alcideio / Kaudit
Alcide Kubernetes Audit Log Analyzer - Alcide kAudit
Stars: ✭ 23
Programming Languages
shell
77523 projects
Projects that are alternatives of or similar to Kaudit
Metaforge
An OSINT Metadata analyzing tool that filters through tags and creates reports
Stars: ✭ 63 (+173.91%)
Mutual labels: security-tools, forensics
Pypowershellxray
Python script to decode common encoded PowerShell scripts
Stars: ✭ 192 (+734.78%)
Mutual labels: security-tools, forensics
Awesome Hacking
Awesome hacking is an awesome collection of hacking tools.
Stars: ✭ 1,802 (+7734.78%)
Mutual labels: security-tools, forensics
Blackhat Arsenal Tools
Official Black Hat Arsenal Security Tools Repository
Stars: ✭ 2,639 (+11373.91%)
Mutual labels: security-tools, forensics
Rebel Framework
Advanced and easy to use penetration testing framework 💣🔎
Stars: ✭ 183 (+695.65%)
Mutual labels: security-tools, forensics
Prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+19730.43%)
Mutual labels: security-tools, forensics
Ossa
Open-Source Security Architecture | 开源安全架构
Stars: ✭ 796 (+3360.87%)
Mutual labels: security-tools
Vivalasvenus
@viva_las_venus -- This project is to learn, teach and awareness about privacy and security in the digital life, to build a better, more open and more inclusive world together!
Stars: ✭ 16 (-30.43%)
Mutual labels: security-tools
Dumpsterfire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+3269.57%)
Mutual labels: security-tools
Security Checklist
A checklist for staying safe on the internet
Stars: ✭ 908 (+3847.83%)
Mutual labels: security-tools
Secretscanner
Find secrets and passwords in container images and file systems
Stars: ✭ 895 (+3791.3%)
Mutual labels: security-tools
Sprayingtoolkit
Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
Stars: ✭ 802 (+3386.96%)
Mutual labels: security-tools
Marsnake
System Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems
Stars: ✭ 16 (-30.43%)
Mutual labels: security-tools
Xattacker
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 897 (+3800%)
Mutual labels: security-tools
Rapidscan
🆕 The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775 (+3269.57%)
Mutual labels: security-tools
Owasp Threat Dragon Gitlab
OWASP Threat Dragon with Gitlab Integration
Stars: ✭ 17 (-26.09%)
Mutual labels: security-tools
- Installation
- Create local test environment (Dynamic Auditing)
- Before Installing Alcide kAudit
- Installation Examples
- Access Alcide kAudit From Outside The Cluster
- Integration with Hashicorp Vault
Installation
- EKS
- GKE
- AKS
- Kubernetes Webhook
- Kubernetes Dynamic Auditing (AuditSink)
In the Makefile
Usage: make [options] [target] ...
Generate:
generate-aks Generate AKS installation
generate-all Generate All Deployment targets
generate-eks Generate EKS installation
generate-gke Generate GKE installation
generate-k8s Generate Audit Sink installation
generate-k8s-webhook Generate Audit Sink installation
Install:
get-linux-deps Dependencies Linux
Misc:
help Show this help
Test:
create-kind-cluster KIND
create-minikube-cluster Minikube
Create local test environment (Dynamic Auditing)
Kubernetes KIND
kind create cluster --config hack/kind-config.yaml --image kindest/node:v1.16.4 --name kaudit-v1.16
minikube start --memory=6g --cpus=4 \
--extra-config=apiserver.audit-dynamic-configuration=true \
--extra-config=apiserver.feature-gates=DynamicAuditing=true \
--extra-config=apiserver.runtime-config=auditregistration.k8s.io/v1alpha1=true
Before Installing Alcide kAudit
-
Download helm 3
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 && \ chmod 700 get_helm.sh && \ ./get_helm.sh
- Make sure you have the Image registry pull secret key from Alcide
Installation Examples
Kubernetes Webhook
helm upgrade -i kaudit deploy/charts/kaudit --set clusterName="mycluster" --set k8s.mode="webhook" --set image.pullSecretToken="YourAlcideToken"
Kubernetes AuditSink
helm upgrade -i kaudit deploy/charts/kaudit --set clusterName="mycluster" --set image.pullSecretToken="YourAlcideToken"
or use the interactive wizard to generate a YAML:
deploy/install/kaudit-deployment-wizard.sh
And than run:
kubectl port-forward -n alcide-kaudit svc/kaudit-mycluster 7000:443
Point your browser to https://localhost:7000
Access Alcide kAudit From Outside The Cluster
Kubernetes Ingress Controller
Notes:
- You should have a DNS entry that points to the cluster
- By default self-signed certificates are generated
- See chart values.yaml on how to use external certificates
- The default domain in this example: secops.mycompany.com
- Use
--set ingress.subDomain="yourdomain.com"
to customise the sub-domain used to expose your Alcide kAudit analyzer(s).
Create KIND Cluster
kind create cluster --config hack/kind-config.yaml --image kindest/node:v1.16.4 --name kaudit-v1.16
Install Kubernetes Ingress Controller
helm upgrade -i kaudit-ingress stable/nginx-ingress --namespace alcide-kaudit --set controller.daemonset.useHostPort=true --set controller.service.enabled=false --set controller.kind="DaemonSet" --set controller.ingressClass="kaudit-ingress"
Install Alcide kAudit
helm upgrade -i kaudit deploy/charts/kaudit --set clusterName="mycluster" --set ingress.enable=true
Test that Alcide kAudit is exposed through
curl -D- -k https://localhost:443/ -H 'Host: kaudit-mycluster.secops.mycompany.com'
Integration with Hashicorp Vault
See Vault Agent Injector guide here
Create kAudit Vault Policy
kubectl -n demo exec -ti vault-0 /bin/sh
cat <<EOF > /home/vault/kaudit-policy.hcl
path "secret/data/alcide/kaudit-*" {
capabilities = ["read"]
}
EOF
vault policy write kaudit /home/vault/kaudit-policy.hcl
Vault Kubernetes Integration
kubectl -n demo exec -ti vault-0 /bin/sh
vault auth enable kubernetes
vault write auth/kubernetes/config \
token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
kubernetes_host=https://${KUBERNETES_PORT_443_TCP_ADDR}:443 \
kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
Configure kAudit in Vault
Note how kAudit is installed into the cluster:
- namespace
- service account
vault write auth/kubernetes/role/kaudit-mycluster \
bound_service_account_names=alcide-k8s-kaudit-mycluster \
bound_service_account_namespaces=alcide-kaudit \
policies=kaudit \
ttl=1h
Create a vault secret for the kAudit instance being deployed:
vault kv put secret/alcide/kaudit-mycluster \
token='' \
prometheusToken='' \
gkeToken='' \
aksConnectionString='' \
awsSecretAccessKey='somesecret'
Install Alcide kAudit
- Download helm 3
- Make sure you have the Image registry key from Alcide
Interactive wizard:
deploy/install/kaudit-deployment-wizard.sh
Helm (v3 and onward)
Vault Agent Injector
helm upgrade -i kaudit deploy/charts/kaudit --set clusterName="mycluster" --set vault.mode="agent-inject"
Vault
helm upgrade -i kaudit deploy/charts/kaudit --set clusterName="mycluster" --set vault.mode="vault"
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].