8 Commits

Author SHA1 Message Date
Victor Palma
0046e1d240 fix osquery filesystem logging
This fixes the issue where osquery does not log locally; making
  the elk_metrics_6x integration possible.

Change-Id: Ice506018757dee5ee02ef7fa0593ce06aae9c515
2018-10-23 00:36:25 -05:00
Kevin Carter
fd2005baf4
Additional cleanup and simplification
The role is further being pruned and made more efficient.

Change-Id: I75de7063164959041193526e519682ba80185250
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2018-10-18 22:51:04 -05:00
Kevin Carter
c901b0b706
Cleanup the osquery role
This change removes things we don't need and simplifies the task
execution.

Change-Id: I5be516311eaadd634990a4b9006d1ceec4de5847
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2018-10-18 17:56:23 -05:00
Kevin Carter
1e40cef199
More cleanup of the osquery role
This cleanup should make things easier to integrate with OSA
while also better supporting a stand alone deployment.

Change-Id: I7321981a9ced7bf2e807a25cadde5463b39eef8f
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2018-10-16 17:38:04 -05:00
Kevin Carter
5aff0b59f4
Cleanup the osquery tooling and vendor roles
The osquery tooling needed a little work to be fully automated and
repeatable. This change tunes up the tools and makes the entire
deployment process multi-node capable and repeatable.

The osquery role was vendored because of bugs within their use of aarmor
profiles and there was no way to disable them.

The fleet use of commands for ssl creation have been removed. The ssl
modules are now being used to generate all of the certificates.

New pre-tasks have been added to check for required variables. If the
required variables are not set the playbooks will fail early and notify
the user of the issue.

Change-Id: I88c2b40ed9d9a88a39bdf07b0dce2900fda50151
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2018-10-15 22:47:10 -05:00
Victor Palma
3aa5fcd8fc multiple updates to osquery
* move playbooks to roles
   * update documentation
   * update haproxy
     - set 6443 as default port for kolide fleet
   * add galera support

Change-Id: I2fdefcb6bec98486c16b54cf33e2b7940b88d50b
2018-10-01 14:20:08 -05:00
Victor Palma
86a2402da9 change osquery defaults
* do not install debuging osquery packages
   * log to filesystem
   * turn off rsyslog

Change-Id: Iae91959847fc7bfd5184d157a44cd994dab397f3
2018-09-11 11:29:44 -05:00
Victor Palma
5ddbde3310 adding kolide fleet
* adds kolide fleet
  * integrates osquery to kolide fleet server

Change-Id: I646364c44bb99d4397bb35068600c49b7bfd62c2
2018-07-17 18:45:56 -05:00