Add ability to disable browser extensions and atom packages

[noahtalerman]

Users that manage hosts that each have 10,000+ system users are concerned with the performance of the software inventory feature.

Note you can see how many system users are on a host by running the SELECT * FROM users query against one of your hosts.

This is because, in order to collect software, Fleet runs a software collection query on each host. This query collects all users (SELECT * FROM users). This is because joining with the users table is required to retrieve browser extensions and atom packages.

For example, the Linux software collection query collects all users to join with firefox_addons, chrome_extensions, and atom_packages.

Goal

As a Fleet user that manages hosts that each have 10,000+ system users, I want to be able to disable browser extensions and atom packages in software inventory so that I can safely collect software data from all my hosts.

How?

• [ ] Add a software.disable_extensions configuration option. If enabled, Fleet will not collect software items that require the users table:
  • firefox_addons
  • chrome_extensions
  • ie_extensions
  • atom_packages
• This option is disabled by default.

Notes

• This approach is preferred to allowing the user to customize the software collection queries because the Fleet team would like to improve the software inventory feature for all Fleet users.
• Maintaining the software collection queries allows the Fleet team to receive feedback (the queries are open source) and improve the product quickly.
• After the next steps could include...
  • Achieve this goal: As a Fleet user that manages hosts with tens of thousands of system users, I want to be able to safely collect browser extensions and atom packages in software inventory.
  • This may require updates to the Fleet maintained query or the osquery project itself.
  • Remove the software.disable_extensions configuration option from Fleet.

[noahtalerman]

Users that manage hosts that each have 10,000+ system users

This is the approach the Fleet team would like to take in order to allow customers, that fit the above description, to turn on software inventory.

@tgauda can you please let the customer, that reported this issue, know that this is the current strategy?

The following is the internal Slack thread with this customer that describes the issue: https://fleetdm.slack.com/archives/C03AE5T2EQ0/p1652816692500489

[noahtalerman]

@zwass: I'll follow up with Tomas to wait on writing code to address this issue. This is because we'd like to discuss this issue in tandem with the following issue: https://github.com/fleetdm/fleet/issues/5939

[zwass]

Recent performance improvements in the users table in osquery could make this no longer necessary. I'm unassigning from myself as it is not a current priority.