From 2171544ad1a1710840f00b4419a5dd8f61d95ec2 Mon Sep 17 00:00:00 2001 From: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com> Date: Sat, 17 Aug 2024 05:30:31 +0900 Subject: [PATCH] Docs quick reference optimization (#21331) This PR closes https://github.com/fleetdm/fleet/issues/21108 @noahtalerman, I double-checked all redirects, and they are working. Clicking through the URLs in [this spreadsheet](https://docs.google.com/spreadsheets/d/1djVynIMuJK4pT5ziJW12CluVqcaoxxnCLaBO3VXfAt4/edit?usp=sharing) is a pretty quick way to go through them all. Note that "Audit logs" and "Understanding host vitals" redirect to the contributor docs on GitHub, so they will throw a 404 until this is merged. Some new guides benefitted from a name change, so they make more sense as stand-alone guides, and also so that we don't have to mess around with more redirects later. Those name changes followed [this convention](https://fleetdm.com/handbook/company/communications#headings-and-titles), which was recently documented in the handbook. Have fun! --------- Co-authored-by: Eric Co-authored-by: Noah Talerman --- .../Automations.md => articles/automations.md | 7 ++- .../chrome-os.md | 12 ++-- .../cis-benchmarks.md | 14 +++-- .../custom-os-settings.md | 10 ++-- .../downgrade-fleet.md | 13 +++-- .../enforce-disk-encryption.md | 12 ++-- .../enforce-os-updates.md | 17 +++--- .../Using Fleet => articles}/enroll-hosts.md | 11 ++-- .../fleet-desktop.md | 21 +++---- .../fleet-usage-statistics.md | 11 +++- .../fleetctl-CLI.md => articles/fleetctl.md | 11 ++-- .../fleetd-updates.md | 12 ++-- .../log-destinations.md | 37 +++++++----- .../macos-mdm-setup.md | 10 ++-- .../macos-setup-experience.md | 16 ++--- .../mdm-commands.md | 22 +++---- .../mdm-migration.md | 22 +++---- .../osquery-watchdog.md | 9 ++- .../puppet-module.md | 8 ++- .../Fleet-UI.md => articles/queries.md | 34 +++++------ .../role-based-access.md | 9 ++- .../Scripts.md => articles/scripts.md | 10 ++-- .../standard-query-library.md | 7 ++- .../segment-hosts.md => articles/teams.md | 9 ++- .../vulnerability-processing.md | 9 +-- .../GitOps.md => Configuration/yaml-files.md} | 5 +- .../Audit-logs.md | 0 .../Understanding-host-vitals.md | 0 docs/Get started/FAQ.md | 56 +++++++++++++++++- docs/REST API/rest-api.md | 11 +++- docs/Using Fleet/Learn-how-to-use-Fleet.md | 58 ------------------- docs/Using Fleet/Supported-browsers.md | 28 --------- .../Supported-host-operating-systems.md | 34 ----------- server/fleet/activities.go | 2 +- server/service/osquery_utils/queries.go | 2 +- .../js/pages/docs/basic-documentation.page.js | 35 +++++------ .../styles/pages/articles/basic-article.less | 2 +- website/config/routes.js | 31 +++++++++- .../views/pages/docs/basic-documentation.ejs | 30 ++++------ 39 files changed, 325 insertions(+), 322 deletions(-) rename docs/Using Fleet/Automations.md => articles/automations.md (92%) rename docs/Using Fleet/enroll-chromebooks.md => articles/chrome-os.md (85%) rename docs/Using Fleet/CIS-Benchmarks.md => articles/cis-benchmarks.md (91%) rename docs/Using Fleet/MDM-custom-OS-settings.md => articles/custom-os-settings.md (84%) rename docs/Using Fleet/downgrading-fleet.md => articles/downgrade-fleet.md (87%) rename docs/Using Fleet/MDM-disk-encryption.md => articles/enforce-disk-encryption.md (87%) rename docs/Using Fleet/MDM-OS-updates.md => articles/enforce-os-updates.md (89%) rename {docs/Using Fleet => articles}/enroll-hosts.md (97%) rename docs/Using Fleet/Fleet-desktop.md => articles/fleet-desktop.md (84%) rename docs/Using Fleet/Usage-statistics.md => articles/fleet-usage-statistics.md (92%) rename docs/Using Fleet/fleetctl-CLI.md => articles/fleetctl.md (94%) rename docs/Using Fleet/update-agents.md => articles/fleetd-updates.md (95%) rename docs/Using Fleet/Log-destinations.md => articles/log-destinations.md (92%) rename docs/Using Fleet/MDM-setup.md => articles/macos-mdm-setup.md (89%) rename docs/Using Fleet/MDM-macOS-setup-experience.md => articles/macos-setup-experience.md (91%) rename docs/Using Fleet/MDM-commands.md => articles/mdm-commands.md (70%) rename docs/Using Fleet/MDM-migration-guide.md => articles/mdm-migration.md (93%) rename docs/Using Fleet/Osquery-process.md => articles/osquery-watchdog.md (90%) rename docs/Using Fleet/Puppet-module.md => articles/puppet-module.md (96%) rename docs/Using Fleet/Fleet-UI.md => articles/queries.md (84%) rename docs/Using Fleet/manage-access.md => articles/role-based-access.md (98%) rename docs/Using Fleet/Scripts.md => articles/scripts.md (88%) rename docs/01-Using-Fleet/standard-query-library/README.md => articles/standard-query-library.md (87%) rename docs/Using Fleet/segment-hosts.md => articles/teams.md (91%) rename docs/Using Fleet/Vulnerability-Processing.md => articles/vulnerability-processing.md (94%) rename docs/{Using Fleet/GitOps.md => Configuration/yaml-files.md} (99%) rename docs/{Using Fleet => Contributing}/Audit-logs.md (100%) rename docs/{Using Fleet => Contributing}/Understanding-host-vitals.md (100%) delete mode 100644 docs/Using Fleet/Learn-how-to-use-Fleet.md delete mode 100644 docs/Using Fleet/Supported-browsers.md delete mode 100644 docs/Using Fleet/Supported-host-operating-systems.md diff --git a/docs/Using Fleet/Automations.md b/articles/automations.md similarity index 92% rename from docs/Using Fleet/Automations.md rename to articles/automations.md index e124fc779ea3..478b870556ac 100644 --- a/docs/Using Fleet/Automations.md +++ b/articles/automations.md @@ -40,6 +40,9 @@ Host status automations send a webhook request if a configured percentage of hos Fleet sends these webhook requests once per day by default. - + + + + + - diff --git a/docs/Using Fleet/enroll-chromebooks.md b/articles/chrome-os.md similarity index 85% rename from docs/Using Fleet/enroll-chromebooks.md rename to articles/chrome-os.md index 2c1684cc5f10..d74dfb89c10a 100644 --- a/docs/Using Fleet/enroll-chromebooks.md +++ b/articles/chrome-os.md @@ -1,8 +1,6 @@ # ChromeOS For visibility on ChromeOS hosts, Fleet provides the fleetd Chrome extension which provides similar functionality as osquery on other operating systems. -## Adding ChromeOS hosts to Fleet - To learn how to add ChromeOS hosts to Fleet, visit [here](https://fleetdm.com/docs/using-fleet/adding-hosts#enroll-chromebooks). > The fleetd Chrome browser extension is supported on ChromeOS operating systems that are managed using [Google Admin](https://admin.google.com). It is not intended for non-ChromeOS hosts with the Chrome browser installed. @@ -23,6 +21,10 @@ By default, the hostname for a Chromebook host will be blank. The hostname can b ## Debugging ChromeOS To learn how to debug the Fleetd Chrome extension, visit [here](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Testing-and-local-development.md#fleetd-chrome-extension). - - - + + + + + + + diff --git a/docs/Using Fleet/CIS-Benchmarks.md b/articles/cis-benchmarks.md similarity index 91% rename from docs/Using Fleet/CIS-Benchmarks.md rename to articles/cis-benchmarks.md index 9942eb0e3c20..905d62efbadb 100644 --- a/docs/Using Fleet/CIS-Benchmarks.md +++ b/articles/cis-benchmarks.md @@ -11,7 +11,7 @@ Fleet has implemented native support for CIS Benchmarks for the following platfo - Windows 10 Enterprise - Windows 11 Enterprise -[Where possible](#limitations), each CIS Benchmark is implemented