Versions Compared

Old Version 4

changes.mady.by.user Thor Chin

Saved on

compared with

New Version 5

changes.mady.by.user Thor Chin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Enjoy the virtual classroom!


BluVal Testing

1.bluval installation

mkdir demo
cd demo
mkdir results
git clone https://gerrit.akraino.org/r/validation.git
cd validation
vi tests/variables.yaml  ## update k8s related ip. due to this bp do not use k8s , we don't need to change.

vi bluval/volumes.yaml

Code Block
volumes:

...


# location of the ssh key to access the cluster

...


ssh_key_dir:

...


local: '/home/thorking/.ssh/'

...


target: '/root/.ssh/'

...


# location of the k8s access files (config file, certificates, keys)

...


kube_config_dir:

...


local: '/home/thorking/demo/.kube/'

...


target: '/root/demo/.kube/'

...


# location of the customized variables.yaml

...


custom_variables_file:

...


local: '/home/thorking/demo/validation/tests/variables.yaml'

...


target: '/opt/akraino/validation/tests/variables.yaml'

...


# location of the bluval-<blueprint>.yaml file

...


blueprint_dir:

...


local: '/home/thorking/demo/validation/bluval'

...


target: '/opt/akraino/validation/bluval'

...


# location on where to store the results on the local jumpserver

...


results_dir:

...


local: '/home/thorking/demo/results'

...


target: '/opt/akraino/results'

...


# location on where to store openrc file

...


openrc:

...


local: '/home/thorking/openrc'

...


target: '/root/openrc'


vi bluval/bluval-iec-type4.yaml


Code Block
blueprint:

...


name: iec-type4

...


layers:

...


- os

...


- docker

...



os: &os

...


-

...


name: lynis

...


what: lynis

...


optional: "False"

...


-

...


name: vuls

...


what: vuls

...


optional: "False"

...



k8s: &k8s

...


-

...


name: conformance

...


what: conformance

...


optional: "False"

...


-

...


name: kube-hunter

...


what: kube-hunter

...


optional: "False"


./bluval/blucon.sh -l os iec-type4

==============================================================================
Debug: /opt/akraino/results/os/vuls/debug.log
Output: /opt/akraino/results/os/vuls/output.xml
Log: /opt/akraino/results/os/vuls/log.html
Report: /opt/akraino/results/os/vuls/report.html


2. Troubleshooting
##Iptable issues for centOS8
vi /etc/firewalld/firewalld.conf
in config file change
FirewallBackend=nftables
on
FirewallBackend=iptables
save change and reload firewalld
systemctl restart firewalld.service

...