FleetDM Setup

Guide on How to Install and Configure FleetDM

What is FleetDM?

FleetDM is an Open Source application that will help remotely run queries on devices on a network using OSQuery.

FleetDM Installation Guide (Ubuntu 20.04)

Setting Up and Updating Ubuntu

First, the Ubuntu system is updated, in the correct time zone, and the hostname is changed (optional). Use the following commands to do this.

sudo -i
timedatectl set-timezone Etc/UTC
apt update -y && apt upgrade -y && apt install net-tools git wget unzip -y && reboot

Installing Redis Server

Next, install redis server and ensure that it is up and operational.

sudo -i
apt install redis-server -y
systemctl enable redis-server
systemctl start redis-server

Check to make sure redis-server is up an running using the following command.

netstat -tnlp | grep redis

Installing and Setting Up MySQL

Now install and set up a MySQL database for FleetDM to use.

sudo -i
apt install mysql-server-8.0 python3-mysqldb python3-pip -y
systemctl start mysql

Run mysql_secure_installation to securely install MySQL.

Enter "y" for password validation
Enter "2" to ensure strong passwords are made in this MySQL instance
Make and confirm a strong root password
Enter "y" to confirm root password
Enter "y" to remove anonymous users
Enter "y" to disallow root remote logins
Enter "y" to remove the test database
Enter "y" to reload privilege tables

Next, enable MySQL and then interact with the MySQL environment as root using using the following commands.

systemctl enable mysql
mysql -u root

Now, run the following queries to create a database and database user with the required privileges for FleetDM to use.

CREATE DATABASE fleetdm;
CREATE USER 'fleetdm'@'localhost' IDENTIFIED BY '<Password>';
GRANT ALL PRIVILEGES ON fleetdm.* TO 'fleetdm'@'localhost';
exit

Download MySQL Settings config using the command, then finally restart MySQL.

wget https://raw.githubusercontent.com/richnadeau/OSQuery-Training-Course/main/FleetDM/mysql/fleetdm.cnf -O /etc/mysql/conf.d/fleetdm.cnf
systemctl restart mysql

Installing and Setting Up FleetDM

Before Installing FleetDM, a FleetDM system user must be added with the correct permissions.

adduser fleetdm --system --no-create-home
groupadd fleetdm
usermod -aG fleetdm fleetdm

Note: The FleetDM account that we just created will not be used to log into as it a system account. We are just using it to help run FleetDM.

Now, change directory to the /tmp/ folder, download the FleetDM files, and unzip them. From there, start making directories for FleetDM binaries and OSQuery logs and changing their ownerships.

cd /tmp/ && wget https://github.com/fleetdm/fleet/releases/download/3.6.0/fleet.zip
unzip fleet.zip
mv linux/fleet /usr/local/bin/fleet
mkdir /etc/fleetdm
chown root:root -R /etc/fleetdm
mkdir /var/log/osquery
chown fleetdm:fleetdm -R /var/log/osquery

NOTE: FleetDM version 3.6.0 is installed in this tutorial

Now, create a self-signed private key and public cert for the server so our OSQuery instances can connect securely to it.

openssl req -newkey rsa:2048 -nodes -keyout /etc/ssl/private/fleetdm.key -x509 -days 365 -out /etc/ssl/certs/fleetdm.crt

Country Name: US
State or Province: Vermont
Locality Name: Burlington
Organization Name: Champlain
Organizational Unit Name: SEC440
Common Name: [Your-IP or FQDN]

Next, download the FleetDM config file (fleetdm.yml), change its ownership and permissions, and then make changes to it. Copy the jwt key before editing "fleetdm.yml" file.

wget https://raw.githubusercontent.com/richnadeau/OSQuery-Training-Course/main/FleetDM/fleet/fleetdm.yml -O /etc/fleetdm/fleetdm.yml
chown root:fleetdm /etc/fleetdm/fleetdm.yml
chmod 640 /etc/fleetdm/fleetdm.yml
openssl rand -base64 32 | tr -cd '[:alnum:]'
nano /etc/fleetdm/fleetdm.yml

Using a text editor, put the database name in replace of '{{ mysql_fleetdm_db_name }}', database username in replace of '{{ mysql_fleetdm_username }}', and database password at '{{ mysql_fleetdm_password }}'. In this example, we used "fleetdm" as both the database name and database username. Lastly, replace '{{ fleetdm_jwt }}' with the jwt key you generated in the command before.

Note: Values for "fleetdm.yml" should be surrounded by single quotes ('), no brackets ({}), and no spaces.

After editing the config file, initialize the FleetDM database.

/usr/local/bin/fleet prepare db --config /etc/fleetdm/fleetdm.yml

Now download the SystemD config file for FleetDM. This will allow systemctl commands to be run for FleetDM. After doing this, enable and start FleetDM, then check to see if it is running.

wget https://raw.githubusercontent.com/richnadeau/OSQuery-Training-Course/main/FleetDM/fleet/fleetdm-systemd.service -O /etc/systemd/system/fleetdm.service
systemctl enable fleetdm
systemctl start fleetdm
netstat -tnlp | grep fleet

Installing NGINX

NGINX will need to be installed so that FleetDM can be accessed through the browser. Get the NGINX and FleetDM NGINX configuration files, then enable and restart NGINX to get it up and running properly.

apt install nginx -y
wget https://raw.githubusercontent.com/richnadeau/OSQuery-Training-Course/main/FleetDM/nginx/nginx.conf -O /etc/nginx/nginx.conf
wget https://raw.githubusercontent.com/richnadeau/OSQuery-Training-Course/main/FleetDM/nginx/nginx_fleetdm.conf -O /etc/nginx/conf.d/fleetdm.conf
systemctl enable nginx
systemctl restart nginx
netstat -tnlp | grep nginx

FleetDM Web GUI Setup

Browse to https://localhost:443. When navigated there, the FleetDM setup page should be seen like below.

Insert a username and password, as well as an email (no further email setup will be required).

After hitting next, put an organization name in there, no logo is required.

Finally, after hitting next again, put the Fleet web address in. Make sure this matches with the public certificate created earlier (FQDN/Common Name). Then submit, review admin configuration, and finish.

Congratulations! FleetDM is now installed and is now able to have hosts added!

PreviousBasic Queries NextJoining Hosts to Fleet

Last updated 2 years ago