mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 21:47:20 +00:00
25d9420c31
<!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #35307 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [x] QA'd all new/changed functionality manually ## Database migrations - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. ## New Fleet configuration settings - [ ] Setting(s) is/are explicitly excluded from GitOps If you didn't check the box above, follow this checklist for GitOps-enabled settings: - [x] Verified that the setting is exported via `fleetctl generate-gitops` - [x] Verified the setting is documented in a separate PR to [the GitOps documentation](https://github.com/fleetdm/fleet/blob/main/docs/Configuration/yaml-files.md#L485) - [x] Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional) - [x] Verified that any relevant UI is disabled when GitOps mode is enabled
181 lines
5.5 KiB
YAML
181 lines
5.5 KiB
YAML
name: Team1
|
|
team_settings:
|
|
secrets:
|
|
- secret: "SampleSecret123"
|
|
- secret: "ABC"
|
|
webhook_settings:
|
|
failing_policies_webhook:
|
|
enable_failing_policies_webhook: true
|
|
destination_url: https://example.tines.com/webhook
|
|
policy_ids: [1, 2, 3, 4, 5, 6, 7, 8, 9]
|
|
features:
|
|
enable_host_users: true
|
|
enable_software_inventory: true
|
|
host_expiry_settings:
|
|
host_expiry_enabled: true
|
|
host_expiry_window: 30
|
|
agent_options:
|
|
command_line_flags:
|
|
distributed_denylist_duration: 0
|
|
config:
|
|
decorators:
|
|
load:
|
|
- SELECT uuid AS host_uuid FROM system_info;
|
|
- SELECT hostname AS hostname FROM system_info;
|
|
options:
|
|
disable_distributed: false
|
|
distributed_interval: 10
|
|
distributed_plugin: tls
|
|
distributed_tls_max_attempts: 3
|
|
logger_tls_endpoint: /api/v1/osquery/log
|
|
pack_delimiter: /
|
|
controls:
|
|
macos_settings:
|
|
custom_settings:
|
|
- path: ./lib/macos-password.mobileconfig
|
|
windows_settings:
|
|
custom_settings:
|
|
- path: ./lib/windows-screenlock.xml
|
|
scripts:
|
|
- path: ./lib/collect-fleetd-logs.sh
|
|
enable_disk_encryption: true
|
|
windows_require_bitlocker_pin: true
|
|
macos_setup:
|
|
bootstrap_package: null
|
|
enable_end_user_authentication: false
|
|
macos_setup_assistant: null
|
|
macos_updates:
|
|
deadline: null
|
|
minimum_version: null
|
|
ios_updates:
|
|
deadline: null
|
|
minimum_version: null
|
|
ipados_updates:
|
|
deadline: null
|
|
minimum_version: null
|
|
windows_updates:
|
|
deadline_days: null
|
|
grace_period_days: null
|
|
macos_migration:
|
|
enable: false
|
|
mode: ""
|
|
webhook_url: ""
|
|
windows_enabled_and_configured: true
|
|
windows_migration_enabled: false
|
|
enable_turn_on_windows_mdm_manually: false
|
|
labels:
|
|
- name: a
|
|
description: A cool global label
|
|
query: SELECT 1 FROM osquery_info
|
|
label_membership_type: dynamic
|
|
queries:
|
|
- name: Scheduled query stats
|
|
description: Collect osquery performance stats directly from osquery
|
|
query: SELECT *,
|
|
(SELECT value from osquery_flags where name = 'pack_delimiter') AS delimiter
|
|
FROM osquery_schedule;
|
|
interval: 0
|
|
platform: darwin,linux,windows
|
|
min_osquery_version: all
|
|
observer_can_run: false
|
|
automations_enabled: false
|
|
logging: snapshot
|
|
- name: orbit_info
|
|
query: SELECT * from orbit_info;
|
|
interval: 0
|
|
platform: darwin,linux,windows
|
|
min_osquery_version: all
|
|
observer_can_run: false
|
|
automations_enabled: true
|
|
logging: snapshot
|
|
- name: osquery_info
|
|
query: SELECT * from osquery_info;
|
|
interval: 604800 # 1 week
|
|
platform: darwin,linux,windows,chrome
|
|
min_osquery_version: all
|
|
observer_can_run: false
|
|
automations_enabled: true
|
|
logging: snapshot
|
|
policies:
|
|
- name: 😊 Failing policy
|
|
platform: linux
|
|
description: This policy should always fail.
