Skip to content

Debian 10 (Buster)

Overview

This user journey guides you to install and verify the compatibility of Kuberarmor on Debian 10 (Buster) with 4.19 Kernel Version by applying policies on kubernetes workloads.

Step 1: Install Kubearmor on VM

Install pre-requisites:

  • Repositories: /etc/apt/sources.list should include the non-free repository and look something like this:
vi /etc/apt/sources.list

Add the following:

deb http://deb.debian.org/debian sid main contrib non-free
deb-src http://deb.debian.org/debian sid main contrib non-free

Alt

Install Build dependencies:

apt-get update

According to debian.org

sudo apt-get install arping bison clang-format cmake dh-python \
    dpkg-dev pkg-kde-tools ethtool flex inetutils-ping iperf \
    libbpf-dev libclang-dev libclang-cpp-dev libedit-dev libelf-dev \
    libfl-dev libzip-dev linux-libc-dev llvm-dev libluajit-5.1-dev \
    luajit python3-netaddr python3-pyroute2 python3-distutils python3

Install and Compile BCC:

git clone https://github.com/iovisor/bcc.git
mkdir bcc/build; cd bcc/build
sudo make install
cmake ..
make

Install linux-headers:

sudo apt install linux-headers-$(uname -r)

Note: If youre getting this following error,

Alt

Follow this steps to slove the error.

sudo make install
apt install gcc-8

Alt

sudo apt install linux-headers-$(uname -r)

Alt

Download the Latest release of KubeArmor

wget https://github.com/kubearmor/KubeArmor/releases/download/v0.3.1/kubearmor_0.3.1_linux-amd64.deb

Alt

dpkg -i kubearmor_0.3.1_linux-amd64.deb 

Note: While Installing if you get the following error,

Alt

Run the following command to fix the error.

apt --fix-broken install   
dpkg -i kubearmor_0.3.1_linux-amd64.deb 

Alt

Start and Check the status of Kubearmor:

sudo systemctl start kubearmor
sudo systemctl enable kubearmor
sudo systemctl status kubearmor

Alt

Step 2: Apply and Verify Kubearmor system policy

cat khp-example-vmname.yaml
apiVersion: security.kubearmor.com/v1
kind: KubeArmorHostPolicy
metadata:
  name: hsp-kubearmor-dev-proc-path-block
spec:
  process:
    matchPaths:
    - path: /usr/bin/sleep # try sleep 1
  action:
    Block

Run this command to apply the policy:

karmor vm policy add khp-example-vmname.yaml

Alt

Step 3: Policy Violation

sleep 10

Alt

Verifying policy Violation logs:

karmor log

Alt

Back to top