Amazon Linux 2

Overview¶

This user journey guides you to install and verify the compatibility of Kuberarmor on Amazon Linux 2 Os with 5.10 Kernel Version by applying policies on VM workloads.

Note: As of now KubeArmor for Amazon Linux 2 will only Support for Audit mode. In the upcoming updates it will also support Enforcements, such as Allow and Block.

Step 1: Install KubeArmor and Karmor CLI on VM¶

Download the Latest release of KubeArmor

wget https://github.com/kubearmor/KubeArmor/releases/download/v0.3.1/kubearmor_0.3.1_linux-amd64.rpm

yum install kubearmor_0.3.1_linux-amd64.rpm

Start and Check the status of KubeArmor:

systemctl start kubearmor

systemctl enable kubearmor

systemctl status kubearmor

Alt

Install Karmor CLI:

curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sudo sh -s -- -b /usr/bin

karmor version

Alt

Step 2: Apply and Violating KubeArmor System Policy¶

1. Process Level¶

cat propolicy.yaml

apiVersion: security.kubearmor.com/v1
kind: KubeArmorHostPolicy
metadata:
  name: kubearmor-pro-policy
spec:
  process:
    matchPaths:
    - path: /usr/bin/whoami
    - path: /usr/bin/id
    - path: /usr/bin/cp
    - path: /usr/bin/rm
  action: Audit

Run this command to apply the policy:

karmor vm policy add propolicy.yaml

Alt

Violating the policy:

cp test1.txt  test2.txt

Verifying policy Violation logs:

karmor log

Alt

2. File Level¶

cat filepolicy.yaml

apiVersion: security.kubearmor.com/v1
kind: KubeArmorHostPolicy
metadata:
  name: kubearmor-file-policy
spec:
  file:
    matchPaths:
    - path: /etc/fstab  
  action: Audit

Run this command to apply the policy:

karmor vm policy add filepolicy.yaml

Alt

Violating the policy:

cat /etc/fstab

Verifying policy Violation logs:

karmor log

Alt

3. Directory Level¶

cat dirpolicy.yaml

apiVersion: security.kubearmor.com/v1
kind: KubeArmorPolicy
metadata:
  name: kubearmor-dir-policy
spec:
  file:
    matchDirectories:
    - dir: /var/log/tomcat
      recursive: true
  action: Audit

Run this command to apply the policy:

karmor vm policy add dirpolicy.yaml

Alt

Violating the policy:

cat /var/log/tomcat/catalina.out

Verifying policy Violation logs:

karmor log

Alt

For Log Based Alerts¶

You can visit our Enterprise version

Alt