Title
#fleet
b

benbass

02/08/2022, 7:54 PM
I have an older fleet install and am looking to enable software, yet not the vulnerability scans. What flags do I need to add to my config file?
Tomas Touceda

Tomas Touceda

02/08/2022, 7:58 PM
hi, what version are you running?
b

benbass

02/08/2022, 7:58 PM
I just updated to 4.9.1. I could also be jumping the gun as I just finished the upgrade about 30 minutes ago.
Tomas Touceda

Tomas Touceda

02/08/2022, 8:26 PM
to enable software inventory in 4.9.1 you simply apply the following config via fleetctl:
---
apiVersion: v1
kind: config
spec:
  host_settings:
    enable_software_inventory: true
and that should be it
b

benbass

02/08/2022, 8:30 PM
Cool. Can I do that as an environmental variable as well? ENABLE_SOFTWAER_INVENTORY=1 or yes?
8:31 PM
I know earlier versions
FLEET_BETA_SOFTWARE_INVENTORY=1
worked.
Tomas Touceda

Tomas Touceda

02/08/2022, 8:33 PM
no, this is something that can only be applied through fleetctl, sadly
b

benbass

02/08/2022, 8:33 PM
Oh well. Good to know then.
8:36 PM
What would be the best way to apply that with fleetctl? build that as a yaml file and then do
fleetctl apply -f <configuration-file-name-here>.yml
Tomas Touceda

Tomas Touceda

02/08/2022, 8:36 PM
b

benbass

02/08/2022, 8:37 PM
That works - I can then drop that yaml file into my git repo to track things that way.
Rachel Perkins

Rachel Perkins

02/09/2022, 3:07 PM
Thanks Tomas! Also, if you do need to enable/disable vulnerabilities, you'll just need to add/remove the databases path. https://fleetdm.com/docs/using-fleet/vulnerability-processing#configuration
b

benbass

02/09/2022, 3:15 PM
Good to know Rachel. What I did to handle that was to set the variable scanning instance check to no on all nodes.
FLEET_VULNERABILITIES_CURRENT_INSTANCE_CHECKS=no