empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
669be3a53c
fleet/docs/Using Fleet/Scripts.md
Marko Lisica 669be3a53c
Enroll hosts docs improvements (#14862) 
Summary:
- Enroll hosts page refinement
- Since page was too long and had a lot of content I did following:
    - Moved most important sections to the top
- Did some changes to make things more consistent, when possible having
UI and CLI sections with steps (ordered list)
- Moved `Add hosts with plain osquery` to contributor docs, since I
learned this approach is used just by couple of Fleet customers, and we
don't advise this as best practice anymore
- Added overview (table of contents) on the top to make easier to
navigate through the page
- Moved some technical (advanced) topics into separate section on the
bottom of the page

---------

Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Rachael Shaw <r@rachael.wtf>
2023-11-20 19:39:41 +01:00

2.7 KiB
Raw Blame History

Scripts

Available in Fleet Premium

In Fleet you can execute a custom script to remediate an issue on your macOS, Windows, and Linux hosts.

Shell scripts are supported on macOS and Linux. All scripts will run in the host's (root) default shell (/bin/sh). Other interpreters are not supported yet.

PowerShell scripts are supported on Windows. Other types of scripts are not supported yet.

Script execution is disabled by default. Continue reading to learn how to enable scripts.

Execute a script

You can execute a script using the fleetctl command-line interface.

To execute a script, we will do the following steps:

  1. Enable script execution
  2. Write a script
  3. Run the script

Step 1: Enable script execution

If you use Fleet's macOS MDM features, scripts are automatically enabled for macOS hosts that have MDM turned on. You're set!

If you don't use MDM features, to enable scripts, we'll deploy a fleetd agent with scripts enabled:

  1. Generate a new fleetd agent for macOS, Windows, or Linux using the fleetctl package command with the --enable-scripts flag.

  2. Deploy fleetd to your hosts. If your hosts already have fleetd installed, you can deploy the new fleetd on-top of the old installation.

Learn more about generating a fleetd agent and deploying it here.

Step 2: Write a script

As an example, we'll write a shell script for a macOS host that downloads a Fleet wallpaper and set the host's wallpaper to it.

To run the script, we'll need to create a set-wallpaper-to-fleet.sh file locally and copy and paste this script into this .sh file:

wallpaper="/tmp/wallpaper.png" 

curl --fail https://fleetdm.com/images/wallpaper-cloud-city-1920x1080.png -o $wallpaper

osascript -e 'tell application "Finder" to set desktop picture to POSIX file "'"$wallpaper"'"'

Step 3: Run the script

  1. Run this fleetctl command:
fleetctl run-script --script-path=set-wallpaper-to-fleet.sh --host=hostname

Replace --host flag with your target host's hostname.

  1. Look at the on-screen information. In the output you'll see the script's exit code and output.

Each time a Fleet user runs a script an entry is created in Fleet's activity feed.

Security considerations

Script execution can only be enabled by someone with root access to the host.

Turning MDM on for a macOS host or pushing a new fleetd agent qualify as root access.