FleetDM Docker-Installation

Docker & Tools installieren

apt install -y docker.io docker-compose curl

Zertifikate und Keys vorbereiten

mkdir -p /mnt/docker/fleet
cd /mnt/docker/fleet
wget https://web.samogo.de/certs/ca.crt
wget https://web.samogo.de/certs/star.it113.int.crt
wget https://web.samogo.de/certs/star.it113.int.key
cat star.it113.int.crt ca.crt > certs/fullchain.pem
mv star.it113.int.key certs/privkey.pem

Docker Compose-Konfiguration

vi docker-compose.yaml

version: '3.8'

services:
  mysql:
    image: mysql:8.0.36
    container_name: mysql
    environment:
      MYSQL_ROOT_PASSWORD: rootpw
      MYSQL_DATABASE: fleet
      MYSQL_USER: fleet
      MYSQL_PASSWORD: changeme
    volumes:
      - ./mysql-data:/var/lib/mysql
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-pfleet"]
      interval: 10s
      timeout: 5s
      retries: 10

  redis:
    image: redis:7
    container_name: redis
    volumes:
      - ./redis-data:/data

  fleet-init:
    image: fleetdm/fleet:v4.49.1
    container_name: fleet-init
    depends_on:
      mysql:
        condition: service_healthy
      redis:
        condition: service_started
    environment:
      FLEET_MYSQL_ADDRESS: mysql:3306
      FLEET_MYSQL_DATABASE: fleet
      FLEET_MYSQL_USERNAME: fleet
      FLEET_MYSQL_PASSWORD: changeme
      FLEET_REDIS_ADDRESS: redis:6379
    command: fleet prepare db --no-prompt
    restart: "no"

  fleet:
    image: fleetdm/fleet:v4.49.1
    container_name: fleet
    ports:
      - "8080:8080"
    depends_on:
      fleet-init:
        condition: service_completed_successfully
    environment:
      FLEET_MYSQL_ADDRESS: mysql:3306
      FLEET_MYSQL_DATABASE: fleet
      FLEET_MYSQL_USERNAME: fleet
      FLEET_MYSQL_PASSWORD: changeme
      FLEET_REDIS_ADDRESS: redis:6379
      FLEET_SERVER_TLS: "true"
      FLEET_SERVER_CERT: /certs/fullchain.pem
      FLEET_SERVER_KEY: /certs/privkey.pem
    volumes:
      - ./certs:/certs
    command: fleet serve

docker-compose up -d

fleetctl besorgen (auf dem Server)

wget https://github.com/fleetdm/fleet/releases/download/fleet-v4.66.0/fleetctl_v4.66.0_linux_amd64.tar.gz
tar -xvzf fleetctl_v4.66.0_linux_amd64.tar.gz
cp fleetctl_v4.66.0_linux_amd64/fleetctl /usr/local/sbin/
fleetctl --version

Paket für die Clients bauen (insecure-Variante)

Die Enroll-Secret gibt’s in der Web-Oberfläche unter

Hosts → Add Host → Linux (DEB)

fleetctl package --type=deb --enable-scripts ^C-fleet-url=https://fleet.it113.int:8080 --fleet-certificate /mnt/docker/fleet/certs/fullchain.pem --enroll-secret=gYpHjdyHvQb3/JD1K2NSdnJg4aAqgSH8

Erzeugt wird z. B.:

fleet-osquery_1.41.0_amd64.deb

Debian Paket auf den Clients installieren

dpkg -i fleet-osquery_1.41.0_amd64.deb
systemctl status orbit.service

CA auf dem Client einspielen

cp ca.crt /usr/local/share/ca-certificates/fleet-ca.crt
update-ca-certificates

FleetDM Docker-Installation

Inhaltsverzeichnis

Docker & Tools installieren

Zertifikate und Keys vorbereiten

Docker Compose-Konfiguration

fleetctl besorgen (auf dem Server)

Paket für die Clients bauen (insecure-Variante)

Debian Paket auf den Clients installieren

CA auf dem Client einspielen

Der erste Host ist drin

Navigationsmenü

Suche