Andreas Piening
06/08/2022, 7:11 PMdynamic inventories
for ansible
.osquery
is more of a read only tool to query data, it would be very powerful to target a list of hosts with ansible
where specific properties are set.CVE-2022-1966
. There is a workaround with a simple sysctl
option that need to be set in order to make a system resilient.fleet
query to an inventory file in ini
format:
fleetctl query --labels "All Linux" --query "SELECT * FROM system_controls WHERE name='kernel.unprivileged_userns_clone' AND current_value='1'" | jq '.host' | sed -e 's/"//g' > Desktop/vulnerable.ini
This works fine so far.