with a [policy query](./REST-API.md#policies) in Fleet. +[Where possible](#limitations), each CIS Benchmark is implemented with a [policy query](https://fleetdm.com/docs/rest-api/rest-api#policies) in Fleet. These benchmarks are intended to gauge your organization's security posture, rather than the current state of a given host. A host may fail a CIS Benchmark policy despite having the correct settings enabled if there is no configuration profile or Group Policy Object (GPO) in place to enforce the setting. For example, this is the query for **CIS - Ensure FileVault Is Enabled (MDM Required)**: @@ -95,7 +95,7 @@ Following are the requirements to use the CIS Benchmarks in Fleet: - Devices must be running [`fleetd`](https://fleetdm.com/docs/using-fleet/orbit), Fleet's lightweight agent. - Some CIS Benchmarks explicitly involve verifying MDM-based controls, so devices must be enrolled to an MDM solution. -- On macOS, the orbit component of fleetd must have "Full Disk Access", see [Grant Full Disk Access to Osquery on macOS](./Adding-hosts.md#grant-full-disk-access-to-osquery-on-macos). +- On macOS, the orbit component of fleetd must have "Full Disk Access", see [Grant Full Disk Access to Osquery on macOS](https://fleetdm.com/guides/enroll-hosts#grant-full-disk-access-to-osquery-on-macos). ## Limitations @@ -111,7 +111,9 @@ In August 2023, we completed scale testing on 10k Windows hosts and 70k macOS ho Detailed results are [here](https://docs.google.com/document/d/1OSpyzMkHjVhG_-EIBkLu7X3hj_XfVASGl3IXIYChpck/edit?usp=sharing). - - - - + + + + + + diff --git a/docs/Using Fleet/MDM-custom-OS-settings.md b/articles/custom-os-settings.md similarity index 84% rename from docs/Using Fleet/MDM-custom-OS-settings.md rename to articles/custom-os-settings.md index bcc30c022a76..aadafc1f844f 100644 --- a/docs/Using Fleet/MDM-custom-OS-settings.md +++ b/articles/custom-os-settings.md @@ -1,6 +1,6 @@ # Custom OS settings -In Fleet you can enforce OS settings on your your macOS, iOS, iPadOS, and Windows hosts using configuration profiles. +In Fleet you can enforce OS settings like security restrictions, screen lock, Wi-Fi etc., on your your macOS, iOS, iPadOS, and Windows hosts using configuration or device profiles. ## Enforce OS settings @@ -36,7 +36,9 @@ In the top box, with "Verified," "Verifying," "Pending," and "Failed" statuses, In the list of hosts, click on an individual host and click the **OS settings** item to see the status for a specific setting. - - + + + + + - diff --git a/docs/Using Fleet/downgrading-fleet.md b/articles/downgrade-fleet.md similarity index 87% rename from docs/Using Fleet/downgrading-fleet.md rename to articles/downgrade-fleet.md index 34f8fd04ff9a..0874e27c6603 100644 --- a/docs/Using Fleet/downgrading-fleet.md +++ b/articles/downgrade-fleet.md @@ -1,4 +1,4 @@ -# Downgrading from Fleet Premium +# Downgrade from Fleet Premium Follow these steps to downgrade your Fleet instance from Fleet Premium. @@ -34,8 +34,9 @@ Follow these steps to downgrade your Fleet instance from Fleet Premium. 1. Remove your license key from your Fleet configuration. Documentation on where the license key is located in your configuration is [here](https://fleetdm.com/docs/deploying/configuration#license). 2. Restart your Fleet server. - - - - - \ No newline at end of file + + + + + + \ No newline at end of file diff --git a/docs/Using Fleet/MDM-disk-encryption.md b/articles/enforce-disk-encryption.md similarity index 87% rename from docs/Using Fleet/MDM-disk-encryption.md rename to articles/enforce-disk-encryption.md index e5a88bf5aa83..8dd2b6419ff5 100644 --- a/docs/Using Fleet/MDM-disk-encryption.md +++ b/articles/enforce-disk-encryption.md @@ -1,4 +1,4 @@ -# Disk encryption +# Enforce disk encryption _Available in Fleet Premium_ @@ -58,9 +58,11 @@ How to view the disk encryption key: When migrating macOS hosts from another MDM solution, in order to complete the process of encrypting the hard drive and escrowing the key in Fleet, your end users must log out or restart their device. -Share [these guided instructions](./MDM-migration-guide.md#how-to-turn-on-disk-encryption) with your end users. +Share [these guided instructions](https://fleetdm.com/guides/mdm-migration#how-to-turn-on-disk-encryption) with your end users. - - + + + + + - diff --git a/docs/Using Fleet/MDM-OS-updates.md b/articles/enforce-os-updates.md similarity index 89% rename from docs/Using Fleet/MDM-OS-updates.md rename to articles/enforce-os-updates.md index 1a6c44469019..4b1b0cbe99f1 100644 --- a/docs/Using Fleet/MDM-OS-updates.md +++ b/articles/enforce-os-updates.md @@ -1,12 +1,8 @@ -# OS updates +# Enforce OS updates _Available in Fleet Premium_ -In Fleet you can enforce OS updates on your macOS, Windows, iOS, and iPadOS hosts remotely. - -## Enforce OS updates - -You can enforce OS updates using the Fleet UI, Fleet API, or [Fleet's GitOps workflow](https://github.com/fleetdm/fleet-gitops). +In Fleet you can enforce OS updates on your macOS, Windows, iOS, and iPadOS hosts remotely using the Fleet UI, Fleet API, or [Fleet's GitOps workflow](https://github.com/fleetdm/fleet-gitops). Fleet UI: @@ -54,8 +50,9 @@ Fleet enforces OS updates for quality and feature updates. Read more about the t When a minimum version is enforced, end users will see a notification in their Notification Center after the deadline. They can’t use their iPhone or iPad until the OS update is installed. - - + + + + + - - diff --git a/docs/Using Fleet/enroll-hosts.md b/articles/enroll-hosts.md similarity index 97% rename from docs/Using Fleet/enroll-hosts.md rename to articles/enroll-hosts.md index 154b4c7347f2..0635855596ab 100644 --- a/docs/Using Fleet/enroll-hosts.md +++ b/articles/enroll-hosts.md @@ -1,7 +1,5 @@ # Enroll hosts -## Introduction - Fleet gathers information from an [osquery](https://github.com/osquery/osquery) agent installed on each of your hosts. The recommended way to install osquery is using fleetd. You can enroll macOS, Windows or Linux hosts via the [CLI](#cli) or [UI](#ui). To learn how to enroll Chromebooks, see [Enroll Chromebooks](#enroll-chromebooks). @@ -54,7 +52,7 @@ You can use your software management tool of choice to distribute Fleet's agent ### Fleet Desktop -[Fleet Desktop](./Fleet-desktop.md) is a menu bar icon available on macOS, Windows, and Linux that gives your end users visibility into the security posture of their machine. +[Fleet Desktop](https://fleetdm.com/guides/fleet-desktop) is a menu bar icon available on macOS, Windows, and Linux that gives your end users visibility into the security posture of their machine. You can include Fleet Desktop in Fleet's agent (fleetd) by including `--fleet-desktop` in the `fleetctl package` command. @@ -379,6 +377,9 @@ but can result in a large volume of error logs. In fleetd v1.15.1, we added an e Applying the environmental variable `"FLEETD_SILENCE_ENROLL_ERROR"=1` on a host will silence fleetd enrollment errors if a `--fleet-url` is not present. This variable is read at launch and will require a restart of the Orbit service if it is not set before installing `fleetd` v1.15.1. - + + + + + - diff --git a/docs/Using Fleet/Fleet-desktop.md b/articles/fleet-desktop.md similarity index 84% rename from docs/Using Fleet/Fleet-desktop.md rename to articles/fleet-desktop.md index b4696943db96..c0b1b0e5744b 