mirror of
https://github.com/fleetdm/fleet
synced 2026-04-30 18:07:56 +00:00
8b77f0bd79
If the osquery version is new enough (>= 5.21.0), Orbit will set the configuration option. **Related issue:** #38663 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [x] Added/updated automated tests - [x] QA'd all new/changed functionality manually ## fleetd/orbit/Fleet Desktop - [x] Verified compatibility with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)) - [x] Verified that fleetd runs on macOS, Linux and Windows (tested on macOS but functionality is same on each platform)
45 lines
1.7 KiB
Go
45 lines
1.7 KiB
Go
package osquery
|
|
|
|
import (
|
|
"net/url"
|
|
"path"
|
|
|
|
"github.com/Masterminds/semver/v3"
|
|
)
|
|
|
|
// FleetFlags is the set of flags to pass to osquery when connecting to Fleet.
|
|
func FleetFlags(osqueryVersion string, fleetURL *url.URL) []string {
|
|
hostname, prefix := fleetURL.Host, fleetURL.Path
|
|
flags := []string{
|
|
"--tls_hostname=" + hostname,
|
|
"--enroll_tls_endpoint=" + path.Join(prefix, "/api/v1/osquery/enroll"),
|
|
"--config_plugin=tls",
|
|
"--config_tls_endpoint=" + path.Join(prefix, "/api/v1/osquery/config"),
|
|
// Osquery defaults config_refresh to 0 which is probably not ideal for
|
|
// a client connected to Fleet. Users can always override this in the
|
|
// config they serve via Fleet.
|
|
"--config_refresh=60",
|
|
"--disable_distributed=false",
|
|
"--distributed_plugin=tls",
|
|
"--distributed_tls_max_attempts=10",
|
|
"--distributed_tls_read_endpoint=" + path.Join(prefix, "/api/v1/osquery/distributed/read"),
|
|
"--distributed_tls_write_endpoint=" + path.Join(prefix, "/api/v1/osquery/distributed/write"),
|
|
"--logger_plugin=tls,filesystem",
|
|
"--logger_tls_endpoint=" + path.Join(prefix, "/api/v1/osquery/log"),
|
|
"--disable_carver=false",
|
|
// carver_disable_function is separate from disable_carver as it controls the use of file
|
|
// carving as a SQL function (eg. `SELECT carve(path) FROM processes`).
|
|
"--carver_disable_function=false",
|
|
"--carver_start_endpoint=" + path.Join(prefix, "/api/v1/osquery/carve/begin"),
|
|
"--carver_continue_endpoint=" + path.Join(prefix, "/api/v1/osquery/carve/block"),
|
|
"--carver_block_size=8000000",
|
|
}
|
|
|
|
if v, err := semver.NewVersion(osqueryVersion); err == nil {
|
|
if !semver.New(v.Major(), v.Minor(), v.Patch(), "", "").LessThan(semver.New(5, 21, 0, "", "")) {
|
|
flags = append(flags, "--tls_accept_gzip=true")
|
|
}
|
|
}
|
|
|
|
return flags
|
|
}
|