Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
w
wkleinhenz
05/26/2021, 11:20 PMim attempting to move for launcher to orbit, launcher worked correctly but using orbit with similar options mainly the insecure flag seems to cause OSquery, the one provided by orbit i unistalled the version i had installed via yum, to crash as it cant verify the certificate on the port opened on the local host
heres the output from systemd
this is what it says is being passed to osqueryd
/var/lib/orbit/bin/osqueryd/linux/stable/osqueryd --pidfile=/var/lib/orbit/osquery.pid --database_path=/var/lib/orbit/osquery.db --extensions_socket=/var/lib/orbit/osquery.em --enroll_secret_env=ENROLL_SECRET --tls_hostname=localhost:37880 --enroll_tls_endpoint=/api/v1/osquery/enroll --config_plugin=tls --config_tls_endpoint=/api/v1/osquery/config --config_refresh=60 --disable_distributed=false --distributed_plugin=tls --distributed_tls_max_attempts=10 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write --logger_plugin=tls --logger_tls_endpoint=/api/v1/osquery/log --disable_carver=false --carver_start_endpoint=/api/v1/osquery/carve/begin --carver_continue_endpoint=/api/v1/osquery/carve/block --carver_block_size=2000000 --tls_server_certs /tmp/fleet.crt --force
└─1501 /var/lib/orbit/bin/osqueryd/linux/stable/osquerydz
zwass
05/27/2021, 6:08 PMCan you have a look at whether
/tmp/fleet.crtw
wkleinhenz
05/27/2021, 6:12 PMseems to exist and it seems to be a cert i can try deleting it if its recreated automatically
👍 1
z
zwass
05/27/2021, 6:16 PMShould be valid
openssl x509 -in test.crt -text
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 10349005785124955555 (0x8f9f0dee20d5e5a3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=localhost
Validity
Not Before: Dec 19 00:40:04 2020 GMT
Not After : May 5 00:40:04 2048 GMT
Subject: CN=localhost
...What platform are you on here?
w
wkleinhenz
05/27/2021, 6:55 PMCentos 7
64 bit
z
zwass
05/27/2021, 6:57 PMThank you. I'll see if I can reproduce later.
👍 1