is more of a read only tool to query data, it would be very powerful to target a list of hosts with
where specific properties are set.
. There is a workaround with a simple
option that need to be set in order to make a system resilient.
query to an inventory file in
This works fine so far.
fleetctl query --labels "All Linux" --query "SELECT * FROM system_controls WHERE name='kernel.unprivileged_userns_clone' AND current_value='1'" | jq '.host' | sed -e 's/"//g' > Desktop/vulnerable.ini