Documentation ¶
Index ¶
- Constants
- type AuditEventType
- type AuditPolicy
- type BPFPolicy
- type BPFPolicyType
- type CapabilitiesCapabilityType
- type CapabilitiesType
- type Container
- type EndPoint
- type FileDirectoryType
- type FilePathType
- type FilePatternType
- type FileType
- type HostSecurityPolicy
- type HostSecuritySpec
- type HostVolumeMount
- type K8sAuditPolicySpec
- type K8sAuditRuleType
- type K8sEventType
- type K8sKubeArmorAuditPolicies
- type K8sKubeArmorAuditPolicy
- type K8sKubeArmorAuditPolicyEvent
- type K8sKubeArmorHostPolicies
- type K8sKubeArmorHostPolicy
- type K8sKubeArmorHostPolicyEvent
- type K8sKubeArmorMacro
- type K8sKubeArmorMacroEvent
- type K8sKubeArmorMacroSpec
- type K8sKubeArmorPolicies
- type K8sKubeArmorPolicy
- type K8sKubeArmorPolicyEvent
- type K8sNodeEvent
- type K8sPod
- type K8sPodEvent
- type K8sPolicyStatus
- type KubeArmorMacroType
- type Log
- type MatchPolicies
- type MatchPolicy
- type MatchSourceType
- type MatchVolumeMountType
- type NetworkProtocolType
- type NetworkType
- type Node
- type NodeSelectorType
- type PidMap
- type PidNode
- type ProcessDirectoryType
- type ProcessPathType
- type ProcessPatternType
- type ProcessType
- type SELinuxType
- type SecurityPolicy
- type SecuritySpec
- type SelectorType
Constants ¶
const ( KubeArmorPolicyDisabled = 0 KubeArmorPolicyEnabled = 1 KubeArmorPolicyAudited = 2 )
KubeArmorPolicy Flags
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuditEventType ¶
type AuditEventType struct { Probe string `json:"probe"` Rate string `json:"rate,omitempty"` Path string `json:"path,omitempty"` Directory string `json:"dir,omitempty"` Mode string `json:"mode,omitempty"` Flags string `json:"flags,omitempty"` Protocol string `json:"protocol,omitempty"` Ipv4Addr string `json:"ipv4addr,omitempty"` Ipv6Addr string `json:"ipv6addr,omitempty"` Port string `json:"port,omitempty"` Severity int `json:"severity,omitempty"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` }
AuditEventType Structure
type AuditPolicy ¶
type AuditPolicy struct { Selector SelectorType `json:"selector"` Process string `json:"process,omitempty"` Events []AuditEventType `json:"events"` Severity int `json:"severity,omitempty"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` }
AuditPolicy Structure
type BPFPolicy ¶
type BPFPolicy struct { Type BPFPolicyType Args []string Action string }
type BPFPolicyType ¶
type BPFPolicyType string
const ( BPFPolicyTypeSocketConnect BPFPolicyType = "socket_connect_prog" BPFPolicyTypeSocketSendmsg BPFPolicyType = "socket_sendmsg_prog" BPFPolicyTypeInodePermission BPFPolicyType = "inode_permission_prog" BPFPolicyTypeInodeMkdir BPFPolicyType = "inode_mkdir_prog" BPFPolicyTypeInodeRmdir BPFPolicyType = "inode_rmdir_prog" BPFPolicyTypeInodeBPCKSEC BPFPolicyType = "bprm_check_security_prog" )
type CapabilitiesCapabilityType ¶
type CapabilitiesCapabilityType struct { Capability string `json:"capability"` FromSource []MatchSourceType `json:"fromSource,omitempty"` Severity int `json:"severity,omitempty"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` Action string `json:"action,omitempty"` }
CapabilitiesCapabilityType Structure
type CapabilitiesType ¶
type CapabilitiesType struct { MatchCapabilities []CapabilitiesCapabilityType `json:"matchCapabilities,omitempty"` Severity int `json:"severity,omitempty"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` Action string `json:"action,omitempty"` }
CapabilitiesType Structure
type Container ¶
