Is there a way to set different command line optio...
# fleeta
Ari Weinberg
05/25/2023, 3:59 PMIs there a way to set different command line options for different OSs under agent options in the fleet UI?
z
Zay Hanlon
05/25/2023, 6:00 PM@Kathy Satterlee ^
k
Kathy Satterlee
05/25/2023, 7:12 PM@Ari Weinberg, There isn't a way to override the flags by platform, but we can likely come up with a workaround. Can you give me some examples of flags you might want to set differently and why?
a
Ari Weinberg
05/25/2023, 7:12 PMdisabling tables on specific OSs?
k
Kathy Satterlee
05/25/2023, 7:17 PMCan you give me an example table?
a
Ari Weinberg
05/25/2023, 7:17 PMchrome_extensions
k
Kathy Satterlee
05/25/2023, 7:20 PMGotcha. What I'd likely do there is manage the flags at package creation rather than through the Fleet agent options. When you're generating your packages for each OS, you can us the
--osquery-flagfile valuea
Ari Weinberg
05/25/2023, 7:21 PMbut then I cant change that without re-installing, correct?
Ari Weinberg
05/25/2023, 7:22 PMor the API/fleetctl
k
Kathy Satterlee
05/25/2023, 7:23 PMWas just adding a little more information there 🙂
You'd need to manually manage the osquery flags if you go this route. You could deploy a new
fleetdosquery.flagsa
Ari Weinberg
05/25/2023, 7:26 PMIm actually having a bigger problem right now. I generated a mac pkg installer using fleetctl, and installed on a mac. the agent connects, but then immediately goes offline. any advice?
k
Kathy Satterlee
05/25/2023, 7:30 PMCan you take a look at the Orbit logs? There should be some helpful information there. If not, try installing a new package in
--debuga
Ari Weinberg
05/25/2023, 7:34 PMthis keeps repeating in the orbit stderr logs:
Copy code
goroutine 1 [running]:
<http://github.com/fleetdm/fleet/v4/orbit/pkg/update.(*Runner).HasRunnerOptTarget(0x1ba13c0|github.com/fleetdm/fleet/v4/orbit/pkg/update.(*Runner).HasRunnerOptTarget(0x1ba13c0>?, {0x1d3c331, 0x5})
<http://github.com/fleetdm/fleet/v4/orbit/pkg/update/runner.go:69|github.com/fleetdm/fleet/v4/orbit/pkg/update/runner.go:69> +0x45
<http://github.com/fleetdm/fleet/v4/orbit/pkg/update.(*Runner).RemoveRunnerOptTarget(0x0|github.com/fleetdm/fleet/v4/orbit/pkg/update.(*Runner).RemoveRunnerOptTarget(0x0>, {0x1d3c331, 0x5})
<http://github.com/fleetdm/fleet/v4/orbit/pkg/update/runner.go:52|github.com/fleetdm/fleet/v4/orbit/pkg/update/runner.go:52> +0x57
<http://github.com/fleetdm/fleet/v4/orbit/pkg/update.(*NudgeConfigFetcher).GetConfig(0xc0009977a0)|github.com/fleetdm/fleet/v4/orbit/pkg/update.(*NudgeConfigFetcher).GetConfig(0xc0009977a0)>
<http://github.com/fleetdm/fleet/v4/orbit/pkg/update/nudge.go:80|github.com/fleetdm/fleet/v4/orbit/pkg/update/nudge.go:80> +0x39a
<http://github.com/fleetdm/fleet/v4/orbit/pkg/update.(*DiskEncryptionRunner).GetConfig(0xc000126d68)|github.com/fleetdm/fleet/v4/orbit/pkg/update.(*DiskEncryptionRunner).GetConfig(0xc000126d68)>
<http://github.com/fleetdm/fleet/v4/orbit/pkg/update/disk_encryption.go:23|github.com/fleetdm/fleet/v4/orbit/pkg/update/disk_encryption.go:23> +0x2d
<http://github.com/fleetdm/fleet/v4/orbit/pkg/update.(*FlagRunner).DoFlagsUpdate(0xc0009cca50)|github.com/fleetdm/fleet/v4/orbit/pkg/update.(*FlagRunner).DoFlagsUpdate(0xc0009cca50)>
<http://github.com/fleetdm/fleet/v4/orbit/pkg/update/flag_runner.go:96|github.com/fleetdm/fleet/v4/orbit/pkg/update/flag_runner.go:96> +0x7a
main.main.func2(0xc000049780)
<http://github.com/fleetdm/fleet/v4/orbit/cmd/orbit/orbit.go:635|github.com/fleetdm/fleet/v4/orbit/cmd/orbit/orbit.go:635> +0x3e72
<http://github.com/urfave/cli/v2.(*Command).Run|github.com/urfave/cli/v2.(*Command).Run>(0xc000163540, 0xc000049780, {0xc000116010, 0x1, 0x1})
<http://github.com/urfave/cli/v2@v2.23.5/command.go:271|github.com/urfave/cli/v2@v2.23.5/command.go:271> +0xa4b
<http://github.com/urfave/cli/v2.(*App).RunContext(0xc0005601e0|github.com/urfave/cli/v2.(*App).RunContext(0xc0005601e0>, {0x20eacb8?, 0xc00011e000}, {0xc000116010, 0x1, 0x1})
