Getting Started

This document will show you how to get up and running with Zercurity.

Registration

Account signup is a straightforward process. You’ll be required to fill in all of the required forms. As depicted below.

_images/register.png

After you’ve signed up you’ll receive an email welcoming you to Zercurity. You’ll also be immediately logged into the application.

_images/dashboard_empty.png

Enroll your first Asset

To start using Zercurity you’ll first need to enroll a new Asset. At present Zercurity only supports MacOSX and Linux (Debian).

_images/enroll.png

If you’ve not already created a Team. You’ll need to create one before being allowed to download the OSX installer.

_images/enroll_team.png

Once you’ve created or selected your team. The download option will be made available to you. By clicking the download button. The package will be built behind the scenes (this may take a few moments to complete). The package will then be automatically downloaded.

_images/enroll_download.png

Installer OSX

Once the installer has downloaded double click the package from your downloads folder to start the installation.

_images/installer_osx_01.png
_images/installer_osx_02.png
_images/installer_osx_03.png

If the package fails to run then you’ll need to check your security settings under the OSX Security & Privacy, System Preferences.

Introduction Gives a brief summary of what this installer will do, including the packages that will be installed.

Read Me Gives a more in-depth breakdown of the packages that will be installed and links to the relevant documentation.

License Zercurity’s license agreement. Please take the time to read through this.

Destination Select By default Zercurity will and must be installed to the primary disk on your Mac. Please do not change the destination path unless you know what you’re doing.

Installation Type By default all packages will be installed. We recommend not changing the packages that will be installed unless you’ve customised or pre-compiled the binaries yourself.

Installation The installation will now take place. This will take a few minutes to install the various packages and register with the Zercurity server.

Summary This is the final part of the installation. Upon a successful installation you can now visit the Assets section on the Zercurity dashboard to see your new asset.

Installer Linux (Debian)

This section will walk you through the installation of Zercurity against a Debian based host. Zercurity should work with:

  • Ubuntu
  • Debian

Before downloading the Debian package (.deb). There are some prerequisites you’ll need to run first.

export OSQUERY_KEY=1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys $OSQUERY_KEY
sudo add-apt-repository "deb [arch=amd64] https://pkg.osquery.io/deb deb main"
sudo apt-get update
sudo apt-get install osquery

Once you’ve installed the dependencies you can the install the zercurity-0.1.deb package like so.

sudo dpkg -i zercurity-0.1.deb

The installer will take a few moments to complete. Upon a successful installation you can now visit the Assets section on the Zercurity dashboard to see your new asset.

Installer Linux (RHEL)

This section will walk you through the installation of Zercurity against a RHEL based host. Zercurity should work with:

  • Redhat
  • Centos
  • Fedora

Before downloading the RHEL package (.rpm). There are some prerequisites you’ll need to run first.

curl -L https://pkg.osquery.io/rpm/GPG | sudo tee /etc/pki/rpm-gpg/RPM-GPG-KEY-osquery
sudo yum-config-manager --add-repo https://pkg.osquery.io/rpm/osquery-s3-rpm.repo
sudo yum-config-manager --enable osquery-s3-rpm
sudo yum install osquery

Once you’ve installed the dependencies you can the install the zercurity-0.1-1.x86_64.rpm package like so.

sudo yum install zercurity-0.1-1.x86_64.rpm

The installer will take a few moments to complete. Upon a successful installation you can now visit the Assets section on the Zercurity dashboard to see your new asset.

Installer Windows (Standalone)

Once the installer has downloaded double click on the MSI (Windows Installer). This will start the installation of Zercurity. The windows installer requires administrator privileges.

_images/installer_windows_standalone_03.png _images/installer_windows_standalone_02.png _images/installer_windows_standalone_01.png

Once the installation has finished the Assets will be available immediately. You’re free to delete the installer.

