https://github.com/osquery/osquery logo
Powered by
Title
c

clong

11/09/2021, 7:27 PM
is there any way to force a refresh of the node key?
z

zwass

11/09/2021, 7:36 PM
For a Fleet user I'd recommend deleting the host from Fleet -- that would cause a re-enrollment when the host next checks in and receives a 
node_invalid
message.
I imagine there's some equivalent that could be done in any other TLS server implementation.
c

clong

11/09/2021, 7:38 PM
ah yeah we're not using fleet here (yet) :[
🤓 1
is the node key just 
osquery.db/IDENTITY
?
s

seph

11/09/2021, 9:09 PM
This is relatively easy from the server. Less sure about the client. If you’re re-enrolling, do you need to keep any of the local state? (vs removing the entire database)
z

zwass

11/09/2021, 9:12 PM
is the node key just osquery.db/IDENTITY?
I think probably not. The node key will be somewhere in the rocksdb database that I would expect to be opaque except when parsed by rocksdb.
c

clong

11/09/2021, 9:57 PM
thanks guys
j

Jams

11/09/2021, 9:57 PM
https://osquery.readthedocs.io/en/latest/deployment/remote/#remote-logging
{
  "node_invalid": false // Optional, return true to indicate re-enrollment.
}
6 Views
#tlsJoin Slack
Powered by