Amazon Linux 2
Overview¶
This user journey guides you to install and verify the compatibility of Kuberarmor on Amazon Linux 2 Os with 5.10 Kernel Version by applying policies on VM workloads.
Note: As of now KubeArmor for Amazon Linux 2 will only Support for Audit mode. In the upcoming updates it will also support Enforcements, such as Allow and Block.
Step 1: Install KubeArmor and Karmor CLI on VM¶
Download the Latest release of KubeArmor
wget https://github.com/kubearmor/KubeArmor/releases/download/v0.3.1/kubearmor_0.3.1_linux-amd64.rpm
yum install kubearmor_0.3.1_linux-amd64.rpm
Start and Check the status of KubeArmor:
systemctl start kubearmor
systemctl enable kubearmor
systemctl status kubearmor
Install Karmor CLI:
curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sudo sh -s -- -b /usr/bin
karmor version
Step 2: Apply and Violating KubeArmor System Policy¶
1. Process Level¶
cat propolicy.yaml
apiVersion: security.kubearmor.com/v1
kind: KubeArmorHostPolicy
metadata:
name: kubearmor-pro-policy
spec:
process:
matchPaths:
- path: /usr/bin/whoami
- path: /usr/bin/id
- path: /usr/bin/cp
- path: /usr/bin/rm
action: Audit
Run this command to apply the policy:
karmor vm policy add propolicy.yaml
Violating the policy:
cp test1.txt test2.txt
Verifying policy Violation logs:
karmor log
2. File Level¶
cat filepolicy.yaml
apiVersion: security.kubearmor.com/v1
kind: KubeArmorHostPolicy
metadata:
name: kubearmor-file-policy
spec:
file:
matchPaths:
- path: /etc/fstab
action: Audit
Run this command to apply the policy:
karmor vm policy add filepolicy.yaml
Violating the policy:
cat /etc/fstab
Verifying policy Violation logs:
karmor log
3. Directory Level¶
cat dirpolicy.yaml
apiVersion: security.kubearmor.com/v1
kind: KubeArmorPolicy
metadata:
name: kubearmor-dir-policy
spec:
file:
matchDirectories:
- dir: /var/log/tomcat
recursive: true
action: Audit
Run this command to apply the policy:
karmor vm policy add dirpolicy.yaml
Violating the policy:
cat /var/log/tomcat/catalina.out
Verifying policy Violation logs:
karmor log