How again do you query values in specific textfile...
# generalt
Tilman Bender
03/16/2022, 5:48 PMHow again do you query values in specific textfiles (e.g. the presence of 'PermitRootLogin no' in an sshd_config) ?
Tilman Bender
03/16/2022, 5:49 PMThere was some kind of subprojet for that but I cannot recall the name
h
Hugh (Zercurity)
03/16/2022, 6:10 PMAugeaus can parse the config
Hugh (Zercurity)
03/16/2022, 6:10 PMHugh (Zercurity)
03/16/2022, 6:11 PMosquery> SELECT CASE WHEN COUNT(*) = 1 THEN
'PASSING' ELSE 'FAILING' END AS state
FROM augeas WHERE path = '/etc/ssh/sshd_config'
AND label = 'PermitRootLogin'
AND value != 'yes';
t
Tilman Bender
03/16/2022, 6:49 PMAh that was it! Was reading your medium article a couple of mins after I asked
h
Hugh (Zercurity)
03/16/2022, 6:49 PM😁
t
Tilman Bender
03/16/2022, 6:50 PMDo you happen to use that with fleet btw?
Tilman Bender
03/16/2022, 6:50 PMStill not 100% certain about vanilla osquery vs. what fleet bundles into their agent
h
Hugh (Zercurity)
03/16/2022, 6:50 PMZercurity is another fleet like manager for osquery
s
seph
03/16/2022, 7:00 PM
Launcher, Kolide’s agent, ships a variety of things to help with this. But It’s much more oriented around using our SaaS than rolling your own.
6 Views