https://github.com/osquery/osquery logo
#fleet
Title
# fleet
z

Zach Zeid

08/13/2021, 3:47 PM
I've enabled software inventory as well, but I don't see anything regarding CVE's?
t

Tomas Touceda

08/13/2021, 3:50 PM
have you gone through the steps to configure vulnerability processing: https://github.com/fleetdm/fleet/blob/main/docs/1-Using-Fleet/13-Vulnerability-Processing.md ?
z

Zach Zeid

08/13/2021, 3:52 PM
Yeah this is confusing language, because I read it as "Set
FLEET_BETA_SOFTWARE_INVENTORY=1
OR using thhe app config" (which we don't use)
but that explains the errors i'm seeing in the logs
e

Esteban

08/13/2021, 3:56 PM
Yeah, It's confusing for me too since I'm not using config files and a Docker container to deploy the app. I don't know where the default config file is located
t

Tomas Touceda

08/13/2021, 3:56 PM
makes sense, we'll be retiring the env var soon. Apologies for the confusion
e

Esteban

08/13/2021, 3:58 PM
Why? For example it's easier for me to set the env vars declared directly on the docker compose.
m

Martin Pöhlmann

08/17/2021, 9:14 AM
@Tomas Touceda I'd second that env vars are way easier to configure Fleet via Docker. Especially, is there a reason you decided to put the vulnerability databases_path in the fleetctl applied config? For the Docker setup this is really cumbersome as I have to manually interact with the container after start and then restart again. This strikes my infrastructure as code approach 😕 An option would be that fleet binary would also allow to pass fleetctl config files (or am I missing this feature?).
👍 2
t

Tomas Touceda

08/17/2021, 12:17 PM
the env var is there as a feature flag switch while the software inventory feature remains in beta. Most things within fleet is configured through fleetctl, we have seen a lot of success from people managing config as code alongside their packs and queries they apply
all of that said, we are always working to make fleet more usable. If you have concrete ideas, please make sure to file a feature request
m

Martin Pöhlmann

08/17/2021, 12:53 PM
I can understand that one may want to manage query packs, osquery configs, etc via fleetctl. But the database_path is a infrastructure configuration, hence in my point of view it should belong in a config to be read on startup. I do not ask for an env var in particular, but that it is configurable like mysql or redis: https://github.com/fleetdm/fleet/blob/2df7c71749690a98652eaed34a733cff2fa062cd/docs/2-Deploying/2-Configuration.md#options
e

Esteban

08/17/2021, 1:00 PM
Totally agree, more usable on upgrades and rollbacks.
t

Tomas Touceda

08/17/2021, 1:19 PM
fair, I'll look into supporting that