Title
#fleet
Andreas Piening

Andreas Piening

06/08/2022, 7:11 PM
I wonder if there is support for
dynamic inventories
for
ansible
.
7:18 PM
Since
osquery
is more of a read only tool to query data, it would be very powerful to target a list of hosts with
ansible
where specific properties are set.
7:21 PM
This came to my mind because I need to find hosts that are vulnerable to
CVE-2022-1966
. There is a workaround with a simple
sysctl
option that need to be set in order to make a system resilient.
7:25 PM
As a first attempt I simply append a list of the host returned by a
fleet
query to an inventory file in
ini
format:
fleetctl query --labels "All Linux" --query "SELECT * FROM system_controls WHERE name='kernel.unprivileged_userns_clone' AND current_value='1'" | jq '.host' | sed -e 's/"//g' > Desktop/vulnerable.ini
This works fine so far.