAULT_POLICIES = [ platform: "darwin", }, { - key: 9, + key: 10, query: "SELECT 1 FROM managed_policies WHERE domain = 'com.apple.Terminal' AND name = 'SecureKeyboardEntry' AND value = 1 LIMIT 1;", name: "Secure keyboard entry for Terminal.app enabled (macOS)", @@ -110,7 +121,7 @@ export const DEFAULT_POLICIES = [ platform: "darwin", }, { - key: 10, + key: 11, query: "SELECT 1 FROM sip_config WHERE config_flag = 'sip' AND enabled = 1;", name: "System Integrity Protection enabled (macOS)",