Skip to content

SUSE Linux Enterprise Server 15

Overview

This user journey guides you to install and verify the compatibility of Kuberarmor on SUSE Linux Enterprise Server 15 with 5.3 Kernel Version by applying policies on VM workloads.

Step 1: Install Kubearmor on VM

Install pre-requisites:

sudo zypper ref
sudo zypper in bcc-tools bcc-examples

Alt

fullkver=$(zypper se -s kernel-default-devel | awk '{split($0,a,"|"); print a[4]}' | grep $(uname -r | awk '{gsub("-default", "");print}') | sed -e 's/^[ \t]*//' | tail -n 1)

Alt

zypper -n --config /var/opt/carbonblack/response/zypp.conf install -f -y kernel-default-devel="$fullkver"

Alt

zypper in apparmor-utils

Alt

zypper in apparmor-profiles

Alt

systemctl restart apparmor.service

Download the Latest release of KubeArmor

wget https://github.com/kubearmor/KubeArmor/releases/download/v0.3.1/kubearmor_0.3.1_linux-amd64.rpm

Alt

zypper install kubearmor_0.3.1_linux-amd64.rpm

Alt

Start & Check the status of Kubearmor:

sudo systemctl start kubearmor
sudo systemctl enable kubearmor
sudo systemctl status kubearmor

Alt

Step 2: Apply and Verify Kubearmor system policy

cat khp-example-vmname.yaml
apiVersion: security.kubearmor.com/v1
kind: KubeArmorHostPolicy
metadata:
  name: khp-02
spec:
  severity: 5
  file:
    matchPaths:
    - path: /proc/cpuinfo
  action:
    Block

Run this command to apply the policy:

karmor vm  policy add khp-example-vmname.yaml

Step 3: Policy Violation

With the above mentioned policy enforced in the VM, if a user tries to access /proc/cpuinfo file, user will see permission denied error and karmor log will show the alert log for blocking the file access as shown below.

cat /proc/cpuinfo

Alt

Verifying policy Violation logs:

karmor log

Alt

Back to top