Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-22 16:39:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 121

Update docs: Vulnerability Processing page (#19861)

Browse source 
- Fleet detects vulns (CVEs) for Linux kernels: #18053
This commit is contained in:
Noah Talerman 2024-06-20 13:55:45 -04:00 committed by GitHub
parent e134e740ef
commit c7dfaf45f7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
docs/Using Fleet/Vulnerability-Processing.md
View file

@ -20,51 +20,11 @@ Fleet detects vulnerabilities for these software types:
| ------------------- | ------------------------------------------ | ------------------------------------------------ | ---------------- |
| Apps | ✅ | ✅ | ❌ |
| Browser plugins | Chrome extensions, Firefox extensions | Chrome extensions, Firefox extensions | ❌ |
| Packages | Python, Homebrew | Python, Atom, Chocolatey | Adhere to whatever is defined in the [OVAL definitions](https://github.com/fleetdm/nvd/blob/master/oval_sources.json), except for kernel vulnerabilities and vulnerabilities involving configuration files. Supported distributions: <ul><li>Ubuntu</li><li>RHEL based distros (Red Hat, CentOS, Fedora, and Amazon Linux)</li></ul> |
| Packages | Python, Homebrew | Python, Atom, Chocolatey | Packages defined in the [OVAL definitions](https://github.com/fleetdm/nvd/blob/master/oval_sources.json), except for vulnerabilities involving configuration files. Supported distributions: <ul><li>Ubuntu</li><li>RHEL based distros (Red Hat, CentOS, Fedora, and Amazon Linux)</li></ul> |
| IDE extensions | VS Code extensions | VS Code extensions | VS Code extensions |
As of right now, only app names with all ASCII characters are supported. Apps with names featuring non-ASCII characters, such as Cyrillic, will not generate matches.
## Configuration
When upgrading to Fleet 4.7.0 or later, vulnerability processing is automatically enabled if
vulnerability processing and software inventory are not explicitly disabled.
If you explicitly disabled vulnerability processing, and now would like to enable this feature, first enable the software inventory feature by setting the following app config:
```yaml
---
apiVersion: v1
kind: config
spec:
features:
enable_software_inventory: true
```
Then, enable vulnerability processing by specifying a path where Fleet will download the different
data feeds. This can be done by setting the following app config:
```yaml
---
apiVersion: v1
kind: config
spec:
vulnerabilities:
databases_path: /some/path
```
Or through environment variables:
```text
FLEET_VULNERABILITIES_DATABASES_PATH=/some/path
```
The path specified needs to exist and Fleet needs to be able to read and write to and from it. This is the only mandatory
configuration needed for vulnerability processing to work. Additional options, like vulnerability check frequency, can be
found in the [configuration documentation](https://fleetdm.com/docs/deploying/configuration#vulnerabilities).
You'll need to restart the Fleet instances after changing these settings.
### Advanced configuration
Fleet runs vulnerability downloading and processing via internal scheduled cron job. This internal mechanism is very useful