Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fleetctl denylist:false option still doesn't work #338

Closed
ar-mi opened this issue Feb 20, 2021 · 3 comments · Fixed by #339
Closed

Fleetctl denylist:false option still doesn't work #338

ar-mi opened this issue Feb 20, 2021 · 3 comments · Fixed by #339
Labels
bug Something isn't working as documented

Comments

@ar-mi
Copy link

ar-mi commented Feb 20, 2021

What version of fleet are you using (fleet version --full)?

fleet - version 3.7.1
branch: master
revision: 413695b
build date: 2021-02-03T19:56:20Z
build user: zwass
go version: go1.15.6

What operating system are you using?

NAME="CentOS Linux"
VERSION="8"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Linux 8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-8"
CENTOS_MANTISBT_PROJECT_VERSION="8"

If this is a UI issue: What browser are you using?

No

If this is a performance issue: Please attach the debug archive.

Partially

What did you do?

Tried setting denylist: false for my scheduled queries via fleetctl

What did you expect to see?

Correct working of this option.
I have already done several reports on the problems of the denylist option.
#195
#202

What did you see instead?

I see that denylist: false option can now be added to the query pack settings via fleetctl

99de-d177-5977-9837

I also see that there is an additional column in the database for denylist

image

But at the same time, I see that this option does not come to osquery clients from the Fleet server, and, as a result, does not work.
I ran osqueryd --flagfile /var/osquery/osquery.flags --verbose --tls_dump from console and got such output:

image
@zwass zwass added the bug Something isn't working as documented label Feb 21, 2021
@zwass
Copy link
Member

zwass commented Feb 21, 2021

I was able to confirm that the value is persisted properly in Fleet but is not returned to the osquery client.

zwass added a commit to zwass/fleet that referenced this issue Feb 21, 2021
@zwass
Return denylist parameter with pack configs
8b9dcff 
This was previously handled correctly within the Fleet server datastores
and API endpoints, but not returned to the actual osquery client.

Fixes fleetdm#338
@zwass zwass mentioned this issue Feb 21, 2021
Merged
@zwass
Copy link
Member

zwass commented Feb 21, 2021

My apologies for that. I've now fully end-to-end tested the changes and I think we are good to go.

zwass added a commit that referenced this issue Feb 21, 2021
@zwass
Return denylist parameter with pack configs (#339)
471f25e 
This was previously handled correctly within the Fleet server datastores
and API endpoints, but not returned to the actual osquery client.

Fixes #338
@ar-mi
Copy link
Author

ar-mi commented Mar 10, 2021

@zwass I confirm that this feature now works fine, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working as documented
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Return denylist parameter with pack configs zwass/fleet
2 participants
@zwass @ar-mi