The same applies if you’ve used VirtualBox to creae your VM, now it’s time to install the VirtualBox client tools! If you have used VMware instead, then you want to install the open-vm-tools with: sudo yum install open-vm-tools -y If instead you’ve created the VM using standard QEMU configurations, then you may want to install qemu-guest-agent with: sudo yum install qemu-guest-agent -y If you’ve created an emulated VM on QUEMU using spice configuration or you’ve used UTM, then you may want to install now SPICE agent: sudo yum install spice-vdagent -y When CentOS installation has completed, remove the virtual ISO and reboot your VM. This tutorial won’t cover the details of installing CentOS 7 minimal as it’s out of scope and it’s a very simple activity, however, I cover the info on what to do in the post install. When your VM is ready, install CentOS 7 with the minimal installation profile, you don’t need a full CentOS 7 installation, and the smaller the better in terms of reducing the attack surface of your controller. disk path=/var/lib/libvirt/images/CentOS7.qcow2,size=64,bus=virtio,format=qcow2 Here is an example of how to build an Hypervisor based x86_64 VM on QEMU/KVM for CentOS 7 (suitable only for native x86_64 architecture) using virt-install command from libvirt: virt-install \ We’ll also configure the controller’s certificate to improve security a bit, but given that it’s going to be a self signed certificate, you should not solely rely on it! The IP will be bound to the VM certificate, that we’ll also include in the fleet endpoint packages, so you really want to make sure the Controller IP doesn’t change by mistake! ? Make sure your VM’s network port gets a reserved IP (if you have a DHCP server in your network) or has a static IP. In a secure deployment you’d want to ensure there is a proxy in the middle to protect your Controller from un-authorised accesses from rouge endpoints. It’s important that you configure the VM network port as bridged, this because the Controller needs to be reachable via network by the endpoints. Otherwise, I recommend larger discs, depending on the number of endpoints you are planning to use. The disc size should be at least 64GB if you are testing Fleet only with a small fleet of OSQuery endpoints. The same requirements above are needed for a Hypervisor based VM. I used 4GB RAM for my VM and just 2 cores CPU (works ok also with one core only). ![]() I used CentOS because the original and very bad installation tutorial from Fleet themselves uses CentOS, but you can use whatever Linux distro you prefer (as long as you know how to “convert” the instructions here). If you are going to use QEMU then create an emulated or Hypervisor based x86_64 VM for Linux (specifically CentOS Linux). Why not docker?įleet uses docker to create its installable packages, so we will install docker in the Fleet Controller VM. ![]() Please note: At the time of writing this article Fleet did not fully support ARM, so I reccommend to use QEMU on ARM systems. ![]() This is particoularly useful when testing things and even more useful if you own an Apple M1/M2 based system and need to test/play with x86 Linux based software.įor this tutorial I created an Emulated VM (x86_64) in UTM on macOS for Apple Silicon (ARM/AArch64), you can either build an hypervisor based VM on an x86_64 or do the same as I did. One of the useful features offered by QEMU is that it can be used to create both traditional Virtual Machines (aided by an Hypervisor) or Emulated VMs (litterally fully emulated systems). If you already have any form of EndPoint agent instaled on your systems, do not worry, OSQuery is extremely light weight and performant, so there won’t be any issue in most cases.įleet also offers a library of OSQuery’s queries to do more activities, however, in a future articles we’ll see how to extend the default set with even more interesting queries ? The Fleet Controller Creating an Hypervisor based VM or an Emulated VM for Fleet in QEMU This is a very useful practice to do to ensure your network is under control on many aspects, most notably the vulnerability profile and attack surface of your entire set of interconnected machines. Fleet is an OpenSource project to create an “OSQuery controller” capable of detecting vulnerabilities and other issues on machines on your network using the power of OSQuery.
0 Comments
Leave a Reply. |