Fleet: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(4 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
== FleetDM Docker-Installation ==
+
*[[Architektur Fleet + osquery]]
 +
*[[FleetDM Docker-Installation]]
 +
*[[FleetDM: Policies, Queries und Labels (Debian 12)]]
  
=== Docker & Tools installieren ===
 
* apt install -y docker.io docker-compose curl
 
 
=== Zertifikate und Keys vorbereiten ===
 
* mkdir -p /mnt/docker/fleet
 
* cd /mnt/docker/fleet
 
* wget https://web.samogo.de/certs/ca.crt
 
* wget https://web.samogo.de/certs/star.it113.int.crt
 
* wget https://web.samogo.de/certs/star.it113.int.key
 
* cat star.it113.int.crt ca.crt > certs/fullchain.pem
 
* mv star.it113.int.key certs/privkey.pem
 
 
=== Docker Compose-Konfiguration ===
 
* vi docker-compose.yaml
 
<pre>
 
version: '3.8'
 
 
services:
 
  mysql:
 
    image: mysql:8.0.36
 
    container_name: mysql
 
    environment:
 
      MYSQL_ROOT_PASSWORD: rootpw
 
      MYSQL_DATABASE: fleet
 
      MYSQL_USER: fleet
 
      MYSQL_PASSWORD: changeme
 
    volumes:
 
      - ./mysql-data:/var/lib/mysql
 
    healthcheck:
 
      test: ["CMD", "mysqladmin", "ping", "-pfleet"]
 
      interval: 10s
 
      timeout: 5s
 
      retries: 10
 
 
  redis:
 
    image: redis:7
 
    container_name: redis
 
    volumes:
 
      - ./redis-data:/data
 
 
  fleet-init:
 
    image: fleetdm/fleet:v4.49.1
 
    container_name: fleet-init
 
    depends_on:
 
      mysql:
 
        condition: service_healthy
 
      redis:
 
        condition: service_started
 
    environment:
 
      FLEET_MYSQL_ADDRESS: mysql:3306
 
      FLEET_MYSQL_DATABASE: fleet
 
      FLEET_MYSQL_USERNAME: fleet
 
      FLEET_MYSQL_PASSWORD: changeme
 
      FLEET_REDIS_ADDRESS: redis:6379
 
    command: fleet prepare db --no-prompt
 
    restart: "no"
 
 
  fleet:
 
    image: fleetdm/fleet:v4.49.1
 
    container_name: fleet
 
    ports:
 
      - "8080:8080"
 
    depends_on:
 
      fleet-init:
 
        condition: service_completed_successfully
 
    environment:
 
      FLEET_MYSQL_ADDRESS: mysql:3306
 
      FLEET_MYSQL_DATABASE: fleet
 
      FLEET_MYSQL_USERNAME: fleet
 
      FLEET_MYSQL_PASSWORD: changeme
 
      FLEET_REDIS_ADDRESS: redis:6379
 
      FLEET_SERVER_TLS: "true"
 
      FLEET_SERVER_CERT: /certs/fullchain.pem
 
      FLEET_SERVER_KEY: /certs/privkey.pem
 
    volumes:
 
      - ./certs:/certs
 
    command: fleet serve
 
</pre>
 
 
* docker-compose up -d
 
 
=== fleetctl besorgen (auf dem Server) ===
 
* wget https://github.com/fleetdm/fleet/releases/download/fleet-v4.66.0/fleetctl_v4.66.0_linux_amd64.tar.gz
 
* tar -xvzf fleetctl_v4.66.0_linux_amd64.tar.gz
 
* cp fleetctl_v4.66.0_linux_amd64/fleetctl /usr/local/sbin/
 
* fleetctl --version
 
 
=== Paket für die Clients bauen (insecure-Variante) ===
 
; Die Enroll-Secret gibt’s in der Web-Oberfläche unter:
 
* Hosts → Add Host → Linux (DEB)
 
 
* fleetctl package --type=deb --enable-scripts \
 
  --fleet-url=https://fleet.it113.int:8080 \
 
  --enroll-secret=gYpHjdyHvQb3/JD1K2NSdnJg4aAqgSH8 \
 
  --insecure
 
 
Erzeugt wird z. B.:
 
* fleet-osquery_1.41.0_amd64.deb
 
 
=== Debian Paket auf den Clients installieren ===
 
* dpkg -i fleet-osquery_1.41.0_amd64.deb
 
* systemctl status orbit.service
 
 
=== CA auf dem Client einspielen (wenn man nicht mit --insecure arbeitet) ===
 
* cp ca.crt /usr/local/share/ca-certificates/fleet-ca.crt
 
* update-ca-certificates
 
 
→ danach kann das Paket auch ohne `--insecure` gebaut werden, sofern osquery die CA akzeptiert.
 
  
 
[[Kategorie:Cybersecurity]]
 
[[Kategorie:Cybersecurity]]
 
[[Kategorie:Hacking]]
 
[[Kategorie:Hacking]]

Aktuelle Version vom 20. April 2025, 10:01 Uhr

Abgerufen von „http://wiki.ixheim.de/index.php?title=Fleet&oldid=62029