Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
t
Tilman Bender
03/01/2022, 9:49 AMSorry to ask this again, I recall there being a way to export policies using the API and then importing them using fleetctl apply. However when I try to do that I get
no spec field on "" documentk
koo
03/01/2022, 1:32 PM@Tilman Bender is this resolved yet?
t
Tilman Bender
03/01/2022, 2:07 PM@koo hey unfortunately it is not. I just got sidetracked
k
koo
03/01/2022, 3:39 PMOkay I'll see if I can get some answers for you
t
Tomas Touceda
03/01/2022, 3:43 PMhi there, could you provide a bit more details: what fleet version are you using, what command and parameters/files are you trying that are giving you that error?
t
Tilman Bender
03/01/2022, 5:36 PMSure:
sudo fleetctl --versionfleetctl - version 4.10.0branch: HEADrevision: 67827474c22b61a08f112e682b994aa3e9356133build date: 2022-02-14build user: runnergo version: go1.17.7Fleet is also 4.10
the file I am trying to apply looks like this:
{"policies": [{"id": 1,"name": "Windows: Remote Assistance disabled","query": "SELECT 1 FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Remote Assistance\\fAllowFullControl' AND data=0;","description": "Check the Windows regsitry to see if Windows Remote Assistance is disabled","author_id": 1,"author_name": "Tilman Bender","author_email": "<mailto:tilman@XXXXX.de|tilman@XXXXX.de>","team_id": null,"resolution": "PS: \nSet-ItemProperty -Path 'HKLM:\\SYSTEM\\CurrentControlSet\\Control\\Remote Assistance\\' -Name fAllowFullControl –Value 0","platform": "","created_at": "2022-02-22T17:20:40Z","updated_at": "2022-02-23T16:16:57Z","passing_host_count": 1,"failing_host_count": 2},...I obtained it using :
curl -H "Authorization: Bearer ${FLEET_TOKEN}" "https://${FLEET_SERVER}/api/v1/fleet/global/policies" -o policies.jsonI had read someplace that you can re-import policies using fleetctl (event though you cannot export them yet using fleetctl)
Ah found it again: Issue #4046
Aaand I see my problem. I'd probably have to convert my exported policies to the correct yaml
t
Tomas Touceda
03/01/2022, 8:00 PMthat is correct, the apply command accepts yaml
t
Tilman Bender
03/02/2022, 9:40 AMOkay, managed to get it working
👍 1
This one is solved. Use API to export, then transform the resulting JSON into a YAML that
fleetctl apply