Multiubuntu

multiubuntu
- 1.DeploymentTo deploy the multiubuntu microservice, please run the following commands.$ cd KubeArmor/examples/multiubuntu~/KubeArmor/examples/multiubuntu$ kubectl apply -f .
- 2.Use CasesTo verify KubeArmor's functionalities, we provide sample security policies for the multiubuntu microservice.
- Example 1 - Block a process execution
- Deploy a security policy$ cd KubeArmor/examples/multiubuntu/security-policies.../multiubuntu/security-policies$ kubectl -n multiubuntu apply -f ksp-group-1-proc-path-block.yaml
- Execute /bin/sleep inside of the ubuntu-1 pod$ POD_NAME=$(kubectl get pods -n multiubuntu -l "group=group-1,container=ubuntu-1" -o jsonpath='{.items[0].metadata.name}') && kubectl -n multiubuntu exec -it $POD_NAME -- bash# sleep 1(Permission Denied)
- Check audit logs$ karmor log --jsonRun the above command in other terminal to see logs live.To install karmor cli tool [refer](https://github.com/kubearmor/kubearmor-client).
- Example 2 - Block a file access
- Deploy a security policy$ cd security-policies.../multiubuntu/security-policies$ kubectl -n multiubuntu apply -f ksp-ubuntu-5-file-dir-recursive-block.yaml
- Access /credentials/password inside of the ubuntu-5 pod$ POD_NAME=$(kubectl get pods -n multiubuntu -l "group=group-2,container=ubuntu-5" -o jsonpath='{.items[0].metadata.name}') && kubectl -n multiubuntu exec -it $POD_NAME -- bash# cat /credentials/password(Permission Denied)
- Check audit logs$ karmor log --json
Last modified 1yr ago