type Container struct { ContainerID string `json:"containerID"` ContainerName string `json:"containerName"` NamespaceName string `json:"namespaceName"` EndPointName string `json:"endPointName"` AppArmorProfile string `json:"apparmorProfile"` PidNS uint32 `json:"pidns"` MntNS uint32 `json:"mntns"` PolicyEnabled int `json:"policyEnabled"` ProcessVisibilityEnabled bool `json:"processVisibilityEnabled"` FileVisibilityEnabled bool `json:"fileVisibilityEnabled"` NetworkVisibilityEnabled bool `json:"networkVisibilityEnabled"` CapabilitiesVisibilityEnabled bool `json:"capabilitiesVisibilityEnabled"` }
Container Structure
type EndPoint ¶
type EndPoint struct { NamespaceName string `json:"namespaceName"` EndPointName string `json:"endPointName"` Labels map[string]string `json:"labels"` Identities []string `json:"identities"` Containers []string `json:"containers"` AppArmorProfiles []string `json:"apparmorProfiles"` SELinuxProfiles map[string]string `json:"selinuxProfiles"` HostVolumes []HostVolumeMount `json:"hostVolumes"` SecurityPolicies []SecurityPolicy `json:"securityPolicies"` AuditPolicies []AuditPolicy `json:"auditPolicies"` // BPF-LSM // BPFPolicies []BPFPolicy `json:"bpfSecurityPolicies"` PolicyEnabled int `json:"policyEnabled"` ProcessVisibilityEnabled bool `json:"processVisibilityEnabled"` FileVisibilityEnabled bool `json:"fileVisibilityEnabled"` NetworkVisibilityEnabled bool `json:"networkVisibilityEnabled"` CapabilitiesVisibilityEnabled bool `json:"capabilitiesVisibilityEnabled"` }
EndPoint Structure
type FileDirectoryType ¶
type FileDirectoryType struct { Directory string `json:"dir"` ReadOnly bool `json:"readOnly,omitempty"` Recursive bool `json:"recursive,omitempty"` OwnerOnly bool `json:"ownerOnly,omitempty"` FromSource []MatchSourceType `json:"fromSource,omitempty"` Severity int `json:"severity,omitempty"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` Action string `json:"action,omitempty"` }
FileDirectoryType Structure
type FilePathType ¶
type FilePathType struct { Path string `json:"path"` ReadOnly bool `json:"readOnly,omitempty"` OwnerOnly bool `json:"ownerOnly,omitempty"` FromSource []MatchSourceType `json:"fromSource,omitempty"` Severity int `json:"severity,omitempty"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` Action string `json:"action,omitempty"` }
FilePathType Structure
type FilePatternType ¶
type FilePatternType struct { Pattern string `json:"pattern"` ReadOnly bool `json:"readOnly,omitempty"` OwnerOnly bool `json:"ownerOnly,omitempty"` Severity int `json:"severity,omitempty"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` Action string `json:"action,omitempty"` }
FilePatternType Structure
type FileType ¶
type FileType struct { MatchPaths []FilePathType `json:"matchPaths,omitempty"` MatchDirectories []FileDirectoryType `json:"matchDirectories,omitempty"` MatchPatterns []FilePatternType `json:"matchPatterns,omitempty"` Severity int `json:"severity,omitempty"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` Action string `json:"action,omitempty"` }
FileType Structure
type HostSecurityPolicy ¶
type HostSecurityPolicy struct { Metadata map[string]string `json:"metadata"` Spec HostSecuritySpec `json:"spec"` }
HostSecurityPolicy Structure
type HostSecuritySpec ¶
type HostSecuritySpec struct { NodeSelector NodeSelectorType `json:"nodeSelector"` Process ProcessType `json:"process,omitempty"` File FileType `json:"file,omitempty"` Network NetworkType `json:"network,omitempty"` Capabilities CapabilitiesType `json:"capabilities,omitempty"` AppArmor string `json:"apparmor,omitempty"` BPFLSM int `json:"bpflsm,omitempty"` Severity int `json:"severity"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` Action string `json:"action"` }
HostSecuritySpec Structure
type HostVolumeMount ¶
type HostVolumeMount struct { Type string VolumeName string PathName string UsedByContainerPath map[string]string // key: container name, val: mounted path UsedByContainerReadOnly map[string]bool // key: container name, val: readOnly }
HostVolumeMount Structure
type K8sAuditPolicySpec ¶
type K8sAuditPolicySpec struct { Selector SelectorType `json:"selector"` AuditRules []K8sAuditRuleType `json:"rules"` Severity string `json:"severity,omitempty"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` }
K8sAuditPolicySpec Structure
type K8sAuditRuleType ¶
type K8sAuditRuleType struct { Process string `json:"process,omitempty"` Events []K8sEventType `json:"events"` Severity string `json:"severity,omitempty"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` }
K8sAuditRuleType Structure
type K8sEventType ¶
type K8sEventType struct { Probe string `json:"probe"` Rate string `json:"rate,omitempty"` Path string `json:"path,omitempty"` Directory string `json:"dir,omitempty"` Mode string `json:"mode,omitempty"` Flags string `json:"flags,omitempty"` Protocol string `json:"protocol,omitempty"` Ipv4Addr string `json:"ipv4addr,omitempty"` Ipv6Addr string `json:"ipv6addr,omitempty"` Port string `json:"port,omitempty"` }
K8sEventType Structure
type K8sKubeArmorAuditPolicies ¶
type K8sKubeArmorAuditPolicies struct {
Items []K8sKubeArmorAuditPolicy `json:"items"`
}
K8sKubeArmorAuditPolicies Structure
type K8sKubeArmorAuditPolicy ¶
type K8sKubeArmorAuditPolicy struct { Metadata metav1.ObjectMeta `json:"metadata"` Spec K8sAuditPolicySpec `json:"spec"` Status K8sPolicyStatus `json:"status,omitempty"` }
K8sKubeArmorAuditPolicy Structure
type K8sKubeArmorAuditPolicyEvent ¶
type K8sKubeArmorAuditPolicyEvent struct { Type string `json:"type"` Object K8sKubeArmorAuditPolicy `json:"object"` }
K8sKubeArmorAuditPolicyEvent Structure
type K8sKubeArmorHostPolicies ¶
type K8sKubeArmorHostPolicies struct {
Items []K8sKubeArmorHostPolicy `json:"items"`
}
K8sKubeArmorHostPolicies Structure
type K8sKubeArmorHostPolicy ¶
type K8sKubeArmorHostPolicy struct { Metadata metav1.ObjectMeta `json:"metadata"` Spec HostSecuritySpec `json:"spec"` Status K8sPolicyStatus `json:"status,omitempty"` }
K8sKubeArmorHostPolicy Structure
type K8sKubeArmorHostPolicyEvent ¶
type K8sKubeArmorHostPolicyEvent struct { Type string `json:"type"` Object K8sKubeArmorHostPolicy `json:"object"` }
K8sKubeArmorHostPolicyEvent Structure
type K8sKubeArmorMacro ¶
type K8sKubeArmorMacro struct { Metadata metav1.ObjectMeta `json:"metadata"` Spec K8sKubeArmorMacroSpec `json:"spec"` Status K8sPolicyStatus `json:"status,omitempty"` }
K8sKubeArmorMacro Structure
type K8sKubeArmorMacroEvent ¶
type K8sKubeArmorMacroEvent struct { Type string `json:"type"` Object K8sKubeArmorMacro `json:"object"` }
K8sKubeArmorMacroEvent Structure
type K8sKubeArmorMacroSpec ¶
type K8sKubeArmorMacroSpec struct {
Macros []KubeArmorMacroType `json:"macros"`
}
K8sKubeArmorMacroSpec Structure
type K8sKubeArmorPolicies ¶
type K8sKubeArmorPolicies struct {
Items []K8sKubeArmorPolicy `json:"items"`
}
K8sKubeArmorPolicies Structure
type K8sKubeArmorPolicy ¶
type K8sKubeArmorPolicy struct { Metadata metav1.ObjectMeta `json:"metadata"` Spec SecuritySpec `json:"spec"` Status K8sPolicyStatus `json:"status,omitempty"` }
K8sKubeArmorPolicy Structure
type K8sKubeArmorPolicyEvent ¶
type K8sKubeArmorPolicyEvent struct { Type string `json:"type"` Object K8sKubeArmorPolicy `json:"object"` }
K8sKubeArmorPolicyEvent Structure
type K8sNodeEvent ¶
K8sNodeEvent Structure
type K8sPod ¶
