Skip to content

Commit

Permalink
Fixed configs. Currently working locally. (#25)
Browse files Browse the repository at this point in the history
* Fixed configs. Currently working locally.

* Merging with recent changes.

* Comment out bootstrap package URL

* Comment our bootstrap package URL

---------

Co-authored-by: Noah Talerman <[email protected]>
  • Loading branch information
getvictor and noahtalerman authored Feb 8, 2024
1 parent 862a657 commit 96f2537
Show file tree
Hide file tree
Showing 6 changed files with 39 additions and 40 deletions.
18 changes: 11 additions & 7 deletions default.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,17 +5,19 @@
controls: # Controls added to "No team"
macos_settings:
custom_settings:
- path: ../lib/macos-os-updates.ddm.json
- path: ../lib/macos-password.mobileconfig
- path: ./lib/macos-password.mobileconfig
# DDM support coming soon
# - path: ../lib/macos-os-updates.ddm.json
windows_settings:
custom_settings:
- path: ../lib/windows-screenlock.xml
- path: ./lib/windows-screenlock.xml
scripts:
- path: ../lib/collect-fleetd-logs.sh
- path: ./lib/collect-fleetd-logs.sh
queries:
- path: ./lib/collect-fleetd-update-channel.queries.yml
- path: ./lib/collect-fleetd-update-channels.queries.yml
policies:
agent_options: ./lib/agent-options.yml
agent_options:
path: ./lib/agent-options.yml
org_settings:
server_settings:
debug_host_ids:
Expand Down Expand Up @@ -51,4 +53,6 @@ org_settings:
transparency_url: https://fleetdm.com/transparency
host_expiry_settings: # Applies to all teams
host_expiry_enabled: false
features: # Features added to all teams
features: # Features added to all teams
secrets: # These secrets are used to enroll hosts to the "All teams" team
- secret: "$FLEET_GLOBAL_ENROLL_SECRET"
6 changes: 3 additions & 3 deletions lib/agent-options.yml
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
command_line_flags: {}
command_line_flags:
config:
decorators:
load:
- SELECT uuid AS host_uuid FROM system_info;
- SELECT hostname AS hostname FROM system_info;
options:
disable_distributed: false
distributed_interval: 5
distributed_interval: 10
distributed_plugin: tls
distributed_tls_max_attempts: 3
logger_tls_endpoint: /api/v1/osquery/log
pack_delimiter: /
pack_delimiter: /
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@
query: SELECT users.username, account_policy_data.failed_login_count, account_policy_data.failed_login_timestamp FROM users INNER JOIN account_policy_data using (uid) WHERE account_policy_data.failed_login_count > 0;
interval: 300 # 5 minutes
observer_can_run: false
automations_enabled: false
automations_enabled: false
platform: darwin,linux,windows
1 change: 1 addition & 0 deletions lib/collect-fleetd-update-channels.queries.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@
interval: 300 # 5 minutes
observer_can_run: true
automations_enabled: false
platform: darwin,linux,windows
23 changes: 11 additions & 12 deletions teams/workstations-canary.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,22 +11,22 @@ controls:
deadline: "2023-08-11"
minimum_version: "13.5"
windows_updates:
deadline: "5"
grace_period: "2"
deadline_days: 5
grace_period_days: 2
macos_settings:
custom_settings:
- path: ../lib/macos-os-updates.ddm.json
# - path: ../lib/macos-os-updates.ddm.json (DDM coming soon)
- path: ../lib/macos-password.mobileconfig
windows_settings:
custom_settings:
- path: ../lib/windows-screenlock.xml
macos_setup:
bootstrap_package: https://github.com/organinzation/repository/bootstrap-package.pkg
# bootstrap_package: https://github.com/organinzation/repository/bootstrap-package.pkg (Example URL)
enable_end_user_authentication: true
macos_setup_assistant: ../lib/automatic-enrollment.dep.json
scripts:
- path: ../lib/remove-zoom-artifacts.script.sh
- path: ../lib/reset-timezone.sh
- path: ../lib/set-timezone.script.sh
queries:
- path: ../lib/collect-usb-devices.queries.yml
- path: ../lib/collect-failed-login-attempts.queries.yml
Expand All @@ -36,12 +36,11 @@ queries:
interval: 300
observer_can_run: true
automations_enabled: false
policies:
- path: ../lib/macos-device-health.policies.yml
- path: ../lib/windows-device-health.policies.yml
- path: ../lib/windows-device-health.policies.yml
agent_options: ./lib/agent-options.yml
policies:
- path: ../lib/macos-device-health.policies.yml
- path: ../lib/windows-device-health.policies.yml
agent_options:
path: ../lib/agent-options.yml
team_settings:
webhook_settings:
secrets:
- secret: $FLEET_WORKSTATIONS_CANARY_ENROLL_SECRET
- secret: "$FLEET_WORKSTATIONS_CANARY_ENROLL_SECRET"
28 changes: 11 additions & 17 deletions teams/workstations.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,36 +11,30 @@ controls:
deadline: "2023-08-11"
minimum_version: "13.5"
windows_updates:
deadline: "5"
grace_period: "2"
deadline_days: 5
grace_period_days: 2
macos_settings:
custom_settings:
- path: ../lib/macos-os-updates.ddm.json
# - path: ../lib/macos-os-updates.ddm.json (DDM coming soon)
- path: ../lib/macos-password.mobileconfig
windows_settings:
custom_settings:
- path: ../lib/windows-screenlock.xml
macos_setup:
bootstrap_package: https://github.com/organinzation/repository/bootstrap-package.pkg
# bootstrap_package: https://github.com/organinzation/repository/bootstrap-package.pkg (example URL)
enable_end_user_authentication: true
macos_setup_assistant: ../lib/automatic-enrollment.dep.json
scripts:
- path: ../lib/remove-zoom-artifacts.script.sh
- path: ../lib/reset-timezone.sh
- path: ../lib/set-timezone.script.sh
queries:
- path: ../lib/collect-usb-devices.queries.yml
- path: ../lib/collect-failed-login-attempts.queries.yml
policies:
- path: ../lib/macos-device-health.policies.yml
- path: ../lib/windows-device-health.policies.yml
- path: ../lib/windows-device-health.policies.yml
agent_options: ./lib/agent-options.yml
policies:
- path: ../lib/macos-device-health.policies.yml
- path: ../lib/windows-device-health.policies.yml
agent_options:
path: ../lib/agent-options.yml
team_settings:
webhook_settings:
failing_policies_webhook:
enable_failing_policies_webhook: true
destination_url: https://example.tines.com/webhook
policy_ids: [1, 2, 3, 4, 5,6 ,7, 8, 9]
secrets:
- secret: $FLEET_WORKSTATIONS_ENROLL_SECRET

- secret: "$FLEET_WORKSTATIONS_ENROLL_SECRET"

0 comments on commit 96f2537

Please sign in to comment.