How to install KubeArmor
Key Features
Restrict the behavior of containers and other workloads
KubeArmor provides the ability to restrict specific behavior of process executions, file accesses, networking operations, and resource utilization inside of your workload. level.
Enforce security policies at runtime
KubeArmor directly enforces security policies using Linux Security Modules (LSMs) for each workload based on the identities (e.g., labels) of given containers or workloads.
Generate logs when policy violations occur
KubeArmor produces alert logs for policy violations by monitoring the operations of containers' processes using its eBPF-based monitor.
Provide effortless semantics for policy definitions
KubeArmor manages internal complexities associated with LSMs and provides easy semantics for policy definitions.
Support network security enforcement among containers
KubeArmor allows applying policy settings at the level of network system calls, controlling interactions among containers.
Provide Kubernetes-native security enforcement engine
KubeArmor allows operators to define security policies based on Kubernetes metadata and simply apply them into Kubernetes.
Blogs
An Introduction to Kubernetes Security using KubeArmor
LSM hooks in Linux Kernel mediates access to internal
Read MoreSecurity Policy Depolyment in multiUbuntu with KubeArmor
KubeArmor, a container-aware runtime security enforcement system
Read MoreWhat is KubeArmor and how does it compare with Falco, and Tracee?
In recent times organizations are migrating from on-premise to cloud,
Read MoreSample Policies
apiVersion: security.accuknox.com/v1
kind: KubeArmorPolicy
metadata:
name: ksp-wordpress-config-block
namespace: wordpress-mysql
spec:
severity: 10
selector:
matchLabels:
app: wordpress
file:
matchPaths:
- path: /var/www/html/wp-config.php
fromSource:
- path: /usr/sbin/apache2
action: Allow
- path: /var/www/html/wp-config.php
action: Block
apiVersion: security.accuknox.com/v1
kind: KubeArmorPolicy
metadata:
name: ksp-mysql-dir-audit
namespace: wordpress-mysql
spec:
severity: 5
selector:
matchLabels:
app: mysql
file:
matchDirectories:
- dir: /var/lib/mysql/
recursive: true
action: Audit
apiVersion: security.accuknox.com/v1
kind: KubeArmorPolicy
metadata:
name: ksp-wordpress-process-block
namespace: wordpress-mysql
spec:
severity: 3
selector:
matchLabels:
app: wordpress
process:
matchPaths:
- path: /usr/bin/apt
- path: /usr/bin/apt-get
action: Block
apiVersion: security.accuknox.com/v1
kind: KubeArmorPolicy
metadata:
name: ksp-wordpress-sa-block
namespace: wordpress-mysql
spec:
severity: 8
tags: ["MITRE"]
message: "block the k8s credential access"
selector:
matchLabels:
app: wordpress
file:
matchDirectories:
- dir : /run/secrets/kubernetes.io/serviceaccount/
recursive: true
action: Block