If you want to use fleet, docker and docker-compose must be installed.
$ cd / && git clone https://github.com/woodonggyu/fleet.git
$ cd /fleet && chmod +x ./installation.sh
$ ./installation.sh
Generating RSA private key, 4096 bit long modulus
.++
.....++
...
Common Name (eg, your name or your server hostname) []: [hostname]
...
Getting Private key
$ docker-compose up -d
...
Starting [redis container name] ... done
Starting [mariadb container name] ... done
Starting [fleet container name] ... done
Now, Ready to start.
Open a browser (ex. https://[hostname]:[port])Basically, some configuration is required to use fleetctl. Initial setting for login is required as follows.
$ docker exec -itu 0 [container] /bin/sh
$ fleetctl config set --address https://[hostname]:[port] --tls-skip-verify
$ fleetctl setup --email [email]
Password:
[+] Fleet setup successful and context configured!
$ fleetctl login
Log in using the standard Fleet credentials.
Email/Username:
Password:
[+] Fleet login successful and context configured!$ fleetctl user create --username [id] --email [email]$ fleetctl apply -f /fleet/options.yamlTo get your osquery enroll secret, run the following:
$ fleetctl get enroll_secret
---
apiVersion: ~
kind: enroll_secret
spec:
secrets:
- active: true
created_at: ~
name: default
secret: [enroll_secret]To connecting agent, run the following: Before running the command below, You must download the "enroll_secret" value and the "fleet.crt" file.
$ echo "[encroll_secret]" > /var/osquery/enroll_secret
$ cp fleet.crt /var/osquery/
$ systemctl restart osqueryd.service