Merge pull request #645 from kloudmax/main

update deployment YAML files

.github/workflows/ci-test.yml

@@ -44,7 +44,6 @@ jobs:
           sudo apt-get update
           sudo apt-get -y install build-essential cmake bison flex git python3 python3-pip clang-9 libllvm9 llvm-9-dev libclang-9-dev zlib1g-dev libelf-dev libedit-dev libfl-dev
           pushd /tmp
-          # fetch latest bcc release
           git clone --branch v0.24.0 --depth 1 https://github.com/iovisor/bcc.git
           mkdir -p bcc/build; cd bcc/build
           sudo ln -s /usr/lib/llvm-9 /usr/local/llvm

.github/workflows/latest-release.yml

@@ -10,7 +10,7 @@ on:
       - 'tests/**'
       - 'protobuf/**'
 
-  create: 
+  create:
     branches:
       - 'v*'
 
@@ -30,7 +30,7 @@ jobs:
         run: |
           if [ ${{ github.ref }} == "refs/heads/main" ]; then
             echo ::set-output name=tag::latest
-          else 
+          else
             echo ::set-output name=tag::${GITHUB_REF#refs/*/}
           fi
 

.github/workflows/release.yml

@@ -16,6 +16,7 @@ jobs:
         uses: actions/checkout@v2
         with:
           fetch-depth: 0
+
       - name: Build bcc
         run: |
           set -x
@@ -29,13 +30,16 @@ jobs:
           make -j$(nproc)
           sudo make install
           popd
+
       - name: Set up Go
         uses: actions/setup-go@v2
         with:
           go-version: 1.
+
       - name: Installing Karmor
         run: curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sudo sh -s -- -b .
         working-directory: KubeArmor
+
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
         with:

CONTRIBUTING.md

@@ -1,15 +1,24 @@
 # How to Contribute to KubeArmor?
 
-1. Pick [issue](https://github.com/issues?q=is%3Aopen+is%3Aissue+user%3Akubearmor+sort%3Aupdated-desc) to work on. For first-time contributors, best would be to pick issue [tagged good-first-issue](https://github.com/issues?q=is%3Aopen+is%3Aissue+user%3Akubearmor+label%3A%22good+first+issue%22+sort%3Aupdated-desc).
+1. Pick an [issue](https://github.com/issues?q=is%3Aopen+is%3Aissue+user%3Akubearmor+sort%3Aupdated-desc) to work on. For first-time contributors, the best would be to pick an issue [tagged good-first-issue](https://github.com/issues?q=is%3Aopen+is%3Aissue+user%3Akubearmor+label%3A%22good+first+issue%22+sort%3Aupdated-desc).
+
 2. If you feel adventurous and would like to take a challenging issue, we would love to have you contribute on issues [tagged help-wanted](https://github.com/issues?q=is%3Aopen+is%3Aissue+user%3Akubearmor+label%3A%22help+wanted%22+sort%3Aupdated-desc).
+
 3. There is a [Contribution Guide](contribution/contribution_guide.md) that explains how to create a fork and raise PR on GitHub.
+
 4. If the issue involves code changes you need to install development env using this [Development Guide](contribution/development_guide.md).
 
-Last but not the least, contributions are not necessarily in the form of code changes. Kubearmor community can benefit for contributions such as:
-1. [Policy-Templates](https://github.com/kubearmor/policy-templates): Users are welcome to contribute policy-templates for their workloads. The workloads have to be generic enough such that it benefits the wider community. For e.g., if someone brings up a system policy restricting access of nginx process that would be useful in multiple scenarios and for wider community then coming up with a policy-template that is specific to your proprietary application.
+# Scope of contribution
+
+Contributions are not necessarily in the form of code changes. Kubearmor community can benefit from contributions such as:
+
+1. [Policy-Templates](https://github.com/kubearmor/policy-templates): Users are welcome to contribute policy-templates for their workloads. The workloads have to be generic enough such that it benefits the wider community. E.g., if someone brings up a system policy restricting access to nginx process that would be useful in multiple scenarios and for the wider community then come up with a policy-template that is specific to your proprietary application.
+
 2. Blogs
-   a. explaining feature use (KVMService, Event Auditor, Visibility etc)
+   a. explaining feature use (KVMService, Event Auditor, Visibility, etc)
    b. How to use Kubearmor to protect your workload? Specific use-cases you may have. Please do not shy away from getting as technical as you can.
    c. ... put your topic of interest here ...
+
 3. Feedback to the community. Just helping advance any discussion on KubeArmor Slack, Community meetings, office hours will make a big difference.
-4. Talking about Kubearmor in meetups. We would certainly encourage users or devs of kubearmor to talk about it in open/closed forums. Community can help with logistics such as compiling/feedback on slide-decks, technical diagrams etc.
+
+4. Talking about Kubearmor in meetups. We would certainly encourage users or devs of kubearmor to talk about it in open/closed forums. The community can help with logistics such as compiling/feedback on slide-decks, technical diagrams, etc.

