search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
3.15k stars 432 forks source link

Operating System Agnostic Software Install #23675

Open harrisonravazzolo opened 1 week ago

harrisonravazzolo commented 1 week ago
noahtalerman commented 1 week ago

Problem

I want to be able to have a Software install that allows me to upload multiple installers across all OS's and then have it execute across my entire Fleet, without the need to create multiple policies for each OS.

Example: Policy for Installing Firefox -- Mac and Windows. The software install automation will allow me to upload a .pkg and and .exe. and Fleet can determine which OS I'm running and install the proper package.

What have you tried?

Needed to create multiple policies, which can get tedious for many apps and os

Potential solutions

Could use GitOps or API but would require more technical knowledge.

What is the expected workflow as a result of your proposal?

A policy that allows you to write multiple queries, depending on the OS.

macOS: SELECT 1 from apps WHERE name like '%Chrome%' If fails > install .pkg

Windows: SELECT 1 from programs WHERE name like '%Chrome%' If fails > install .exe

noahtalerman commented 1 week ago

Hey @phtardif1 just a heads up that I'm putting this request to the side b/c it doesn't meet the prioritization criteria here.

cc @harrisonravazzolo

allenhouchins commented 1 week ago

For consideration, this could be another (maybe better?) way to address this need: https://github.com/fleetdm/fleet/issues/22813

Labels are evaluated at enrollment and on-going vs policies getting evaluated every hour. The original use case also only asks for macOS and Windows. To truly be agnostic or multi-platform, it would need to support macOS, Windows, DEB Linux, RHEL Linux, ChromeOS, and eventually mobile OSes. It would also be difficult to separate out workstations vs servers with this approach unless they are excluded via Team but then you're back to the original challenge of duplicating policies.

We should think about if policy automation is the best approach long term vs software distribution via dynamic or static label.