Merge pull request kubearmor#729 from asifalix/kubearmor-main

Kubearmor main

KubeArmor/monitor/systemMonitor.go

@@ -30,15 +30,18 @@ import (
 
 // System Call Numbers
 const (
-	SysOpen   = 2
-	SysOpenAt = 257
-	SysClose  = 3
-
-	SysSocket  = 41
-	SysConnect = 42
-	SysAccept  = 43
-	SysBind    = 49
-	SysListen  = 50
+	SysOpen      = 2
+	SysOpenAt    = 257
+	SysClose     = 3
+	Sys_link     = 85
+	Sys_unlink   = 86
+	Sys_symlink  = 87
+	Sys_readlink = 88
+	SysSocket    = 41
+	SysConnect   = 42
+	SysAccept    = 43
+	SysBind      = 49
+	SysListen    = 50
 
 	SysExecve   = 59
 	SysExecveAt = 322

contribution/k3s/install2.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+# SPDX-License-Identifier: Apache-2.0
+# Copyright 2021 Authors of KubeArmor
+
+# create a single-node K3s cluster
+
+KUBEDIR=$HOME/.kube
+KUBECONFIG=$KUBEDIR/config
+
+[[ ! -d $KUBEDIR ]] && mkdir $HOME/.kube/
+if [ -f $KUBECONFIG ]; then
+	KUBECONFIGBKP=$KUBEDIR/config.backup
+	echo "Found $KUBECONFIG already in place ... backing it up to $KUBECONFIGBKP"
+	cp $KUBECONFIG $KUBECONFIGBKP
+fi
+
+cp /etc/rancher/k3s/k3s.yaml $KUBEDIR/config 
+
+echo "wait for initialization"
+sleep 15
+
+for (( ; ; ))
+do
+	status=$(kubectl get pods -A -o jsonpath={.items[*].status.phase})
+	[[ $(echo $status | grep -v Running | wc -l) -eq 0 ]] && break
+	echo "wait for initialization"
+	sleep 1
+done
+
+kubectl get pods -A

contribution/k3s/~

@@ -0,0 +1,38 @@
+*help.txt*	For Vim version 7.4.  Last change: 2016 Sep 07
+
+		  VIM - fake help file for vim-tiny
+
+The Vim online help is not installed on this Debian GNU/Linux system.
+
+WHY ?
+
+Because only the "vim-tiny" package is installed, whose sole purpose is to
+provide the vi command for base installations.  As such, it contains a minimal
+version of Vim compiled with no graphical user interface and a small subset of
+features, in order to keep the package size small.
+
+Since the "vim-runtime" package is rather huge when compared to "vim-tiny",
+installing the latter does not automatically install the former.
+
+HOW TO GET A BETTER VIM
+
+To get a more featureful Vim binary (and a vim command, rather than just vi),
+install one of the following packages: vim, vim-nox, vim-athena, vim-gtk, or
+vim-gtk3.
+
+HOW TO OBTAIN HELP
+
+either browse the Vim online help via web starting at
+
+     http://vimhelp.appspot.com/help.txt.html#help.txt
+
+or ask your administrator to install the "vim-doc" package, which contains the
+   HTML version of the online help and browse it starting at
+
+     /usr/share/doc/vim/html/index.html
+
+or  ask your administrator to install the "vim-runtime" package, re-run vi and
+    access the online help again.  Note that all the above mentioned Vim
+    variants other then "vim-tiny" automatically install the "vim-runtime"
+    package.  If you don't suffer from disk space shortage using one of them is
+    recommended.

contribution/self-managed-k8s/new.sh

@@ -0,0 +1,86 @@
+#!/bin/bash
+# SPDX-License-Identifier: Apache-2.0
+# Copyright 2021 Authors of KubeArmor
+
+. /etc/os-release
+
+if [ "$NAME" != "Ubuntu" ]; then
+    echo "Support Ubuntu 18.xx, 20.xx"
+    exit
+fi
+
+# update repo
+sudo apt-get update
+
+# make a directory to build bcc
+sudo rm -rf /tmp/build; mkdir -p /tmp/build; cd /tmp/build
+
+# download bcc
+git -C /tmp/build/ clone --branch v0.24.0 --depth 1 https://github.com/iovisor/bcc.git
+
+# install dependencies for bcc
+sudo apt-get -y install build-essential cmake bison flex git python3 python3-pip \
+                        clang-9 libllvm9 llvm-9-dev libclang-9-dev zlib1g-dev libelf-dev libedit-dev libfl-dev \
+                        arping netperf iperf3
+
+# install bcc
+mkdir -p /tmp/build/bcc/build; cd /tmp/build/bcc/build
+cmake .. -DPYTHON_CMD=python3 -DCMAKE_INSTALL_PREFIX=/usr && make -j$(nproc) && sudo make install
+if [ $? != 0 ]; then
+    echo "Failed to install bcc"
+    exit 1
+fi
+
+
+# install apparmor and audit
+sudo apt-get install -y apparmor apparmor-utils auditd
+
+# enable auditd
+sudo systemctl enable auditd && sudo systemctl start auditd
+
+# install dependency on protoc
+sudo apt-get install -y unzip
+
+# download protoc
+mkdir -p /tmp/build/protoc; cd /tmp/build/protoc
+wget --quiet https://github.com/protocolbuffers/protobuf/releases/download/v3.14.0/protoc-3.14.0-linux-x86_64.zip -O /tmp/build/protoc/protoc-3.14.0-linux-x86_64.zip
+
+# install protoc
+unzip protoc-3.14.0-linux-x86_64.zip
+sudo mv bin/protoc /usr/local/bin/
+sudo chmod 755 /usr/local/bin/protoc
+
+# apply env
+if [[ $(hostname) = kubearmor-dev* ]]; then
+    export GOPATH=/home/vagrant/go
+    export GOROOT=/usr/local/go
+    export PATH=$PATH:/usr/local/go/bin:/home/vagrant/go/bin
+elif [ -z "$GOPATH" ]; then
+    export GOPATH=$HOME/go
+    export GOROOT=/usr/local/go
+    export PATH=$PATH:/usr/local/go/bin:$HOME/go/bin
+fi
+
+# download protoc-gen-go
+go get -u google.golang.org/grpc
+go get -u github.com/golang/protobuf/protoc-gen-go
+
+# install kubebuilder
+wget --quiet https://github.com/kubernetes-sigs/kubebuilder/releases/download/v3.1.0/kubebuilder_linux_amd64 -O /tmp/build/kubebuilder
+chmod +x /tmp/build/kubebuilder; sudo mv /tmp/build/kubebuilder /usr/local/bin
+
+if [[ $(hostname) = kubearmor-dev* ]]; then
+    echo >> /home/vagrant/.bashrc
+    echo 'export PATH=$PATH:/usr/local/kubebuilder/bin' >> /home/vagrant/.bashrc
+elif [ -z "$GOPATH" ]; then
+    echo >> ~/.bashrc
+    echo 'export PATH=$PATH:/usr/local/kubebuilder/bin' >> ~/.bashrc
+fi
+
+# install kustomize
+cd /tmp/build/
+curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"  | bash
+sudo mv kustomize /usr/local/bin
+
+# remove downloaded files
+cd; sudo rm -rf /tmp/build