Ubuntu 18.04
Overview¶
This user journey guides you to install and verify the compatibility of Kuberarmor on Ubuntu 18.04 with 5.4 Kernel Version by applying policies on kubernetes workloads.
Step 1: Install Kubearmor on VM¶
Install pre-requisites:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 4052245BD4284CDD
echo "deb https://repo.iovisor.org/apt/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/iovisor.list
sudo apt-get update
sudo apt-get install bcc-tools libbcc-examples linux-headers-$(uname -r)
sudo apt install bpfcc-tools linux-headers-$(uname -r)
sudo apt-get install linux-headers-generic
sudo apt --fix-broken install
sudo apt-get update
Download & Install the Latest release of KubeArmor
wget https://github.com/kubearmor/KubeArmor/releases/download/v0.3.1/kubearmor_0.3.1_linux-amd64.deb && sudo dpkg -i kubearmor_0.3.1_linux-amd64.deb
Start and Check the status of Kubearmor:
sudo systemctl start kubearmor
sudo systemctl enable kubearmor
sudo systemctl status kubearmor
Step 2: Apply and Verify KubeArmor system policy¶
vim sleepdenypolicy.yaml
apiVersion: security.kubearmor.com/v1
kind: KubeArmorHostPolicy
metadata:
name: hsp-kubearmor-dev-proc-path-block
spec:
process:
matchPaths:
- path: bin/sleep # try sleep 1
action:
Block
Run this command to apply the policy:
karmor vm --kvms policy add sleepdenypolicy.yaml
Note: With the above mentioned policy enforced in master VM, if a user tries to access sleep command, user will see permission denied error and karmor log will show the alert log for blocking the file access.
Step 3: Policy Violation¶
sleep 2
Verifying policy Violation logs:
karmor log
Deleting the applied policy:
karmor vm --kvms policy delete sleepdenypolicy.yaml