Channels
doorman
zercurity
infrastructure
code-review
queryhub
apple-silicon
carving
goquery
aws
querycon
golang
file-carving
fuzzing
help-proxy
darkbytes
process-auditing
general
windows
random
fleet-dev
tls
fim
awallaby
zentral
zeek
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
community-feeds
Powered by
#kolide
Title
# kolide
g
grant seltzer
03/16/2020, 9:34 PM
And if it doesn’t, does the enrollment secret provide enough security to connect fleet and hosts on an untrusted network?
z
zwass
03/16/2020, 10:10 PM
There is no support currently. You could front the Fleet server with a proxy that does mTLS.
I'd also be happy to do a consulting engagement to add this.
Most folks consider enroll secret + node keys to be sufficient.
➕ 1
s
sundsta
03/16/2020, 10:54 PM
If anything, I’m
very
interested if any rogue hosts enroll in my Fleet
s
stefanmaerz
03/17/2020, 12:43 PM
Im curious: what would a rogue osquery host do when attached to Fleet?
➕ 1
g
grant seltzer
03/17/2020, 1:12 PM
Pretend to be a host that they’re not
but yea I don’t think it’s the biggest worry in the world, was just curious
s
stefanmaerz
03/17/2020, 2:51 PM
^^^That makes sense. Take offline the legit host and stand up a bad one that shows nothing is wrong
2 Views
Post