Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 21:47:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/pkg/spec/testdata/global_config_no_paths.yml
Jordan Montgomery 25d9420c31
Add config for Windows MDM manual turn on (#35789) 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #35307

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes

## Testing

- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)

- [x] QA'd all new/changed functionality manually

## Database migrations

- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.

## New Fleet configuration settings

- [ ] Setting(s) is/are explicitly excluded from GitOps

If you didn't check the box above, follow this checklist for
GitOps-enabled settings:

- [x] Verified that the setting is exported via `fleetctl
generate-gitops`
- [x] Verified the setting is documented in a separate PR to [the GitOps
documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485)
- [x] Verified that the setting is cleared on the server if it is not
supplied in a YAML file (or that it is documented as being optional)
- [x] Verified that any relevant UI is disabled when GitOps mode is
enabled
2025-11-18 17:32:13 -05:00

207 lines
6.2 KiB
YAML
Raw Blame History

# Test config
controls: # Controls added to "No team"
macos_settings:
custom_settings:
- path: ./lib/macos-password.mobileconfig
windows_settings:
custom_settings:
- path: ./lib/windows-screenlock.xml
scripts:
- path: ./lib/collect-fleetd-logs.sh
enable_disk_encryption: true
macos_migration:
enable: false
mode: ""
webhook_url: ""
macos_setup:
bootstrap_package: null
enable_end_user_authentication: false
macos_setup_assistant: null
macos_updates:
deadline: null
minimum_version: null
ios_updates:
deadline: null
minimum_version: null
ipados_updates:
deadline: null
minimum_version: null
windows_enabled_and_configured: true
windows_migration_enabled: false
enable_turn_on_windows_mdm_manually: false
windows_updates:
deadline_days: null
grace_period_days: null
queries:
- name: Scheduled query stats
description: Collect osquery performance stats directly from osquery
query: SELECT *,
(SELECT value from osquery_flags where name = 'pack_delimiter') AS delimiter
FROM osquery_schedule;
interval: 0
platform: darwin,linux,windows
min_osquery_version: all
observer_can_run: false
automations_enabled: false
logging: snapshot
- name: orbit_info
query: SELECT * from orbit_info;
interval: 0
platform: darwin,linux,windows
min_osquery_version: all
observer_can_run: false
automations_enabled: true
logging: snapshot
- name: osquery_info
query: SELECT * from osquery_info;
interval: 604800 # 1 week
platform: darwin,linux,windows,chrome
min_osquery_version: all
observer_can_run: false
automations_enabled: true
logging: snapshot
policies:
- name: 😊 Failing policy
platform: linux
description: This policy should always fail.
resolution: There is no resolution for this policy.
query: SELECT 1 FROM osquery_info WHERE start_time < 0;
- name: Passing policy
platform: linux,windows,darwin,chrome
description: This policy should always pass.
resolution: There is no resolution for this policy.
query: SELECT 1;
- name: No root logins (macOS, Linux)
platform: linux,darwin
query: SELECT 1 WHERE NOT EXISTS (SELECT * FROM last
WHERE username = "root"
AND time > (( SELECT unix_time FROM time ) - 3600 ))
critical: true
- name: 🔥 Failing policy
platform: linux
description: This policy should always fail.
resolution: There is no resolution for this policy.
query: SELECT 1 FROM osquery_info WHERE start_time < 0;
- name: 😊😊 Failing policy
platform: linux
description: This policy should always fail.
resolution: |
Automated method:
Ask your system administrator to deploy the following script which will ensure proper Security Auditing Retention:
cp /etc/security/audit_control ./tmp.txt; origExpire=$(cat ./tmp.txt | grep expire-after); sed "s/${origExpire}/expire-after:60d OR 5G/" ./tmp.txt > /etc/security/audit_control; rm ./tmp.txt;
query: SELECT 1;
agent_options:
command_line_flags:
distributed_denylist_duration: 0
config:
decorators:
load:
- SELECT uuid AS host_uuid FROM system_info;
- SELECT hostname AS hostname FROM system_info;
options:
disable_distributed: false
distributed_interval: 10
distributed_plugin: tls
distributed_tls_max_attempts: 3
logger_tls_endpoint: /api/v1/osquery/log
pack_delimiter: /
org_settings:
server_settings:
debug_host_ids:
- 10728
deferred_save_host: false
enable_analytics: true
live_query_disabled: false
query_report_cap: 2000
query_reports_disabled: false
scripts_disabled: false
server_url: https://fleet.example.com
org_info:
contact_url: https://fleetdm.com/company/contact
org_logo_url: ""
org_logo_url_light_background: ""
org_name: Fleet Device Management
smtp_settings:
authentication_method: authmethod_plain
authentication_type: authtype_username_password
configured: false
domain: ""
enable_smtp: false
enable_ssl_tls: true
enable_start_tls: true
password: ""
port: 587
sender_address: ""
server: ""
user_name: ""
verify_ssl_certs: true
sso_settings:
enable_jit_provisioning: false
enable_jit_role_sync: false
enable_sso: true
enable_sso_idp_login: false
entity_id: https://saml.example.com/entityid
idp_image_url: ""
idp_name: MockSAML
issuer_uri: ""
metadata: ""
metadata_url: https://mocksaml.com/api/saml/metadata
integrations:
jira:
- api_token: JIRA_TOKEN
enable_failing_policies: true
enable_software_vulnerabilities: false
project_key: JIR
url: https://fleetdm.atlassian.net
username: reed@fleetdm.com
zendesk: []
mdm:
apple_bm_default_team: ""
end_user_authentication:
entity_id: ""
idp_name: ""
issuer_uri: ""
metadata: ""
metadata_url: ""
webhook_settings:
failing_policies_webhook:
destination_url: https://host.docker.internal:8080/bozo
enable_failing_policies_webhook: false
host_batch_size: 0
policy_ids: []
host_status_webhook:
days_count: 0
destination_url: ""
enable_host_status_webhook: false
host_percentage: 0
interval: 24h0m0s
vulnerabilities_webhook:
destination_url: ""
enable_vulnerabilities_webhook: false
host_batch_size: 0
fleet_desktop: # Applies to Fleet Premium only
transparency_url: https://fleetdm.com/transparency
host_expiry_settings: # Applies to all teams
host_expiry_enabled: false
activity_expiry_settings:
activity_expiry_enabled: true
activity_expiry_window: 30
features: # Features added to all teams
enable_host_users: true
enable_software_inventory: true
vulnerability_settings:
databases_path: ""
secrets: # These secrets are used to enroll hosts to the "All teams" team
- secret: SampleSecret123
- secret: ABC
labels:
- name: Global label numero uno
description: A cool global label
query: SELECT 1 FROM osquery_info
label_membership_type: dynamic
- name: Global label numero dos
description: A fly global label
hosts:
- host1
- 2
label_membership_type: manual
Reference in a new issue View git blame Copy permalink