KubeArmor/build/push_kubearmor.sh

@@ -3,17 +3,18 @@
 # Copyright 2021 Authors of KubeArmor
 
 [[ "$REPO" == "" ]] && REPO="kubearmor/kubearmor"
-unset VERSION
+
+VERSION=latest
 
 # check version
 if [ ! -z $1 ]; then
-    VERSION=":$1"
+    VERSION="$1"
 fi
 
 # push $REPO
-echo "[INFO] Pushing $REPO$VERSION"
-docker push $REPO$VERSION
+echo "[INFO] Pushing $REPO:$VERSION"
+docker push $REPO:$VERSION
 
-[[ $? -ne 0 ]] && echo "[FAILED] Failed to push $REPO$VERSION" && exit 1
-echo "[PASSED] Pushed $REPO$VERSION"
+[[ $? -ne 0 ]] && echo "[FAILED] Failed to push $REPO:$VERSION" && exit 1
+echo "[PASSED] Pushed $REPO:$VERSION"
 exit 0

KubeArmor/feeder/feeder.go

@@ -557,7 +557,9 @@ func (fd *Feeder) PushLog(log tp.Log) {
 		pbAlert.ContainerName = log.ContainerName
 		pbAlert.ContainerImage = log.ContainerImage
 
+		pbAlert.HostPPID = log.HostPPID
 		pbAlert.HostPID = log.HostPID
+
 		pbAlert.PPID = log.PPID
 		pbAlert.PID = log.PID
 		pbAlert.UID = log.UID
@@ -620,7 +622,9 @@ func (fd *Feeder) PushLog(log tp.Log) {
 		pbLog.ContainerName = log.ContainerName
 		pbLog.ContainerImage = log.ContainerImage
 
+		pbLog.HostPPID = log.HostPPID
 		pbLog.HostPID = log.HostPID
+
 		pbLog.PPID = log.PPID
 		pbLog.PID = log.PID
 		pbLog.UID = log.UID

KubeArmor/monitor/hostLogUpdate.go

@@ -29,88 +29,98 @@ func (mon *SystemMonitor) UpdateHostLogs() {
 
 			switch msg.ContextSys.EventID {
 			case SysOpen:
+				if len(msg.ContextArgs) != 2 {
+					continue
+				}
+
 				var fileName string
 				var fileOpenFlags string
 
-				if len(msg.ContextArgs) == 2 {
-					if val, ok := msg.ContextArgs[0].(string); ok {
-						fileName = val
-					}
-					if val, ok := msg.ContextArgs[1].(string); ok {
-						fileOpenFlags = val
-					}
+				if val, ok := msg.ContextArgs[0].(string); ok {
+					fileName = val
+				}
+				if val, ok := msg.ContextArgs[1].(string); ok {
+					fileOpenFlags = val
 				}
 
 				log.Operation = "File"
 				log.Resource = fileName
 				log.Data = "syscall=" + getSyscallName(int32(msg.ContextSys.EventID)) + " flags=" + fileOpenFlags
 
 			case SysOpenAt:
+				if len(msg.ContextArgs) != 3 {
+					continue
+				}
+
 				var fd string
 				var fileName string
 				var fileOpenFlags string
 
-				if len(msg.ContextArgs) == 3 {
-					if val, ok := msg.ContextArgs[0].(int32); ok {
-						fd = strconv.Itoa(int(val))
-					}
-					if val, ok := msg.ContextArgs[1].(string); ok {
-						fileName = val
-					}
-					if val, ok := msg.ContextArgs[2].(string); ok {
-						fileOpenFlags = val
-					}
+				if val, ok := msg.ContextArgs[0].(int32); ok {
+					fd = strconv.Itoa(int(val))
+				}
+				if val, ok := msg.ContextArgs[1].(string); ok {
+					fileName = val
+				}
+				if val, ok := msg.ContextArgs[2].(string); ok {
+					fileOpenFlags = val
 				}
 
 				log.Operation = "File"
 				log.Resource = fileName
 				log.Data = "syscall=" + getSyscallName(int32(msg.ContextSys.EventID)) + " fd=" + fd + " flags=" + fileOpenFlags
 
 			case SysClose:
+				if len(msg.ContextArgs) != 1 {
+					continue
+				}
+
 				var fd string
 
