# FleetDM Setup #### What is FleetDM? FleetDM is an Open Source application that will help remotely run queries on devices on a network using OSQuery. ### FleetDM Installation Guide (Ubuntu 20.04) #### Setting Up and Updating Ubuntu First, the Ubuntu system is updated, in the correct time zone, and the hostname is changed (optional). Use the following commands to do this. ```shell sudo -i timedatectl set-timezone Etc/UTC apt update -y && apt upgrade -y && apt install net-tools git wget unzip -y && reboot ``` #### Installing Redis Server Next, install redis server and ensure that it is up and operational. ```shell sudo -i apt install redis-server -y systemctl enable redis-server systemctl start redis-server ``` Check to make sure redis-server is up an running using the following command. ``` netstat -tnlp | grep redis ``` ![Redis Server Running on Port 6379](https://776002387-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FbJAvxfpcYDlqBJLNIwwX%2Fuploads%2FAisBbq851SEsFwUpuCze%2Fredis-server.jpg?alt=media\&token=8564dc27-f883-4b1f-b71f-7cf3b7aa65a1) #### Installing and Setting Up MySQL Now install and set up a MySQL database for FleetDM to use. ```shell sudo -i apt install mysql-server-8.0 python3-mysqldb python3-pip -y systemctl start mysql ``` Run `mysql_secure_installation` to securely install MySQL. 1. Enter "y" for password validation 2. Enter "2" to ensure strong passwords are made in this MySQL instance 3. Make and confirm a strong root password 4. Enter "y" to confirm root password 5. Enter "y" to remove anonymous users 6. Enter "y" to disallow root remote logins 7. Enter "y" to remove the test database 8. Enter "y" to reload privilege tables Next, enable MySQL and then interact with the MySQL environment as root using using the following commands. ``` systemctl enable mysql mysql -u root ``` Now, run the following queries to create a database and database user with the required privileges for FleetDM to use. ```sql CREATE DATABASE fleetdm; CREATE USER 'fleetdm'@'localhost' IDENTIFIED BY ''; GRANT ALL PRIVILEGES ON fleetdm.* TO 'fleetdm'@'localhost'; exit ``` Download MySQL Settings config using the command, then finally restart MySQL. ```shell wget https://raw.githubusercontent.com/richnadeau/OSQuery-Training-Course/main/FleetDM/mysql/fleetdm.cnf -O /etc/mysql/conf.d/fleetdm.cnf systemctl restart mysql ``` #### Installing and Setting Up FleetDM Before Installing FleetDM, a FleetDM system user must be added with the correct permissions. ```shell adduser fleetdm --system --no-create-home groupadd fleetdm usermod -aG fleetdm fleetdm ``` Note: The FleetDM account that we just created will not be used to log into as it a system account. We are just using it to help run FleetDM. Now, change directory to the `/tmp/` folder, download the FleetDM files, and unzip them. From there, start making directories for FleetDM binaries and OSQuery logs and changing their ownerships. ``` cd /tmp/ && wget https://github.com/fleetdm/fleet/releases/download/3.6.0/fleet.zip unzip fleet.zip mv linux/fleet /usr/local/bin/fleet mkdir /etc/fleetdm chown root:root -R /etc/fleetdm mkdir /var/log/osquery chown fleetdm:fleetdm -R /var/log/osquery ``` **NOTE**: FleetDM version 3.6.0 is installed in this tutorial Now, create a self-signed private key and public cert for the server so our OSQuery instances can connect securely to it. ``` openssl req -newkey rsa:2048 -nodes -keyout /etc/ssl/private/fleetdm.key -x509 -days 365 -out /etc/ssl/certs/fleetdm.crt ``` 1. Country Name: **US** 2. State or Province: **Vermont** 3. Locality Name: **Burlington** 4. Organization Name: **Champlain** 5. Organizational Unit Name: **SEC440** 6. Common Name: \[Your-IP or FQDN] Next, download the FleetDM config file (`fleetdm.yml`), change its ownership and permissions, and then make changes to it. Copy the jwt key before editing "fleetdm.yml" file. ``` wget https://raw.githubusercontent.com/richnadeau/OSQuery-Training-Course/main/FleetDM/fleet/fleetdm.yml -O /etc/fleetdm/fleetdm.yml chown root:fleetdm /etc/fleetdm/fleetdm.yml chmod 640 /etc/fleetdm/fleetdm.yml openssl rand -base64 32 | tr -cd '[:alnum:]' nano /etc/fleetdm/fleetdm.yml ``` Using a text editor, put the database name in replace of '{{ mysql\_fleetdm\_db\_name }}', database username in replace of '{{ mysql\_fleetdm\_username }}', and database password at '{{ mysql\_fleetdm\_password }}'. In this example, we used "fleetdm" as both the database name and database username. Lastly, replace '{{ fleetdm\_jwt }}' with the jwt key you generated in the command before. **Note:** Values for "fleetdm.yml" should be surrounded by single quotes ('), no brackets ({}), and no spaces. !