Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
p
Persistent SOC
02/25/2019, 3:59 PMWe are facing the above error while adding another host to fleet ! Kindly help !
s
srozb
02/25/2019, 4:44 PMhttps://osquery.readthedocs.io/en/stable/deployment/debugging/ why don't you try
Inspecting TLS/HTTPS body request and responsesp
Persistent SOC
02/26/2019, 1:40 AMWe have tried inspecting TLS/HTTPS body request and we received below response --
root@user-Veriton-M200-H81:/etc/osquery# osqueryd --flagfile=/etc/osquery/kolide.flags
I0225 21:11:29.682739 9072 init.cpp:416] osquery initialized [version=3.3.2]
I0225 21:11:29.703919 9072 system.cpp:370] Found stale process for osqueryd (8692)
I0225 21:11:29.703961 9072 system.cpp:402] Writing osqueryd pid (9072) to /var/run/osqueryd.pidfile
I0225 21:11:29.704016 9072 extensions.cpp:343] Could not autoload extensions: Failed reading: /etc/osquery/extensions.load
I0225 21:11:29.704699 9073 watcher.cpp:583] osqueryd watcher (9072) executing worker (9074)
I0225 21:11:29.711246 9074 init.cpp:413] osquery worker initialized [watcher=9072]
I0225 21:11:29.711366 9074 rocksdb.cpp:134] Opening RocksDB handle: /var/osquery/osquery.db
I0225 21:11:30.045176 9074 database.cpp:563] Checking database version for migration
I0225 21:11:30.045385 9074 tls_enroll.cpp:60] TLSEnrollPlugin requesting a node enroll key from: https://10.44.51.20:8080/api/v1/osquery/enroll
I0225 21:11:30.045399 9082 interface.cpp:265] Extension manager service starting: /var/osquery/osquery.em
I0225 21:11:30.045578 9074 smbios_tables.cpp:101] Reading SMBIOS from sysfs DMI node
I0225 21:11:30.046368 9074 smbios_tables.cpp:101] Reading SMBIOS from sysfs DMI node
I0225 21:11:30.046581 9074 tls.cpp:240] TLS/HTTPS POST request to URI: https://10.44.51.20:8080/api/v1/osquery/enroll
{"enroll_secret":"ByHTFrO2YlMckbWnt2wv/fBlPEVh2nYJ","host_identifier":"user-Veriton-M200-H81","platform_type":"9","host_details":{"os_version":{"_id":"16.04","codename":"xenial","major":"16","minor":"04","name":"Ubuntu","patch":"0","platform":"ubuntu","platform_like":"debian","version":"16.04.6 LTS (Xenial Xerus)"},"osquery_info":{"build_distro":"xenial","build_platform":"ubuntu","config_hash":"","config_valid":"0","extensions":"inactive","instance_id":"7597e1bf-a6d7-4596-936a-669106647d23","pid":"9074","start_time":"1551109289","uuid":"612A6146-9646-11E4-A83F-35B550325E00","version":"3.3.2","watcher":"9072"},"platform_info":{"address":"0xf000","date":"10/27/2014","extra":"","revision":"4.6","size":"4194304","vendor":"American Megatrends Inc.","version":"036","volume_size":"0"},"system_info":{"computer_name":"user-Veriton-M200-H81","cpu_brand":"Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000","cpu_logical_cores":"4","cpu_microcode":"0x25","cpu_physical_cores":"4","cpu_subtype":"60","cpu_type":"x86_64","hardware_model":"Veriton M200-H81","hardware_serial":"UXVJSSIC82F0274029","hardware_vendor":"Acer","hardware_version":"1.02","hostname":"user-Veriton-M200-H81","local_hostname":"user-Veriton-M200-H81","physical_memory":"8288813056","uuid":"612A6146-9646-11E4-A83F-35B550325E00"}}}
W0225 21:11:30.116509 9074 tls_enroll.cpp:67] Failed enrollment request to https://10.44.51.20:8080/api/v1/osquery/enroll (Request error: certificate verify failed) retrying...
I0225 21:11:31.117209 9074 smbios_tables.cpp:101] Reading SMBIOS from sysfs DMI node
I0225 21:11:31.118067 9074 smbios_tables.cpp:101] Reading SMBIOS from sysfs DMI node
I0225 21:11:31.118219 9074 tls.cpp:240] TLS/HTTPS POST request to URI: https://10.44.51.20:8080/api/v1/osquery/enroll