#16393
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
#19491
Video demo:
https://www.loom.com/share/c8fca008a9674cc685a5c209d9689271?sid=1f67e6c5-5e0b-4f10-9837-dc5d4c27f858
Changes file not added since this is an undocumented feature for
internal use.
New tests not created since this feature is for internal use, and will
likely be removed in the near future.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Added/updated tests
- [x] Manual QA for all new/changed functionality
for #19500
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
## Addresses #18993
- Return `404` when a user tries to delete team policies from a
non-existent team – see [this precedent in the
codebase](6b3310aa51/server/service/integration_core_test.go (L6212))
for a 404 in this situation
- Add missing authorization check for this action
<img width="1494" alt="Screenshot 2024-06-04 at 6 22 02 PM"
src="https://github.com/fleetdm/fleet/assets/61553566/15b98c7e-5d4b-450c-8403-a062d7d1bd5b">
- [x] Changes file added for user-visible changes in `changes/`,
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
> Related issue; #19526
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
Changes:
- Updated the update-or-create-contact-and-account helper to always set
the integrations admin user as the owner of new accounts and contact
records created.
Got approval from @JoStableford live during our biz ops github time. ..
---------
Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
Added daily standup and weekly Opportunity pipeline review
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
---------
Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
Changelog
ADD:
ADD - 18.10.75.1 (L1) Ensure 'Automatic Data Collection' is set to
'Enabled'
ADD - 18.10.92.2 (L1) Ensure 'Enable features introduced via servicing
that are off by default' is set to 'Disabled'
ADD - 18.10.92.4 (L1) Ensure 'Enable optional updates' is set to
'Disabled'
ADD - 18.8 (L2) Ensure 'Remove Personalized Website Recommendations from
the Recommended section in the Start Menu' is set to 'Enabled'
ADD - 18.9.19 (L1) 'Configure security policy processing: Do not apply
during periodic background processing' is set to 'False'
ADD - 18.9.19 (L1) 'Configure security policy processing: Process even
if the Group Policy objects have not changed' is set to 'True'
ADD - 18.9.25 (L1) Ensure 'Configure password backup directory' is set
to 'Enabled: Active Directory' or 'Enabled: Azure Active Directory'
ADD - 18.9.25 (L1) Ensure 'Enable password encryption' is set to
'Enabled'
ADD - 18.9.25 (L1) Ensure 'Post-authentication actions: Actions' is set
to 'Enabled: Reset the password and logoff the managed account' or
higher
ADD - 18.9.25 (L1) Ensure 'Post-authentication actions: Grace period
(hours)' is set to 'Enabled: 8 or fewer hours, but not 0'
ADD - 19.7.38 (L1) Ensure 'Turn off Windows Copilot' is set to 'Enabled'
ADD - 2.3.11 (L1) Ensure 'Network security: Restrict NTLM: Audit
Incoming NTLM Traffic' is set to 'Enable auditing for all accounts'
ADD - 2.3.11 (L1) Ensure 'Network security: Restrict NTLM: Outgoing NTLM
traffic to remote servers' is set to 'Audit all' or higher
REMOVE:
REMOVE - 18.10.76.3 (L1) Ensure 'Prevent bypassing Windows Defender
SmartScreen prompts for sites' is set to 'Enabled'
REMOVE - 5 (L1) Ensure 'Internet Connection Sharing (ICS)
(SharedAccess)' is set to 'Disabled'
REMOVE - 9.1 (L1) Ensure 'Windows Firewall: Domain: Outbound
connections' is set to 'Allow (default)'
REMOVE - 9.2 (L1) Ensure 'Windows Firewall: Private: Outbound
connections' is set to 'Allow (default)'
REMOVE - 9.3 (L1) Ensure 'Windows Firewall: Public: Outbound
connections' is set to 'Allow (default)'
UPDATE:
UPDATE - 18.10.42.7 (L2 -> L1) Ensure 'Enable file hash computation
feature' is set to 'Enabled'
UPDATE - 18.10.86 (L1 -> L2) Ensure 'Turn on PowerShell Script Block
Logging' is set to 'Enabled'
UPDATE - 18.10.86 (L1 -> L2) Ensure 'Turn on PowerShell Transcription'
is set to 'Enabled'
UPDATE - 18.5 'MSS: (AutoAdminLogon) Enable Automatic Logon (not
recommended)' TO 'MSS: (AutoAdminLogon) Enable Automatic Logon'
UPDATE - 18.5 'MSS: (DisableIPSourceRouting IPv6) IP source routing
protection level (protects against packet spoofing)' TO 'MSS:
(DisableIPSourceRouting IPv6) IP source routing protection level'
UPDATE - 18.5 'MSS: (DisableIPSourceRouting) IP source routing
protection level (protects against packet spoofing)' TO 'MSS:
(DisableIPSourceRouting) IP source routing protection level'
UPDATE - 18.5 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and
configure Default Gateway addresses (could lead to DoS)' TO 'MSS:
(PerformRouterDiscovery) Allow IRDP to detect and configure Default
Gateway addresses'
UPDATE - 18.5 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode
(recommended)' TO 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode'
UPDATE - 18.5 'MSS: (ScreenSaverGracePeriod) The time in seconds before
the screen saver grace period expires (0 recommended)' TO 'MSS:
(ScreenSaverGracePeriod) The time in seconds before the screen saver
grace period expires'
UPDATE - 18.5 'MSS: (KeepAliveTime) How often keep-alive packets are
sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes
(recommended)' TO 'Enabled: 300,000 or 5 minutes'
UPDATE - 18.9.50.1 (L2 -> L1) Ensure 'Enable Windows NTP Client' is set
to 'Enabled'
UPDATE - 18.9.50.1 (L2 -> L1) Ensure 'Enable Windows NTP Server' is set
to 'Disabled'
---------
Co-authored-by: Sharon Katz <121527325+sharon-fdm@users.noreply.github.com>
Co-authored-by: Sharon Katz <sharon@fleetdm.com>
A few days ago, a new major version of goreleaser was published, which
is currently breaking our workflows:
```
⨯ command failed error=unknown flag: --rm-dist
```
This locks the version to a max satisfying semver under 1 until we have
time to update to the new major.
Closes: https://github.com/fleetdm/fleet/issues/19308
Changes:
- Added six new attributes to the `HistoricalUsageSnapshot` model (
`numSoftwareVersions`, `numHostSoftwares`, `numSoftwareTitles`,
`numHostSoftwareInstalledPaths`, `numSoftwareCPEs` and
`numSoftwareCVEs`)
- Added inputs to the receive-usage-analytics webhook for the new usage
statistics.
When this PR is merged, we will need to migrate the Fleet website's
database to add the new columns, to do this:
- [x] Make an announcement in Slack to let people know the website will
be offline for ~8 minutes
- [ ] Merge this PR
- [ ] As the deploy action runs, put the website into maintenance mode
- [ ] Add the new columns for the added attributes
- [ ] Set the default value for the new attributes on existing database
records
- [ ] After the deploy workflow is complete, take the website out of
maintenance mode.