Lastly, if you want to capture a verbose log of the installation you can run:

msiexec /i zercurity-0.1.msi /L*v C:\temp\install.txt

Installer Windows (Active Directory)

As Zercurity comes as an MSI it can be distributed to client machines with an Active Directory GPO (Group Policy Object). Before continuing you must have both Active Directory (AD) installed and a Windows File Server, from which to serve the MSI.

This walkthrough uses Windows Server 2016 Datacenter edition.

_images/installer_windows_ad_01.png

From your Windows Server. Open up the Windows Server Manager (which should launch atuomaticafly upon login). Select Tools -> Group Policy Management

This will open the Group Policy Management window. Within your organisational structure you can apply GPOs to specific teams within your domain.

_images/installer_windows_ad_02.png

In this example however, we’re going to apply our new policy to the entire domain. This will mean that every computer managed under AD domain will have Zercurity installed.

Under your domain right click on Group Policy Objects and from the context menu select New.

_images/installer_windows_ad_03.png

Provide a name for your new Group Policy Object. We’ve called ours Zercurity Installer

_images/installer_windows_ad_04.png

When you’ve created the new GPO, you’ll see it listed. right click and select Edit from the context menu.

This will now open the Group Policy Management Editor for our Zercurity Installer GPO.

_images/installer_windows_ad_05.png

Under Policies -> Software Settings theres a tree item called Software installation. right click and select New -> Package from the context menu.

_images/installer_windows_ad_06.png

You’ll now need to provide a valid network path for the Zercurity installer.

IMPORTANT The location of zercurity-0.1.msi must be hosted from an accessible and readable drive on the network. You can use Window’s File Server to host the installer.

_images/installer_windows_ad_07.png

Accept the default setting of Assigned and click OK.

_images/installer_windows_ad_08.png

That’s it. Zercurity will now be installed when a user next logs onto their machine and you’ll see it listed on Zercurity’s Assets page.

If you are testing this on your location computer first. You can force the installation of Zercurity onto client machines by running the gpupdate command.

gpupdate /target:computer /force

If you need any help. Please raise a ticket via the Zercurity application.

Installer Docker (Ubuntu)

To run Zercurity inside a Docker container please follow these steps.

docker run --name zercurity_ubuntu -ti -d --privileged=true ubuntu:latest  "/sbin/init"
docker exec -it zercurity_ubuntu /bin/bash

Before downloading the Debian package (.DEB). There are some prerequisites you’ll need to run first.

apt-get update && apt-get upgrade
apt-get install software-properties-common apt-transport-https wget rsyslog

export OSQUERY_KEY=1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys $OSQUERY_KEY
add-apt-repository "deb [arch=amd64] https://pkg.osquery.io/deb deb main"
apt-get update
apt-get install osquery

Download the zercurity DEB to your system and install like so:

dpkg -i zercurity-2.0.deb

You should now see the docker asset displayed on your dashboard.

Installer Docker (CentOS)

To run Zercurity inside a Docker container please follow these steps.

docker run --name zercurity_centos -ti -d --privileged=true centos:latest  "/sbin/init"
docker exec -it zercurity_centos /bin/bash

Before downloading the Debian package (.RPM). There are some prerequisites you’ll need to run first.

yum update && yum upgrade
yum install sysvinit-tools

curl -L https://pkg.osquery.io/rpm/GPG | tee /etc/pki/rpm-gpg/RPM-GPG-KEY-osquery
yum-config-manager --add-repo https://pkg.osquery.io/rpm/osquery-s3-rpm.repo
yum-config-manager --enable osquery-s3-rpm
yum install osquery

Download the zercurity RPM to your system and install like so:

yum install zercurity-2.0.rpm

You should now see the docker asset displayed on your dashboard.

Assets

After you’ve completed the installation steps for your asset. You’ll be able to it listed under the Assets section.

_images/assets_start.png

Clicking on the asset’s name will allow you to inspect it further.

Note

It may take a few minutes for additional system information to start to appear such as networking and disk.

_images/asset_start.png

You can learn more about your Assets.