type K8sPod struct { Metadata map[string]string Annotations map[string]string Labels map[string]string Containers map[string]string HostVolumes []HostVolumeMount }
K8sPod Structure
type K8sPodEvent ¶
K8sPodEvent Structure
type K8sPolicyStatus ¶
type K8sPolicyStatus struct {
Status string `json:"status,omitempty"`
}
K8sPolicyStatus Structure
type KubeArmorMacroType ¶
KubeArmorMacroType Structure
type Log ¶
type Log struct { // updated time Timestamp int64 `json:"timestamp"` UpdatedTime string `json:"updatedTime"` // host ClusterName string `json:"clusterName,omitempty"` HostName string `json:"hostName"` // k8s NamespaceName string `json:"namespaceName,omitempty"` PodName string `json:"podName,omitempty"` // container ContainerID string `json:"containerID,omitempty"` ContainerName string `json:"containerName,omitempty"` // common HostPID int32 `json:"hostPid"` PPID int32 `json:"ppid"` PID int32 `json:"pid"` UID int32 `json:"uid"` // policy PolicyName string `json:"policyName,omitempty"` // severity, tags, message Severity string `json:"severity,omitempty"` Tags string `json:"tags,omitempty"` Message string `json:"message,omitempty"` // log Type string `json:"type"` Source string `json:"source"` Operation string `json:"operation"` Resource string `json:"resource"` Data string `json:"data,omitempty"` Action string `json:"action,omitempty"` Result string `json:"result"` PolicyEnabled int `json:"policyEnabled,omitempty"` ProcessVisibilityEnabled bool `json:"processVisibilityEnabled,omitempty"` FileVisibilityEnabled bool `json:"fileVisibilityEnabled,omitempty"` NetworkVisibilityEnabled bool `json:"networkVisibilityEnabled,omitempty"` CapabilitiesVisibilityEnabled bool `json:"capabilitiesVisibilityEnabled,omitempty"` }
Log Structure
type MatchPolicy ¶
type MatchPolicy struct { PolicyName string Severity string Tags []string Message string Source string Operation string ResourceType string Resource string IsFromSource bool Regexp *regexp.Regexp Native bool Action string }
MatchPolicy Structure
type MatchSourceType ¶
type MatchSourceType struct {
Path string `json:"path,omitempty"`
}
MatchSourceType Structure
type MatchVolumeMountType ¶
type MatchVolumeMountType struct { Path string `json:"path,omitempty"` Directory string `json:"dir,omitempty"` ReadOnly bool `json:"readOnly,omitempty"` Severity int `json:"severity,omitempty"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` Action string `json:"action,omitempty"` }
MatchVolumeMountType Structure
type NetworkProtocolType ¶
type NetworkProtocolType struct { Protocol string `json:"protocol"` FromSource []MatchSourceType `json:"fromSource,omitempty"` Severity int `json:"severity,omitempty"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` Action string `json:"action,omitempty"` }
NetworkProtocolType Structure
type NetworkType ¶
type NetworkType struct { MatchProtocols []NetworkProtocolType `json:"matchProtocols,omitempty"` SendIPs []string `json:"sendIPs,omitempty"` ConnectIPs []string `json:"connectIPs,omitempty"` Severity int `json:"severity,omitempty"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` Action string `json:"action,omitempty"` }
NetworkType Structure
type Node ¶
