https://github.com/osquery/osquery logo
Join Slack
Powered by
Anyone know a good way to look up gsettings config...
# fleet
e
Anyone know a good way to look up gsettings config on Ubuntu hosts? I am looking to use Fleet OSquery to pull some compliance information that Drata requires. Drata does have an agent, that is also osquery among other things. So I don't really want to roll that out. Below is an example of the settings I would look for. I have tried looking for file_lines etc, but wondering if anyone has something already or if Fleet team know of a way
Copy code
org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 3600
org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 1200
org.gnome.desktop.screensaver lock-delay uint32 30
org.gnome.desktop.screensaver lock-enabled true
org.gnome.desktop.screensaver ubuntu-lock-on-suspend true
org.gnome.desktop.session idle-delay uint32 900
Note - I can write a bash script to capture this info, just want to get this into policies or queries etc
a
I have this feature request in from a few months ago: https://github.com/fleetdm/fleet/issues/22823 In the mean time, using ATC might be the best option for now. I started working on this but haven't had a chance to finish. Something along these lines would take the info from dconf and dump it into a sqlite3 database which osquery/fleet could then use natively for queries or policies.
Copy code
#!/bin/sh

# Define the SQLite database file
DB_FILE="dconf_settings.db"
TABLE_NAME="settings"

# Dump all dconf settings into a variable
DCONF_DUMP=$(dconf dump /)

# Create the SQLite database and table
sqlite3 "$DB_FILE" <<EOF
CREATE TABLE IF NOT EXISTS $TABLE_NAME (
    id INTEGER PRIMARY KEY AUTOINCREMENT,
    key TEXT UNIQUE NOT NULL,
    value TEXT NOT NULL
);
EOF

# Parse the dumped settings and insert them into the database
# Loop through each line of the dump
echo "$DCONF_DUMP" | while IFS= read -r line; do
    if [[ "$line" == "["*"]" ]]; then
        # Extract the current key namespace
        NAMESPACE=$(echo "$line" | tr -d '[]')
    elif [[ "$line" == *"="* ]]; then
        # Split the line into key and value
        KEY=$(echo "$line" | cut -d'=' -f1 | xargs)
        VALUE=$(echo "$line" | cut -d'=' -f2- | xargs)

        # Full key path
        FULL_KEY="/$NAMESPACE/$KEY"

        # Insert into SQLite database
        sqlite3 "$DB_FILE" "INSERT OR IGNORE INTO $TABLE_NAME (key, value) VALUES ('$FULL_KEY', '$VALUE');"
    fi
done

echo "dconf settings have been saved to $DB_FILE."
I can put some time into this later this afternoon or evening to finalize it.
e
ooog! forgive me, whats ATC? This is pretty cool! I dove into the Drata Agent OSS codebase and pulled out the checks it does and reports on:
Copy code
org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 3600
org.gnome.settings-daemon.plugins.power sleep-inactive-battery-timeout 1200
org.gnome.desktop.screensaver lock-delay uint32 30
org.gnome.desktop.screensaver lock-enabled true
org.gnome.desktop.screensaver ubuntu-lock-on-suspend true
org.gnome.desktop.session idle-delay uint32 900
That seems like a really useful plan, a new native table for gsettings would be really IDEAL as could then kick off remediation scripts
a
No problem! ATC = Auto Table Construction. It's a way of exposing other databases/tables to osquery or Fleet so you can use them as if they were native tables. Some more info here along with examples: https://www.linkedin.com/pulse/from-data-gaps-actions-auto-table-construction-atc-fleet-houchins-l9kqc/
I already see an issue with the above script but hopefully I can get this all sorted out later today.
g
noice
e
Great, happy to help if I can - this would be so valuable though!
a
I have not fully tested this yet but should be 95% of the way there: https://github.com/allenhouchins/fleet-stuff/tree/main/ubuntu-gsettings-atc I should be able to test more tonight. There was also a lot of copy/paste to create the documentation quickly so hopefully it makes sense. Feel free to submit any issues or pull requests for fixes.
e
This is awesome @Allen Houchins Great to see this stuff in Fleet - so much we can do with integrations etc. Keen to know if this is a "sit tight and wait" for Fleet to make this part of the standard data collection with the Agent, or if this is one that I should crack on and roll out.
a
Nice! Thanks for testing and confirming. I love ATC. It lets you use the power of Fleet without needing or waiting for Fleet to build it. I would roll with this for now. The Feature Request hasn't met the criteria for being prioritized yet: https://fleetdm.com/handbook/company/product-groups#criteria-for-prioritization
e
Tidy, I'll create a bunch of policies and remediation scripts for non-compliance based on what Drata wants and shove it in Gist or Github. With your work above, if we share it to the world - it should generate enough momentum to help prioritise.
I made some updates to the script for better security and added logic and logging. Is your repo open to me raising an MR?
a
It should be or at least its my intent you can submit updates. Let me know if you run into any issues.
e
Copy code
remote: Permission to allenhouchins/fleet-stuff.git denied to edmerrett.
fatal: unable to access '<https://github.com/allenhouchins/fleet-stuff.git/>': The requested URL returned error: 403
a
Ok, you should be able to create a branch, submit changes and open a pull request to merge to main. Let me know if you still hit any issues.
e
hm yeah still can't push. I'll create a gist and share.
a
@Ed Merrett I did get to the bottom of this with a different account. You have to fork the repo, make your changes, then submit a pull request to merge your fork back into mine. Happy to help implement improvements either way.
13 Views
Open in Slack
PreviousNext
Powered by