Most osquery deployments consist, broadly, of 2 parts: the osquery agents that slurp up data from machines, and the fleet manager that these agents send their data to. But all tools expose attack surfaces, and security tools are no exception. Let’s start by talking about the security of your osquery deployment As always, it’s up to you to understand your own organization and to decide your own risk tolerance. Others might technically apply to you, but you might decide that you aren’t concerned about them. Some of the concerns might not apply to your organization. To be clear, all of the concerns that we’ll talk about today are solvable, given time and effort. Today I’m going to go into more detail about some of the safety considerations we contemplated when deploying osquery, and how we mitigated them. The stronger the safety guarantees you can give yourself, the faster you can move in the long-term, and just because you’re paranoid, that doesn’t mean you won’t cause a ruinous incident if you don’t take proper precautions. But I’m confident that the mitigations that we put in place will also make our lives much calmer and more stable for years to come. Mitigating these inconvenient but valid security and reliability concerns made my team’s lives a little more awkward for a few months.
OSQUERY ON ALPINE UPDATE
It runs as root, performs a potentially large amount of work to grab a large amount of information, and you can update its configuration from a remote fleet manager that completely bypasses all of our normal change management infrastructure.”
“OK, well - this thing runs on every server at Stripe, including the mission-critical ones. “Is osquery the thing on our laptops that…?” they started “Yes, but don’t worry, it’s perfectly safe.” we replied. But people still get grumpy when their battery dies prematurely.Īnyway, the reliability team also absolutely understood what we were trying to do, but they had some concerns of their own. We’ve tried to be responsive and tune our parameters, and we made a Slackbot to give guidance to people complaining about osqueryd. Some tasks cause osquery to get a little CPU hungry and cause people’s laptops to sound like they’re trying to fly to the moon. However, our laptop deployment has given us a mild PR problem with osquery.
It’s been very useful, which is why we want to put it on our servers too. We already run osquery on all our employee laptops. Next we spoke to Stripe’s reliability team. “Some of the scarier tables can remotely control servers.” “Yes,” we said, “isn’t it fantastic?” “This thing can exfiltrate almost any piece of data from the machines it runs on”, they pointed out.
OSQUERY ON ALPINE INSTALL
They acknowledged all the wonderful features of osquery that all of us here know and love, apart from those of you who are spies from However, the team pointed out that we were, in the nicest possible way, proposing to install a trojan on every server at Stripe. Our colleagues absolutely understood what we were trying to do. They went away and talked amongst themselves, and then came back and let us know that actually they very much did. While we were designing our deployment we spoke to other teams within Stripe’s security organization, and we asked them if they had any thoughts. Last year we started rolling out osquery to Stripe’s server fleet. My team is responsible for building the tools that security analysts use to detect and stop bad guys. Hi, my name is Rob Heaton and I’m a security engineer at Stripe on the Detection Infrastructure team. Here’s the recording, transcript, and slides for a talk about gingerly deploying osquery to a server fleet that I gave at 2021.
0 kommentar(er)
