Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow set and override of osquery flags #613

Merged
merged 2 commits into from Jun 10, 2020
Merged

Allow set and override of osquery flags #613

merged 2 commits into from Jun 10, 2020

Conversation

zwass
Copy link
Contributor

@zwass zwass commented Jun 8, 2020

Adds a new option --osquery_flag that allows the user to provide a
flag that will be passed directly to osquery. These flags are appended
to all other default and computed flags, allowing them to potentially
override the default and computed flags. This allows users to set flags
that would not otherwise be possible to use with Launcher (like
windows_event_channels), and also opens up additional uses of Launcher
with overridden options, plugins, etc.

Support is also added to the package tooling to build packages with this
flag set.

Closes #96

@zwass zwass requested a review from directionless June 8, 2020 23:12
directionless
directionless requested changes Jun 9, 2020
View reviewed changes
Copy link
Contributor

@directionless directionless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feel free to ignore the nits. But I think the help location should change. And discussion about whether we really want this level of foot gun.,

cmd/launcher/options.go Outdated Show resolved Hide resolved
pkg/osquery/runtime/runtime.go Outdated Show resolved Hide resolved
cmd/package-builder/package-builder.go Show resolved Hide resolved
cmd/launcher/options.go Show resolved Hide resolved
@zwass
Copy link
Contributor Author

zwass commented Jun 9, 2020

@directionless Thank you for the review. I believe I addressed all of your concerns.

@directionless
Copy link
Contributor

Agree this looks good. I think I fixed this CI issue in #612 rebase?

zwass added 2 commits June 9, 2020 15:19
@zwass
Allow set and override of osquery flags
96fe410 
Adds a new option `--osquery_flag` that allows the user to provide a
flag that will be passed directly to osquery. These flags are appended
to all other default and computed flags, allowing them to potentially
override the default and computed flags. This allows users to set flags
that would not otherwise be possible to use with Launcher (like
`windows_event_channels`), and also opens up additional uses of Launcher
with overridden options, plugins, etc.

Support is also added to the package tooling to build packages with this
flag set.

Closes kolide#96
@zwass
Address comments
361792e
@directionless directionless merged commit 5ff6bb8 into kolide:master Jun 10, 2020
@directionless directionless mentioned this pull request Oct 15, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@directionless directionless directionless approved these changes

Assignees
No one assigned
Labels
zzHistoric:Documentation zzHistoric:Osquery
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add osquery flagfile option
2 participants
@zwass @directionless