Title
#general
t

timb

10/31/2019, 6:35 PM
with the tls config plugin, are there expected situations a host will re-enroll other than receiving an invalid node_key response from the server?
s

seph

10/31/2019, 6:58 PM
Presumably missing local databases.
t

timb

10/31/2019, 7:03 PM
huh. so, i went off to take a peek at this; in at least one case the db appears to be there, but it doesn't look like osqueryd has touched it in... awhile
s

seph

10/31/2019, 7:04 PM
Are you sure it’s using that database?
t

timb

10/31/2019, 7:07 PM
lsof appears to show it having multiple fds open in the expected folder, at least
s

seph

10/31/2019, 7:07 PM
Okay then.
7:07 PM
I don’t know this corner of the code. I’d believe there are reasons
t

timb

10/31/2019, 7:07 PM
i've always assumed that the IDENTITY file in osquery.db is related to the node_key; do you know if that's correct?
d

derwolfe

10/31/2019, 7:57 PM
I don’t think this is true, no. I think the identity file is related to rocks specifically. It helps the system know which SST files to use. Not sure how this plays a role with the manifest
t

timb

10/31/2019, 8:38 PM
the short version is that it looks like doing: service osqueryd stop rm -rf $osquery_db is not a great idea; in some cases the worker will still be alive and still have fds open even though the daemon is gone