dheerajck
commented
2 weeks ago yeah it sucks that its limited to Gnome
Open kveroneau opened 1 month ago
dheerajck
commented
2 weeks ago yeah it sucks that its limited to Gnome
ndench
commented
1 week ago I'm running it under Arch with i3 and it runs fine. Just can't auto detect encryption, clamav or auto updates. But just upload a screenshot as evidence and it reports my system as compliant.
dheerajck
commented
1 week ago But dont they require to update system checks daily ??
I dont know whats the point of drata agent tbh
ndench
commented
1 week ago Yes, I just start the drata agent on boot.
Yes, it does need to check daily. They point is to ensure that employees are compliant with security policies across a period of time, rather than just point in time.
For example for SOC Type 1 certification, businesses need to show that their employees computers have a screen lock, anti virus, encryption, etc (among many other things). But they only need to show this for a single point in time.
But for SOC Type 2 certification, the auditor will need proof that the employees computers are compliant over a period of at least 3 months. So the drata agent stores logs which can then be presented to the auditor as proof.
dheerajck
commented
1 week ago Drata agent crashes when I was using kde, so I moved to gnome, I think it automatically starts up in the boot, I just set it up and assume I do not need to manually open it everytime I boot up to linux, also I asked whats the point because we are required to upload screenshots manually for some stuff as it cannot detect every requirement
ndench
commented
1 week ago You're right, you do not need to open it's GUI, as long as it's running it'll do what it needs to do.
I agree that it's annoying that we still need to take a bunch of screenshots.
From what I can see the Drata admin, my computer is still marked as complaint even though it's been a couple weeks since I uploaded screenshots for encryption, antivirus and automatic updates.
If I stop auto booting the agent, then Drata shows a warning that the agent hasn't run.
I'm unsure how frequently we need to upload more screenshots at this point.
I recently started a company that uses Drata, I have yet to receive my Linux laptop for my role, and as I wait, I am naturally going through the various tools and software I will be needing to install and use. I noticed that Drata is severely limited when it comes to the Linux desktop. I understand that Linux support in Drata is also fairly new, but I'd also love to help improve it to allow it to be much more diverse when it comes to the Linux desktop. Namely, I'd love to assist the Drata team with making it compatible with the recent releases of the KDE Plasma desktop, my DE of choice on Linux. Although, I'd also love to push for pure Debian support as well, since Debian and Ubuntu are generally very compatible, I don't see much friction here.
Before I decide on looking into this feature alone, I thought I'd open an issue here to see if any of the Drata developers have been, or are going to be working on such support for the Drata agent. I don't believe that it would be too difficult to add, as it will just be a few simple checks in a couple Plasma config files on the system. Is there currently a system in place within the code base to easily extend it to different DEs? What would be the recommended way of starting to add support? I will be issued my Linux laptop in the first week of June I've been told, and so at that time, I will be-able to work more directly with the agent's source code here to enable support for KDE Plasma.