|
|
resolution: There is no resolution for this policy.
|
|
query: SELECT 1 FROM osquery_info WHERE start_time < 0;
|
|
- name: Passing policy
|
|
platform: linux,windows,darwin,chrome
|
|
description: This policy should always pass.
|
|
resolution: There is no resolution for this policy.
|
|
query: SELECT 1;
|
|
- name: No root logins (macOS, Linux)
|
|
platform: linux,darwin
|
|
query: SELECT 1 WHERE NOT EXISTS (SELECT * FROM last
|
|
WHERE username = "root"
|
|
AND time > (( SELECT unix_time FROM time ) - 3600 ))
|
|
critical: true
|
|
- name: 🔥 Failing policy
|
|
platform: linux
|
|
description: This policy should always fail.
|
|
resolution: There is no resolution for this policy.
|
|
query: SELECT 1 FROM osquery_info WHERE start_time < 0;
|
|
- name: 😊😊 Failing policy
|
|
platform: linux
|
|
description: This policy should always fail.
|
|
resolution: There is no resolution for this policy.
|
|
query: SELECT 1 FROM osquery_info WHERE start_time < 0;
|
|
- name: Microsoft Teams on macOS installed and up to date
|
|
platform: darwin
|
|
query: SELECT 1 FROM apps WHERE name = 'Microsoft Teams.app' AND version_compare(bundle_short_version, '24193.1707.3028.4282') >= 0;
|
|
install_software:
|
|
package_path: ./microsoft-teams.pkg.software.yml
|
|
- name: Slack on macOS is installed
|
|
platform: darwin
|
|
query: SELECT 1 FROM apps WHERE name = 'Slack.app';
|
|
install_software:
|
|
app_store_id: "123456"
|
|
- name: Script run policy
|
|
platform: linux
|
|
description: This should run a script on failure
|
|
query: SELECT * from osquery_info;
|
|
run_script:
|
|
path: ./lib/collect-fleetd-logs.sh
|
|
- name: 🔥 Failing policy with script
|
|
platform: linux
|
|
description: This policy should always fail.
|
|
resolution: There is no resolution for this policy.
|
|
query: SELECT 1 FROM osquery_info WHERE start_time < 0;
|
|
run_script:
|
|
path: ./lib/collect-fleetd-logs.sh
|
|
software:
|
|
app_store_apps:
|
|
- app_store_id: "123456"
|
|
packages:
|
|
- path: ./microsoft-teams.pkg.software.yml
|
|
labels_include_any:
|
|
- a
|
|
categories:
|
|
- Communication
|
|
- Productivity
|
|
- url: https://ftp.mozilla.org/pub/firefox/releases/129.0.2/mac/en-US/Firefox%20129.0.2.pkg
|
|
self_service: true
|
|
labels_exclude_any:
|
|
- a
|
|
fleet_maintained_apps:
|
|
- slug: slack/darwin
|
|
self_service: true
|
|
categories:
|
|
- Productivity
|
|
- Communication
|
|
- slug: box-drive/windows
|
|
install_script:
|
|
path: ./lib/install.sh
|
|
uninstall_script:
|
|
path: ./lib/uninstall-box.sh
|
|
post_install_script:
|
|
path: ./lib/post-install.sh
|
|
pre_install_query:
|
|
path: ./lib/preinstall-query.yml
|
|
self_service: true
|
|
categories:
|
|
- Productivity
|
|
- Developer tools
|