Versions Compared

Old Version 17

changes.mady.by.user Guixiang Miao

Saved on

compared with

New Version 18

changes.mady.by.user Guixiang Miao

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

We use Ubuntu 20.04, so we run Lynis test manually as follows:

  1. Login to master node, and get the latest Lynis from GitHub

    $ git clone https://github.com/CISOfy/lynis


  2. Modify the permissions of the “lynis” directory

    $ chmod -R 0:0 lynis


  3. Run the command below to test the security of system

    $ cd lynis;  sudo ./lynis audit system


Lynis/Kube-Hunter

  1. Create ~/validation/bluval/bluval-sdtfc.yaml to customize the Test

    blueprint:
    name: sdtfc
    layers:
        - k8s
            - os

    k8s: &k8s
        -
            name: kube-hunter
            what: kube-hunter
            optional: "False"


        os: &os
            -
                name: lynis
                what: lynis
                optional: "False"


  2. Update ~/validation/bluval/volumes.yaml file

    volumes:
    # location of the ssh key to access the cluster
    ssh_key_dir:
        local: '/home/ubuntu/.ssh'
        target: '/root/.ssh'
    # location of the k8s access files (config file, certificates, keys)
    kube_config_dir:
        local: '/home/ubuntu/kube'
        target: '/root/.kube/'
    # location of the customized variables.yaml
    custom_variables_file:
        local: '/home/ubuntu/validation/tests/variables.yaml'
        target: '/opt/akraino/validation/tests/variables.yaml'
    # location of the bluval-<blueprint>.yaml file
    blueprint_dir:
        local: '/home/ubuntu/validation/bluval'
        target: '/opt/akraino/validation/bluval'
    # location on where to store the results on the local jumpserver
    results_dir:
        local: '/home/ubuntu/results'
        target: '/opt/akraino/results'
    # location on where to store openrc file
    openrc:
        local: ''
        target: '/root/openrc'

# parameters that will be passed to the container at each layer
layers:
    # volumes mounted at all layers; volumes specific for a different layer are below
    common:
        - custom_variables_file
        - blueprint_dir
        - results_dir
    hardware:
        - ssh_key_dir
    os:
        - ssh_key_dir
    networking:
        - ssh_key_dir
    docker:
        - ssh_key_dir
    k8s:
        - ssh_key_dir
        - kube_config_dir
    k8s_networking:
        - ssh_key_dir
        - kube_config_dir
    openstack:
        - openrc
    sds:
    sdn:
    vim:


  3. Update ~/validation/tests/variables.yaml file

    ### Input variables cluster's master host
host: <IP Address>             # cluster's master host address
username: <username>            # login name to connect to cluster
password: <password>         # login password to connect to cluster
ssh_keyfile: /root/.ssh/id_rsa        # Identity file for authentication


  4. Run Blucon

    $ bash validation/bluval/blucon.sh sdtfc


...

The post-fix manual logs can be found at TODO.

Kube-Hunter

Nexus URL: TODO

There are no reported vulnerabilities. Note, this release includes fixes for vulnerabilities found in release 6. See the release 6 test document for details on those vulnerabilities and the fixes.

...

Total TestsTest ExecutedPassFailIn Progress
26292629242720

*Vuls is counted as one test case.

...