Skip to main content

Installing FleetDM Management Server

fleet osquery overview.png

Create Debian 11 Host

apt update && apt upgrade -y && apt install -y sudo gnupg net-tools dnsutils binutils git curl


Install MySQL Server

  1. Download .deb package from here
  2. Run sudo dpkg -i ./package.deb
  3. Select MySQL 8
  4. Select OK
  5. Run sudo apt update && sudo apt install -y mysql-server
  6. Set a root password
  7. Select strong encryption


Install Fleet

  1. Download latest fleetctl and fleet releases from here
  2. Expand archives
  3. Copy the fleet and fleetctl binaries to /usr/bin
  4. Create a fleet database echo 'CREATE DATABASE fleet;' | mysql -u root -p


Install Redis Server

apt install -y redis
systemctl enable --now redis-server


Create a TLS Certificate for Fleet

This will generate a self-signed certificate. If you have a certificate that you purchased, you can just place the certificate and key files in /etc/ssl as shown in the example below.

Replace hostname with the server's hostname (should match the DNS record). Replace contoso.org with your domain.

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
  -keyout /etc/ssl/fleet.key -out /etc/ssl/fleet.cert -subj "/CN=hostname" \
  -addext "subjectAltName=DNS:hostname.contoso.org"

Create a Service Account to Run Fleet

sudo groupadd fleet
sudo useradd -Mrg fleet fleet
sudo chown fleet:fleet /etc/ssl/fleet.cert
sudo chown fleet:fleet /etc/ssl/fleet.key



Initialize the Database

The example command is using the root:toor credential. Please change the password to something stronger before running the command.

fleet prepare db \
--mysql_address=127.0.0.1:3306 \
--mysql_database=fleet \
--mysql_username=root \
--mysql_password=toor


Create a Unit File to Control Fleet with Systemd

The systemd unit file has the root:toor credential hard-coded from the example above. Assuming you changed the password, please update accordingly here as well.

/etc/systemd/system/fleet.service

[Unit]
Description=Fleet
After=network.target

[Service]
User=fleet
Group=fleet
LimitNOFILE=8192
ExecStart=/usr/bin/fleet serve \
  --mysql_address=127.0.0.1:3306 \
  --mysql_database=fleet \
  --mysql_username=root \
  --mysql_password=toor \
  --redis_address=127.0.0.1:6379 \
  --server_cert=/etc/ssl/fleet.cert \
  --server_key=/etc/ssl/fleet.key \
  --logging_json

[Install]
WantedBy=multi-user.target

Enable and start the service

sudo systemctl daemon-reload
sudo systemctl enable --now fleet


Confirm Fleet is Running

systemctl status fleet
sudo netstat -plutan | grep 8080

Back to top