From 6c851e0e12ea75c75920db7e3d0317c29c2c340a Mon Sep 17 00:00:00 2001 From: Kelvin Oghenerhoro Omereshone Date: Mon, 10 Jan 2022 17:31:10 +0100 Subject: [PATCH] [DOCS] add docs for signing osquery installers with fleetctl (#3577) * feat: add query to find running docker containers * docs: :memo: add query to get Mac and Linux machines with unencrypted primary disks * feat: add query to find running docker containers * docs: :memo: add query to get Mac and Linux machines with unencrypted primary disks * chore: remove queries from develop * docs: add query to get running docker containers * docs: add query to get machines with unencrypted primary disks * fix: remove trailing --- * fix: remove trailing --- * chore: remove trailing --- * docs: add query to get applications hogging memory * fix: resolve merge conflicts * chore: update PR * chore: update PR * chore: merge previous query * feat: add query to find servers with root logins within the day * fix: remove unneeded period * docs: add instructions for submiting multiple queries * fix: remove duplicate entry * fix: remove period from get running docker containers query description * docs: add instructions for submiting multiple queries * fix: resolve merge conflicts * feat: add description for query to fetch failing batteries * fix: resolve duplicate descriptions * fix: remove typo in deplying docs * fix: reword description * fix: add suggestions to improve description * feat: add description to query to fet windows machines with unencrypted hard disks * feat: update description for count apple applications installed query * chore: add dominuskelvin as maintainer * docs: :memo: Add query to get apps opened within the last 24 hours * feat: add link to signing installers * fix: typo with link to the getting started page * feat: docs on how to sign an osquery installer * feat: make signing installer a subsection of osquery installer * feat: make description for signing installer shorter and compact * fix: change package to installers * fix: reword note section --- docs/01-Using-Fleet/04-Adding-hosts.md | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/docs/01-Using-Fleet/04-Adding-hosts.md b/docs/01-Using-Fleet/04-Adding-hosts.md index debfdaf430..6cd4c568be 100644 --- a/docs/01-Using-Fleet/04-Adding-hosts.md +++ b/docs/01-Using-Fleet/04-Adding-hosts.md @@ -1,12 +1,13 @@ # Adding hosts - [Osquery installer](#osquery-installer) +- [Signing installers](#signing-installers) - [Plain osquery](#plain-osquery) Fleet is powered by the open source osquery tool. To add a host to Fleet, you must install osquery on this host. The recommended way to install osquery and add your host to Fleet is with an osquery installer. Fleet provides the tools to generate an osquery installer with the `fleetctl package` command. -To use the `fleetctl package` command, you must first install the `fleetctl` command-line tool. Instructions for installing `fleetctl` can be found on [here fleetdm.com](https://fleetdm.com/get-started) +To use the `fleetctl package` command, you must first install the `fleetctl` command-line tool. Instructions for installing `fleetctl` can be found on [here](https://fleetdm.com/get-started) Fleet supports other methods for adding your hosts to Fleet such as the [plain osquery binaries](#plain-osquery) or [Kolide Osquery Launcher](https://github.com/kolide/launcher/blob/master/docs/launcher.md#connecting-to-fleet). @@ -25,9 +26,22 @@ fleetctl package --type pkg --fleet-url=[YOUR FLEET URL] --enroll-secret=[YOUR E When you install the generated osquery installer on a host, this host will be automatically enrolled in the specified Fleet instance. +### Signing installers + + >**Note:** Currently, the fleetctl package command does not provide support for signing Windows osquery installers. Windows installers can be signed after building. + +The `fleetctl package` command provides suppport for signing and notarizing macOS osquery installers via the +`--sign-identity` and `--notarize` flags. +Check out the example below: + +```sh + fleetctl package --type pkg --sign-identity=[PATH TO SIGN IDENTITY] --notarize --fleet-url=[YOUR FLEET URL] --enroll-secret=[YOUR ENROLLMENT SECRET] +``` + + ### Adding multiple hosts -If you're managing an enterprise environment with multiple hosts, you likely have an enterprise deployment tool like [Munki](https://www.munki.org/munki/), [Jamf Pro](https://www.jamf.com/products/jamf-pro/), [Chef](https://www.chef.io/), [Ansible](https://www.ansible.com/), or [Puppet](https://puppet.com/) to deliver software to your hosts. +If you're managing an enterprise environment with multiple hosts, you likely have an enterprise deployment tool like [Munki](https://www.munki.org/munki/), [Jamf Pro](https://www.jamf.com/products/jamf-pro/), [Chef](https://www.chef.io/), [Ansible](https://www.ansible.com/), or [Puppet](https://puppet.com/) to deliver software to your hosts. You can distribute your osquery installer and add all your hosts to Fleet using your software management tool of choice. @@ -133,7 +147,7 @@ sudo osqueryd \ --logger_tls_period=10 ``` -If your osquery server certificate is deployed to a path that is not `/etc/osquery/fleet.crt`, be sure to update the `--tls_server_certs` flag. Similarly, if your enroll secret is in an environment variable that is not called `OSQUERY_ENROLL_SECRET`. Then, be sure to update the `--enroll_secret_env` environment variable. +If your osquery server certificate is deployed to a path that is not `/etc/osquery/fleet.crt`, be sure to update the `--tls_server_certs` flag. Similarly, if your enroll secret is in an environment variable that is not called `OSQUERY_ENROLL_SECRET`. Then, be sure to update the `--enroll_secret_env` environment variable. If your enroll secret is defined in a local file, specify the file's path with the `--enroll_secret_path` flag instead of using the `--enroll_secret_env` flag.