Tactical RMM Installation Guide

Introduction

Tactical RMM is a remote monitoring & management tool, built with Django and Vue.
It uses an agent written in Golang and integrates with MeshCentral.

Features

• TeamViewer-like remote desktop control
• Real-time remote shell
• Remote file browser (download and upload files)
• Remote command and script execution (Bash, Batch, PowerShell, Python, Nutshell, and Deno scripts)
• Event log viewer
• Services management
• Windows patch management
• Automated checks with email/SMS/Webhooks alerting (CPU, disk, memory, services, scripts, event logs)
• Automated task runner (run scripts on a schedule)
• Remote software installation via chocolatey
• Software and hardware inventory

Prerequisites

• A fresh Linux machine running either Debian 11, Debian 12 or Ubuntu 22.04 LTS with at least 4GB RAM on x64 or aarch64 (arm64) architecture. Installing on a Docker container is also possible but not recommended (refer to https://docs.tacticalrmm.com/install_considerations/ and https://docs.tacticalrmm.com/install_docker/)
• A TOTP based authenticator app like Google Authenticator
• SSH Client like PuTTY
• Domain name

Installation

1. Update and upgrade OS

As root, run these command to apply update OS. It will also install ufw.

apt update
apt install -y wget curl sudo ufw
apt -y upgrade

Tip: Always reboot after installing updates especially if the kernel is updated to avoid running into problems.

2. Setup DNS Records

While updating, you can also go ahead and configure your DNS records by adding A records on wherever your domain is hosted. Create 3 A records: rmm, api and mesh and point them to the public IP of your server.

The RMM uses 3 different sites. The Vue frontend e.g. rmm.example.com which is where you'll be accessing your RMM from the browser, the REST backend e.g. api.example.com and MeshCentral e.g. mesh.example.com
rmm. api. and mesh. are what we recommend, but you can use whatever you want if they're already in use.

Warning: All 3 domain names MUST be at the same subdomain level because you only get one LetsEncrypt wildcard cert, and it'll only apply to that level of DNS name.

3. Create a user

Create a user and add it to the sudoers group by running the commands below. We will use tactical for this guide.

useradd -m -G sudo -s /bin/bash tactical
passwd tactical

You would also want to ensure that the tactical linux user has passwordless sudo:

sudo visudo

Add the following line to the end of the file which will be opened by running the above command, then save and exit the file.

tactical   ALL=(ALL:ALL) NOPASSWD:ALL