KubeArmor on VM/Bare-Metal¶
KubeArmor is a Runtime Security engine that can protect your applications from unknown threats.
This recipe explains how to use KubeArmor directly on VM/Bare-Metal host and was tested on Ubuntu hosts. The recipe installs kubearmor
as systemd process and karmor
cli tool to manage policies and show alerts/telemetry.
Download and Install KubeArmor¶
- Install pre-requisites
sudo apt install bpfcc-tools linux-headers-$(uname -r)
- Download the latest release of KubeArmor
- Install KubeArmor
sudo dpkg -i kubearmor_0.1_linux-amd64.deb
Start KubeArmor¶
sudo systemctl start kubearmor
Check kubearmor status using sudo systemctl status kubearmor
or use sudo journalctl -u kubearmor -f
to continuously monitor kubearmor logs.
Apply sample policy¶
Following policy is to deny execution of sleep
binary on the host:
sleepdenypolicy.yaml | |
---|---|
1 2 3 4 5 6 7 8 9 10 |
|
Save the above policy to sleepdenypolicy.yaml
and apply:
karmor vm policy add sleepdenypolicy.yaml
Now if you run sleep
command, the process would be denied execution.
Get Alerts for policies and telemetry¶
karmor log --json
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
|