fleet/docs/Using Fleet/Scripts.md

# Scripts

_Available in Fleet Premium_

In Fleet you can execute a custom script to remediate an issue on your macOS, Windows, and Linux hosts.

Shell scripts are supported on macOS and Linux. All scripts will run in the host's (root) default shell (`/bin/sh`). Other interpreters are not supported yet.

PowerShell scripts are supported on Windows. Other types of scripts are not supported yet.

Script execution is disabled by default. Continue reading to learn how to enable scripts.

## Execute a script

You can execute a script using the `fleetctl` command-line interface.

To execute a script, we will do the following steps:
1. Enable script execution
2. Write a script
3. Run the script

### Step 1: Enable script execution

If you use Fleet's macOS MDM features, scripts are automatically enabled for macOS hosts that have MDM turned on. You're set!

If you don't use MDM features, to enable scripts, we'll deploy a fleetd agent with scripts enabled:

1. Generate a new fleetd agent for macOS, Windows, or Linux using the `fleetctl package` command with the `--enable-scripts` flag. 

2. Deploy fleetd to your hosts. If your hosts already have fleetd installed, you can deploy the new fleetd on-top of the old installation.

Learn more about generating a fleetd agent and deploying it [here](./enroll-hosts.md#enroll-hosts-with-fleetd).

### Step 2: Write a script

As an example, we'll write a shell script for a macOS host that downloads a Fleet wallpaper and set the host's wallpaper to it.

To run the script, we'll need to create a `set-wallpaper-to-fleet.sh` file locally and copy and paste this script into this `.sh` file:

```sh
wallpaper="/tmp/wallpaper.png" 

curl --fail https://fleetdm.com/images/wallpaper-cloud-city-1920x1080.png -o $wallpaper

osascript -e 'tell application "Finder" to set desktop picture to POSIX file "'"$wallpaper"'"' 
```

### Step 3: Run the script

1. Run this fleetctl command:
```sh
fleetctl run-script --script-path=set-wallpaper-to-fleet.sh --host=hostname
```

> Replace --host flag with your target host's hostname.

2. Look at the on-screen information. In the output you'll see the script's exit code and output.

Each time a Fleet user runs a script an entry is created in [Fleet's activity feed](./Audit-logs.md#type-code-ran-script-code).

## Security considerations

Script execution can only be enabled by someone with root access to the host.

Turning MDM on for a macOS host or pushing a new fleetd agent qualify as root access.

<meta name="pageOrderInSection" value="1508">
<meta name="title" value="Scripts">
<meta name="description" value="Learn how to execute a custom script on macOS, Windows, and Linux hosts in Fleet.">
<meta name="navSection" value="Device management">
Add docs for script execution (#13807) - Add doc page for run a script via CLI story (#9583). 2023-09-12 22:31:04 +00:00			`# Scripts`

			`_Available in Fleet Premium_`

			`In Fleet you can execute a custom script to remediate an issue on your macOS, Windows, and Linux hosts.`

			Shell scripts are supported on macOS and Linux. All scripts will run in the host's (root) default shell (`/bin/sh`). Other interpreters are not supported yet.

			`PowerShell scripts are supported on Windows. Other types of scripts are not supported yet.`

			`Script execution is disabled by default. Continue reading to learn how to enable scripts.`

			`## Execute a script`

			You can execute a script using the `fleetctl` command-line interface.

			`To execute a script, we will do the following steps:`
			`1. Enable script execution`
			`2. Write a script`
			`3. Run the script`

			`### Step 1: Enable script execution`

			`If you use Fleet's macOS MDM features, scripts are automatically enabled for macOS hosts that have MDM turned on. You're set!`

			`If you don't use MDM features, to enable scripts, we'll deploy a fleetd agent with scripts enabled:`

			1. Generate a new fleetd agent for macOS, Windows, or Linux using the `fleetctl package` command with the `--enable-scripts` flag.

			`2. Deploy fleetd to your hosts. If your hosts already have fleetd installed, you can deploy the new fleetd on-top of the old installation.`

			`Learn more about generating a fleetd agent and deploying it [here](./enroll-hosts.md#enroll-hosts-with-fleetd).`

			`### Step 2: Write a script`

			`As an example, we'll write a shell script for a macOS host that downloads a Fleet wallpaper and set the host's wallpaper to it.`

			To run the script, we'll need to create a `set-wallpaper-to-fleet.sh` file locally and copy and paste this script into this `.sh` file:

			```sh
			`wallpaper="/tmp/wallpaper.png"`

			`curl --fail https://fleetdm.com/images/wallpaper-cloud-city-1920x1080.png -o $wallpaper`

			`osascript -e 'tell application "Finder" to set desktop picture to POSIX file "'"$wallpaper"'"'`
			```

			`### Step 3: Run the script`

Tweak scripts docs (#13937) - Tweak verbiage to make the docs look better. 2023-09-15 13:44:13 +00:00			`1. Run this fleetctl command:`
Docs: add syntax highlighting keywords to code blocks (#13963) Closes: #13691 Changes: - Added keywords for syntax highlighting to code blocks in documentation Markdown files. --------- Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com> 2023-09-22 21:57:40 +00:00			```sh
Scripts docs: Fix typo (#14300) - Fix incorrect flag 2023-10-04 20:16:18 +00:00			`fleetctl run-script --script-path=set-wallpaper-to-fleet.sh --host=hostname`
Tweak scripts docs (#13937) - Tweak verbiage to make the docs look better. 2023-09-15 13:44:13 +00:00			```
Add docs for script execution (#13807) - Add doc page for run a script via CLI story (#9583). 2023-09-12 22:31:04 +00:00
Tweak scripts docs (#13937) - Tweak verbiage to make the docs look better. 2023-09-15 13:44:13 +00:00			`> Replace --host flag with your target host's hostname.`
Add docs for script execution (#13807) - Add doc page for run a script via CLI story (#9583). 2023-09-12 22:31:04 +00:00
			`2. Look at the on-screen information. In the output you'll see the script's exit code and output.`

			`Each time a Fleet user runs a script an entry is created in [Fleet's activity feed](./Audit-logs.md#type-code-ran-script-code).`

			`## Security considerations`

			`Script execution can only be enabled by someone with root access to the host.`

			`Turning MDM on for a macOS host or pushing a new fleetd agent qualify as root access.`

Windows MDM docs: turn on Windows MDM (#13943) - Add new "Windows setup" page to "Device Management" section of docs - Rename "MDM setup" page to "macOS setup." Update links and add redirect - Rename existing "macOS setup" page to "macOS setup experience." Update links. Did not add redirect because of conflict with "macOS setup" page - Remove "MDM" from all MDM doc page titles 2023-10-04 19:39:09 +00:00			`<meta name="pageOrderInSection" value="1508">`
Add docs for script execution (#13807) - Add doc page for run a script via CLI story (#9583). 2023-09-12 22:31:04 +00:00			`<meta name="title" value="Scripts">`
			`<meta name="description" value="Learn how to execute a custom script on macOS, Windows, and Linux hosts in Fleet.">`
			`<meta name="navSection" value="Device management">`