Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
l
Lee Armet
09/01/2021, 6:22 PMany suggestions what I am doing wrong?
b
Benjamin Edwards
09/01/2021, 6:54 PMwhat OS are you running on?
l
Lee Armet
09/01/2021, 7:32 PMI built the ubuntu osquery 'agent' with no problem! It worked great. I thought I'd get ambitious and create one for my Mac to connect to. That part failed.
b
Benjamin Edwards
09/01/2021, 11:27 PMSo if your building this on Linux then the pkg target is a little more complicated. You’ll need to install mkbom, which I had to do from source.
Not in front of a computer at the moment but when i get back I’ll send you some details
c
Chad
09/02/2021, 3:48 AMYou will probably also need xar.
If you're using docker, this is from my docker config file. Otherwise you can just pull the commands out from here
# Install xar from source
RUN git clone --depth=1 \
--branch=master \
<https://github.com/mackyle/xar.git> \
&& cd /xar/xar; \
sed -i '332s/^.*$/AC_CHECK_LIB([crypto], [OPENSSL_init_crypto], , [have_libcrypto="0"])/' <http://configure.ac|configure.ac> \
&& ./autogen.sh --noconfigure \
&& ./configure LDFLAGS=-lfts \
&& make \
&& make install \
&& cd / \
&& rm -rf /xar
# Install bomutils from source
RUN git clone --depth=1 \
--branch=master \
<https://github.com/hogliux/bomutils.git> \
&& cd bomutils \
&& make \
&& make install \
&& chmod 755 build/bin/mkbom \
&& cp build/bin/mkbom /usr/local/bin/mkbom \
&& cd / \
&& rm -rf /bomutilss
Stijn Pieters
09/02/2021, 10:50 AMHi, jumping in on this thread
I had the same issue. Installed mkbom and xar from source.
Now I get an
error="build pkg: mkbom: exit status 1"go run -v ./cmd/package --type=pkgUnable to find path: /tmp/orbit-package3699160814/flat/rootl
Lee Armet
09/02/2021, 12:23 PMgoing to try these this morning... will report back! thanks for the tips/guidance @Chad and @Benjamin Edwards
👍 1
c
Chad
09/02/2021, 2:37 PM@Stijn Pieters - thats a bug in the code. You can look at the PR https://github.com/fleetdm/fleet/pull/1815
s
Stijn Pieters
09/02/2021, 3:08 PMI feel stupid asking, but when I run on main branch I get the following error:
error="create root dir: Path /tmp/orbit-package2211337692 already exists with mode 20000000700 instead of the expected 20000000755"git checkout d0bb3202785ac6b69f1e6542f55c77e9eb28f5a2l
Lee Armet
09/02/2021, 6:09 PMso I installed (as above) xar and bomutils successfully, however I'm no closer. I'm going to teardown mysetup and try it all again. Will report back.
c
Chad
09/03/2021, 3:14 AM@Stijn Pieters think this is related to another issue that has been worked on and will be fixed in the latest version. Let me know if you need help temporarily working around it
@Lee Armet if you share your errors I can help you troubleshoot it
l
Lee Armet
09/08/2021, 7:19 PMmuch appreciated, Chad. I decided to forgo using docker and follow the guide on kifarunix "install fleet osquery manager on ubuntu"
I am now getting the following error:
Using config file: /etc/fleet/fleet.yml
{"component":"crons","cron":"vulnerabilities","level":"info","ts":"2021-09-08T19:14:17.791894435Z","vulnerability scanning":"not configured"}
{"address":"0.0.0.0:8080","msg":"listening","transport":"https","ts":"2021-09-08T19:14:17.814501814Z"}
{"terminated":"tls: failed to parse private key","ts":"2021-09-08T19:14:17.815321235Z"}
I believe I'm close to getting this up and running