Coder Social home page Coder Social logo

seswarrajan / policy-templates Goto Github PK

View Code? Open in Web Editor NEW

This project forked from kubearmor/policy-templates

0.0 0.0 0.0 1.49 MB

Community curated list of System and Network policy templates for the KubeArmor and Cilium

Home Page: https://kubearmor.io/

License: Apache License 2.0

policy-templates's Introduction

AccuKnox Policies Library

A community-owned library of Kubernetes System and Network policies

Build Status Slack Discussions Contributions

AccuKnox Templates overview

Please follow the hierarchy while contribution

.
├── mitre
│   ├── network
│   │   └── cnp-firewall-world-block.yaml
│   ├── system
│   │   └── ksp-postgres-allow.yaml
│   │   └── ksp-privilage-pod-block.yaml
├── pci-dss
│   ├── network
│   │   └── cnp-cardholder-data-block.yaml
│   ├── system
│   │   └── ksp-protect-cardholder-data-audit.yaml
├── nist
│   ├── network
│   │   └── cnp-account-management-block.yaml
│   ├── system
│   │   └── ksp-remote-file-copy-block.yaml
│   │   └── ksp-active-directory-audit.yaml
├── cves
│   ├── network
│   │   └── cnp-CVE-2009-0932.yaml
│   ├── system
│   │   └── ksp-CVE-2021-29156.yaml
│   │   └── ksp-CVE-2021-29442.yaml
├── cis
│   ├── system
│   │   └── hsp-scheduler-pod-block.yaml
...

📖 Documentation

Please navigate to https://kubearmor.gitbook.io for detailed documentation to deploy KubeArmor and create own custom templates. We have also added a set of templates to help you understand how things work.

💪 Contributions

Policy-templates is powered by major contributions from the community and an initiative from AccuKnox. Refer Contribution for more info

💬 Discussion

Got questions / doubts / ideas to discuss? Feel free to open a discussion on Github discussions board.

👨‍💻 Test it yourself

Assuming cluster is configured, this can be verified via using kubectl config current-context command. If not follow this

Step #1: Download and install karmor CLI binary on your local machine

curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sudo sh -s -- -b /usr/local/bin

Step #2: Install KubeArmor using karmor CLI tool

karmor install

Step #3: Deploy sample application on configured cluster, we'll use nginx as deployment here

kubectl apply -f https://k8s.io/examples/application/deployment.yaml
kubectl get pods -l app=nginx

Step #4: Applying MITRE Policy to block system owner discovery command

kubectl apply -f https://raw.githubusercontent.com/kubearmor/policy-templates/main/mitre/system/ksp-mitre-system-owner-user-discovery.yaml

Step #05: Checking if system owner command is Blocked or not

kubectl exec -it --namespace default nginx-deployment-xxxxxxxxxx-xxxxx -- bash
root@nginx-deployment-687d8556b7-8wjmj:/# whoami
bash: /usr/bin/whoami: Permission denied

Replace nginx-deployment-xxxxxxxxxx-xxxxx with pod name from Step #3.
We can see the command didn't executed and instead we got Permission denied

Step #6: Getting telemetry/alerts for KubeArmor

kubectl port-forward -n kube-system svc/kubearmor 32767:32767

Keep this terminal open, and in another terminal type

karmor log

policy-templates's People

Contributors

abhinavcsy avatar ashokaccuknox avatar bestgaurav avatar deepakcys avatar hariharan246 avatar harshaccuknox avatar harshit-anand avatar harshsoni0 avatar krima-sys avatar krimaspec avatar mani1325 avatar mani8374 avatar musaddikaccuknox avatar nandakrr avatar nyrahul avatar praveen-accuknox avatar raviknox avatar ravkishu avatar rohitrishim avatar salman-accuknox avatar simran-munot avatar syeddhadi avatar tamilmaran-7 avatar vishnusomank avatar yasin-cs-ko-ak avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.