Skip to content

Ubuntu 18.04

Overview

This user journey guides you to install and verify the compatibility of Kuberarmor on Ubuntu 18.04 with 5.4 Kernel Version by applying policies on VM workloads.

Step 1: Install Kubearmor on VM

Install pre-requisites:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 4052245BD4284CDD
echo "deb https://repo.iovisor.org/apt/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/iovisor.list
sudo apt-get update
sudo apt-get install bcc-tools libbcc-examples linux-headers-$(uname -r)
sudo apt install bpfcc-tools linux-headers-$(uname -r)
sudo apt-get install linux-headers-generic
sudo apt --fix-broken install
sudo apt-get update

Download & Install the Latest release of KubeArmor

wget https://github.com/kubearmor/KubeArmor/releases/download/v0.3.1/kubearmor_0.3.1_linux-amd64.deb && sudo dpkg -i kubearmor_0.3.1_linux-amd64.deb

Start and Check the status of Kubearmor:

sudo systemctl start kubearmor
sudo systemctl enable kubearmor
sudo systemctl status kubearmor

Alt

Step 2: Apply and Verify KubeArmor system policy

vim sleepdenypolicy.yaml
apiVersion: security.kubearmor.com/v1
kind: KubeArmorHostPolicy
metadata:
  name: hsp-kubearmor-dev-proc-path-block
spec:
  process:
    matchPaths:
    - path: bin/sleep # try sleep 1
  action:
    Block

Run this command to apply the policy:

karmor vm --kvms policy add sleepdenypolicy.yaml

Alt

Note: With the above mentioned policy enforced in master VM, if a user tries to access sleep command, user will see permission denied error and karmor log will show the alert log for blocking the file access.

Step 3: Policy Violation

sleep 2

Alt

Verifying policy Violation logs:

karmor log

Alt

Deleting the applied policy:

karmor vm --kvms policy delete sleepdenypolicy.yaml

Alt

Back to top