Post

How to get URL link on X (Twitter) App

On the Twitter thread, click on or icon on the bottom
Click again on or Share Via icon
Click on Copy Link to Tweet
Paste it above and click "Unroll Thread"!
More info at Twitter Help

Dr. Maik Ro

@maikroservice

Jun 18 • 28 tweets • 7 min read • Read on X

The easiest way to start with Cybersecurity:

Imagine the following situation:

WOHOOOOOO - YOU WON 🥇🏆

You have your first day as the new security person.

Congratulations, this journey was not easy but you made it anyway! 🚀🎉

and of course, you are EAGER to show up on your first day and fix any security problem that comes your way!!!!!11 👩‍🔧🧑‍🔧👨‍🔧

and then you arrive… 🚗💨

You look for documentation of current security efforts 📑 🔍👀

and what do you find?!

this: 🕸️ 🪰

a whole lot of nothing. 😅

ummm…

What now?! 🤔

uffff… 😵

Ok, lets take this slowly 🐌

… no worries, it’s all problem solving 🤓

You cannot eat an elephant in one sitting. 🐘🍽️❌

Ok, so what do we know?!

We have computers, servers, people, phones, some cloud instances and software at this company

✅✔️✓☑️📋

and we need *more security

wait, mr maikroservice - how do we know how many computer, servers etc. we have?!

… and even more - what’s installed/running on those?!

GREAT QUESTION FRIEND! 🚀

WellI am glad I asked a good question - but… how do we find out!?

🤔
We could count them all by hand? 🤚✌️🤘
or
Let everyone fill out an excel sheet with what they have?!
phone 📱
laptop 💻
cloud instances ☁️ 🖥️

hmmm… is there no software to do that?

oh yes, sure - there is asset management software like osquery

OH YES! THAT’S WHAT I AM TALKING ABOUT

but how do we get this on the devices?

and how does one use it?!

good questions - let’s dive right in, shall we?!

The first thing you might try is to install osquery via apt on linux:

you type

sudo apt-get install osquery

well, that did not work… 🤨

What now?

How about you visit and check what they have in store for us? osquery.io

AHA!
The big Download button in the top right, that is what I am talking about 🔽✅

There are many different options - windows, linux, macOS and different linux distributions even 🤯

so technically you could download the binary and be done with it

but… there is one more option - you can for example setup the osquery repository under linux so that you can update the version regularly without much hassle

which is always good to know!

allow me to share how to do that:

We assume you use a debian/ubuntu based linux system now, however it works similarly for centOS based systems.

Let’s start:
First, you setup the signing keys so that you can make sure the downloaded version is OK

type:

sudo mkdir -p /etc/apt/keyrings

into your terminal - this creates a folder called keyrings

next we download the public key with:

curl -L | sudo tee /etc/apt/keyrings/osquery.asc

which … umm fails?! ah because we have no curl on this default debian box… well ok, if you insist we will install it first

sudo apt-get install curl -y pkg.osquery.io/deb/pubkey.gpg

and then run the download curl command again and if all goes well you see the beginning of a public key in your terminal like in the screenshot below

Now you have saved the public key in the keyrings folder and can continue to add the repository

This is achieved by modifying the /etc/apt/sources.list file which holds the locations for update/upgrade repositories for my debian system

for my arm system I add:
deb [arch=arm64 signed-by=/etc/apt/keyrings/osquery.asc] deb main pkg.osquery.io/deb

if you use a 64 bit processor instead of an arm 🦾, use:
deb [arch=amd64 signed-by=/etc/apt/keyrings/osquery.asc] deb main

GOT IT - what now?pkg.osquery.io/deb

two commands remaining for the install process:

sudo apt-get update

to update (DUH…) the package cache

makes sure you are able to run:

sudo apt-get install osquery -y

BOOOM SHACKALALALALAACKA!

There you go, now you have osquery installed and you can even look for it inside your terminal - which should throw you into another question:

hmmm…

How does oquery work?

Do I need to run this every time?
Is it installed as a service?
What happens after I restart my machine?!

oh you are one smart cookie 🍪 !

you see, osquery is a two part gift - divided into the interactive portion (osqueryi) and the daemon (osqueryd)

DEMON???? 👹

the linux dAemon is a service that can be setup to run all the time, it is similar to the autostart/scheduled task feature in windows-land

AHA! ok great but how do I install this?

good question - this is the topic of the next thread 🧵!

thank you so much for reading, if you want to be notified when the next thread pops up:

follow me @maikroservice for more content 💜

@threadreaderapp unroll

• • •

Missing some Tweet in this thread? You can try to force a refresh

This Thread may be Removed Anytime!

Twitter may remove this content at anytime! Save it as PDF for later use!

Read 31 tweets

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Share this page!

Enter URL or ID to Unroll

Dr. Maik Ro

Try unrolling a thread yourself!

More from @maikroservice

Dr. Maik Ro

Dr. Maik Ro

Dr. Maik Ro

Dr. Maik Ro

Dr. Maik Ro

Dr. Maik Ro

Did Thread Reader help you today?

Don't want to be a Premium member but still want to support us?

Send Email!