https://github.com/osquery/osquery logo
Powered by
Title
a

Artem

05/24/2022, 2:17 PM
Hi guys! Could you please give some advices how to securely open fleet access for osquery from internet?
Some our hosts are in isolated network segments from each other and have access only to internet
b

Benjamin Edwards

05/24/2022, 2:37 PM
https://fleetdm.com/docs/deploying/faq#what-api-endpoints-should-i-expose-to-the-public-internet
👍 1
This is the only API absolutely required to be public for hosts that are running osquery and aren't on the same network as the fleet servers.
👍 1
a

Artem

05/24/2022, 5:49 PM
Thank you!
j

Jason

05/24/2022, 6:29 PM
We expose our fleet server to the internet behind a WAF and restrict the admin interface to known IPs. Also we are able to block potential abuse / bots etc this way.
a

Artem

05/24/2022, 6:31 PM
Hi @Jason! Thank you too! We’ll try to create ACL for such hosts!
a

Andreas Piening

05/25/2022, 2:42 PM
Just for my understanding: The clients (osquery nodes) needs access to the fleet server at 
/api/osquery
, but not the other way around, right? So it would be fine to have a local system behind 
NAT
which is not directly exposed or reachable from the public network as long as the node can access the 
fleet
server via 
HTTPS
?
j

Jason

05/25/2022, 7:15 PM
Correct
Double check with the fleet folks. Some of the endpoints have changed recently.
8 Views
#fleetJoin Slack
Powered by