["fleetdm.yml" Format Example](https://776002387-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FbJAvxfpcYDlqBJLNIwwX%2Fuploads%2FhCge5OKiWO0wfp0Qv4x4%2Ffleetdm-config-format.JPG?alt=media\&token=3531442c-040b-44d6-97ab-f0b4e75368b8) After editing the config file, initialize the FleetDM database. ``` /usr/local/bin/fleet prepare db --config /etc/fleetdm/fleetdm.yml ``` Now download the SystemD config file for FleetDM. This will allow systemctl commands to be run for FleetDM. After doing this, enable and start FleetDM, then check to see if it is running. ``` wget https://raw.githubusercontent.com/richnadeau/OSQuery-Training-Course/main/FleetDM/fleet/fleetdm-systemd.service -O /etc/systemd/system/fleetdm.service systemctl enable fleetdm systemctl start fleetdm netstat -tnlp | grep fleet ``` ![FleetDM Running on Port 8080](https://776002387-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FbJAvxfpcYDlqBJLNIwwX%2Fuploads%2FSDnXq150milV7Gvc3iWn%2Ffleetdm.JPG?alt=media\&token=45c30a36-790f-436d-97c0-c6e88282a489) #### Installing NGINX NGINX will need to be installed so that FleetDM can be accessed through the browser. Get the NGINX and FleetDM NGINX configuration files, then enable and restart NGINX to get it up and running properly. ``` apt install nginx -y wget https://raw.githubusercontent.com/richnadeau/OSQuery-Training-Course/main/FleetDM/nginx/nginx.conf -O /etc/nginx/nginx.conf wget https://raw.githubusercontent.com/richnadeau/OSQuery-Training-Course/main/FleetDM/nginx/nginx_fleetdm.conf -O /etc/nginx/conf.d/fleetdm.conf systemctl enable nginx systemctl restart nginx netstat -tnlp | grep nginx ``` ![NGINX Running on Ports 80 and 443](https://776002387-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FbJAvxfpcYDlqBJLNIwwX%2Fuploads%2FoS4vtQACVdoAVGV9PeF5%2Fnginx.JPG?alt=media\&token=2b110944-9b89-43d4-8321-592d063e0d7d) #### FleetDM Web GUI Setup Browse to . When navigated there, the FleetDM setup page should be seen like below. ![Fleet GUI Setup Page](https://776002387-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FbJAvxfpcYDlqBJLNIwwX%2Fuploads%2FZkGVivHGOYk64fkvKIN3%2Ffleet_setup_gui.JPG?alt=media\&token=01e23888-a802-4f38-81c3-4ae55cbb8392) Insert a username and password, as well as an email (no further email setup will be required). ![Organization Details](https://776002387-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FbJAvxfpcYDlqBJLNIwwX%2Fuploads%2FOI5uYIXTKDcY516PzSxB%2Ffleet_org_gui.JPG?alt=media\&token=19ad04bc-cb52-4e9b-a423-f006d4df3032) After hitting next, put an organization name in there, no logo is required. ![Set Fleet URL](https://776002387-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FbJAvxfpcYDlqBJLNIwwX%2Fuploads%2FxrZrtBfcDzVu5jTGuWZa%2Ffleet_address_gui.JPG?alt=media\&token=13144f91-2a31-4d81-816d-10262fa4c1c4) Finally, after hitting next again, put the Fleet web address in. Make sure this matches with the public certificate created earlier (FQDN/Common Name). Then submit, review admin configuration, and finish. Congratulations! FleetDM is now installed and is now able to have hosts added! ![Fleet GUI](https://776002387-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FbJAvxfpcYDlqBJLNIwwX%2Fuploads%2FIU6r7x4KCylKuX8fzDq0%2Ffleet_gui.jpg?alt=media\&token=8ce4bb77-5c26-4557-9457-592700da4168) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://rich-nadeau.gitbook.io/osquery-training/fleetdm-guides/fleetdm-setup.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.