Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-08 09:40:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 116
fleet/orbit/pkg/osquery/flags.go
Lucas Manuel Rodriguez 024a20ac11
Allow enrolling fleetd using osquery's instance identifier (#15570) 
#14879

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2023-12-15 15:26:32 -03:00

35 lines
1.4 KiB
Go
Raw Blame History

package osquery
import (
"net/url"
"path"
)
// FleetFlags is the set of flags to pass to osquery when connecting to Fleet.
func FleetFlags(fleetURL *url.URL) []string {
hostname, prefix := fleetURL.Host, fleetURL.Path
return []string{
"--tls_hostname=" + hostname,
"--enroll_tls_endpoint=" + path.Join(prefix, "/api/v1/osquery/enroll"),
"--config_plugin=tls",
"--config_tls_endpoint=" + path.Join(prefix, "/api/v1/osquery/config"),
// Osquery defaults config_refresh to 0 which is probably not ideal for
// a client connected to Fleet. Users can always override this in the
// config they serve via Fleet.
"--config_refresh=60",
"--disable_distributed=false",
"--distributed_plugin=tls",
"--distributed_tls_max_attempts=10",
"--distributed_tls_read_endpoint=" + path.Join(prefix, "/api/v1/osquery/distributed/read"),
"--distributed_tls_write_endpoint=" + path.Join(prefix, "/api/v1/osquery/distributed/write"),
"--logger_plugin=tls,filesystem",
"--logger_tls_endpoint=" + path.Join(prefix, "/api/v1/osquery/log"),
"--disable_carver=false",
// carver_disable_function is separate from disable_carver as it controls the use of file
// carving as a SQL function (eg. `SELECT carve(path) FROM processes`).
"--carver_disable_function=false",
"--carver_start_endpoint=" + path.Join(prefix, "/api/v1/osquery/carve/begin"),
"--carver_continue_endpoint=" + path.Join(prefix, "/api/v1/osquery/carve/block"),
"--carver_block_size=8000000",
}
}
Reference in a new issue View git blame Copy permalink