<http://github.com/urfave/cli/v2@v2.23.5/app.go:329|github.com/urfave/cli/v2@v2.23.5/app.go:329> +0x665
<http://github.com/urfave/cli/v2.(*App).Run(...)|github.com/urfave/cli/v2.(*App).Run(...)>
<http://github.com/urfave/cli/v2@v2.23.5/app.go:306|github.com/urfave/cli/v2@v2.23.5/app.go:306>
main.main()
<http://github.com/fleetdm/fleet/v4/orbit/cmd/orbit/orbit.go:884|github.com/fleetdm/fleet/v4/orbit/cmd/orbit/orbit.go:884> +0x11bc
2023-05-25T15:31:13-04:00 INF running with auto updates disabled
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x38 pc=0x1a6a585]Ari Weinberg
05/25/2023, 7:34 PMill try a debug pkg as well
Ari Weinberg
05/25/2023, 7:40 PMIts basically the same with
--debugpanic: runtime error: invalid memory address or nil pointer dereferencek
Kathy Satterlee
05/25/2023, 7:41 PMWhat version of Fleet and
fleetctla
Ari Weinberg
05/25/2023, 7:41 PM4.31.1
Ari Weinberg
05/25/2023, 7:41 PMon both
k
Kathy Satterlee
05/25/2023, 7:47 PMIs this a brand new install, or was there a previous version of Orbit installed on this host?
a
Ari Weinberg
05/25/2023, 7:47 PMThere was a really old osquery installed, I think 4.9
Ari Weinberg
05/25/2023, 7:47 PMbut I removed, and reinstalled with the new generated pkg
Ari Weinberg
05/25/2023, 7:48 PMthis is multiple uninstalls, reboots, and reinstalls later
Ari Weinberg
05/25/2023, 7:48 PMunless I missed some file somewhere
k
Kathy Satterlee
05/25/2023, 7:48 PMHmm. Maybe there are some artifacts hanging about.
Kathy Satterlee
05/25/2023, 7:50 PMCan you try:
1. Following the uninstall steps here
2. Running this cleanup script
3. Reinstalling Orbit
a
Ari Weinberg
05/25/2023, 7:58 PMnope, still happening
Ari Weinberg
05/25/2023, 8:01 PMvanillia osqury seems to work
k
Kathy Satterlee
05/25/2023, 8:02 PMAre you specifying an update channel for Orbit?
a
Ari Weinberg
05/25/2023, 8:02 PMhere are the additional debug lines:
Copy code
2023-05-25T15:59:28-04:00 DBG running nudge config fetcher middleware
2023-05-25T15:59:28-04:00 DBG empty nudge config, removing nudge as target
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x38 pc=0x1a6a585]Ari Weinberg
05/25/2023, 8:02 PMnope, default channel
k
Kathy Satterlee
05/25/2023, 9:23 PMThanks! I'm reaching out to the team to see if they have any additional insight.
Kathy Satterlee
05/25/2023, 9:43 PMAre you using Fleet MDM?
Kathy Satterlee
05/25/2023, 10:03 PMAnd do you use Nudge (either through Fleet or otherwise)
a
Ari Weinberg
05/30/2023, 3:04 PMHi, sorry for the delayed reply, and thanks for your help so far.
I am not using MDM, and have no idea what nudge is, so I assume im not using it
Ari Weinberg
05/30/2023, 3:19 PMI also disabled updated. Not sure if that should make a difference
k
Kathy Satterlee
05/30/2023, 3:22 PMDoes the same thing happen if you don't disable updates?
Kathy Satterlee
05/30/2023, 3:23 PMWe're looking into this bug and it seems to be a common thread, so I'd be curious to see if that made a difference for you.
a
Ari Weinberg
05/30/2023, 3:23 PMyes. I went into the plist file and changed disable updates to false
Ari Weinberg
05/30/2023, 3:49 PMIs there a way I can disable nudge?
Ari Weinberg
05/30/2023, 3:53 PMFor that matter, how can I disable MDM, seeing as I'm not using it? I think the host that I'm testing on has it turned on by default
k
Kathy Satterlee
05/30/2023, 3:54 PMThere isn't a flag to disable Nudge. At the moment, what seems to be failing is the step that akios including Nudge if there isn't a config file present for it.
Kathy Satterlee
05/30/2023, 3:54 PMa
Ari Weinberg
05/30/2023, 4:07 PMWhen I run manually with
Copy code
sudo orbit --enroll-secret-path /opt/orbit/secret.txt --fleet-url '<https://my.fleet.com>'--fleet-urlAri Weinberg
05/30/2023, 4:07 PMnot sure why the service doesnt do that
k
Kathy Satterlee
05/30/2023, 4:09 PMI'll add that to the ticket!
6 Views