Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 08:58:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 111

Cleaning up standard library (#4215)

Browse source 
First cleanup as a part of #4212.
This commit is contained in:
Guillaume Ross 2022-02-15 15:43:16 -05:00 committed by GitHub
parent e29797deb0
commit e68ff05243
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 191 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

192
docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
View file

@ -1,16 +1,6 @@
---
apiVersion: v1
kind: query
spec:
name: Count Apple applications installed
platforms: macOS
description: Get the total number of Apple applications installed on the host system.
query: SELECT COUNT(*) FROM apps WHERE bundle_identifier LIKE 'com.apple.%';
purpose: Informational
contributors: mike-j-thomas,noahtalerman,mikermcneil
---
apiVersion: v1
kind: query
spec:
name: Get OpenSSL versions
platforms: Linux
@ -21,16 +11,6 @@ spec:
---
apiVersion: v1
kind: query
spec:
name: Get whether Gatekeeper is disabled
platforms: macOS
description: Gatekeeper tries to ensure only trusted software is run on a mac machine.
query: SELECT * FROM gatekeeper WHERE assessments_enabled = 0;
purpose: Informational
contributors: zwass
---
apiVersion: v1
kind: query
spec:
name: Get authorized SSH keys
platforms: macOS, Linux
@ -92,16 +72,6 @@ spec:
---
apiVersion: v1
kind: query
spec:
name: Get Homebrew Packages
platforms: macOS
description: Get the installed homebrew package database.
query: SELECT * FROM homebrew_packages;
purpose: Informational
contributors: zwass
---
apiVersion: v1
kind: query
spec:
name: Get installed Linux software
platforms: Linux
@ -152,66 +122,6 @@ spec:
---
apiVersion: v1
kind: query
spec:
name: Get macOS disk free space percentage
platforms: macOS
description: Displays the percentage of free space available on the primary disk partition.
query: SELECT (blocks_available * 100 / blocks) AS pct, * FROM mounts WHERE path = '/';
purpose: Informational
contributors: zwass
---
apiVersion: v1
kind: query
spec:
name: Get mounts
platforms: macOS, Linux
description: Shows system mounted devices and filesystems (not process specific).
query: SELECT device, device_alias, path, type, blocks_size FROM mounts;
purpose: Informational
contributors: zwass
---
apiVersion: v1
kind: query
spec:
name: Get the version of the resident operating system
platforms: macOS, Linux, Windows, FreeBSD
description: Retrieves the version of the host(s) operating system(s).
query: SELECT * FROM os_version;
purpose: Informational
contributors: zwass
---
apiVersion: v1
kind: query
spec:
name: Get platform info
platforms: macOS
description: Shows information about the host platform
query: SELECT vendor, version, date, revision from platform_info;
purpose: Informational
contributors: zwass
---
apiVersion: v1
kind: query
spec:
name: Get startup items
platforms: macOS, Linux, Windows, FreeBSD
description: Shows applications and binaries set as user/login startup items.
query: SELECT * FROM startup_items;
purpose: Informational
contributors: zwass
---
apiVersion: v1
kind: query
spec:
name: Get system logins and logouts
platforms: macOS
description: Get a list of system logins and logouts.
query: SELECT * FROM last;
purpose: Informational
contributors: zwass
---
apiVersion: v1
kind: query
spec:
name: Get current users with active shell/console on the system
platforms: macOS, Linux, Windows, FreeBSD
@ -222,56 +132,6 @@ spec:
---
apiVersion: v1
kind: query
spec:
name: Get system uptime
platforms: macOS, Linux, Windows, FreeBSD
description: Shows the system uptime.
query: SELECT * FROM uptime;
purpose: Informational
contributors: zwass
---
apiVersion: v1
kind: query
spec:
name: Get USB devices
platforms: macOS, Linux
description: Shows all USB devices that are actively plugged into the host system.
query: SELECT * FROM usb_devices;
purpose: Informational
contributors: zwass
---
apiVersion: v1
kind: query
spec:
name: Get wifi status
platforms: macOS
description: Shows information about the wifi network that a host is currently connected to.
query: SELECT * FROM wifi_status;
purpose: Informational
contributors: zwass
---
apiVersion: v1
kind: query
spec:
name: Get Windows machines with unencrypted hard disks
platforms: Windows
description: List all Windows machines with unencrypted hard disks.
query: SELECT * FROM bitlocker_info WHERE protection_status = 0;
purpose: Informational
contributors: zwass
---
apiVersion: v1
kind: query
spec:
name: Get disk encryption status
platforms: macOS, Linux
description: Disk encryption status and information.
query: SELECT * FROM disk_encryption;
purpose: Informational
contributors: anelshaer
---
apiVersion: v1
kind: query
spec:
name: Get unencrypted SSH keys for local accounts
platforms: macOS, Linux, Windows, FreeBSD
@ -294,26 +154,6 @@ spec:
---
apiVersion: v1
kind: query
spec:
name: Get crontab jobs
platforms: macOS, Linux
description: Line parsed values from system and user cron/tab.
query: SELECT * FROM crontab;
purpose: Informational
contributors: anelshaer
---
apiVersion: v1
kind: query
spec:
name: Get suid binaries
platforms: macOS, Linux
description: suid binaries in common locations.
query: SELECT * FROM suid_bin;
purpose: Informational
contributors: zwass
---
apiVersion: v1
kind: query
spec:
name: Get dynamic linker hijacking on Linux (MITRE. T1574.006)
platforms: Linux
@ -390,27 +230,7 @@ spec:
apiVersion: v1
kind: query
spec:
name: Get docker images on a system
platforms: macOS, Linux
description: Docker images information, can be used on normal system or a kubenode.
query: SELECT * FROM docker_images;
purpose: Informational
contributors: anelshaer
---
apiVersion: v1
kind: query
spec:
name: Get docker running containers on a system
platforms: macOS, Linux
description: Docker containers information, can be used on normal system or a kubenode.
query: SELECT * FROM docker_containers;
purpose: Informational
contributors: anelshaer
---
apiVersion: v1
kind: query
spec:
name: Get docker running process on a system
name: Get Docker contained processes on a system
platforms: macOS, Linux
description: Docker containers Processes, can be used on normal system or a kubenode.
query: SELECT c.id, c.name, c.image, c.image_id, c.command, c.created, c.state, c.status, p.cmdline FROM docker_containers c CROSS JOIN docker_container_processes p using(id);
@ -539,16 +359,6 @@ spec:
---
apiVersion: v1
kind: query
spec:
name: Get Mac and Linux machines with unencrypted primary disks
platforms: macOS, Linux
description:
query: SELECT * FROM mounts m, disk_encryption d WHERE m.path= "/" AND m.device = d.name AND d.encrypted = 0;
purpose: Informational
contributors: DominusKelvin
---
apiVersion: v1
kind: query
spec:
name: Get servers with root login in the last 24 hours
platforms: macOS, Linux, Windows