Title
#fleet
m

MChorfa

11/02/2022, 12:55 PM
message has been deleted
12:59 PM
mchorfa@mchorfa-linux-02:~/tmp$ sudo dpkg  --install fleet-osquery_1.3.0_amd64.deb
(Reading database ... 447044 files and directories currently installed.)
Preparing to unpack fleet-osquery_1.3.0_amd64.deb ...
Failed to stop orbit.service: Unit orbit.service not loaded.
Failed to disable unit: Unit file orbit.service does not exist.
Unpacking fleet-osquery (1.3.0) over (1.3.0) ...
Setting up fleet-osquery (1.3.0) ...
Failed to restart orbit.service: Unit orbit.service not found.
dpkg: error processing package fleet-osquery (--install):
 installed fleet-osquery package post-installation script subprocess returned error exit status 5
Errors were encountered while processing:
 fleet-osquery
Kathy Satterlee

Kathy Satterlee

11/02/2022, 3:18 PM
Hi! Testing this out locally now, bear with me.
m

MChorfa

11/02/2022, 3:26 PM
multiple attempts. now I get this :
mchorfa@mchorfa-linux-02:~/tmp$ sudo apt install ./fleet-osquery_1.3.0_amd64.deb 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Note, selecting 'fleet-osquery' instead of './fleet-osquery_1.3.0_amd64.deb'
The following package was automatically installed and is no longer required:
  libxmlb1
Use 'sudo apt autoremove' to remove it.
The following NEW packages will be installed:
  fleet-osquery
0 upgraded, 1 newly installed, 0 to remove and 5 not upgraded.
Need to get 0 B/33.4 MB of archives.
After this operation, 84.1 MB of additional disk space will be used.
Get:1 /home/mchorfa/tmp/fleet-osquery_1.3.0_amd64.deb fleet-osquery amd64 1.3.0 [33.4 MB]
Selecting previously unselected package fleet-osquery.
(Reading database ... 447268 files and directories currently installed.)
Preparing to unpack .../fleet-osquery_1.3.0_amd64.deb ...
Unpacking fleet-osquery (1.3.0) ...
Setting up fleet-osquery (1.3.0) ...
Created symlink /etc/systemd/system/multi-user.target.wants/orbit.service → /lib/systemd/system/orbit.service.
N: Download is performed unsandboxed as root as file '/home/mchorfa/tmp/fleet-osquery_1.3.0_amd64.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
3:26 PM
Does it try to connect to the server at this point?
N: Download is performed unsandboxed as root as file '/home/mchorfa/tmp/fleet-osquery_1.3.0_amd64.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
3:30 PM
Ok after running the followung command seem to fix the issue
sudo chown _apt /var/lib/update-notifier/package-data-downloads/partial/
Kathy Satterlee

Kathy Satterlee

11/02/2022, 3:30 PM
That's a notice that the
_apt
user was unable to access the file, so
root
was used instead. It shouldn't have any impact on the install process.
m

MChorfa

11/02/2022, 3:30 PM
mchorfa@mchorfa-linux-02:~/tmp$ sudo apt install ./fleet-osquery_1.3.0_amd64.deb 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Note, selecting 'fleet-osquery' instead of './fleet-osquery_1.3.0_amd64.deb'
fleet-osquery is already the newest version (1.3.0).
0 upgraded, 0 newly installed, 0 to remove and 5 not upgraded.
Kathy Satterlee

Kathy Satterlee

11/02/2022, 3:31 PM
👍
m

MChorfa

11/02/2022, 3:32 PM
now I don't seem the make the cert verified
Kathy Satterlee

Kathy Satterlee

11/02/2022, 3:32 PM
Are you testing out Fleet with a self-signed certificate, or is this a production server?
m

MChorfa

11/02/2022, 3:33 PM
running fleet behind nginx ::: self signed certs
3:34 PM
W1102 11:34:00.617166 2004762 tls_enroll.cpp:101] Failed enrollment request to https://fleet.operation.company.local:8443/api/v1/osquery/enroll (Request error: certificate verify failed) retrying...
Kathy Satterlee

Kathy Satterlee

11/02/2022, 3:35 PM
Self signed can be a bit of a pain. If you're testing things out, you can build the package with the
--insecure
flag. That will bypass the certificate errors.
m

MChorfa

11/02/2022, 3:36 PM
ok so rebuilding the deb package with insecure flag. Right ?
Kathy Satterlee

Kathy Satterlee

11/02/2022, 3:37 PM
Yep! Then remove and reinstall the new package and you should be golden.
m

MChorfa

11/02/2022, 3:39 PM
Thank you ... will try it out
5:04 PM
Ok with the insecure flag it worked.: ) So for the production workload ...we absolutely need a public certificate?
Kathy Satterlee

Kathy Satterlee

11/02/2022, 5:14 PM
You can use a self-signed certificate, but you'd need to provide the full certificate chain to osquery.
m

MChorfa

11/02/2022, 5:16 PM
ok : root-ca -> ca-intermediate -> service cert ?
5:16 PM
ok thank you 🙂
Kathy Satterlee

Kathy Satterlee

11/02/2022, 5:16 PM
Any time!