-
Notifications
You must be signed in to change notification settings - Fork 433
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into docs-v4.61.0
- Loading branch information
Showing
129 changed files
with
2,361 additions
and
585 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| name: Build fleetd_tables osquery extension | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
|
|
||
| defaults: | ||
| run: | ||
| # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference | ||
| shell: bash | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| build-binaries: | ||
| runs-on: macos-latest | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - name: Checkout Code | ||
| uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
|
|
||
| - name: Install Go | ||
| uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | ||
| with: | ||
| go-version-file: "go.mod" | ||
|
|
||
| - name: Install Go Dependencies | ||
| run: make deps-go | ||
|
|
||
| - name: Build binaries | ||
| run: make fleetd-tables-all | ||
|
|
||
| - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v2 | ||
| with: | ||
| name: fleetd_tables | ||
| path: fleetd_tables_* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
40 changes: 40 additions & 0 deletions
40
articles/fleet-reimagines-observability-with-devops-teams.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| # Fleet reimagines observability with DevOps teams at Roblox, Atlassian, Dropbox | ||
|
|
||
| _Open-source project delivers new Arm64+ support for high-performance servers and Kubernetes clusters, speeding up compliance audits and enabling next-gen intrusion detection in the production infrastructures of industry giants including Atlassian, Dropbox, Roblox, Nubank, Fastly, and some of the world's most powerful HPC clusters (high-performance supercomputers)._ | ||
|
|
||
|  | ||
|
|
||
| **AUSTIN — November 14, 2024 —** [Fleet](https://fleetdm.com?utm_content=eo-security), the leading open-source platform for Linux and Apple device management, today announced a new suite of expanded, multi-cloud features for DevOps and cloud security teams. Fleet now includes a number of observability capabilities for servers and Kubernetes containers which make it easy to get data that was previously out of reach (or impractical to gather) from sensitive production environments like gaming servers and edge caching nodes. | ||
|
|
||
| Industry pioneer [Mark Burgess](https://en.wikipedia.org/wiki/Mark_Burgess_(computer_scientist)), author of [CFEngine](https://en.m.wikipedia.org/wiki/CFEngine) and initiator of Promise Theory put it like this: "Configuring stuff is easy, but understanding the monster you've created is hard. This is why the challenges of infrastructure are all about knowledge management. Getting data is half the battle, and that's a big scaling challenge." | ||
|
|
||
| But the need for good data from production systems has never been greater. Servers and containers have many of the same basic security visibility needs as laptops, like intrusion detection (HIDS), vulnerability reporting, and live investigation during incidents (DFIR). They just require more painstaking steps to ensure the mere act of gathering the data doesn't cause negative performance impact or expensive downtime. As companies increasingly rely on vast networks of servers to run their businesses, many opt not to take the risk of installing commercial endpoint detection and response (EDR) software on their production environments, worried about the performance "tax" and stability issues like the recent [worldwide "blue screen of death"](https://en.wikipedia.org/wiki/2024_CrowdStrike-related_IT_outages) that shut down some airports in the United States. | ||
|
|
||
| By contrast, Fleet is designed to scale seamlessly from tens of servers, to thousands of servers, to hundreds of thousands of servers, with minimal performance impact. This dramatically simplifies gathering data for compliance audits, and it makes it possible to build more advanced security paradigms. Now, Fleet is drawing increasing attention from companies that need to maximize both security and performance from their production infrastructures. | ||
|
|
||
| "We're able to address reliability and compliance concerns without sacrificing a single point-of-a-percent of performance for our servers. All of this done consistently and continuously,” said [Charles Zaffery](https://www.linkedin.com/in/charleszaffery/), principal infrastructure engineer at [Roblox](https://en.wikipedia.org/wiki/Roblox). "Fleet is getting shown to our company board." | ||
|
|
||