100644 --- a/docs/Using Fleet/Fleet-desktop.md +++ b/articles/fleet-desktop.md @@ -1,12 +1,7 @@ # Fleet Desktop -- [Installing Fleet Desktop](#installing-fleet-desktop) -- [Upgrading Fleet Desktop](#upgrading-fleet-desktop) -- [Custom Transparency Link](#custom-transparency-link) -- [Securing Fleet Desktop](#securing-fleet-desktop) -Fleet Desktop is a menu bar icon available on macOS, Windows, and Linux. +Fleet Desktop is a menu bar icon available on macOS, Windows, and Linux that gives your end users visibility into the security posture of their machine. This unlocks two key benefits: -At its core, Fleet Desktop gives your end users visibility into the security posture of their machine. This unlocks two key benefits: * Self-remediation: end users can see which policies they are failing and resolution steps, reducing the need for IT and security teams to intervene * Scope transparency: end users can see what the Fleet agent can do on their machines, eliminating ambiguity between end users and their IT and security teams @@ -16,10 +11,10 @@ At its core, Fleet Desktop gives your end users visibility into the security pos -## Installing Fleet Desktop +## Install Fleet Desktop For information on how to install Fleet Desktop, visit: [Adding Hosts](https://fleetdm.com/docs/using-fleet/adding-hosts#fleet-desktop). -## Upgrading Fleet Desktop +## Upgrade Fleet Desktop Once installed, Fleet Desktop will be automatically updated via Fleetd. To learn more, visit: [Self-managed agent updates](https://fleetdm.com/docs/deploying/fleetctl-agent-updates#self-managed-agent-updates). ## Custom transparency link @@ -32,7 +27,7 @@ On the settings page, go to "Organization Settings" and select "Fleet Desktop." For information on how to set the custom transparency link via a YAML configuration file, see the [configuration files](https://fleetdm.com/docs/configuration/fleet-server-configuration#fleet-desktop-settings) documentation. -## Securing Fleet Desktop +## Secure Fleet Desktop Requests sent by Fleet Desktop and the web page that opens when clicking on the "My Device" tray item use a [Random (Version 4) UUID](https://www.rfc-editor.org/rfc/rfc4122.html#section-4.4) token to uniquely identify each host. @@ -57,7 +52,9 @@ As a consequence, Fleet Desktop will issue a new token if the current token is: This change is imperceptible to users, as clicking on the "My device" tray item always uses a valid token. If a user visits an address with an expired token, they will get a message instructing them to click on the tray item again. - - + + + + + - diff --git a/docs/Using Fleet/Usage-statistics.md b/articles/fleet-usage-statistics.md similarity index 92% rename from docs/Using Fleet/Usage-statistics.md rename to articles/fleet-usage-statistics.md index e546fbdd4018..3fc5eeb8f146 100644 --- a/docs/Using Fleet/Usage-statistics.md +++ b/articles/fleet-usage-statistics.md @@ -1,7 +1,9 @@ -# Usage statistics +# Fleet usage statistics Fleet Device Management Inc. periodically collects information about your instance. +> To disable usage statistics, [see here](#disable-usage-statistics). + ## What is included in usage statistics in Fleet? Below is the JSON payload that is sent to Fleet Device Management Inc: @@ -138,6 +140,9 @@ To disable usage statistics: 3. Uncheck the "Enable usage statistics" checkbox and then select "Update settings." - + + + + + - diff --git a/docs/Using Fleet/fleetctl-CLI.md b/articles/fleetctl.md similarity index 94% rename from docs/Using Fleet/fleetctl-CLI.md rename to articles/fleetctl.md index 32b4c6724c63..453c1f997f60 100644 --- a/docs/Using Fleet/fleetctl-CLI.md +++ b/articles/fleetctl.md @@ -1,6 +1,6 @@ -# fleetctl CLI +# fleetctl -fleetctl (pronounced "Fleet control") is a CLI tool for managing Fleet from the command line. fleetctl enables a GitOps workflow with Fleet. +fleetctl (pronounced "Fleet control") is a command line interface (CLI) tool for managing Fleet from the command line. fleetctl enables a GitOps workflow with Fleet. fleetctl also provides a quick way to work with all the data exposed by Fleet without having to use the Fleet UI or work directly with the Fleet API. @@ -197,6 +197,9 @@ This will generate a `tar.gz` file with: - A file containing a set of all the errors that happened in the server during the interval of time defined by the [logging_error_retention_period](https://fleetdm.com/docs/deploying/configuration#logging-error-retention-period) configuration. - Files containing database-specific information. - + + + + + - diff --git a/docs/Using Fleet/update-agents.md b/articles/fleetd-updates.md similarity index 95% rename from docs/Using Fleet/update-agents.md rename to articles/fleetd-updates.md index 93b61c0052c6..d5693eba93e1 100644 --- a/docs/Using Fleet/update-agents.md +++ b/articles/fleetd-updates.md @@ -1,7 +1,6 @@ -# Self-managed agent updates +# Fleetd updates -The fleetd agent will periodically check the public Fleet update repository and update Orbit, Fleet Desktop, and/or osquery -if it detects a later version. +The fleetd agent will periodically check the public Fleet update repository and update Orbit, Fleet Desktop, and/or osquery if it detects a later version. To override this behavior, users can set a channel for each component or disable updates altogether. Visit [Adding Hosts](https://fleetdm.com/docs/using-fleet/adding-hosts#fleet-desktop) to learn more. Alternatively, users with a Fleet Premium subscription can self-manage an update server. @@ -160,6 +159,9 @@ fleetctl updates rotate targets After the key(s) have been rotated, publish the repository in the same fashion as any other update. - + + + + + - diff --git a/docs/Using Fleet/Log-destinations.md b/articles/log-destinations.md similarity index 92% rename from docs/Using Fleet/Log-destinations.md rename to articles/log-destinations.md index fb153f258930..ddec0c9b0c61 100644 --- a/docs/Using Fleet/Log-destinations.md +++ b/articles/log-destinations.md @@ -1,19 +1,5 @@ # Log destinations -- [Log destinations](#log-destinations) - - [Amazon Kinesis Data Firehose](#amazon-kinesis-data-firehose) - - [Snowflake](#snowflake) - - [Splunk](#splunk) - - [Amazon Kinesis Data Streams](#amazon-kinesis-data-streams) - - [AWS Lambda](#aws-lambda) - - [Google Cloud Pub/Sub](#google-cloud-pubsub) - - [Apache Kafka](#apache-kafka) - - [Stdout](#stdout) - - [Filesystem](#filesystem) - - [Sending logs outside of Fleet](#sending-logs-outside-of-fleet) - -This document provides a list of the supported log destinations in Fleet. - Log destinations can be used in Fleet to log: - Osquery [status logs](https://osquery.readthedocs.io/en/stable/deployment/logging/#status-logs). @@ -23,11 +9,27 @@ Log destinations can be used in Fleet to log: To configure each log destination, you must set the correct logging configuration options in Fleet. + Check out the reference documentation for: - [Osquery status logging configuration options](https://fleetdm.com/docs/deploying/configuration#osquery-status-log-plugin). - [Osquery result logging configuration options](https://fleetdm.com/docs/deploying/configuration#osquery-result-log-plugin). - [Activity audit logging configuration options](https://fleetdm.com/docs/deploying/configuration#activity_audit_log_plugin). +This guide provides a list of the supported log destinations in Fleet. + +### In this guide: + +- [Amazon Kinesis Data Firehose](#amazon-kinesis-data-firehose) +- [Snowflake](#snowflake) +- [Splunk](#splunk) +- [Amazon Kinesis Data Streams](#amazon-kinesis-data-streams) +- [AWS Lambda](#aws-lambda) +- [Google Cloud Pub/Sub](#google-cloud-pubsub) +- [Apache Kafka](#apache-kafka) +- [Stdout](#stdout) +- [Filesystem](#filesystem) +- [Sending logs outside of Fleet](#sending-logs-outside-of-fleet) + ## Amazon Kinesis Data Firehose Logs are written to [Amazon Kinesis Data Firehose (Firehose)](https://aws.amazon.com/kinesis/data-firehose/). @@ -145,6 +147,9 @@ See the [osquery logging documentation](https://osquery.readthedocs.io/en/stable If `--logger_plugin=tls` is used with osquery clients, the following configuration can be applied on the Fleet server for handling the incoming logs. - + + + + + - diff --git a/docs/Using Fleet/MDM-setup.md b/articles/macos-mdm-setup.md similarity index 89% rename from docs/Using Fleet/MDM-setup.md rename to articles/macos-mdm-setup.md index edf255be53e9..613f0f2ea935 100644 --- a/docs/Using Fleet/MDM-setup.md +++ b/articles/macos-mdm-setup.md @@ -1,4 +1,4 @@ -# Setup +# macOS MDM setup To turn on macOS, iOS, and iPadOS MDM features, follow the instructions on this page to connect Fleet to Apple Push Notification service (APNs). @@ -36,7 +36,9 @@ macOS hosts that automatically enroll will be assigned to a default team. If no > A host can be transferred to a new (not default) team before it enrolls. In the Fleet UI, you can do this under **Settings** > **Teams**. - - + + + + + - diff --git a/docs/Using Fleet/MDM-macOS-setup-experience.md b/articles/macos-setup-experience.md similarity index 91% rename from docs/Using Fleet/MDM-macOS-setup-experience.md rename to articles/macos-setup-experience.md index 31dac0a131c6..6d7f9cc2ef9a 100644 --- a/docs/Using Fleet/MDM-macOS-setup-experience.md +++ b/articles/macos-setup-experience.md @@ -2,7 +2,7 @@ _Available in Fleet Premium_ -In Fleet, you can customize the out-of-the-box macOS setup experience for your end users: +In Fleet, you can customize the out-of-the-box macOS Setup Assistant with Remote Management and Automated Device Enrollment (ADE) for end users: * Require end users to authenticate with your identity provider (IdP) and agree to an end user license agreement (EULA) before they can use their new Mac. @@ -12,7 +12,7 @@ In Fleet, you can customize the out-of-the-box macOS setup experience for your e In addition to the customization above, Fleet automatically installs the fleetd agent during out-of-the-box macOS setup. This agent is responsible for reporting host vitals to Fleet and presenting Fleet Desktop to the end user. -macOS setup features require connecting Fleet to Apple Business Manager (ABM). Learn how [here](./mdm-setup.md#apple-business-manager-abm). +macOS setup features require connecting Fleet to Apple Business Manager (ABM). Learn how [here](https://fleetdm.com/guides/macos-mdm-setup#apple-business-manager-abm). ## End user authentication and EULA @@ -20,7 +20,7 @@ Using Fleet, you can require end users to authenticate with your identity provid ### End user authentication -To require end user authentication, first [configure single sign-on (SSO)](../Deploy/single-sign-on-sso.md). Next, enable end user authentication by heading to to **Controls > Setup experience End user authentication** or use [Fleet's GitOps workflow](https://github.com/fleetdm/fleet-gitops). +To require end user authentication, first [configure single sign-on (SSO)](https://fleetdm.com/docs/deploy/single-sign-on-sso). Next, enable end user authentication by heading to to **Controls > Setup experience End user authentication** or use [Fleet's GitOps workflow](https://github.com/fleetdm/fleet-gitops). If you've already configured SSO in Fleet, create a new SAML app in your IdP. In your new app, use `https:///api/v1/fleet/mdm/sso/callback` for the SSO URL. @@ -155,13 +155,15 @@ Testing requires a test Mac that is present in your Apple Business Manager (ABM) 2. In Fleet, navigate to the Hosts page and find your Mac. Make sure that the host's **MDM status** is set to "Pending." - > New Macs purchased through Apple Business Manager appear in Fleet with MDM status set to "Pending." Learn more about these hosts [here](./mdm-setup.md#pending-hosts). + > New Macs purchased through Apple Business Manager appear in Fleet with MDM status set to "Pending." Learn more about these hosts [here](https://fleetdm.com/guides/macos-mdm-setup#apple-business-manager-abm). 3. Transfer this host to the "Workstations (canary)" team by selecting the checkbox to the left of the host and selecting **Transfer** at the top of the table. In the modal, choose the Workstations (canary) team and select **Transfer**. 4. Boot up your test Mac and complete the custom out-of-the-box setup experience. - - + + + + + - diff --git a/docs/Using Fleet/MDM-commands.md b/articles/mdm-commands.md similarity index 70% rename from docs/Using Fleet/MDM-commands.md rename to articles/mdm-commands.md index c541c7799dac..b1e5918c5eca 100644 --- a/docs/Using Fleet/MDM-commands.md +++ b/articles/mdm-commands.md @@ -1,4 +1,4 @@ -# Commands +# MDM commands In Fleet you can run MDM commands to take action on your macOS, iOS, iPadOS, and Windows hosts, like restarting the host, remotely. @@ -83,19 +83,11 @@ You can view a list of the 1,000 latest commands: 1. Run `fleetctl get mdm-commands` 2. View the list of latest commands, most recent first, along with the timestamp, targeted hostname, command type, execution status and command ID. -The command ID can be used to view command results as documented in [step 4 of the previous section](#step-4-view-the-commands-results). +The command ID can be used to view command results as documented in [step 4 of the previous section](#step-4-view-the-commands-results). -The possible statuses for macOS, iOS, and iPadOS hosts are the following: - -* Pending: the command has yet to run on the host. The host will run the command the next time it comes online. -* NotNow: the host responded with "NotNow" status via the MDM protocol: the host received the command, but couldn’t execute it. The host will try to run the command the next time it comes online. -* Acknowledged: the host responded with "Acknowledged" status via the MDM protocol: the host processed the command successfully. -* Error: the host responded with "Error" status via the MDM protocol: an error occurred. Run the `fleetctl get mdm-command-results --id= - + + + + + - diff --git a/docs/Using Fleet/MDM-migration-guide.md b/articles/mdm-migration.md similarity index 93% rename from docs/Using Fleet/MDM-migration-guide.md rename to articles/mdm-migration.md index 8a394d9944fd..240fc53f8812 100644 --- a/docs/Using Fleet/MDM-migration-guide.md +++ b/articles/mdm-migration.md @@ -1,15 +1,15 @@ -# Migration guide +# MDM migration This section provides instructions for migrating your hosts away from your old MDM solution to Fleet. ## Requirements -1. A [deployed Fleet instance](../Deploying/Introduction.md) -2. [Fleet connected to Apple](./mdm-setup.md) +1. A [deployed Fleet instance](https://fleetdm.com/docs/deploy/deploy-fleet +2. [Fleet connected to Apple](https://fleetdm.com/guides/macos-mdm-setup) ## Migrate manually enrolled hosts -1. [Enroll](./Adding-hosts.md) your hosts to Fleet with [Fleetd and Fleet Desktop](https://fleetdm.com/docs/using-fleet/adding-hosts#including-fleet-desktop) +1. [Enroll](https://fleetdm.com/guides/enroll-hosts) your hosts to Fleet with [Fleetd and Fleet Desktop](https://fleetdm.com/guides/enroll-hosts#fleet-desktop) 2. Ensure your end users have access to an admin account on their Mac. End users won't be able to migrate on their own if they have a standard account. 