Skip to main content

Installing FleetDM Management Server

fleet osquery overview.png

Create Debian 11 Host

apt update && apt upgrade -y && apt install -y sudo gnupg net-tools dnsutils binutils git curl

Install MySQL Server

  1. Download .deb package from here
  2. Run sudo dpkg -i ./package.deb
  3. Select MySQL 8
  4. Select OK
  5. Run sudo apt update && sudo apt install -y mysql-server
  6. Set a root password
  7. Select strong encryption

Install Fleet

  1. Download latest fleetctl and fleet releases from here
  2. Expand archives
  3. Copy the fleet and fleetctl binaries to /usr/bin
  4. Create a fleet database echo 'CREATE DATABASE fleet;' | mysql -u root -p

Install Redis Server

apt install -y redis
systemctl enable --now redis-server

Create a TLS Certificate for Fleet

This will generate a self-signed certificate. If you have a certificate that you purchased, you can just place the certificate and key files in /etc/ssl as shown in the example below.

Replace hostname with the server's hostname (should match the DNS record). Replace with your domain.

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
  -keyout /etc/ssl/fleet.key -out /etc/ssl/fleet.cert -subj "/CN=hostname" \
  -addext ""

Create a Service Account to Run Fleet

sudo groupadd fleet
sudo useradd -Mrg fleet fleet
sudo chown fleet:fleet /etc/ssl/fleet.cert
sudo chown fleet:fleet /etc/ssl/fleet.key

Initialize the Database

The example command is using the root:toor credential. Please change the password to something stronger before running the command.

fleet prepare db \
--mysql_address= \
--mysql_database=fleet \
--mysql_username=root \

Create a Unit File to Control Fleet with Systemd

The systemd unit file has the root:toor credential hard-coded from the example above. Assuming you changed the password, please update accordingly here as well.



ExecStart=/usr/bin/fleet serve \
  --mysql_address= \
  --mysql_database=fleet \
  --mysql_username=root \
  --mysql_password=toor \
  --redis_address= \
  --server_cert=/etc/ssl/fleet.cert \
  --server_key=/etc/ssl/fleet.key \


Enable and start the service

sudo systemctl daemon-reload
sudo systemctl enable --now fleet

Confirm Fleet is Running

systemctl status fleet
sudo netstat -plutan | grep 8080