Changes:
- Standard query library:
- Added three policies to the Standard query library (tagged as premium)
- Changed the `kind` of the "Identify Apple development secrets (macOS)"
query to `policy` because it is an informational query (It returns rows
of results rather than 1 or 0) and removed its `resolution` value
- Updated the build-static-content script to remove platform names from
the end of query names (e.g., (macOS)). This is done to keep the URLs
for queries the same while hiding them in the UI
- Updated the layout of the queries page to match the latest wireframes
and updated the page to only show policies
- Updated the styles and layout of the queries-details page.
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
This PR closes https://github.com/fleetdm/fleet/issues/21108
@noahtalerman, I double-checked all redirects, and they are working.
Clicking through the URLs in [this
spreadsheet](https://docs.google.com/spreadsheets/d/1djVynIMuJK4pT5ziJW12CluVqcaoxxnCLaBO3VXfAt4/edit?usp=sharing)
is a pretty quick way to go through them all. Note that "Audit logs" and
"Understanding host vitals" redirect to the contributor docs on GitHub,
so they will throw a 404 until this is merged.
Some new guides benefitted from a name change, so they make more sense
as stand-alone guides, and also so that we don't have to mess around
with more redirects later. Those name changes followed [this
convention](https://fleetdm.com/handbook/company/communications#headings-and-titles),
which was recently documented in the handbook.
Have fun!
---------
Co-authored-by: Eric <eashaw@sailsjs.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
#17827
Updated 1Password policy to only search one level deep for performance
reasons.
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Removing entry. 1) failed to build again. Now that this is "device
health" this query probably doesn't really fit with the rest of the list
anyway. Sorry for all the approvals...
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
It is very easy for data collection like this to veer into double /
triple negative mulitverse of madness stuff...
That said, I may have a lack of understanding about how the product
works, i.e., that a query literally must return a 0 value & not null in
order to "pass" in a policy. If so, then this works as expected.
However, if a query just needs to return empty (null) & 0 is implied in
the logic that sets a policy flag to green or red, then, as a rule,
queries like this should be always be simplified & should default to
using "positive" as opposed to "negative" logic, i.e., check if
something exists, never check if a thing does NOT exist.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests: Tested by adding dummy Emergency Kit.pdf
files to Desktop & Downloads, running query, then, removing files &
running query.
Closes: #14812
Changes:
- Added a "critical" tag to critical policies in the standard query
library.
- Updated the macOS version used in the "Operating system up to date
(macOS)" policy.
- Updated the name of a policy to be in sentence case ("MDM Enrolled
(macOS)" » "MDM enrolled (macOS)")
- Updated the build-static-content script to add a `critical` attribute
to queries that have the "critical" tag.
- Updated the /queries page to add a "critical" badge to queries that
have the critical attribute.
Fixed markdown syntax for links in a couple places where it was
formatted incorrectly (`(…)[…]` instead of `[…](…)`)
(Fixed one earlier and just searched the docs folder for `)[` to find
these; hopefully this PR nabs the rest.)
Closes: #13691
Changes:
- Added keywords for syntax highlighting to code blocks in documentation
Markdown files.
---------
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Closes: #12611
Changes:
- Added three new documentation sections `/docs/get-started/`,
`/docs/configuration` and `/docs/rest api/`
- Updated folder names: `/docs/Using-Fleet/` » `/docs/Using Fleet` and
`/docs/deploying` » `/docs/deploy/`
- Moved `/docs/using-fleet/process-events.md` to `/articles` and updated
the meta tags to change it into a guide.
- Added support for a new meta tag: `navSection`. This meta tag is used
to organize pages in the sidebar navigation on fleetdm.com/docs
- Moved `docs/using-fleet/application-security.md` and
`docs/using-fleet/security-audits.md` to the security handbook.
- Moved `docs/deploying/load-testing.md` and
`docs/deploying/debugging.md` to the engineering handbook.
