Generate TLS private key and public certificate.openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout conf/tls/fleet.key -out conf/tls/fleet.crt.For a more secure Docker deployment please skip to the next section to use Docker Swarm which implements Docker secrets. The setup contains hard-coded credentials in configs and environment variables. The Docker-compose v2.x setup is for development use ONLY.
#OSQUERY STARTUP INSTALL#
Install FleetDM with Docker-compose v2.x WARNING If this criterion is not met then Osquery will generate the following error: Request error: certificate verify failed. Not only does the common name have to match but the public certificate being served by FleetDM and the local certificate saved on the endpoint must match as well.
Below I have included a screen to demonstrate what I mean. When the Osquery agent connects to FleetDM it will verify that the common name in the public certificate being served by FleetDM matches the common name specified in the osquery.flags file: -tls_hostname=. This blog post will assume you have the knowledge and capability to create a DNS A record that points to where FleetDM is being hosted. Important note : Common name match for Osquery cert check It’s especially useful for talking to multiple devices at the same time. Deploying osquery with Fleet enables programmable live queries, streaming logs, and effective management of osquery across 50,000+ servers, containers, and laptops. March 20th 2022 – Updated Docker and Ansible from Fleet v4.7.0 to v4.11.0įleet is the most widely used open source osquery manager.December 18th 2021 – Updated Docker and Ansible from Fleet v4.3.1 to v4.7.0.September 24th 2021 – Updated Docker and Ansible from Fleet v4.2.3 to v4.3.1.September 24th 2021 – Added Vagrant to spin up Fleet on Ubuntu 20.04 and updated Ansible playbook to use TARs.August 29th 2021 – Added instructions to install/setup Osquery on macOS Big Sur.August 29th 2021 – Updated Docker from Fleet v4.0.1 to v4.2.3.July 15th 2021 – Updated Docker from Fleet v3.7.1 to v4.0.1.
Create a query pack on Fleet with UI and FleetCTL CLI tool.Create a saved query on Fleet with UI and FleetCTL CLI tool.Create a live query on Fleet with UI and FleetCTL CLI tool.
#OSQUERY STARTUP HOW TO#
Lastly, I will end by demonstrating how to use the FleetDM WebGUI and FleetCTL tool to manage FleetDM and interact with your Osquery agents.
#OSQUERY STARTUP MANUAL#
Additionally, there are Ansible playbooks for deploying the Osquery agent on Windows and Ubuntu with manual instructions as well. This blog post generated an Ansible playbook, Docker-composes for Swarm and non-swarm, Vagrant to create a VM, and manual instructions for installing FleetDM on Ubuntu 20.04. The purpose of this blog post is to provide multiple methods on how to install/setup FleetDM, how to deploy Osquery, and demonstrate how to use features of FleetDM + FleetCTL.
0 kommentar(er)
