Debian 11 (Bullseye)
Overview¶
This user journey guides you to install and verify the compatibility of Kuberarmor on Debian 11 (Bullseye) with 5.10 Kernel Version by applying policies on kubernetes workloads.
Step 1: Install Kubearmor on VM¶
sudo apt install bpfcc-tools linux-headers-$(uname -r)
Download the Latest release of KubeArmor
wget https://github.com/kubearmor/KubeArmor/releases/download/v0.3.1/kubearmor_0.3.1_linux-amd64.deb
dpkg -i kubearmor_0.3.1_linux-amd64.deb
Note: While Installing if you get the following error,
Run the following command.
$apt --fix-broken install to fix the error &
reinstall $dpkg -i kubearmor_0.3.1_linux-amd64.deb
Start and Check the status of Kubearmor:
sudo systemctl start kubearmor
sudo systemctl enable kubearmor
sudo systemctl status kubearmor
Step 2: Apply and Verify Kubearmor system policy¶
cat khp-example-vmname.yaml
apiVersion: security.kubearmor.com/v1
kind: KubeArmorHostPolicy
metadata:
name: khp-02
spec:
severity: 5
file:
matchPaths:
- path: /proc/cpuinfo
action:
Block
Run this command to apply the policy:
karmor vm --kvms policy add khp-example-vmname.yaml
Step 3: Policy Violation¶
With the above mentioned policy enforced in the VM, if a user tries to access /proc/cpuinfo file, user will see permission denied error and karmor log will show the alert log for blocking the file access as shown below.
cat /proc/cpuinfo
Verifying policy Violation logs:
karmor log