-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathflagfile.txt
More file actions
45 lines (38 loc) · 1.11 KB
/
flagfile.txt
File metadata and controls
45 lines (38 loc) · 1.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# Server
#--tls_hostname=192.168.56.105:8412
# Required to match certificate
--tls_hostname=fleet:8412
--tls_server_certs=/etc/osquery/fleet.pem
# Enrollment
--host_identifier=ubuntu200
--enroll_secret_path=/etc/osquery/secret.txt
--enroll_tls_endpoint=/api/v1/osquery/enroll
# Configuration
--config_plugin=tls
--config_tls_endpoint=/api/v1/osquery/config
--config_refresh=10
# Live query
--disable_distributed=false
--distributed_plugin=tls
--distributed_interval=10
--distributed_tls_max_attempts=3
--distributed_tls_read_endpoint=/api/v1/osquery/distributed/read
--distributed_tls_write_endpoint=/api/v1/osquery/distributed/write
# Logging
--logger_plugin=tls
--logger_tls_endpoint=/api/v1/osquery/log
--logger_tls_period=10
# File carving
--disable_carver=false
--carver_start_endpoint=/api/v1/osquery/carve/begin
--carver_continue_endpoint=/api/v1/osquery/carve/block
--carver_block_size=2000000
# Enable events and process monitoring
--audit_allow_config=true
--disable_audit=false
--audit_persist=true
--audit_allow_sockets
--audit_allow_process_events=true
--disable_events=false
--events_expiry=1
--events_max=500000