- Moved the following files/folders:
- `docs/using-fleet/configuration-files/` »
`docs/configuration/configuration-files/`
- `docs/deploying/configuration.md` »
`docs/configuration/fleet-server-configuration.md`
- `docs/using-fleet/rest-api.md` » `docs/rest-api/rest-api.md`
- `docs/using-fleet/monitoring-fleet.md` » `docs/deploy/rest-api.md`
- Updated filenames:
- `docs/using-fleet/permissions.md` »
`docs/using-fleet/manage-access.md`
- `docs/using-fleet/adding-hosts.md` »
`docs/using-fleet/enroll-hosts.md`
- `docs/using-fleet/teams.md` » `docs/using-fleet/segment-hosts.md`
- `docs/using-fleet/fleet-ctl-agent-updates.md` »
`docs/using-fleet/update-agents.md`
- `docs/using-fleet/chromeos.md` »
`docs/using-fleet/enroll-chromebooks.md`
- Updated the generated markdown in `server/fleet/gen_activity_doc.go`
and `server/service/osquery_utils/gen_queries_doc.go`
- Updated the navigation sidebar and mobile dropdown links on docs pages
to group pages by their `navSection` meta tag.
- Updated fleetdm.com/docs not to show pages in the `docs/contributing/`
folder in the sidebar navigation
- Added redirects for docs pages that have moved.
.
---------
Co-authored-by: Mike Thomas <mthomas@fleetdm.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Changes:
- Added a "MDM required" tag to the queries in the standard query
library that use the `managed_policies` table.
- Updated the build script to add a `requiresMdm` value to queries added
to `builtStaticContent.queries`, and to set it to true if a query has
the "MDM required" tags
- Updated the `/queries` page to add a "Requires MDM" badge to queries
that have `requiresMdm: true`
. . .
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
* Update "No 1Password recovery kits..." policy
- Update policy in standard query library shown on fleetdm.com
- Update policy in standard templates shown in Fleet UI
* Update policy template shown in UI
* Commit Sharvil's exits to standard query library
* Commit Sharvil's edits to policy templates
* Discover Python Packages from Running Python Interpreters documentation
* add hunting tag
Co-authored-by: Guillaume Ross <guillaume@binaryfactory.ca>
* Removed extra quote
Co-authored-by: Guillaume Ross <guillaume@binaryfactory.ca>
Co-authored-by: Guillaume Ross <guillaume@fleetdm.com>
* query for discovering TLS certs
* Update standard-query-library.yml
* Use Nabil as the contributor
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
* More accurate description of query purpose
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
- Remove "[CIS x.x.x]" tags from product
- Add "CIS" tag to all policies in the standard query library on fleetdm.com
- Remove duplicate "Guest users"policy
- Update language in policies' names and descriptions to be consistent
* Adding CIS 1.5 / 1.6 / 2.2.1 to constants.ts
* Adding CIS 1.5 / 1.6 / 2.2.1 to standard query library
* Adding 2.3.1
* Adding 2.3.1 to query library and 2.4.2 to both
* Adding 2.4.10
* Tagging 2.5.1.1
* Tagging 2.5.2.1
* Tagging 2.5.2.2
* Adding 2.5.6
* Adding 2.6.1.4
* Adding 3.6
* Tagging 5.1.2
* Tagging 5.2.2
* Tagging 5.8
The query we have for the screen lock is comprehensive and covers more than one CIS requirement
* Adding 6.1.3 and 6.1.4
- Update "Learn how to use Fleet" docs page to walk a Fleet Sandbox user through adding their device and running a query
- Add a "Get operating system information" query to standard query library for the "Learn how to use Fleet" walkthrough
- Update Fleet's top level README to point users who want to try Fleet to Fleet Sandbox
- Update "How to install osquery..." (macOS, Windows, Linux) blog posts to point users who want to try Fleet to Fleet Sandbox
- Move `fleetctl preview` questions to "Contributing" FAQ section in docs. This is because `fleetctl preview` is now a testing tool for Fleet contributors
- Update "Deploying" docs to point users who want to try Fleet to Fleet Sandbox
* Adding password policy query to the default library
Adding a built-in policy to check the minimum password length on macOS using the recently released password_policy table.
* Addding osquery minimum version + adding query to constants.ts
