![]() FleetDM provides two different options for adding managed hosts. Once the FleetDM server is operational, you must add some Osquery hosts for it to manage. ![]() Get started with Red Hat OpenShift Service on AWS (ROSA).eBook: Modernize your IT with managed cloud services.Skip to bottom of list Skip to the bottom of list It prompts you to specify the web address that FleetDM uses. The third page of the setup is the most important. The initial set of prompts asks you to set up a basic configuration, such as a superuser account and information about your organization. ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6Īfter a few minutes, FleetDM is accessible at. This example is a simple lab environment that uses fake domains, such as, so you must add an entry to /etc/hosts so that you can communicate with the FleetDM server: 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 Once the certificate is in place, bring up the Docker Compose environment: $ docker-compose upĬreating network "fleetdm_default" with the default driverĬreating volume "fleetdm_mysql" with default driverĬreating volume "fleetdm_redis" with default driverĬreating fleetdm_fleet_oneshot_1. Enter whatever information you want to use in your test environment.įinally, change the user ID (UID) and group ID (GID) of the certificate files to be owned by the appropriate UID and GID within the container: $ sudo chown 100:101 fleet/ Generate a self-signed certificate for : $ openssl req -new -x509 \Īfter this command, you're prompted to enter information for your certificate request. Next, create a private key using OpenSSL: $ openssl ecparam -name prime256v1 \Ĭreate a public key: $ openssl ec -in fleet/server.pem \ Create self-signed SSL certificatesįirst, create a directory, which will be mounted inside the FleetDM container: $ mkdir fleet Use a certificate assigned by a public certificate authority (CA), such as LetsEncrypt, or an appropriate CA for your organization in a production installation. A self-signed certificate is sufficient for experimenting with FleetDM. FLEET_OSQUERY_POLICY_UPDATE_INTERVAL=30sĬondition: service_completed_successfullyīefore bringing up the environment, you must generate a TLS certificate for the FleetDM server. services:Ĭommand: '-default-authentication-plugin=mysql_native_password' However, it provides the basic infrastructure needed to explore FleetDM and understand its capabilities. This file is not suitable for production, as none of the components are highly available. You can also send Osquery logs to a central location, allowing FleetDM to merge the logs and then forward them to your central logging infrastructure.įor these articles, I'm using a simple Docker Compose file. ![]() The primary database is MySQL, Redis provides a queue, and public key infrastructure ( PKI) provides certificates for the FleetDM installation. Using the FleetDM user interface (UI) or command-line interface (CLI), you can easily submit and schedule queries across all of your Osquery agents, filtering them as needed.Ī production FleetDM server installation has several infrastructure components. FleetDM is an open source tool that centralizes configuration and query management for a fleet of Osquery agents. In this article, I discuss an integrated approach using FleetDM. You can also aggregate logs using your favorite aggregation tool because Osquery logs to a file and is unopinionated about the upstream logging infrastructure. You can centralize configurations using your preferred configuration management utility, such as Ansible. However, the real value of Osquery comes from having a central control plane to manage Osquery agents and aggregate query results. Those articles demonstrated the power of using Osquery by itself. In my previous series, I discussed how to run Osquery and schedule queries to interrogate systems for useful information.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |