diff --git a/KubeArmor/monitor/systemMonitor.go b/KubeArmor/monitor/systemMonitor.go index 3df2804e8a..1aa097591f 100644 --- a/KubeArmor/monitor/systemMonitor.go +++ b/KubeArmor/monitor/systemMonitor.go @@ -30,15 +30,18 @@ import ( // System Call Numbers const ( - SysOpen = 2 - SysOpenAt = 257 - SysClose = 3 - - SysSocket = 41 - SysConnect = 42 - SysAccept = 43 - SysBind = 49 - SysListen = 50 + SysOpen = 2 + SysOpenAt = 257 + SysClose = 3 + Sys_link = 85 + Sys_unlink = 86 + Sys_symlink = 87 + Sys_readlink = 88 + SysSocket = 41 + SysConnect = 42 + SysAccept = 43 + SysBind = 49 + SysListen = 50 SysExecve = 59 SysExecveAt = 322 diff --git a/contribution/k3s/install2.sh b/contribution/k3s/install2.sh new file mode 100755 index 0000000000..7a6b415e77 --- /dev/null +++ b/contribution/k3s/install2.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# Copyright 2021 Authors of KubeArmor + +# create a single-node K3s cluster + +KUBEDIR=$HOME/.kube +KUBECONFIG=$KUBEDIR/config + +[[ ! -d $KUBEDIR ]] && mkdir $HOME/.kube/ +if [ -f $KUBECONFIG ]; then + KUBECONFIGBKP=$KUBEDIR/config.backup + echo "Found $KUBECONFIG already in place ... backing it up to $KUBECONFIGBKP" + cp $KUBECONFIG $KUBECONFIGBKP +fi + +cp /etc/rancher/k3s/k3s.yaml $KUBEDIR/config + +echo "wait for initialization" +sleep 15 + +for (( ; ; )) +do + status=$(kubectl get pods -A -o jsonpath={.items[*].status.phase}) + [[ $(echo $status | grep -v Running | wc -l) -eq 0 ]] && break + echo "wait for initialization" + sleep 1 +done + +kubectl get pods -A diff --git a/contribution/k3s/~ b/contribution/k3s/~ new file mode 100644 index 0000000000..51cc898169 --- /dev/null +++ b/contribution/k3s/~ @@ -0,0 +1,38 @@ +*help.txt* For Vim version 7.4. Last change: 2016 Sep 07 + + VIM - fake help file for vim-tiny + +The Vim online help is not installed on this Debian GNU/Linux system. + +WHY ? + +Because only the "vim-tiny" package is installed, whose sole purpose is to +provide the vi command for base installations. As such, it contains a minimal +version of Vim compiled with no graphical user interface and a small subset of +features, in order to keep the package size small. + +Since the "vim-runtime" package is rather huge when compared to "vim-tiny", +installing the latter does not automatically install the former. + +HOW TO GET A BETTER VIM + +To get a more featureful Vim binary (and a vim command, rather than just vi), +install one of the following packages: vim, vim-nox, vim-athena, vim-gtk, or +vim-gtk3. + +HOW TO OBTAIN HELP + +either browse the Vim online help via web starting at + + http://vimhelp.appspot.com/help.txt.html#help.txt + +or ask your administrator to install the "vim-doc" package, which contains the + HTML version of the online help and browse it starting at + + /usr/share/doc/vim/html/index.html + +or ask your administrator to install the "vim-runtime" package, re-run vi and + access the online help again. Note that all the above mentioned Vim + variants other then "vim-tiny" automatically install the "vim-runtime" + package. If you don't suffer from disk space shortage using one of them is + recommended. diff --git a/contribution/self-managed-k8s/new.sh b/contribution/self-managed-k8s/new.sh new file mode 100644 index 0000000000..1f25b43629 --- /dev/null +++ b/contribution/self-managed-k8s/new.sh @@ -0,0 +1,86 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# Copyright 2021 Authors of KubeArmor + +. /etc/os-release + +if [ "$NAME" != "Ubuntu" ]; then + echo "Support Ubuntu 18.xx, 20.xx" + exit +fi + +# update repo +sudo apt-get update + +# make a directory to build bcc +sudo rm -rf /tmp/build; mkdir -p /tmp/build; cd /tmp/build + +# download bcc +git -C /tmp/build/ clone --branch v0.24.0 --depth 1 https://github.com/iovisor/bcc.git + +# install dependencies for bcc +sudo apt-get -y install build-essential cmake bison flex git python3 python3-pip \ + clang-9 libllvm9 llvm-9-dev libclang-9-dev zlib1g-dev libelf-dev libedit-dev libfl-dev \ + arping netperf iperf3 + +# install bcc +mkdir -p /tmp/build/bcc/build; cd /tmp/build/bcc/build +cmake .. -DPYTHON_CMD=python3 -DCMAKE_INSTALL_PREFIX=/usr && make -j$(nproc) && sudo make install +if [ $? != 0 ]; then + echo "Failed to install bcc" + exit 1 +fi + + +# install apparmor and audit +sudo apt-get install -y apparmor apparmor-utils auditd + +# enable auditd +sudo systemctl enable auditd && sudo systemctl start auditd + +# install dependency on protoc +sudo apt-get install -y unzip + +# download protoc +mkdir -p /tmp/build/protoc; cd /tmp/build/protoc +wget --quiet https://github.com/protocolbuffers/protobuf/releases/download/v3.14.0/protoc-3.14.0-linux-x86_64.zip -O /tmp/build/protoc/protoc-3.14.0-linux-x86_64.zip + +# install protoc +unzip protoc-3.14.0-linux-x86_64.zip +sudo mv bin/protoc /usr/local/bin/ +sudo chmod 755 /usr/local/bin/protoc + +# apply env +if [[ $(hostname) = kubearmor-dev* ]]; then + export GOPATH=/home/vagrant/go + export GOROOT=/usr/local/go + export PATH=$PATH:/usr/local/go/bin:/home/vagrant/go/bin +elif [ -z "$GOPATH" ]; then + export GOPATH=$HOME/go + export GOROOT=/usr/local/go + export PATH=$PATH:/usr/local/go/bin:$HOME/go/bin +fi + +# download protoc-gen-go +go get -u google.golang.org/grpc +go get -u github.com/golang/protobuf/protoc-gen-go + +# install kubebuilder +wget --quiet https://github.com/kubernetes-sigs/kubebuilder/releases/download/v3.1.0/kubebuilder_linux_amd64 -O /tmp/build/kubebuilder +chmod +x /tmp/build/kubebuilder; sudo mv /tmp/build/kubebuilder /usr/local/bin + +if [[ $(hostname) = kubearmor-dev* ]]; then + echo >> /home/vagrant/.bashrc + echo 'export PATH=$PATH:/usr/local/kubebuilder/bin' >> /home/vagrant/.bashrc +elif [ -z "$GOPATH" ]; then + echo >> ~/.bashrc + echo 'export PATH=$PATH:/usr/local/kubebuilder/bin' >> ~/.bashrc +fi + +# install kustomize +cd /tmp/build/ +curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash +sudo mv kustomize /usr/local/bin + +# remove downloaded files +cd; sudo rm -rf /tmp/build