Skip to content

Debian 11 (Bullseye)

Overview

This user journey guides you to install and verify the compatibility of Kuberarmor on Debian 11 (Bullseye) with 5.10 Kernel Version by applying policies on VM workloads.

Step 1: Install Kubearmor on VM

sudo apt install bpfcc-tools linux-headers-$(uname -r)

Download the Latest release of KubeArmor

wget https://github.com/kubearmor/KubeArmor/releases/download/v0.3.1/kubearmor_0.3.1_linux-amd64.deb

Alt

dpkg -i kubearmor_0.3.1_linux-amd64.deb

Note: While Installing if you get the following error,

Alt

Run the following command.

$apt --fix-broken install    to fix the error & 
reinstall $dpkg -i kubearmor_0.3.1_linux-amd64.deb

Alt

Start and Check the status of Kubearmor:

sudo systemctl start kubearmor

sudo systemctl enable kubearmor

sudo systemctl status kubearmor

Alt

Step 2: Apply and Verify Kubearmor system policy

cat khp-example-vmname.yaml

apiVersion: security.kubearmor.com/v1
kind: KubeArmorHostPolicy
metadata:
  name: khp-02
spec:
  severity: 5
  file:
    matchPaths:
    - path: /proc/cpuinfo
  action:
    Block

Run this command to apply the policy:

karmor vm --kvms policy add khp-example-vmname.yaml

Step 3: Policy Violation

With the above mentioned policy enforced in the VM, if a user tries to access /proc/cpuinfo file, user will see permission denied error and karmor log will show the alert log for blocking the file access as shown below.

cat /proc/cpuinfo

Alt

Verifying policy Violation logs:

karmor log

Alt

Back to top