From 906b7af61b065abf91d4a40136a948df29f65f1d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <joerg.sachse@slub-dresden.de>
Date: Mon, 7 Nov 2022 14:46:41 +0100
Subject: [PATCH] chore: use updated flagfile as copied from Fleet server

---
 templates/kolide.flags.j2 | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/templates/kolide.flags.j2 b/templates/kolide.flags.j2
index 58df104..f5b8580 100644
--- a/templates/kolide.flags.j2
+++ b/templates/kolide.flags.j2
@@ -1,19 +1,27 @@
+# Server
+tls_hostname={{ vault_fleet_host }}:{{ vault_fleet_port}}
+--tls_server_certs=/etc/osquery/fleet.pem
+# Enrollment
+--host_identifier=instance
 --enroll_secret_path=/etc/osquery/enroll_secret
---tls_server_certs=/etc/osquery/{{ vault_fleet_cert_name }}
---tls_hostname={{ vault_fleet_host }}:{{ vault_fleet_port}}
---host_identifier=uuid
---enroll_tls_endpoint=/api/v1/osquery/enroll
+--enroll_tls_endpoint=/api/osquery/enroll
+# Configuration
 --config_plugin=tls
 --config_tls_endpoint=/api/v1/osquery/config
 --config_refresh=10
+# Live query
 --disable_distributed=false
---disable_events=false
---disable_logging=false
 --distributed_plugin=tls
 --distributed_interval=10
 --distributed_tls_max_attempts=3
 --distributed_tls_read_endpoint=/api/v1/osquery/distributed/read
 --distributed_tls_write_endpoint=/api/v1/osquery/distributed/write
+# Logging
 --logger_plugin=tls
 --logger_tls_endpoint=/api/v1/osquery/log
 --logger_tls_period=10
+# File carving
+--disable_carver=false
+--carver_start_endpoint=/api/v1/osquery/carve/begin
+--carver_continue_endpoint=/api/v1/osquery/carve/block
+--carver_block_size=2000000
-- 
GitLab