3. In your old MDM solution, unenroll the hosts to be migrated. MacOS does not allow multiple MDMs to be installed at once. 4. Send [these guided instructions](#how-to-turn-on-mdm) to your end users to complete the final few steps via Fleet Desktop. @@ -46,8 +46,8 @@ To migrate automatically enrolled hosts, we will do the following steps: ### Step 1: prepare to migrate hosts -1. Connect Fleet to Apple Business Manager (ABM). Learn how [here](./mdm-setup.md#apple-business-manager-abm). -2. [Enroll](./Adding-hosts.md) your hosts to Fleet with [Fleetd and Fleet Desktop](https://fleetdm.com/docs/using-fleet/adding-hosts#including-fleet-desktop) +1. Connect Fleet to Apple Business Manager (ABM). Learn how [here](https://fleetdm.com/guides/macos-mdm-setup#apple-business-manager-abm). +2. [Enroll](https://fleetdm.com/guides/enroll-hosts) your hosts to Fleet with [Fleetd and Fleet Desktop](https://fleetdm.com/guides/enroll-hosts#fleet-desktop) 3. Ensure your end users have access to an admin account on their Mac. End users won't be able to migrate on their own if they have a standard account. 4. Migrate your hosts to Fleet in ABM: 1. In ABM, unassign the existing hosts' MDM server from the old MDM solution: In ABM, select **Devices** and then select **All Devices**. Then, select **Edit** next to **Edit MDM Server**, select **Unassign from the current MDM**, and select **Continue**. @@ -178,7 +178,7 @@ _Available in Fleet Premium_ When migrating from a previous MDM, end users need to restart or logout of their device to escrow FileVault keys to Fleet. The **My device** page in Fleet Desktop will present users with instructions to reset their key. -To start, enforce FileVault (disk encryption) and escrow in Fleet. Learn how [here](./MDM-disk-encryption.md). +To start, enforce FileVault (disk encryption) and escrow in Fleet. Learn how [here](https://fleetdm.com/guides/enforce-disk-encryption). After turning on disk encryption in Fleet, share [these guided instructions](#how-to-turn-on-disk-encryption) with your end users. @@ -206,7 +206,9 @@ However, Activation Lock bypass codes can only be retrieved from the Mac up to 3 My device page - turn on disk encryption - - + + + + + - diff --git a/docs/Using Fleet/Osquery-process.md b/articles/osquery-watchdog.md similarity index 90% rename from docs/Using Fleet/Osquery-process.md rename to articles/osquery-watchdog.md index 68efcd81da8f..5fb0bd980bfb 100644 --- a/docs/Using Fleet/Osquery-process.md +++ b/articles/osquery-watchdog.md @@ -1,4 +1,4 @@ -# Osquery children processes +# Osquery watchdog Osquery will run a watcher process to keep track of any child process and any managed extensions. What follows is a description of what happens during the watcher REPL and under what circumstances the child process and/or managed extensions are terminated. @@ -25,6 +25,9 @@ If the managed extension is `Non-existent` (either because it was `Non-existent` Lastly, we check the state of the watcher process itself. If it is deemed unhealthy because of resource contention, then the osquery process is shut down. - + + + + + - \ No newline at end of file diff --git a/docs/Using Fleet/Puppet-module.md b/articles/puppet-module.md similarity index 96% rename from docs/Using Fleet/Puppet-module.md rename to articles/puppet-module.md index 30db545834e7..bf6a442bc14e 100644 --- a/docs/Using Fleet/Puppet-module.md +++ b/articles/puppet-module.md @@ -151,7 +151,9 @@ if $err != '' { The above example includes the XML payload for the `EnableRemoteDesktop` MDM command. Learn more about creating the payload for other custom commands [here](./MDM-commands.md). - - + + + + + - diff --git a/docs/Using Fleet/Fleet-UI.md b/articles/queries.md similarity index 84% rename from docs/Using Fleet/Fleet-UI.md rename to articles/queries.md index 5788665cf8c6..7eb5946d309b 100644 --- a/docs/Using Fleet/Fleet-UI.md +++ b/articles/queries.md @@ -1,16 +1,20 @@ -# Fleet UI -- [Creating a query](#create-a-query) -- [Running a query](#run-a-query) -- [Scheduling a query](#schedule-a-query) -- [Update agent options](#update-agent-options) +# Queries + +Queries in Fleet allow you to ask questions to help you manage, monitor, and identify threats on your devices. This guide will walk you through how to create, schedule, and run a query. + +> New users may find it helpful to start with Fleet's policies. You can find policies and queries from the community in Fleet's [query library](https://fleetdm.com/queries). To learn more about policies, see [What are Fleet policies?](https://fleetdm.com/securing/what-are-fleet-policies) and [Understanding the intricacies of Fleet policies](https://fleetdm.com/guides/understanding-the-intricacies-of-fleet-policies). + +### In this guide: + +- [Create a query](#create-a-query) +- [Run a query](#run-a-query) +- [Schedule a query](#schedule-a-query)
-Queries in Fleet allow you to ask questions to help you manage, monitor, and identify threats on your devices. This guide will walk you through how to create, schedule, and run a query. -> New users may find it helpful to start with Fleet's policies. You can find policies and queries from the community in Fleet's [query library](https://fleetdm.com/queries). To learn more about policies, see [What are Fleet policies?](https://fleetdm.com/securing/what-are-fleet-policies) and [Understanding the intricacies of Fleet policies](https://fleetdm.com/guides/understanding-the-intricacies-of-fleet-policies). ## Create a query @@ -63,16 +67,10 @@ By default, queries that run on a schedule will only target platforms compatible > Note: When viewing a specific [team](https://fleetdm.com/docs/using-fleet/segment-hosts) in Fleet Premium, only queries that belong to the selected team will be listed. When configuring query automations for all hosts, only global queries will be listed. -## Update agent options - - - - -> This content was relocated on 31st August 2023. - -See "[Agent configuration](https://fleetdm.com/docs/configuration/agent-configuration)" to learn how to simultaneously update agent options from the Fleet UI or fleetctl command line tool. - - + + + + + - diff --git a/docs/Using Fleet/manage-access.md b/articles/role-based-access.md similarity index 98% rename from docs/Using Fleet/manage-access.md rename to articles/role-based-access.md index 3f47c54afab9..95fc712c5252 100644 --- a/docs/Using Fleet/manage-access.md +++ b/articles/role-based-access.md @@ -1,4 +1,4 @@ -# Manage access +# Role-based access Users have different abilities depending on the access level they have. @@ -175,6 +175,9 @@ Users with access to multiple teams can be assigned different roles for each tea \** Team-level users only see global query results for hosts on teams where they have access. - + + + + + - diff --git a/docs/Using Fleet/Scripts.md b/articles/scripts.md similarity index 88% rename from docs/Using Fleet/Scripts.md rename to articles/scripts.md index 7adb2c057d68..754fdf4da9d7 100644 --- a/docs/Using Fleet/Scripts.md +++ b/articles/scripts.md @@ -19,7 +19,7 @@ If you don't use MDM features, to enable scripts, we'll deploy a fleetd agent wi 2. Deploy fleetd to your hosts. If your hosts already have fleetd installed, you can deploy the new fleetd on-top of the old installation. -Learn more about generating a fleetd agent and deploying it [here](./enroll-hosts.md). +Learn more about generating a fleetd agent and deploying it [here](https://fleetdm.com/guides/enroll-hosts). ## Execute a script @@ -45,7 +45,9 @@ fleetctl CLI: fleetctl run-script --script-path=/path/to/script --host=hostname ``` - - + + + + + - diff --git a/docs/01-Using-Fleet/standard-query-library/README.md b/articles/standard-query-library.md similarity index 87% rename from docs/01-Using-Fleet/standard-query-library/README.md rename to articles/standard-query-library.md index fc3f3bfdc11c..7bbdd52bf218 100644 --- a/docs/01-Using-Fleet/standard-query-library/README.md +++ b/articles/standard-query-library.md @@ -47,4 +47,9 @@ Listed below are great resources that contain additional queries. - Osquery (https://github.com/osquery/osquery/tree/master/packs) - Palantir osquery configuration (https://github.com/palantir/osquery-configuration/tree/master/Fleet) - + + + + + + diff --git a/docs/Using Fleet/segment-hosts.md b/articles/teams.md similarity index 91% rename from docs/Using Fleet/segment-hosts.md rename to articles/teams.md index 548bb1c4cdbc..0f4444aff24a 100644 --- a/docs/Using Fleet/segment-hosts.md +++ b/articles/teams.md @@ -1,4 +1,4 @@ -# Segment hosts +# Teams _Available in Fleet Premium_ @@ -34,6 +34,9 @@ You can automatically enroll hosts to a specific team in Fleet by installing a f Changing the host's enroll secret after enrollment will not cause the host to be transferred to a different team. - + + + + + - diff --git a/docs/Using Fleet/Vulnerability-Processing.md b/articles/vulnerability-processing.md similarity index 94% rename from docs/Using Fleet/Vulnerability-Processing.md rename to articles/vulnerability-processing.md index 10d88debedc0..4fce6b03b052 100644 --- a/docs/Using Fleet/Vulnerability-Processing.md +++ b/articles/vulnerability-processing.md @@ -1,7 +1,5 @@ # Vulnerability processing -## Introduction - Vulnerability processing in Fleet detects vulnerabilities (CVEs) for the software installed on your hosts. To see what software is covered, check out the [Coverage section](#coverage). @@ -72,6 +70,9 @@ command. fleet vuln_processing ``` - + + + + + - diff --git a/docs/Using Fleet/GitOps.md b/docs/Configuration/yaml-files.md similarity index 99% rename from docs/Using Fleet/GitOps.md rename to docs/Configuration/yaml-files.md index 915b9b81cee8..743d41c2e933 100644 --- a/docs/Using Fleet/GitOps.md +++ b/docs/Configuration/yaml-files.md @@ -1,4 +1,4 @@ -# GitOps +# YAML files Use Fleet's best practice GitOps workflow to manage your computers as code. @@ -583,7 +583,6 @@ org_settings: Can only be configured for all teams (`org_settings`). - + - diff --git a/docs/Using Fleet/Audit-logs.md b/docs/Contributing/Audit-logs.md similarity index 100% rename from docs/Using Fleet/Audit-logs.md rename to docs/Contributing/Audit-logs.md diff --git a/docs/Using Fleet/Understanding-host-vitals.md b/docs/Contributing/Understanding-host-vitals.md similarity index 100% rename from docs/Using Fleet/Understanding-host-vitals.md rename to docs/Contributing/Understanding-host-vitals.md diff --git a/docs/Get started/FAQ.md b/docs/Get started/FAQ.md index 7bb8c9ed97c7..f06d7c550230 100644 --- a/docs/Get started/FAQ.md +++ b/docs/Get started/FAQ.md @@ -45,6 +45,60 @@ When you collect data with Fleet, the [performance impact](https://fleetdm.com/r You can test changes on a small subset of hosts first, then roll them out to the rest of your organization. +## What browsers does Fleet supported? + +Fleet supports the latest, stable releases of all major browsers and platforms. + +We test each browser on Windows whenever possible, because our engineering team primarily uses macOS. + +**Note:** This information also applies to [fleetdm.com](https://www.fleetdm.com). + +### Desktop + +- Chrome +- Firefox +- Edge +- Safari (macOS only) + +### Mobile + +- Mobile Safari on iOS +- Mobile Chrome on Android + +### Note +> - Mobile web is not yet supported in the Fleet product. +> - The Fleet user interface [may not be fully supported](https://github.com/fleetdm/fleet/issues/969) in Google Chrome when the browser is running on ChromeOS. + +## What host operating systems does Fleet support? + +Fleet supports the following operating system versions on hosts. + +| OS | Supported version(s) | +| :------ | :------------------------------------- | +| macOS | 13+ (Ventura) | +| Windows | Pro and Enterprise 10+, Server 2012+ | +| Linux | CentOS 7.1+, Ubuntu 20.04+, Fedora 38+ | +| ChromeOS | 112.0.5615.134+ | + +While Fleet may still function partially or fully with OS versions older than those above, Fleet does not actively test against unsupported versions and does not pursue bugs on them. + +## Some notes on compatibility + +### Tables +Not all osquery tables are available for every OS. Please check out the [osquery schema](https://fleetdm.com/tables) for detailed information. + +If a table is not available for your host, Fleet will generally handle things behind the scenes for you. + +### Linux + +Fleet Desktop is supported on Ubuntu and Fedora. + +Fedora requires a [gnome extension](https://extensions.gnome.org/extension/615/appindicator-support/) and Google Chrome for Fleet Desktop. + +On Ubuntu, Fleet Desktop currently supports Xorg as X11 server, Wayland is currently not supported. Ubuntu 24.04 comes with Wayland enabled by default. To use X11 instead of Wayland you can set `WaylandEnable=false` in `/etc/gdm3/custom.conf` and reboot. + +The `fleetctl package` command is not supported on DISA-STIG distribution. + ## Is Fleet MIT licensed? Different portions of the Fleet software are licensed differently, as noted in the [LICENSE](https://github.com/fleetdm/fleet/blob/main/LICENSE) file. The majority of Fleet is MIT licensed. Paid features require a license key. @@ -71,7 +125,7 @@ Different portions of the Fleet software are licensed differently, as noted in t ## How do I contact Fleet for support? -A lot of questions can be answered [in the documentation](https://fleetdm.com/docs). +A lot of questions can be answered [in the documentation](https://fleetdm.com/docs) or [guides](https://fleetdm.com/guides). To get help from the community, visit https://fleetdm.com/support. diff --git a/docs/REST API/rest-api.md b/docs/REST API/rest-api.md index 2420c4a5a061..67e7ba717628 100644 --- a/docs/REST API/rest-api.md +++ b/docs/REST API/rest-api.md @@ -6159,6 +6159,16 @@ Note that the `EraseDevice` and `DeviceLock` commands are _available in Fleet Pr This endpoint returns the results for a specific custom MDM command. +In the reponse, the possible `status` values for macOS, iOS, and iPadOS hosts are the following: + +* Pending: the command has yet to run on the host. The host will run the command the next time it comes online. +* NotNow: the host responded with "NotNow" status via the MDM protocol: the host received the command, but couldn’t execute it. The host will try to run the command the next time it comes online. +* Acknowledged: the host responded with "Acknowledged" status via the MDM protocol: the host processed the command successfully. +* Error: the host responded with "Error" status via the MDM protocol: an error occurred. Run the `fleetctl get mdm-command-results --id= Note: If the server has not yet received a result for a command, it will return an empty object (`{}`). - ### List MDM commands > `GET /api/v1/fleet/mdm/apple/commands` API endpoint is deprecated as of Fleet 4.40. It is maintained for backward compatibility. Please use the new API endpoint below. See old API endpoint docs [here](https://github.com/fleetdm/fleet/blob/fleet-v4.39.0/docs/REST%20API/rest-api.md#list-custom-mdm-commands). diff --git a/docs/Using Fleet/Learn-how-to-use-Fleet.md b/docs/Using Fleet/Learn-how-to-use-Fleet.md deleted file mode 100644 index fceea3f7db93..000000000000 --- a/docs/Using Fleet/Learn-how-to-use-Fleet.md +++ /dev/null @@ -1,58 +0,0 @@ -# Learn how to use Fleet - -- [How to add your device to Fleet](#how-to-add-your-device-to-fleet) -- [How to ask questions about your device](#how-to-ask-questions-about-your-device) - -### Overview - -In this guide, we'll cover the following concepts: -- How to add your device to Fleet -- How to ask questions about your device - -### How to add your device to Fleet - -Once you log into Fleet, you are presented with the **Home** page. - -To add your device: - -1. Select **Add hosts**. In Fleet, devices are referred to as "hosts." -2. Select your device's platform. -3. Select **Download** to download Fleet's agent (fleetd). The download may take several seconds. -4. Open fleetd and follow the installation steps. - -> It may take several seconds for Fleet osquery to send your device's data to Fleet. - -In the background, Fleet ran several checks to assess the security hygiene of your device. - -> In Fleet, these checks are referred to as "policies." - -### How to ask questions about your device - -With Fleet, you can ask a multitude of questions to help you manage, monitor, and identify threats on your devices, but if you are just starting out, and unsure of what to ask, Fleet comes baked in with a [query library](https://fleetdm.com/queries) of common questions. - -So, let's start by asking the following question about your device: - -* What operating system is installed on my device and what is its version? - -This question can easily be answered by running this simple query: "Get operating system information." - -To run this query on your device: - -1. Select **Queries** in the top navigation. -2. Select **Create new query** (or browse your organization's queries for "operating system information" in the search bar). -3. Type the query you would like to run, `SELECT * FROM os_version;`. -4. Select **Run query**, then select **All hosts** (your device may be the only host added to Fleet), and finally select **Run** to execute the query. - -The query may take several seconds to complete, because Fleet has to wait for the Fleet's agent (fleetd) to respond with results. Only online hosts will respond with results to a live query. - -> Fleet's query response time is inherently variable because of osquery's heartbeat response time. This helps prevent performance issues on hosts. - -When the query has finished, you should see several columns in the "Results" table: - -- The "name" column answers: "What operating system is installed on my device?" - -- The "version" column answers: "What version of the installed operating system is on my device?" - - - - \ No newline at end of file diff --git a/docs/Using Fleet/Supported-browsers.md b/docs/Using Fleet/Supported-browsers.md deleted file mode 100644 index 0ed5a0dc0e8b..000000000000 --- a/docs/Using Fleet/Supported-browsers.md +++ /dev/null @@ -1,28 +0,0 @@ - -# Supported browsers - -Fleet supports the latest, stable releases of all major browsers and platforms. - -We test each browser on Windows whenever possible, because our engineering team primarily uses macOS. - -**Note:** This information also applies to [fleetdm.com](https://www.fleetdm.com). - -### Desktop - -- Chrome -- Firefox -- Edge -- Safari (macOS only) - -### Mobile - -- Mobile Safari on iOS -- Mobile Chrome on Android - -### Note -> - Mobile web is not yet supported in the Fleet product. -> - The Fleet user interface [may not be fully supported](https://github.com/fleetdm/fleet/issues/969) in Google Chrome when the browser is running on ChromeOS - - - - diff --git a/docs/Using Fleet/Supported-host-operating-systems.md b/docs/Using Fleet/Supported-host-operating-systems.md deleted file mode 100644 index 62bb617a3d84..000000000000 --- a/docs/Using Fleet/Supported-host-operating-systems.md +++ /dev/null @@ -1,34 +0,0 @@ -# Supported host operating systems - -Fleet supports the following operating system versions on hosts. - -| OS | Supported version(s) | -| :------ | :------------------------------------- | -| macOS | 13+ (Ventura) | -| Windows | Pro and Enterprise 10+, Server 2012+ | -| Linux | CentOS 7.1+, Ubuntu 20.04+, Fedora 38+ | -| ChromeOS | 112.0.5615.134+ | - -While Fleet may still function partially or fully with OS versions older than those above, Fleet does not actively test against unsupported versions and does not pursue bugs on them. - -## Some notes on compatibility - -### Tables - -Not all osquery tables are available for every OS. Please check out the [osquery schema](https://fleetdm.com/tables) for detailed information. - -If a table is not available for your host, Fleet will generally handle things behind the scenes for you. - -### Linux - -Fleet Desktop is supported on Ubuntu and Fedora. - -Fedora requires a [gnome extension](https://extensions.gnome.org/extension/615/appindicator-support/) and Google Chrome for Fleet Desktop. - -On Ubuntu, Fleet Desktop currently supports Xorg as X11 server, Wayland is currently not supported. Ubuntu 24.04 comes with Wayland enabled by default. To use X11 instead of Wayland you can set `WaylandEnable=false` in `/etc/gdm3/custom.conf` and reboot. - -The `fleetctl package` command is not supported on DISA-STIG distribution. - - - - diff --git a/server/fleet/activities.go b/server/fleet/activities.go index 37c988615193..dd2be56484a1 100644 --- a/server/fleet/activities.go +++ b/server/fleet/activities.go @@ -5,7 +5,7 @@ import ( "encoding/json" ) -//go:generate go run gen_activity_doc.go "../../docs/Using Fleet/Audit-logs.md" +//go:generate go run gen_activity_doc.go "../../docs/Contributing/Audit-logs.md" type ContextKey string diff --git a/server/service/osquery_utils/queries.go b/server/service/osquery_utils/queries.go index 59b2430b54c7..d4b2beaea7e7 100644 --- a/server/service/osquery_utils/queries.go +++ b/server/service/osquery_utils/queries.go @@ -2006,7 +2006,7 @@ func directIngestMDMDeviceIDWindows(ctx context.Context, logger log.Logger, host return ds.UpdateMDMWindowsEnrollmentsHostUUID(ctx, host.UUID, rows[0]["data"]) } -//go:generate go run gen_queries_doc.go "../../../docs/Using Fleet/Understanding-host-vitals.md" +//go:generate go run gen_queries_doc.go "../../../docs/Contributing/Understanding-host-vitals.md" func GetDetailQueries( ctx context.Context, diff --git a/website/assets/js/pages/docs/basic-documentation.page.js b/website/assets/js/pages/docs/basic-documentation.page.js index d09d42f605d5..08fdaf1b60d0 100644 --- a/website/assets/js/pages/docs/basic-documentation.page.js +++ b/website/assets/js/pages/docs/basic-documentation.page.js @@ -43,7 +43,7 @@ parasails.registerPage('basic-documentation', { return _.startsWith(page.url, '/docs'); }); this.pagesBySectionSlug = (() => { - const DOCS_SLUGS = ['get-started', 'deploy', 'using-fleet', 'configuration', 'rest-api']; + const DOCS_SLUGS = ['get-started', 'deploy', 'configuration', 'rest-api']; let sectionSlugs = _.uniq(this.pages.map((page) => page.url.split(/\//).slice(-2)[0])); let pagesBySectionSlug = {}; @@ -258,22 +258,23 @@ parasails.registerPage('basic-documentation', { return this.pagesBySectionSlug[slug]; }, - findAndSortNavSectionsByUrl: function (url='') { - let NAV_SECTION_ORDER_BY_DOCS_SLUG = { - 'using-fleet':['The basics', 'Device management', 'Vuln management', 'Security compliance', 'Osquery management', 'Dig deeper'], - }; - let slug = _.last(url.split(/\//)); - // - if(NAV_SECTION_ORDER_BY_DOCS_SLUG[slug]) { - let orderForThisSection = NAV_SECTION_ORDER_BY_DOCS_SLUG[slug]; - let sortedSection = {}; - orderForThisSection.map((section)=>{ - sortedSection[section] = this.navSectionsByDocsSectionSlug[slug][section]; - }); - this.navSectionsByDocsSectionSlug[slug] = sortedSection; - } - return this.navSectionsByDocsSectionSlug[slug]; - }, + // FUTURE: remove this function if we do not add subsections to docs sections. + // findAndSortNavSectionsByUrl: function (url='') { + // let NAV_SECTION_ORDER_BY_DOCS_SLUG = { + // 'using-fleet':['The basics', 'Device management', 'Vuln management', 'Security compliance', 'Osquery management', 'Dig deeper'], + // }; + // let slug = _.last(url.split(/\//)); + // // + // if(NAV_SECTION_ORDER_BY_DOCS_SLUG[slug]) { + // let orderForThisSection = NAV_SECTION_ORDER_BY_DOCS_SLUG[slug]; + // let sortedSection = {}; + // orderForThisSection.map((section)=>{ + // sortedSection[section] = this.navSectionsByDocsSectionSlug[slug][section]; + // }); + // this.navSectionsByDocsSectionSlug[slug] = sortedSection; + // } + // return this.navSectionsByDocsSectionSlug[slug]; + // }, getActiveSubtopicClass: function (currentLocation, url) { return _.last(currentLocation.split(/#/)) === _.last(url.split(/#/)) ? 'active' : ''; diff --git a/website/assets/styles/pages/articles/basic-article.less b/website/assets/styles/pages/articles/basic-article.less index 034b5376a6a6..12c5f77ea0b8 100644 --- a/website/assets/styles/pages/articles/basic-article.less +++ b/website/assets/styles/pages/articles/basic-article.less @@ -109,7 +109,7 @@ [purpose='article-content'] { padding-top: 24px; padding-bottom: 24px; - word-break: break-word; + word-wrap: break-word; h1:first-of-type { display: none; } diff --git a/website/config/routes.js b/website/config/routes.js index 7bbec7994acc..3a786fa1a7bb 100644 --- a/website/config/routes.js +++ b/website/config/routes.js @@ -367,7 +367,6 @@ module.exports.routes = { 'GET /docs': '/docs/get-started/why-fleet', 'GET /docs/get-started': '/docs/get-started/why-fleet', 'GET /docs/rest-api': '/docs/rest-api/rest-api', - 'GET /docs/using-fleet': '/docs/using-fleet/fleet-ui', 'GET /docs/configuration': '/docs/configuration/fleet-server-configuration', 'GET /docs/contributing': 'https://github.com/fleetdm/fleet/tree/main/docs/Contributing', 'GET /docs/deploy': '/docs/deploy/introduction', @@ -451,6 +450,36 @@ module.exports.routes = { return res.redirect('/tables/'+req.param('tableName')); } }, + 'GET /docs/using-fleet/fleet-ui': (req,res)=> { return res.redirect(301, '/guides/queries');}, + 'GET /docs/using-fleet/fleetctl-cli': (req,res)=> { return res.redirect(301, '/guides/fleetctl');}, + 'GET /docs/using-fleet/fleet-desktop': (req,res)=> { return res.redirect(301, '/guides/fleet-desktop');}, + 'GET /docs/using-fleet/enroll-hosts': (req,res)=> { return res.redirect(301, '/guides/enroll-hosts');}, + 'GET /docs/using-fleet/manage-access': (req,res)=> { return res.redirect(301, '/guides/role-based-access');}, + 'GET /docs/using-fleet/segment-hosts': (req,res)=> { return res.redirect(301, '/guides/teams');}, + 'GET /docs/using-fleet/supported-browsers': (req,res)=> { return res.redirect(301, '/docs/get-started/faq');}, + 'GET /docs/using-fleet/supported-host-operating-systems': (req,res)=> { return res.redirect(301, '/docs/get-started/faq');}, + 'GET /docs/using-fleet/gitops': (req,res)=> { return res.redirect(301, '/docs/configuration/yaml-files');}, + 'GET /docs/using-fleet/mdm-setup': (req,res)=> { return res.redirect(301, '/guides/macos-mdm-setup');}, + 'GET /docs/using-fleet/mdm-migration-guide': (req,res)=> { return res.redirect(301, '/guides/mdm-migration');}, + 'GET /docs/using-fleet/mdm-os-updates': (req,res)=> { return res.redirect(301, '/guides/enforce-os-updates');}, + 'GET /docs/using-fleet/mdm-disk-encryption': (req,res)=> { return res.redirect(301, '/guides/enforce-disk-encryption');}, + 'GET /docs/using-fleet/mdm-custom-os-settings': (req,res)=> { return res.redirect(301, '/guides/custom-os-settings');}, + 'GET /docs/using-fleet/mdm-macos-setup-experience': (req,res)=> { return res.redirect(301, '/guides/macos-setup-experience');}, + 'GET /docs/using-fleet/scripts': (req,res)=> { return res.redirect(301, '/guides/scripts');}, + 'GET /docs/using-fleet/automations': (req,res)=> { return res.redirect(301, '/guides/automations');}, + 'GET /docs/using-fleet/puppet-module': (req,res)=> { return res.redirect(301, '/guides/puppet-module');}, + 'GET /docs/using-fleet/vulnerability-processing': (req,res)=> { return res.redirect(301, '/guides/vulnerability-processing');}, + 'GET /docs/using-fleet/cis-benchmarks': (req,res)=> { return res.redirect(301, '/guides/cis-benchmarks');}, + 'GET /docs/using-fleet/osquery-process': (req,res)=> { return res.redirect(301, '/guides/osquery-watchdog');}, + 'GET /docs/using-fleet/update-agents': (req,res)=> { return res.redirect(301, '/guides/fleetd-updates');}, + 'GET /docs/using-fleet/usage-statistics': (req,res)=> { return res.redirect(301, '/guides/fleet-usage-statistics');}, + 'GET /docs/using-fleet/downgrading-fleet': (req,res)=> { return res.redirect(301, '/guides/downgrade-fleet');}, + 'GET /docs/using-fleet/enroll-chromebooks': (req,res)=> { return res.redirect(301, '/guides/chrome-os');}, + 'GET /docs/using-fleet/audit-logs': (req,res)=> { return res.redirect(301, 'https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Audit-logs');}, + 'GET /docs/using-fleet/understanding-host-vitals': (req,res)=> { return res.redirect(301, 'https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Understanding-host-vitals');}, + 'GET /docs/using-fleet/standard-query-library': (req,res)=> { return res.redirect(301, '/guides/standard-query-library');}, + 'GET /docs/using-fleet/mdm-commands': (req,res)=> { return res.redirect(301, '/guides/mdm-commands');}, + 'GET /docs/using-fleet/log-destinations': (req,res)=> { return res.redirect(301, '/guides/log-destinations');}, // ╔╦╗╦╔═╗╔═╗ ╦═╗╔═╗╔╦╗╦╦═╗╔═╗╔═╗╔╦╗╔═╗ ┬ ╔╦╗╔═╗╦ ╦╔╗╔╦ ╔═╗╔═╗╔╦╗╔═╗ // ║║║║╚═╗║ ╠╦╝║╣ ║║║╠╦╝║╣ ║ ║ ╚═╗ ┌┼─ ║║║ ║║║║║║║║ ║ ║╠═╣ ║║╚═╗ diff --git a/website/views/pages/docs/basic-documentation.ejs b/website/views/pages/docs/basic-documentation.ejs index cfd78bcf0a4c..ac6ebd0ee416 100644 --- a/website/views/pages/docs/basic-documentation.ejs +++ b/website/views/pages/docs/basic-documentation.ejs @@ -99,15 +99,12 @@ {{page.title}}
-
@@ -139,15 +136,12 @@
  • {{page.title}}
    -