| Fleet's history and open-source nature give it a unique advantage. Built atop [osquery](https://osquery.io), a popular open-source agent developed by Fleet co-founder [Zach Wasserman](https://github.com/zwass) during his time on Facebook's cybersecurity team, it has since been deployed across millions of devices and adopted widely in large enterprises and hobbyist setups worldwide. This existing install base, coupled with the thousands of people reading its source code, make Fleet and osquery highly customizable and provide a firm, scalable foundation for shipping new, enterprise-ready features quickly. For example, in just the last couple of months Fleet quietly trickled out multiple new features for infrastructure teams, including Arm64 support, [BPF events](https://en.wikipedia.org/wiki/Berkeley_Packet_Filter) on Arch Linux, remote installation of RPM packages, OVAL vulnerability scanning, auto-patching, zsh shell scripting, and AI-powered explanations of security policies for developers who build on company infrastructure. | ||
|
|
||
| "Fleet's extremely wide and diverse set of data allows us [Roblox] to answer questions that we didn't even know we had," said Charles. "On top of that, the experience is near instantaneous: Literally, seconds to sort through billions of data points and return the exact handful that we need, with complete auditing and transparency." | ||
|
|
||
| This data is one of Fleet's superpowers. One example: Dre, a security engineer at a top electric vehicle manufacturer, used Fleet to identify which of their computers had a vulnerable [TPM chip](https://www.tomsguide.com/news/billions-of-pcs-and-other-devices-vulnerable-to-newly-discovered-tpm-20-flaws), an obscure hardware component. Even when the computer manufacturer couldn’t give him a straight answer over the phone, Fleet identified the vulnerable chip in seconds, across thousands of machines – from employee laptops to vehicle production lines. | ||
|
|
||
| "We picked Fleet for the simplicity of rolling it out and the ability to integrate into our environment," said another engineer at a different Fortune 100 computer and networking company. "Now, it is running on around 80,000 hosts internally at my company for threat detection, security reporting, and vulnerability management.” | ||
|
|
||
| Atlassian, Dropbox, Roblox, [Nubank](https://en.wikipedia.org/wiki/Nubank), Fastly, and other customers increase their adoption over time, standardizing on Fleet to easily get data and maintain surgical control across their entire infrastructure. For example, at Fastly, the cybersecurity department first purchased Fleet to replace a legacy, proprietary product installed on their servers, including high performance caching nodes, where even a small performance hit is critical. Then one year later, new features in Fleet allowed it to spread to the IT department and replace a legacy device management vendor, eliminating more tool overlap while unifying security data across servers and laptops. | ||
|
|
||
| The growth and IPOs of open core companies like [GitLab](https://www.heavybit.com/library/video/commercial-open-source-business-strategies) and [Hashicorp](https://www.sec.gov/Archives/edgar/data/1720671/000119312521319849/d205906ds1.htm) have paved the way for open core companies like Fleet. Unlike with proprietary, "black box" security software, which can be difficult to troubleshoot and can raise suspicions from engineers, Fleet customers retain access to 100% of the source code that runs on their servers and containers. This makes Fleet easier to procure and easier for anyone to adopt and use, inside and outside of the enterprise. | ||
|
|
||
| "Five years ago, I worked as a backend developer on an in-store payments product for a Fortune 1 company, and back then, there were a lot of late nights. We had nothing but buggy, in-house tools for doing deployments and checking up on servers, plus a few commercial products that someone had bought, but that no one actually used," said [Mike McNeil](https://github.com/mikermcneil), CEO and co-founder of Fleet. "The first time I met Zach and saw osquery, I realized this was going to change everything." | ||
|
|
||
| ## About Fleet | ||
|
|
||
| [Fleet](https://fleetdm.com?utm_content=eo-security) is the leading [open-source](http://fleetdm.com/handbook/company/why-this-way?utm_content=eo-security#why-open-source) system for Linux observability and [Apple device management](https://fleetdm.com/better?utm_content=eo-security). Built on the power of osquery, Fleet enables organizations to inspect, collect, fix, install, patch, and program just about anything, every minute of the day, on any computer in their infrastructure with unprecedented flexibility and scale. Trusted by industry leaders like Roblox, Atlassian, Fastly, Nubank, and Dropbox, Fleet is transforming the way companies approach observability for large-scale, high-performance server deployments. | ||
