https://github.com/osquery/osquery logo
Join Slack
Powered by
Fresh install on an Ubuntu 20 AMI. I'm getting thi...
# fleet
t
Fresh install on an Ubuntu 20 AMI. I'm getting this error when trying to generate a package. I've seen historically this could be an issue with updated orbit security. Please advise. Thanks.
g
Hey @Tom Wilburn, Make sure you're running the latest 
fleetctl
(for this community channel we can support the current Fleet 4.42 as of this message). • 
sudo npm install -g fleetctl
• Run a quick 
sudo fleetctl
to wrap-up update/install • Then run your 
fleetctl package ...
. I've had a better time running without sudo. Depending on how you've installed fleetctl or your configurations, might need to run as sudo.
t
4.42.0
It was 4.42.0 pulled from the Gitlab. I did npm install -g fleetctl just to rule it out though. First it errored (already installed) so I deleted it from usr/local/bin and reran it. It reinstalled, but I still have the same issue
k
Hi @Tom Wilburn! It sounds like there is some permissions funkiness happening here. Are you still running in to issues getting the package created?
t
I lined up the permissions with a known good. No joy. I DID find a not painful fix that I will detail out here soon. Hope it helps others
Screenshot 2024-01-04 at 8.35.57 AM.png
Started with the original problem, couldn't make images
docker pull fleetdm/fleetctl < --- Ran this (docker already installed)
docker run -it --entrypoint /bin/bash <-into fleetctl docker
fleetctl package --type=msi --fleet-url=https://agents-testenv.upgov.org:8080 --enroll-secret=blahblahsecuritykeyblahjeffepstiendidn'tkillhimself (replace msi with deb or rpm as needed)(add --insecure as needed)
find / -name *.msi (or rpm/deb) .msi usually easiest to find in a linux environment
cd into where the file is then mv *.msi /in/whatever/folder/
My theory is that a STIG'ed image doesn't like using fleetctl from /usr/bin/ or /usr/local/sbin/
g
Thanks much @Tom Wilburn for posting a fix/workaround. Will surface this to the crew and see if expected or if something is wonky.
3 Views
Open in Slack
PreviousNext
Powered by