https://github.com/osquery/osquery logo
Powered by
Title
r

Ryan Pesek

01/05/2023, 9:23 PM
Hi everyone. Is it possible to disable remote flagfile management that was introduced in 4.21.0? The reason I am asking is because we have 
tls_client_cert
and 
tls_client_key
set in our environment to enforce mTLS on all API calls the agent makes. However the paths to these certificate files need to change depending on if the host in MacOS or Windows. It doesn't appear to be possible to set multiple values for these config options because according to the docs 
command_line_flags
does not support the 
overrides
key.
k

Kathy Satterlee

01/05/2023, 10:12 PM
Hey @Ryan Pesek! Command line flags are only set if you're using Orbit and have the 
command_line_flags
key present in agent options. If you omit that key, you can continue to manage your flags manually and don't need to worry about Orit overwriting the existing flags.
r

Ryan Pesek

01/06/2023, 2:27 PM
Ah ok that makes sense. Thank you for the quick help! On a side note, it might be best to not automatically add 
command_line_flags: {}
to the agent configs when upgrading from older versions of Fleet. I didn't notice anything in the Changelog that this would be added and that it would wipe the existing config in the flagfiles we have deployed. Just my two cents.
One last question, will it be possible in future versions to use 
command_line_flags
with 
overrides,
or some other mechanism, to deploy different 
comman_line_flags
to different OSs?
Oh, so I think I just found a UI bug with 
command_line_flags
. If I delete 
command_line_flags: {}
using the UI, save the page, and then refresh, 
command_line_flags: {} # requires Fleet's osquery installer
appears again. I can confirm using 
fleetctl
that 
command_line_flags: {}
is not present in the 
agent_options
section. So I believe this is just a UI bug always wanting to render an empty command_line_flags key when it is empty. The bug is probably in this logic where it is trying to add the comment: https://github.com/fleetdm/fleet/blob/main/frontend/utilities/yaml/index.ts#L22-L38
k

Kathy Satterlee

01/06/2023, 4:52 PM
Great feedback here, thank you! I'm going to take that feature request for overrides to the team and start some conversation about manually adding the empty set. My understanding is that if that doesn't have content, it shouldn't override existing flags so that may actually be the bug.
r

Ryan Pesek

01/06/2023, 5:11 PM
Thank you!
3 Views
#fleetJoin Slack
Powered by