Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 08:58:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 111

App up to date or not installed + no unencrypted SSH keys (#4989)

Browse source 
* App up to date or not installed

Adding "App installed and up to date OR not present" example

* Removed empty last line

* Update standard-query-library.yml

Added right descriptions and resolution for the Docker example, and added a new query to detect unencrypted SSH keys.

* Update docs/01-Using-Fleet/standard-query-library/standard-query-library.yml

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>

* Update docs/01-Using-Fleet/standard-query-library/standard-query-library.yml

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>

* Update docs/01-Using-Fleet/standard-query-library/standard-query-library.yml

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>

* Update standard-query-library.yml

Updated as per @noahtalerman's review

* Update docs/01-Using-Fleet/standard-query-library/standard-query-library.yml

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
This commit is contained in:
Guillaume Ross 2022-04-12 09:23:55 -04:00 committed by GitHub
parent 4963d08a24
commit 710afb3382
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
View file

@ -597,3 +597,23 @@ spec:
resolution: "Enroll device to MDM"
platforms: macOS
contributors: GuillaumeRoss
---
apiVersion: v1
kind: policy
spec:
name: Application is up to date or not present (macOS)
query: SELECT 1 WHERE EXISTS (SELECT 1 FROM apps a1 WHERE a1.bundle_identifier = 'com.electron.dockerdesktop' AND a1.bundle_short_version>='4.6.1') OR NOT EXISTS (SELECT 1 FROM apps a2 WHERE a2.bundle_identifier = 'com.electron.dockerdesktop');
description: "Checks if the application (Docker Desktop example) is installed and up to date, or not installed. Fails if the application is installed and on a lower version. You can copy this query and replace the bundle_identifier and bundle_version values to apply the same type of policy to other applications."
resolution: "Update Docker or remove it if not used."
platforms: macOS
contributors: GuillaumeRoss
---
apiVersion: v1
kind: policy
spec:
name: SSH keys encrypted
query: SELECT 1 WHERE NOT EXISTS (SELECT 1 FROM users CROSS JOIN user_ssh_keys USING (uid) WHERE encrypted='0');
description: "Required: osquery must have Full Disk Access. Policy passes if all keys are encrypted, including if no keys are present."
resolution: "Use this command to encrypt existing SSH keys by providing the path to the file: ssh-keygen -o -p -f /path/to/file"
platforms: macOS, Linux, Windows
contributors: GuillaumeRoss