-				if len(msg.ContextArgs) == 1 {
-					if val, ok := msg.ContextArgs[0].(int32); ok {
-						fd = strconv.Itoa(int(val))
-					}
+				if val, ok := msg.ContextArgs[0].(int32); ok {
+					fd = strconv.Itoa(int(val))
 				}
 
 				log.Operation = "File"
 				log.Resource = ""
 				log.Data = "syscall=" + getSyscallName(int32(msg.ContextSys.EventID)) + " fd=" + fd
 
 			case SysSocket: // domain, type, proto
+				if len(msg.ContextArgs) != 3 {
+					continue
+				}
+
 				var sockDomain string
 				var sockType string
 				var sockProtocol string
 
-				if len(msg.ContextArgs) == 3 {
-					if val, ok := msg.ContextArgs[0].(string); ok {
-						sockDomain = val
-					}
-					if val, ok := msg.ContextArgs[1].(string); ok {
-						sockType = val
-					}
-					if val, ok := msg.ContextArgs[2].(int32); ok {
-						sockProtocol = strconv.Itoa(int(val))
-					}
+				if val, ok := msg.ContextArgs[0].(string); ok {
+					sockDomain = val
+				}
+				if val, ok := msg.ContextArgs[1].(string); ok {
+					sockType = val
+				}
+				if val, ok := msg.ContextArgs[2].(int32); ok {
+					sockProtocol = strconv.Itoa(int(val))
 				}
 
 				log.Operation = "Network"
 				log.Resource = "domain=" + sockDomain + " type=" + sockType + " protocol=" + sockProtocol
 				log.Data = "syscall=" + getSyscallName(int32(msg.ContextSys.EventID))
 
 			case SysConnect: // fd, sockaddr
+				if len(msg.ContextArgs) != 2 {
+					continue
+				}
+
 				var fd string
 				var sockAddr map[string]string
 
-				if len(msg.ContextArgs) == 2 {
-					if val, ok := msg.ContextArgs[0].(int32); ok {
-						fd = strconv.Itoa(int(val))
-					}
-					if val, ok := msg.ContextArgs[1].(map[string]string); ok {
-						sockAddr = val
-					}
+				if val, ok := msg.ContextArgs[0].(int32); ok {
+					fd = strconv.Itoa(int(val))
+				}
+				if val, ok := msg.ContextArgs[1].(map[string]string); ok {
+					sockAddr = val
 				}
 
 				log.Operation = "Network"
@@ -127,16 +137,18 @@ func (mon *SystemMonitor) UpdateHostLogs() {
 				log.Data = "syscall=" + getSyscallName(int32(msg.ContextSys.EventID)) + " fd=" + fd
 
 			case SysAccept: // fd, sockaddr
+				if len(msg.ContextArgs) != 2 {
+					continue
+				}
+
 				var fd string
 				var sockAddr map[string]string
 
-				if len(msg.ContextArgs) == 2 {
-					if val, ok := msg.ContextArgs[0].(int32); ok {
-						fd = strconv.Itoa(int(val))
-					}
-					if val, ok := msg.ContextArgs[1].(map[string]string); ok {
-						sockAddr = val
-					}
+				if val, ok := msg.ContextArgs[0].(int32); ok {
+					fd = strconv.Itoa(int(val))
+				}
+				if val, ok := msg.ContextArgs[1].(map[string]string); ok {
+					sockAddr = val
 				}
 
 				log.Operation = "Network"
@@ -152,16 +164,18 @@ func (mon *SystemMonitor) UpdateHostLogs() {
 				}
 
 			case SysBind: // fd, sockaddr
+				if len(msg.ContextArgs) != 2 {
+					continue
+				}
+
 				var fd string
 				var sockAddr map[string]string
 
-				if len(msg.ContextArgs) == 2 {
-					if val, ok := msg.ContextArgs[0].(int32); ok {
-						fd = strconv.Itoa(int(val))
-					}
-					if val, ok := msg.ContextArgs[1].(map[string]string); ok {
-						sockAddr = val
-					}
+				if val, ok := msg.ContextArgs[0].(int32); ok {
+					fd = strconv.Itoa(int(val))
+				}
+				if val, ok := msg.ContextArgs[1].(map[string]string); ok {
+					sockAddr = val
 				}
 
 				log.Operation = "Network"
@@ -178,12 +192,14 @@ func (mon *SystemMonitor) UpdateHostLogs() {
 				log.Data = "syscall=" + getSyscallName(int32(msg.ContextSys.EventID)) + " fd=" + fd
 
 			case SysListen: // fd
+				if len(msg.ContextArgs) == 2 {
+					continue
+				}
+
 				var fd string
 
-				if len(msg.ContextArgs) == 2 {
-					if val, ok := msg.ContextArgs[0].(int32); ok {
-						fd = strconv.Itoa(int(val))
-					}
+				if val, ok := msg.ContextArgs[0].(int32); ok {
+					fd = strconv.Itoa(int(val))
 				}
 
 				log.Operation = "Network"