# Test config controls: # Controls added to "No team" macos_settings: custom_settings: - path: ./lib/macos-password.mobileconfig windows_settings: custom_settings: - path: ./lib/windows-screenlock.xml scripts: - path: ./lib/collect-fleetd-logs.sh enable_disk_encryption: true macos_migration: enable: false mode: "" webhook_url: "" macos_setup: bootstrap_package: null enable_end_user_authentication: false macos_setup_assistant: null macos_updates: deadline: null minimum_version: null ios_updates: deadline: null minimum_version: null ipados_updates: deadline: null minimum_version: null windows_enabled_and_configured: true windows_migration_enabled: false enable_turn_on_windows_mdm_manually: false windows_entra_tenant_ids: [] windows_updates: deadline_days: null grace_period_days: null queries: - name: Scheduled query stats description: Collect osquery performance stats directly from osquery query: SELECT *, (SELECT value from osquery_flags where name = 'pack_delimiter') AS delimiter FROM osquery_schedule; interval: 0 platform: darwin,linux,windows min_osquery_version: all observer_can_run: false automations_enabled: false logging: snapshot - name: orbit_info query: SELECT * from orbit_info; interval: 0 platform: darwin,linux,windows min_osquery_version: all observer_can_run: false automations_enabled: true logging: snapshot - name: osquery_info query: SELECT * from osquery_info; interval: 604800 # 1 week platform: darwin,linux,windows,chrome min_osquery_version: all observer_can_run: false automations_enabled: true logging: snapshot policies: - name: 😊 Failing policy platform: linux description: This policy should always fail. resolution: There is no resolution for this policy. query: SELECT 1 FROM osquery_info WHERE start_time < 0; - name: Passing policy platform: linux,windows,darwin,chrome description: This policy should always pass. resolution: There is no resolution for this policy. query: SELECT 1; - name: No root logins (macOS, Linux) platform: linux,darwin query: SELECT 1 WHERE NOT EXISTS (SELECT * FROM last WHERE username = "root" AND time > (( SELECT unix_time FROM time ) - 3600 )) critical: true - name: 🔥 Failing policy platform: linux description: This policy should always fail. resolution: There is no resolution for this policy. query: SELECT 1 FROM osquery_info WHERE start_time < 0; - name: 😊😊 Failing policy platform: linux description: This policy should always fail. resolution: | Automated method: Ask your system administrator to deploy the following script which will ensure proper Security Auditing Retention: cp /etc/security/audit_control ./tmp.txt; origExpire=$(cat ./tmp.txt | grep expire-after); sed "s/${origExpire}/expire-after:60d OR 5G/" ./tmp.txt > /etc/security/audit_control; rm ./tmp.txt; query: SELECT 1; agent_options: command_line_flags: distributed_denylist_duration: 0 config: decorators: load: - SELECT uuid AS host_uuid FROM system_info; - SELECT hostname AS hostname FROM system_info; options: disable_distributed: false distributed_interval: 10 distributed_plugin: tls distributed_tls_max_attempts: 3 logger_tls_endpoint: /api/v1/osquery/log pack_delimiter: / org_settings: server_settings: debug_host_ids: - 10728 deferred_save_host: false enable_analytics: true live_query_disabled: false query_report_cap: 2000 query_reports_disabled: false scripts_disabled: false server_url: https://fleet.example.com org_info: contact_url: https://fleetdm.com/company/contact org_logo_url: "" org_logo_url_light_background: "" org_name: Fleet Device Management smtp_settings: authentication_method: authmethod_plain authentication_type: authtype_username_password configured: false domain: "" enable_smtp: false enable_ssl_tls: true enable_start_tls: true password: "" port: 587 sender_address: "" server: "" user_name: "" verify_ssl_certs: true sso_settings: enable_jit_provisioning: false enable_jit_role_sync: false enable_sso: true enable_sso_idp_login: false entity_id: https://saml.example.com/entityid idp_image_url: "" idp_name: MockSAML issuer_uri: "" metadata: "" metadata_url: https://mocksaml.com/api/saml/metadata integrations: jira: - api_token: JIRA_TOKEN enable_failing_policies: true enable_software_vulnerabilities: false project_key: JIR url: https://fleetdm.atlassian.net username: reed@fleetdm.com zendesk: [] mdm: apple_bm_default_team: "" end_user_authentication: entity_id: "" idp_name: "" issuer_uri: "" metadata: "" metadata_url: "" webhook_settings: failing_policies_webhook: destination_url: https://host.docker.internal:8080/bozo enable_failing_policies_webhook: false host_batch_size: 0 policy_ids: [] host_status_webhook: days_count: 0 destination_url: "" enable_host_status_webhook: false host_percentage: 0 interval: 24h0m0s vulnerabilities_webhook: destination_url: "" enable_vulnerabilities_webhook: false host_batch_size: 0 fleet_desktop: # Applies to Fleet Premium only transparency_url: https://fleetdm.com/transparency host_expiry_settings: # Applies to all teams host_expiry_enabled: false activity_expiry_settings: activity_expiry_enabled: true activity_expiry_window: 30 features: # Features added to all teams enable_host_users: true enable_software_inventory: true vulnerability_settings: databases_path: "" secrets: # These secrets are used to enroll hosts to the "All teams" team - secret: SampleSecret123 - secret: ABC labels: - name: Global label numero uno description: A cool global label query: SELECT 1 FROM osquery_info label_membership_type: dynamic - name: Global label numero dos description: A fly global label hosts: - host1 - 2 label_membership_type: manual