A quick and easy method for creating a production ready FleetDM environment using only Docker Compose.
- Docker and Docker Compose
- fleetctl installed with Node or downloaded from https://github.com/fleetdm/fleet/releases/latest
- Fleet
- MySQL - Database for Fleet
- Redis - Caching server for Fleet
- traefik - Proxy server and TLS endpoint
- filebeat - Log shipper
- traefik.me - Handles DNS resolution and SSL Certificates
- Graylog - Logging destination for filebeat
All services configured using the default.env or service.yml file located in the service folder.
All data is stored on the host machine in the folder for the service it is associate with. Data will persist after restart as long as the local folder is not deleted. Can be changed in docker-compose.yml by removing volume links.
-
Start docker
-
Clone this repository
-
cd in to fleet-docker
-
switch to defcon branch
-
run "docker compose up"
-
Fleet is now accessible at
fleet.traefik.me -
Follow the instructions to set up Fleet.
-
Go to Hosts
-
click "Add hosts"
-
Select the correct platform for the host you're enrolling
-
Copy the command
-
Run the command command with
--insecureflag to prevent error when using self-signed certificate:
fleetctl package --type=deb --fleet-desktop --fleet-url=https://fleet.traefik.me --enroll-secret=totallysecuresecret --insecure
- Run generated package on the host.
- Once you have your host(s) enrolled, you can begin querying your hosts in the Fleet UI at
fleet.traefik.me/queries/manage!
If you're enrolling multiple hosts, you can use the same installer package to enroll all hosts for a given platform. You can use network storage or copy the package to each host you'd like to install and run it.
- Run it for the first time or create the mount directory fleet/logs
- Create (i.e. touch) and provide the right access rights (chmod 666) to the files:
touch osqueryd.results.log && chmod 666 osqueryd.results.log
touch osqueryd.status.log && chmod 666 osqueryd.status.log- Run fleet container again
- Run it for the first time
- Set the correct access rights (chmod go-w) at filebeat/:
chmod go-w filebeat.yml- Run filebeat container again (will show an error for file filebeat-{date}.ndjson, but container will keep running)