|
|
||
| <meta name="category" value="announcements"> | ||
| <meta name="authorFullName" value="Mike McNeil"> | ||
| <meta name="authorGitHubUsername" value="mikermcneil"> | ||
| <meta name="publishedOn" value="2024-11-14"> | ||
| <meta name="articleTitle" value="Fleet reimagines observability with DevOps teams at Roblox, Atlassian, Dropbox"> | ||
| <meta name="description" value="Fleet speeds up compliance audits and enables next-gen intrusion detection in large production infrastructures"> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| # Lock and wipe hosts | ||
|
|
||
|  | ||
|
|
||
| _Available in Fleet Premium_ | ||
|
|
||
| In Fleet, you can lock and wipe macOS, Windows, and Linux hosts remotely. This allows you to easily deal with situations | ||
| where a host might have been lost or stolen, or to remotely prepare a device to be re-deployed to another end user. | ||
|
|
||
| **Note**: lock/unlock and wipe commands are queued and will run when the device next comes online. | ||
|
|
||
| ## Lock a host | ||
|
|
||
| 1. Navigate to the **Hosts** page by clicking the "Hosts" tab in the main navigation header. Find the device you want to lock. You can search by name, hostname, UUID, serial number, or private IP address in the search box in the upper right corner. | ||
| 2. Click the host to open the **Host Overview** page. | ||
| 3. Click the **Actions** dropdown, then click **Lock**. | ||
| 4. A confirmation dialog will appear. Confirm that you want to lock the device. The host will now be marked with a "Lock pending" badge. Once the lock command is acknowledged by the host, the badge will update to "Locked". | ||
|
|
||
| ## Wipe a host | ||
|
|
||
| 1. Navigate to the **Hosts** page by clicking the "Hosts" tab in the main navigation header. Find the device you want to lock. You can search by name, hostname, UUID, serial number, or private IP address in the search box in the upper right corner. | ||
| 2. Click the host to open the **Host Overview** page. | ||
| 3. Click the **Actions** dropdown, then click **Wipe**. | ||
| 4. Confirm that you want to wipe the device in the dialog. The host will now be marked with a "Wipe pending" badge. Once the wipe command is acknowledged by the host, the badge will update to "Wiped". | ||
|
|
||
| ## Unlocking a host | ||
|
|
||
| **Note**: When a macOS host is locked, Fleet generates a 6 digit security PIN. This PIN must be physically input into the host in order to unlock it. | ||
|
|
||
| To unlock a locked host: | ||
|
|
||
| 1. Navigate to the **Hosts** page by clicking the "Hosts" tab in the main navigation header. Find the device you want to lock. You can search by name, hostname, UUID, serial number, or private IP address in the search box in the upper right corner. | ||
| 2. Click the host to open the **Host Overview** page. | ||
| 3. Click the **Actions** menu, then click **Unlock**. | ||
| - **macOS**: A dialog with the PIN will appear. Type the PIN into the device to unlock it. | ||
| - **Windows and Linux**: The command to unlock the host will be queued and the host will unlock once it receives the command (no PIN needed). | ||
| 5. When you click **Unlock**, the host will be marked with an "Unlock pending" badge. Once the host is unlocked and checks back in with Fleet, the "Unlock pending" badge will be removed. | ||
|
|
||
|
|
||
| ## Lock and wipe using `fleetctl` | ||
|
|
||
| You can lock, unlock, and wipe hosts using Fleet's command-line tool `fleetctl`: | ||
|
|
||
| ```shell | ||
| fleetctl mdm lock --host $HOST_IDENTIFIER | ||
| ``` | ||
|
|
||
| ```shell | ||
| fleetctl mdm unlock --host $HOST_IDENTIFIER | ||
| ``` | ||
|
|
||
| ```shell | ||
| fleetctl mdm wipe --host $HOST_IDENTIFIER | ||
| ``` | ||
|
|
||
| `$HOST_IDENTIFIER` can be any of the host identifiers: hostname, UUID, or serial number. | ||
|
|
||
| Add the `--help` flag to any command to learn more about how to use it. | ||
|
|
||
| **Note**: for macOS hosts, the `mdm unlock` command will return the security PIN, which must be typed into the device in order to finish unlocking it. | ||
|
|
||
| <meta name="articleTitle" value="Lock and wipe hosts"> | ||
| <meta name="authorFullName" value="JD Strong"> | ||
| <meta name="authorGitHubUsername" value="spokanemac"> | ||
| <meta name="category" value="guides"> | ||
| <meta name="publishedOn" value="2024-07-09"> | ||
| <meta name="articleImageUrl" value="../website/assets/images/articles/[email protected]"> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.