1080*80 ad
Home » Blog » Installing Fleet Osquery Manager on Rocky Linux

Installing Fleet Osquery Manager on Rocky Linux

Benhcmark Administrator Benhcmark Administrator
13/08/2025
0 Views 0
Installing Fleet Osquery Manager on Rocky Linux

A Step-by-Step Guide to Installing Fleet Osquery Manager on Rocky Linux

In today’s complex IT environments, gaining deep visibility into your endpoints—from servers to workstations—is no longer a luxury, but a necessity. Understanding the state of your systems is fundamental for security, compliance, and operational health. This is where the powerful combination of osquery and Fleet comes in, providing a robust, open-source solution for endpoint monitoring.

Osquery exposes your operating system as a high-performance relational database, allowing you to write SQL queries to explore running processes, loaded kernel modules, network connections, user accounts, and much more. Fleet serves as the scalable control plane, enabling you to manage and collect data from thousands of osquery agents in real-time.

This guide will walk you through the complete process of installing and configuring the Fleet Osquery Manager on a Rocky Linux server.

Prerequisites for a Successful Installation

Before diving into the installation, ensure your Rocky Linux system meets the following requirements. Preparing these components in advance will streamline the entire process.

  • A running Rocky Linux server (Rocky Linux 8 or 9 is recommended).
  • Root or sudo privileges to install packages and manage services.
  • MySQL or MariaDB installed and running to serve as the database backend.
  • Redis installed and running for caching and managing live queries.
  • Firewall access configured for the necessary ports (e.g., port 8080 for the Fleet UI).

Step 1: Install and Configure Dependencies

The first step is to get the database and cache layers ready. We’ll use MariaDB (a popular fork of MySQL) and Redis.

  1. Install MariaDB and Redis using the dnf package manager:
    bash
    sudo dnf install mariadb-server redis -y
  2. Enable and start the services so they launch on boot:
    bash
    sudo systemctl enable --now mariadb
    sudo systemctl enable --now redis
  3. Secure your MariaDB installation. This is a critical security step that sets a root password and removes insecure defaults.
    bash
    sudo mysql_secure_installation

    Follow the on-screen prompts to configure your database server securely.

Step 2: Create the Fleet Database and User

Fleet needs its own dedicated database and user to store its data. Interacting with the database as a dedicated user, rather than root, is a crucial security best practice.

  1. Log in to your MariaDB instance:
    bash
    sudo mysql -u root -p

  2. Run the following SQL commands to create the database and user. Be sure to replace 'your-strong-password' with a secure password of your choice.

    CREATE DATABASE fleet;
CREATE USER 'fleet'@'localhost' IDENTIFIED BY 'your-strong-password';
GRANT ALL PRIVILEGES ON fleet.* TO 'fleet'@'localhost';
FLUSH PRIVILEGES;
EXIT;

    You have now created a database named fleet and a user named fleet that has full access to it.

Step 3: Download and Install the Fleet Binary

Next, we will download the pre-compiled Fleet binary and place it in a standard system location.

  1. Download the latest release of Fleet for Linux. You can find the latest version on the official Fleet GitHub repository. Use wget or curl to download the tarball. For example:

    wget https://github.com/fleetdm/fleet/releases/download/fleet-v4.XX.X/fleet_v4.XX.X_linux.tar.gz

    Note: Replace v4.XX.X with the actual latest version number.

  2. Extract the archive and move the fleet and fleetctl binaries to /usr/local/bin/:
    bash
    tar -xzf fleet_v4.XX.X_linux.tar.gz
    sudo mv fleet_v4.XX.X_linux/fleet /usr/local/bin/fleet
    sudo mv fleet_v4.XX.X_linux/fleetctl /usr/local/bin/fleetctl

    Placing the binaries in /usr/local/bin/ makes them accessible from anywhere in the system shell.

Step 4: Configure Fleet

Fleet uses a YAML file for its configuration. We need to create this file and populate it with our database and server details.

  1. Create a directory for the configuration file:
    bash
    sudo mkdir /etc/fleet

  2. Create and edit the configuration file:
    bash
    sudo nano /etc/fleet/config.yml

  3. Paste the following configuration into the file. Carefully update the mysql and server sections with your database password and server’s IP address or domain name.

    # Fleet configuration
mysql:
  address: "127.0.0.1:3306"
  database: "fleet"
  username: "fleet"
  password: "your-strong-password"
redis:
  address: "127.0.0.1:6379"
server:
  url: "http://YOUR_SERVER_IP:8080"

    Save and close the file. The server.url is the public-facing URL that osquery agents will use to connect to Fleet.

Step 5: Create a Systemd Service for Fleet

To ensure Fleet runs reliably as a background service and starts automatically on boot, we’ll create a systemd service file.

  1. Create the service file:
    bash
    sudo nano /etc/systemd/system/fleet.service

  2. Paste the following service definition into the file:

    [Unit]
Description=Fleet osquery Manager
After=network.target mariadb.service redis.service

[Service]
ExecStart=/usr/local/bin/fleet serve --config /etc/fleet/config.yml
Restart=always
User=root
Group=root

[Install]
WantedBy=multi-user.target

  3. Reload the systemd daemon, then enable and start the Fleet service:
    bash
    sudo systemctl daemon-reload
    sudo systemctl enable --now fleet

  4. Verify that the service is running correctly:
    bash
    sudo systemctl status fleet

    You should see an “active (running)” status.

Step 6: Initial Fleet Setup and Admin User

With the service running, the final setup step is to use fleetctl to initialize the database schema and create your first administrator account.

  1. Run the interactive setup command:
    bash
    fleetctl setup
  2. The command will prompt you to enter your email address and a secure password for the primary admin user. This will also migrate the database schema.

Accessing the Fleet Web Interface

Your Fleet instance is now fully installed and running! You can access the web-based user interface by navigating to the URL you configured earlier in your web browser:

http://YOUR_SERVER_IP:8080

Log in with the admin credentials you created in the previous step. From the UI, you can now generate osquery installer packages for your endpoints, manage host groups, and start running queries across your entire infrastructure.

Important Security Tips and Next Steps

  • Configure the Firewall: Ensure your server’s firewall is properly configured. Only allow access to the ports you need. For this setup, you need to allow traffic on port 8080.

    sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
sudo firewall-cmd --reload

  • Set Up a Reverse Proxy with TLS/SSL: For any production environment, it is highly recommended to put Fleet behind a reverse proxy like Nginx or Apache. This allows you to secure the web traffic with a free Let’s Encrypt TLS/SSL certificate, making all communication encrypted and more secure.

  • Enroll Your First Host: In the Fleet UI, click “Add Hosts” to get a customized osqueryd installer for your target operating systems. The installer package includes the enrollment secret, allowing the agent to securely connect back to your new Fleet server.

Source: https://kifarunix.com/install-fleet-osquery-manager-on-rocky-linux/

900*80 ad

Related Articles
      1080*80 ad
      About Hosterdojo

      Hosterdojo reviews server performance, network capabilities, and other related benchmarks. If you are a provider interested in submitting your VPS products, feel free to reach out to me.

      Email: [email protected]
      Telegram Channel: https://t.me/hosterdojo

      Follow

      Useful Link

      Girl in a jacket