Hi guys Could you please give some advices how to securely o osquery #fleet

Join Slack

Hi guys! Could you please give some advices how to...

# fleet

Artem

05/24/2022, 2:17 PM

Hi guys! Could you please give some advices how to securely open fleet access for osquery from internet?

Artem

05/24/2022, 2:32 PM

Some our hosts are in isolated network segments from each other and have access only to internet

Benjamin Edwards

05/24/2022, 2:37 PM

https://fleetdm.com/docs/deploying/faq#what-api-endpoints-should-i-expose-to-the-public-internet

👍 1

Benjamin Edwards

05/24/2022, 2:38 PM

This is the only API absolutely required to be public for hosts that are running osquery and aren't on the same network as the fleet servers.

👍 1

Artem

05/24/2022, 5:49 PM

Thank you!

Jason

05/24/2022, 6:29 PM

We expose our fleet server to the internet behind a WAF and restrict the admin interface to known IPs. Also we are able to block potential abuse / bots etc this way.

Artem

05/24/2022, 6:31 PM

Hi @Jason! Thank you too! We’ll try to create ACL for such hosts!

Andreas Piening

05/25/2022, 2:42 PM

Just for my understanding: The clients (osquery nodes) needs access to the fleet server at

/api/osquery

, but not the other way around, right? So it would be fine to have a local system behind

NAT

which is not directly exposed or reachable from the public network as long as the node can access the

fleet

server via

HTTPS

Jason

05/25/2022, 7:15 PM

Correct

Jason

05/25/2022, 7:15 PM

Double check with the fleet folks. Some of the endpoints have changed recently.

8 Views

Open in Slack

Previous Next