add hostvisibility information to karmor probe

[Ankurk99]

karmor probe should show if the host visibility for KubeArmor is enabled or not

[legorie]

Hi @Ankurk99 @daemon1024 , I would like to work on this issue. To restate my understanding Requirement: If the kubearmor-visibility annotation is set on the node, the karmor probe should display this parameter in its output. Sample output 1:

Node 1 : 
        OS Image:                       Ubuntu 20.04.5 LTS
        Kernel Version:                 5.15.0-52-generic 
        Kubelet Version:                v1.25.2           
        Container Runtime:              docker://20.10.18 
        Active LSM:                     AppArmor          
        Host Security:                  false             
        Container Security:             true              
        Container Default Posture:      block(File)             block(Capabilities)     block(Network)
        Host Default Posture:           block(File)             block(Capabilities)     block(Network)
==> Host Visibility Level:          Process                 File                    Capabilities            Network

Sample Output 2:

Node 1 : 
        .....
        Container Default Posture:      block(File)             block(Capabilities)     block(Network)
        Host Default Posture:           block(File)             block(Capabilities)     block(Network)
==> Host Visibility Level:          Process                 File 

Sample Output 3:

Node 1 : 
       .....
        Container Default Posture:      block(File)             block(Capabilities)     block(Network)
        Host Default Posture:           block(File)             block(Capabilities)     block(Network)
==> Host Visibility Level:          None 

The dev work is to be done on the probe package.

[Ankurk99]

@legorie Thanks for your interest. Yes your understanding is correct and the sample outputs are what we expect.

[legorie]

Hi @Ankurk99 , After initial analysis, it looks like we need to update the code in the core KubeArmor code too here .. https://github.com/kubearmor/KubeArmor/blob/main/KubeArmor/core/karmorprobedata.go Edit : 22/11/2022 few updates after testing

type KarmorData struct {
    OSImage                 string
    KernelVersion           string
    KubeletVersion          string
    ContainerRuntime        string
    ActiveLSM               string
    KernelHeaderPresent     bool
    HostSecurity            bool
    ContainerSecurity       bool
    ContainerDefaultPosture tp.DefaultPosture
    HostDefaultPosture      tp.DefaultPosture
        HostVisibility          string     <===
}

func (dm *KubeArmorDaemon) SetKarmorData() {
....
    kd.HostVisibility = dm.Node.Annotations["kubearmor-visibility"]

$ sudo cat /tmp/karmorProbeData.cfg                                                                           
{"OSImage":"Ubuntu 22.04.1 LTS","KernelVersion":"5.15.0-53-generic","KubeletVersion":"v1.25.3+k3s1","ContainerRuntime":"containerd://1.6.8-k3s1","ActiveLSM":"AppArmor","KernelHeaderPresent":true,"HostSecurity":true,"ContainerSecurity":true,"ContainerDefaultPosture":{"file":"block","network":"block","capabilties":"block"},"HostDefaultPosture":{"file":"block","network":"block","capabilties":"block"},**"HostVisibility":"process,file,network,capabilities"**}

Do you think I'm in the right direction ? I would be glad to make the change in the core package too, to test them together.

[Ankurk99]

Hi @legorie, Sorry for the late response. Yes, you seems to be on the right track. Can you please create a draft PR with your changes and then we can suggests there?

[legorie]

Hi @Ankurk99, No worries, thanks for the suggestion. I've created an issue (enhancement) in the core project. If the type and details are okay, please assign this to my name. I'll update the changes to the karmorprobedata.go in that issue.