search

kolide / launcher

Osquery launcher, autoupdater, and packager
https://kolide.com/launcher
Other
502 stars 98 forks source link

Add rfm history to allowed falconctl options #1582

Closed iamharlie closed 5 months ago

iamharlie commented 5 months ago

We learned here that there's a third mode (aside kernel and reduced functionality) that we do not currently consider. We can determine this third mode, user mode, by looking at the rfm history.

This PR adds --rfm-history to the allowedOptions for falconctl, which looks like this:


rfm-history={[0 (newest)] kernel backend, not in RFM, rfm-reason=None, code=0x0; [1] kernel backend, in RFM, rfm-reason=Modules file was not found, code=0xC0000034; [2] kernel backend, in RFM, rfm-reason=Modules file was not found, code=0xC0000034}.```
CLAassistant commented 5 months ago

CLA assistant check
All committers have signed the CLA.