Code Monkey home page Code Monkey logo

Comments (4)

nyrahul avatar nyrahul commented on June 30, 2024 2

Hi @nyrahul, I was going through the existing code and it seems that some commands like log exist as a command with root cmd being karmor so the complete command looks like karmor log --logPath=stdout, so do we need to get the mentioned filters integrated as flags to the root karmor command? If so the final cmd looks something like karmor --since=1h --namespace=default --log=hostlog/container Please correct me if I am wrong.

Handling --namespace and other filters are much more easy.
Handing since is tricky because we do not have historic logs pulled by karmor. Karmor pulls just the instantaneous logs.
Handling since might involve some code changes on the base kubearmor code too.

In general, the task at hand is to enable filtering options based on json fields supported and pass this filtering option to the server so that they can be filtered on the kubearmor server itself. (This also means code changes in the base kubearmor code).

(This seems to be a good point to discuss during our next community call.)

Attaching sample telemetry herewith:

{
  "Timestamp": 1643954983,
  "UpdatedTime": "2022-02-04T06:09:43.832838Z",
  "ClusterName": "default",
  "HostName": "ubuntu2004-vagrants",
  "NamespaceName": "explorer",
  "PodName": "mysql-0",
  "ContainerID": "bddbbdb1c00c2092d8b47f3284624cc22e678934d026f300780ee282979e7094",
  "ContainerName": "mysql",
  "HostPID": 934399,
  "PPID": 934391,
  "PID": 177937,
  "UID": 1001,
  "Type": "ContainerLog",
  "Source": "/opt/bitnami/mysql/bin/mysqladmin status -uroot -ppassword",
  "Operation": "File",
  "Resource": "/lib/x86_64-linux-gnu/libnss_files-2.28.so",
  "Data": "syscall=SYS_OPENAT fd=-100 flags=/lib/x86_64-linux-gnu/libnss_files.so.2",
  "Result": "Passed"
}
{
  "Timestamp": 1643954983,
  "UpdatedTime": "2022-02-04T06:09:43.832856Z",
  "ClusterName": "default",
  "HostName": "ubuntu2004-vagrants",
  "NamespaceName": "explorer",
  "PodName": "mysql-0",
  "ContainerID": "bddbbdb1c00c2092d8b47f3284624cc22e678934d026f300780ee282979e7094",
  "ContainerName": "mysql",
  "HostPID": 934399,
  "PPID": 934391,
  "PID": 177937,
  "UID": 1001,
  "Type": "ContainerLog",
  "Source": "/opt/bitnami/mysql/bin/mysqladmin status -uroot -ppassword",
  "Operation": "File",
  "Resource": "/opt/bitnami/mysql/conf/my.cnf",
  "Data": "syscall=SYS_OPENAT fd=-100 flags=/opt/bitnami/mysql/conf/my.cnf",
  "Result": "Passed"
}
{
  "Timestamp": 1643954983,
  "UpdatedTime": "2022-02-04T06:09:43.832878Z",
  "ClusterName": "default",
  "HostName": "ubuntu2004-vagrants",
  "NamespaceName": "explorer",
  "PodName": "mysql-0",
  "ContainerID": "bddbbdb1c00c2092d8b47f3284624cc22e678934d026f300780ee282979e7094",
  "ContainerName": "mysql",
  "HostPID": 934399,
  "PPID": 934391,
  "PID": 177937,
  "UID": 1001,
  "Type": "ContainerLog",
  "Source": "/opt/bitnami/mysql/bin/mysqladmin status -uroot -ppassword",
  "Operation": "Network",
  "Resource": "domain=AF_UNIX type=SOCK_STREAM protocol=0",
  "Data": "syscall=SYS_SOCKET",
  "Result": "Passed"
}
{
  "Timestamp": 1643954983,
  "UpdatedTime": "2022-02-04T06:09:43.832901Z",
  "ClusterName": "default",
  "HostName": "ubuntu2004-vagrants",
  "NamespaceName": "explorer",
  "PodName": "mysql-0",
  "ContainerID": "bddbbdb1c00c2092d8b47f3284624cc22e678934d026f300780ee282979e7094",
  "ContainerName": "mysql",
  "HostPID": 934399,
  "PPID": 934391,
  "PID": 177937,
  "UID": 1001,
  "Type": "ContainerLog",
  "Source": "/opt/bitnami/mysql/bin/mysqladmin status -uroot -ppassword",
  "Operation": "Network",
  "Resource": "sa_family=AF_UNIX sun_path=/opt/bitnami/mysql/tmp/mysql.sock",
  "Data": "syscall=SYS_CONNECT fd=3",
  "Result": "Passed"
}
{
  "Timestamp": 1643954983,
  "UpdatedTime": "2022-02-04T06:09:43.832925Z",
  "ClusterName": "default",
  "HostName": "ubuntu2004-vagrants",
  "NamespaceName": "explorer",
  "PodName": "mysql-0",
  "ContainerID": "bddbbdb1c00c2092d8b47f3284624cc22e678934d026f300780ee282979e7094",
  "ContainerName": "mysql",
  "HostPID": 45821,
  "PPID": 45667,
  "PID": 1,
  "UID": 1001,
  "Type": "ContainerLog",
  "Source": "mysqld",
  "Operation": "Network",
  "Resource": "sa_family=AF_UNIX sun_path=\n",
  "Data": "syscall=SYS_ACCEPT fd=25",
  "Result": "Passed"
}
{
  "Timestamp": 1643954987,
  "UpdatedTime": "2022-02-04T06:09:47.006139Z",
  "ClusterName": "default",
  "HostName": "ubuntu2004-vagrants",
  "NamespaceName": "explorer",
  "PodName": "knoxautopolicy-684854b4f4-s7vxm",
  "ContainerID": "47143ff0f01752aec2d98d376cbee668e365de4a37629fa83876397614bf4ce2",
  "ContainerName": "knoxautopolicy",
  "HostPID": 48560,
  "PPID": 48478,
  "PID": 1,
  "Type": "ContainerLog",
  "Source": "knoxAutoPolicy",
  "Operation": "File",
  "Resource": "/run/secrets/kubernetes.io/serviceaccount/..2022_02_04_05_24_40.153181384/token",
  "Data": "syscall=SYS_OPENAT fd=-100 flags=/var/run/secrets/kubernetes.io/serviceaccount/token",
  "Result": "Passed"
}

from kubearmor-client.

daemon1024 avatar daemon1024 commented on June 30, 2024 2

Hey @slayer321, There's a pull request in KubeArmor - kubearmor/KubeArmor#683 to support Labels field in telemetry. This should ease things out implementing the labels filter here. Wdyt?

from kubearmor-client.

skant7 avatar skant7 commented on June 30, 2024

Hi @nyrahul, I was going through the existing code and it seems that some commands like log exist as a command with root cmd being karmor so the complete command looks like karmor log --logPath=stdout, so do we need to get the mentioned filters integrated as flags to the root karmor command?
If so the final cmd looks something like karmor --since=1h --namespace=default --log=hostlog/container
Please correct me if I am wrong.

from kubearmor-client.

slayer321 avatar slayer321 commented on June 30, 2024

/assign

from kubearmor-client.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.