type Node struct { NodeName string `json:"nodeName"` NodeIP string `json:"nodeIP"` Annotations map[string]string `json:"annotations"` Labels map[string]string `json:"labels"` Identities []string `json:"identities"` Architecture string `json:"architecture"` OperatingSystem string `json:"operatingSystem"` OSImage string `json:"osImage"` KernelVersion string `json:"kernelVersion"` KubeletVersion string `json:"kubeletVersion"` ContainerRuntimeVersion string `json:"containerRuntimeVersion"` EnableKubeArmorPolicy bool `json:"enableKubeArmorPolicy"` EnableKubeArmorHostPolicy bool `json:"enableKubeArmorHostPolicy"` EnableKubeArmorAuditPolicy bool `json:"enableKubeArmorAuditPolicy"` PolicyEnabled int `json:"policyEnabled"` ProcessVisibilityEnabled bool `json:"processVisibilityEnabled"` FileVisibilityEnabled bool `json:"fileVisibilityEnabled"` NetworkVisibilityEnabled bool `json:"networkVisibilityEnabled"` CapabilitiesVisibilityEnabled bool `json:"capabilitiesVisibilityEnabled"` }
Node Structure
type NodeSelectorType ¶
type NodeSelectorType struct { MatchLabels map[string]string `json:"matchLabels,omitempty"` Identities []string `json:"identities,omitempty"` // set during policy update }
NodeSelectorType Structure
type PidNode ¶
type PidNode struct { PidID uint32 MntID uint32 HostPPID uint32 HostPID uint32 PPID uint32 PID uint32 UID uint32 Comm string ExecPath string Exited bool ExitedTime time.Time }
PidNode Structure
type ProcessDirectoryType ¶
type ProcessDirectoryType struct { Directory string `json:"dir"` Recursive bool `json:"recursive,omitempty"` OwnerOnly bool `json:"ownerOnly,omitempty"` FromSource []MatchSourceType `json:"fromSource,omitempty"` Severity int `json:"severity,omitempty"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` Action string `json:"action,omitempty"` }
ProcessDirectoryType Structure
type ProcessPathType ¶
type ProcessPathType struct { Path string `json:"path"` OwnerOnly bool `json:"ownerOnly,omitempty"` FromSource []MatchSourceType `json:"fromSource,omitempty"` Severity int `json:"severity,omitempty"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` Action string `json:"action,omitempty"` }
ProcessPathType Structure
type ProcessPatternType ¶
type ProcessPatternType struct { Pattern string `json:"pattern"` OwnerOnly bool `json:"ownerOnly,omitempty"` Severity int `json:"severity,omitempty"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` Action string `json:"action,omitempty"` }
ProcessPatternType Structure
type ProcessType ¶
type ProcessType struct { MatchPaths []ProcessPathType `json:"matchPaths,omitempty"` MatchDirectories []ProcessDirectoryType `json:"matchDirectories,omitempty"` MatchPatterns []ProcessPatternType `json:"matchPatterns,omitempty"` Severity int `json:"severity,omitempty"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` Action string `json:"action,omitempty"` }
ProcessType Structure
type SELinuxType ¶
type SELinuxType struct { MatchVolumeMounts []MatchVolumeMountType `json:"matchVolumeMounts,omitempty"` Severity int `json:"severity,omitempty"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` Action string `json:"action,omitempty"` }
SELinuxType Structure
type SecurityPolicy ¶
type SecurityPolicy struct { Metadata map[string]string `json:"metadata"` Spec SecuritySpec `json:"spec"` }
SecurityPolicy Structure
type SecuritySpec ¶
type SecuritySpec struct { Selector SelectorType `json:"selector"` Process ProcessType `json:"process,omitempty"` File FileType `json:"file,omitempty"` Network NetworkType `json:"network,omitempty"` Capabilities CapabilitiesType `json:"capabilities,omitempty"` AppArmor string `json:"apparmor,omitempty"` SELinux SELinuxType `json:"selinux,omitempty"` BPFLSM int `json:"bpflsm,omitempty"` Severity int `json:"severity"` Tags []string `json:"tags,omitempty"` Message string `json:"message,omitempty"` Action string `json:"action"` }
SecuritySpec Structure
type SelectorType ¶
type SelectorType struct { MatchLabels map[string]string `json:"matchLabels,omitempty"` Identities []string `json:"identities,omitempty"` // set during policy update }
SelectorType Structure