https://github.com/osquery/osquery logo
Title
a

Ahmed Awadelkarim

11/17/2020, 2:28 PM
Hi! Anyone here have experience with why a remote tls enrollment, would return to me an empty
node_key
? If I run
osqueryd
verbose
with the
tls_dump
flag, and re-run the command thats returned to me as failing, from the command line it works fine and I get a value for the
node_key
I'd expect to see but in the daemon it all comes back empty: Daemon:
{"node_key":""}
CLI:
{"node_key": "abc123"}
Again the command I am running from the cli is what is returned to me from
osqueryd tls_dump
. I'm assuming this is likely a problem with the remote API but just want to confirm what the discrepancy may be btw the daemon and cli.
z

zwass

11/17/2020, 4:35 PM
My guess is your TLS server isn't getting the correct enroll secret. Perhaps due to the way you are passing configs in osqueryi vs. osqueryd?
a

Ahmed Awadelkarim

11/17/2020, 8:24 PM
Possibly, looking at the
osquery_flags
being passed to the daemon at runtime it should be correct, and the
tls_dump
seems to capture the correct
enroll_secret
in the command that I then copy off and run manually, however bizarrely on my mac when I run
osqueryi
the flags do not seem to be correct
So again confused by whats causing the discrepancy there