search

kubearmor / kubearmor-client

KubeArmor cli tool aka kArmor :robot:
Apache License 2.0
34 stars 83 forks source link

Add `karmor probe` as a part of `karmor sysdump` #305

Closed Ankurk99 closed 1 month ago

Ankurk99 commented 1 year ago

Description Currently karmor sysdump generated output doesn't contains information about the node's support for KubeArmor (available LSMs, the mode of enforcement, etc.) which are already a part of karmor probe. The aim is to get that output as a part of karmor sysdump

legorie commented 1 year ago

Hi @Ankurk99 would love to pick up this one

legorie commented 1 year ago

Hi @Ankurk99 , the probing for KubeArmor support happens only when KubeArmor is not running isn't it ?

$ karmor probe

Didn't find KubeArmor in systemd or Kubernetes, probing for support for KubeArmor                                                     

Host:                                                                                                                                 
         Observability/Audit: Supported (Kernel Version 5.15.0)                                                                       
         Enforcement: Full (Supported LSMs: lockdown,capability,landlock,yama,apparmor)

So, when the KubeArmor is not running the new requirement is that the karmor sysdump creates a new file with the node support information. Or, is there an existing file which we can use like node-info.yaml ?

rootxrishabh commented 1 year ago

Hi @Ankurk99, to my understanding this function has to be included into the sysdump file. Is this correct?

rootxrishabh commented 1 year ago

As I see, the node information in the give image obtained by running "karmor probe" is to be included into the output dump of "karmor sysdump". Am I correct @Ankurk99 ? Screenshot from 2023-08-10 01-30-16

Ankurk99 commented 1 year ago

@rootxrishabh Ideally we would love to see everything from the karmor probe in sysdump including if the KubeArmor is running fine and the image versions.

rootxrishabh commented 1 year ago

Sysdump shows inconsistent behaviour while running. As shown below. Screenshot from 2023-09-06 00-02-00

sheharyaar commented 10 months ago

Hi @rootxrishabh , are you still working on it ? I would like to take this up. @Ankurk99 are you talking about the output to stdout or to the zip created ?

rootxrishabh commented 10 months ago

Hey @sheharyaar, not working on this as of now, go ahead : )

Ankurk99 commented 10 months ago

Hi @rootxrishabh , are you still working on it ? I would like to take this up. @Ankurk99 are you talking about the output to stdout or to the zip created ?

@sheharyaar Ideally, both.

sheharyaar commented 10 months ago

Thanks for assigning this, will follow up if I have a query or a PR is ready.

sheharyaar commented 10 months ago

I checked that karmor probe accepts namespace , format string, grpc and other flags. So how do I tackle those in karmor sysdump do I default the namespace to kubearmor and --full flag to true, or do I add these flags to sysdump ? @Ankurk99

sheharyaar commented 10 months ago

Also, the probe dump would be in yaml format or just a raw stdout dump (karmor-probe.dump) ?

sheharyaar commented 10 months ago

@Ankurk99

Manik2708 commented 2 months ago

I am interested on working on this issue! @Ankurk99

Manik2708 commented 2 months ago

@DelusionalOptimist @daemon1024