...
Enjoy the virtual classroom!
BluVal Testing
1.bluval installation
mkdir demo
cd demo
mkdir results
git clone https://gerrit.akraino.org/r/validation.git
cd validation
vi tests/variables.yaml ## update k8s related ip. due to this bp do not use k8s , we don't need to change.
vi bluval/volumes.yaml
Code Block |
---|
volumes: |
...
# location of the ssh key to access the cluster |
...
ssh_key_dir: |
...
local: '/home/thorking/.ssh/' |
...
target: '/root/.ssh/' |
...
# location of the k8s access files (config file, certificates, keys) |
...
kube_config_dir: |
...
local: '/home/thorking/demo/.kube/' |
...
target: '/root/demo/.kube/' |
...
# location of the customized variables.yaml |
...
custom_variables_file: |
...
local: '/home/thorking/demo/validation/tests/variables.yaml' |
...
target: '/opt/akraino/validation/tests/variables.yaml' |
...
# location of the bluval-<blueprint>.yaml file |
...
blueprint_dir: |
...
local: '/home/thorking/demo/validation/bluval' |
...
target: '/opt/akraino/validation/bluval' |
...
# location on where to store the results on the local jumpserver |
...
results_dir: |
...
local: '/home/thorking/demo/results' |
...
target: '/opt/akraino/results' |
...
# location on where to store openrc file |
...
openrc: |
...
local: '/home/thorking/openrc' |
...
target: '/root/openrc' |
vi bluval/bluval-iec-type4.yaml
Code Block |
---|
blueprint: |
...
name: iec-type4 |
...
layers: |
...
- os |
...
- docker |
...
os: &os |
...
- |
...
name: lynis |
...
what: lynis |
...
optional: "False" |
...
- |
...
name: vuls |
...
what: vuls |
...
optional: "False" |
...
k8s: &k8s |
...
- |
...
name: conformance |
...
what: conformance |
...
optional: "False" |
...
- |
...
name: kube-hunter |
...
what: kube-hunter |
...
optional: "False" |
./bluval/blucon.sh -l os iec-type4
==============================================================================
Debug: /opt/akraino/results/os/vuls/debug.log
Output: /opt/akraino/results/os/vuls/output.xml
Log: /opt/akraino/results/os/vuls/log.html
Report: /opt/akraino/results/os/vuls/report.html
2. Troubleshooting
##Iptable issues for centOS8
vi /etc/firewalld/firewalld.conf
in config file change
FirewallBackend=nftables
on
FirewallBackend=iptables
save change and reload firewalld
systemctl restart firewalld.service
...