Discover more Linux distributions

[oilian]

We are trying to use kolide with osquery on Red Hat Enterprise Linux and Fedora, but Kolide shows both as "Ubuntu" on queries. Can Red Hat Enterprise Linux and Fedora be added to the list of detected OSes?

[bodgit]

Where does it show up as Ubuntu for you? I thought I had the same issue, as it shows up in the osquery_info table as Ubuntu Xenial but that's the host that built the osquery binary, I think. The os_version table correctly detects Red Hat Enterprise Linux here.

What I would like is the tags on the RHS of the Fleet UI to be editable as currently there's macOS, Ubuntu, CentOS and Windows which means proper RHEL hosts don't appear there.

[zwass]

@bodgit You can create your own labels with whatever queries you like and they will be populated and available on the dashboard as well as for targeting queries.

[bodgit]

@zwass that doesn't really help as it's the list of platforms I'd like to change, not the labels, sorry if that wasn't clear. For example, I don't have any Ubuntu hosts, but I do have RHEL (as well as CentOS) so I'd like to be able to update the list of platforms.

[zwass]

@bodgit the RHS labels are just a few special cased built in labels we provide. You get the exact same functionality by manually creating labels, they just don't get fancy icons.

If this doesn't suffice, can you help me understand more about your use case?

[bodgit]

Maybe I just want fancy icons :laughing:

Given I have Windows, CentOS and RHEL hosts it would be nice to be able to remove/hide the macOS and Ubuntu labels and add a RHEL one otherwise it looks a bit inconsistent, especially if I try and sell this UI/tool to other colleagues. Just trying to preempt the obvious questions I'll get from them.

[golbiga]

@zwass I agree with @bodgit. It would be nice if we could edit those labels. We are RHEL only here, no Ubuntu.

[oilian]

So I tried to use self-created labels, and this is kind of working, however, if you build a query and select the Targets, it shows the predefined labels only (so masOS, Ubuntu, CentOS, and Windows). You only get the self-created labels when you start typing the name of the label. It would be great if this would be more visible in the target selection, that there are more labels available.

[nyanshak]

I started to look into this, but I'm definitely far away from a front-end dev. Going to drop this for now but leaving notes that hopefully can help the next person to come along (or myself if I get more time).

frontend/utilities/platform_icon_class.js - this is where the special icon platform matching code is. Basically you get icons currently for:

• macos
• centos
• ubuntu
• "linux" (fallback for everything that isn't ubuntu / centos? or is this for all linux including those?)
• windows

assets/kolidecons@<...>.woff - web font (?) with the actual icons in them

frontend/styles/global/_icons.scss - contains "which character" in the woff file each icon is, like kolidecon-ubuntu (and kolidecon-ubuntu-original, but I'm not sure what each is).

---

Currently requested extra icons / platforms:

• RHEL
• Fedora
• BSD (FreeBSD)
• Debian
• Centos
• Suse

---

Workaround: Create labels Short-term fix maybe: Add requested icons

I think a few things that we might want to do over time:

1. document "how to add additional labels w/ icons" (via pull request to fleet) or something of that nature, to make it easier to contribute new special labels
2. add the ability to add icons to custom labels (either by uploading an icon or using a URL for an icon on the web, with some restrictions); if using this option, we could consider combining the "special-case" labels with regular labels
3. have the 'target selecting UI' pull in the names of the self-created labels (see @ohaessler comment)

---

I don't have enough time to do this right now, but I thought this might be helpful for someone else picking this up.