diff --git a/CHANGELOG.md b/CHANGELOG.md index 801717bd07..d41a8b8b9b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## Kolide Fleet 1.0.8 (May 3, 2018) + +* Osquery 3.0+ compatibility! + +* Include RFC822 From header in emails (for email authentication) + ## Kolide Fleet 1.0.7 (Mar 30, 2018) * Support FileAccesses in FIM configuration. diff --git a/docs/development/linux.md b/docs/development/linux.md new file mode 100644 index 0000000000..00134ac5c4 --- /dev/null +++ b/docs/development/linux.md @@ -0,0 +1,52 @@ +## Setting up a Linux Development Environment + +### Install some dependencies + +`sudo apt-get install xzip gyp libjs-underscore libuv1-dev dep11-tools deps-tools-cli` + +### Create a temp directory, download and place the `node` and `golang` bins + +``` +mkdir tmp +cd tmp +``` + +#### install `node` and `yarn` + +``` +wget https://nodejs.org/dist/v9.4.0/node-v9.4.0-linux-x64.tar.xz +xz -d node-v9.4.0-linux-x64.tar.xz +tar -xf node-v9.4.0-linux-x64.tar +sudo cp -rf node-v9.4.0-linux-x64/bin /usr/local/ +sudo cp -rf node-v9.4.0-linux-x64/include /usr/local +sudo cp -rf node-v9.4.0-linux-x64/lib /usr/local +sudo cp -rf node-v9.4.0-linux-x64/share /usr/local +npm install -g yarn +``` + +#### install `go` + +``` +wget https://dl.google.com/go/go1.9.3.linux-amd64.tar.gz +sudo tar -C /usr/local -xzf go1.9.3.linux-amd64.tar.gz +export PATH=$PATH:/usr/local/go/bin:~/go/bin/ +``` + +#### clean-up temp directory + +``` +cd .. +rm -rf tmp +``` + +### Clone and build depenencies + +``` +mkdir -p ~/go/src/github.com/kolide/ +git clone https://github.com/kolide/fleet.git +cd fleet +make deps +make generate +make build +sudo cp build/fleet /usr/bin/fleet +``` diff --git a/docs/infrastructure/fleet-on-centos.md b/docs/infrastructure/fleet-on-centos.md index 2b4e97b43b..33a5accf69 100644 --- a/docs/infrastructure/fleet-on-centos.md +++ b/docs/infrastructure/fleet-on-centos.md @@ -135,6 +135,11 @@ $ /usr/bin/fleet serve \ Now, if you go to [https://localhost:8080](https://localhost:8080) in your local browser, you should be redirected to [https://localhost:8080/setup](https://localhost:8080/setup) where you can create your first Fleet user account. +## Running Fleet with systemd + +See [systemd](./systemd.md) for documentation on running fleet as a background process and managing the fleet server logs. + + ## Installing and running osquery > Note that this whole process is outlined in more detail in the [Adding Hosts To Fleet](./adding-hosts-to-fleet.md) document. The steps are repeated here for the sake of a continuous tutorial. diff --git a/docs/infrastructure/fleet-on-ubuntu.md b/docs/infrastructure/fleet-on-ubuntu.md index 54772844db..ab6756042c 100644 --- a/docs/infrastructure/fleet-on-ubuntu.md +++ b/docs/infrastructure/fleet-on-ubuntu.md @@ -23,7 +23,7 @@ To install Fleet, run the following: ``` $ wget https://dl.kolide.co/bin/fleet_latest.zip $ unzip fleet_latest.zip 'linux/*' -d fleet -$ sudo cp fleet/linux/fleet /usr/bin/fleet +$ sudo cp fleet/linux/fleet_linux_amd64 /usr/bin/fleet ``` ## Installing and configuring dependencies @@ -36,7 +36,7 @@ To install the MySQL server files, run the following: $ sudo apt-get install mysql-server -y ``` -When asked for MySQL's root password, enter `toor` for the sake of this tutorial if you are having trouble thinking of a better password for the MySQL root user. +When asked for MySQL's root password, enter `toor` for the sake of this tutorial if you are having trouble thinking of a better password for the MySQL root user. If you decide to set your own password, be mindful that you will need to substitute it every time `toor` is used in this document. After installing `mysql-server`, the `mysqld` server should be running. You can verify this by running the following: @@ -81,18 +81,9 @@ $ /usr/bin/fleet prepare db \ The output should look like: -``` -OK 20161118193812_CreateTableAppConfigs.go -OK 20161118211713_CreateTableDistributedQueryCampaignTargets.go -... -OK 20170124230432_CreateTableEmailChanges.go -goose: no migrations to run. current version: 20170124230432 -OK 20161223115449_InsertOsqueryOptions.go -OK 20161229171615_InsertBuiltinLabels.go -goose: no migrations to run. current version: 20161229171615 -``` +`Migrations completed` -Before we can run the server, we need to generate some TLS keying material. If you already have tooling for generating valid TLS certificates, then you are encouraged to use that instead. You will need a TLS certificate and key for running the Fleet server. If you'd like to generate self-signed certificates, you can do this via: +Before we can run the server, we need to generate some TLS keying material. If you already have tooling for generating valid TLS certificates, then you are encouraged to use that instead. You will need a TLS certificate and key for running the Fleet server. If you'd like to generate self-signed certificates, you can do this via the following steps (note - you will be asked for severl bits of information, including name, contact info, and location, in order to generate the certificate): ``` $ openssl genrsa -out /tmp/server.key 4096 @@ -119,9 +110,15 @@ $ /usr/bin/fleet serve \ --server_key=/tmp/server.key \ --logging_json ``` +You will be prompted to add a value for `--auth_jwt_key`. A randomly generated key will be suggested, you can simply add the flag with the sugested key. Now, if you go to [https://localhost:8080](https://localhost:8080) in your local browser, you should be redirected to [https://localhost:8080/setup](https://localhost:8080/setup) where you can create your first Fleet user account. +## Running Fleet with systemd + +See [systemd](./systemd.md) for documentation on running fleet as a background process and managing the fleet server logs. + + ## Installing and running osquery > Note that this whole process is outlined in more detail in the [Adding Hosts To Fleet](./adding-hosts-to-fleet.md) document. The steps are repeated here for the sake of a continuous tutorial. @@ -129,12 +126,15 @@ Now, if you go to [https://localhost:8080](https://localhost:8080) in your local To install osquery on Ubuntu, you can run the following: ``` -$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B -$ sudo add-apt-repository "deb [arch=amd64] https://osquery-packages.s3.amazonaws.com/xenial xenial main" +$ export OSQUERY_KEY=1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B +$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys $OSQUERY_KEY +$ sudo add-apt-repository 'deb [arch=amd64] https://pkg.osquery.io/deb deb main' $ sudo apt-get update $ sudo apt-get install osquery ``` +If you're having trouble with the above steps, check the official [downloads](https://osquery.io/downloads) link for a direct download of the .deb. + You will need to set the osquery enroll secret and osquery server certificate. If you head over to the manage hosts page on your Fleet instance (which should be [https://localhost:8080/hosts/manage](https://localhost:8080/hosts/manage)), you should be able to click "Add New Hosts" and see a modal like the following: ![Add New Host](../images/add-new-host-modal.png) diff --git a/docs/infrastructure/systemd.md b/docs/infrastructure/systemd.md new file mode 100644 index 0000000000..32ae263f1b --- /dev/null +++ b/docs/infrastructure/systemd.md @@ -0,0 +1,47 @@ +## Running with systemd + +Once you've verified that you can run fleet in your shell, you'll likely want to keep fleet running in the background and after the server reboots. To do that we recommend using [systemd](https://coreos.com/os/docs/latest/getting-started-with-systemd.html). + +Below is a sample unit file. + +``` +[Unit] +Description=Kolide Fleet +After=network.target + +[Service] +ExecStart=/usr/local/bin/fleet serve \ + --mysql_address=127.0.0.1:3306 \ + --mysql_database=kolide \ + --mysql_username=root \ + --mysql_password=toor \ + --redis_address=127.0.0.1:6379 \ + --server_cert=/tmp/server.cert \ + --server_key=/tmp/server.key \ + --auth_jwt_key=this_string_is_not_secure_replace_it \ + --logging_json + +[Install] +WantedBy=multi-user.target +``` + +Once you created the file, you need to move it to `/etc/systemd/system/fleet.service` and start the service. + +``` +sudo mv fleet.service /etc/systemd/system/fleet.service +sudo systemctl start fleet.service +sudo systemctl status fleet.service + +sudo journalctl -u fleet.service -f +``` + +## Making changes + +Sometimes you'll need to update the systemd unit file defining the service. To do that, first open /etc/systemd/system/fleet.service in a text editor, and make your modifications. + +Then, run + +``` +sudo systemctl daemon-reload +sudo systemctl restart fleet.service +``` diff --git a/server/datastore/mysql/migrations/tables/20161118212641_CreateTablePasswordResetRequests.go b/server/datastore/mysql/migrations/tables/20161118212641_CreateTablePasswordResetRequests.go index 05b05638ab..fc88041c1d 100644 --- a/server/datastore/mysql/migrations/tables/20161118212641_CreateTablePasswordResetRequests.go +++ b/server/datastore/mysql/migrations/tables/20161118212641_CreateTablePasswordResetRequests.go @@ -12,9 +12,9 @@ func Up_20161118212641(tx *sql.Tx) error { _, err := tx.Exec( "CREATE TABLE `password_reset_requests` (" + "`id` int(10) unsigned NOT NULL AUTO_INCREMENT," + + "`expires_at` timestamp NOT NULL," + "`created_at` timestamp DEFAULT CURRENT_TIMESTAMP," + "`updated_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP," + - "`expires_at` timestamp NOT NULL DEFAULT '1970-01-01 00:00:01'," + "`user_id` int(10) unsigned NOT NULL," + "`token` varchar(1024) NOT NULL," + "PRIMARY KEY (`id`)" + diff --git a/server/datastore/mysql/password_reset.go b/server/datastore/mysql/password_reset.go index a2a14e93d7..c6304401b3 100644 --- a/server/datastore/mysql/password_reset.go +++ b/server/datastore/mysql/password_reset.go @@ -8,8 +8,8 @@ import ( func (d *Datastore) NewPasswordResetRequest(req *kolide.PasswordResetRequest) (*kolide.PasswordResetRequest, error) { sqlStatement := ` INSERT INTO password_reset_requests - ( user_id, token) - VALUES (?,?) + ( user_id, token, expires_at) + VALUES (?,?, NOW()) ` response, err := d.db.Exec(sqlStatement, req.UserID, req.Token) if err != nil {