https://github.com/osquery/osquery logo
#fleet
Title
# fleet
a

Artem

05/24/2022, 2:17 PM
Hi guys! Could you please give some advices how to securely open fleet access for osquery from internet?
Some our hosts are in isolated network segments from each other and have access only to internet
This is the only API absolutely required to be public for hosts that are running osquery and aren't on the same network as the fleet servers.
👍 1
a

Artem

05/24/2022, 5:49 PM
Thank you!
j

Jason

05/24/2022, 6:29 PM
We expose our fleet server to the internet behind a WAF and restrict the admin interface to known IPs. Also we are able to block potential abuse / bots etc this way.
a

Artem

05/24/2022, 6:31 PM
Hi @Jason! Thank you too! We’ll try to create ACL for such hosts!
a

Andreas Piening

05/25/2022, 2:42 PM
Just for my understanding: The clients (osquery nodes) needs access to the fleet server at
/api/osquery
, but not the other way around, right? So it would be fine to have a local system behind
NAT
which is not directly exposed or reachable from the public network as long as the node can access the
fleet
server via
HTTPS
?
j

Jason

05/25/2022, 7:15 PM
Correct
Double check with the fleet folks. Some of the endpoints have changed recently.
8 Views