Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

karmor summary showing incomplete data when used with --agg flag #192

Open
vishnusomank opened this issue Oct 6, 2022 · 0 comments
Open

karmor summary showing incomplete data when used with --agg flag #192

vishnusomank opened this issue Oct 6, 2022 · 0 comments

Comments

@vishnusomank
Copy link
Contributor

karmor summary is showing serviceaccount token access from knoxAutoPolicy binary, but when used with --agg flag the data is getting skipped

karmor summary -n explorer      

  Pod Name        knoxautopolicy-8587dfd464-mrz6b  
  Namespace Name  explorer                         
  Cluster Name    default                          
  Container Name  knoxautopolicy                   
  Labels          container=knoxautopolicy         

File Data
+-----------------+---------------------------------------------------------------------------------+-------+------------------------------+--------+
|   SRC PROCESS   |                              DESTINATION FILE PATH                              | COUNT |      LAST UPDATED TIME       | STATUS |
+-----------------+---------------------------------------------------------------------------------+-------+------------------------------+--------+
| /knoxAutoPolicy | /accuknox-obs.db                                                                | 34    | Thu Oct  6 06:24:01 UTC 2022 | Allow  |
| /knoxAutoPolicy | /run/secrets/kubernetes.io/serviceaccount/..2022_10_06_06_05_10.034039894/token | 10    | Thu Oct  6 06:23:41 UTC 2022 | Allow  |
| /knoxAutoPolicy | /accuknox.db                                                                    | 17    | Thu Oct  6 06:24:01 UTC 2022 | Allow  |
+-----------------+---------------------------------------------------------------------------------+-------+------------------------------+--------+


Ingress connections
+----------+-----------------+------------+------+-----------+--------+
| PROTOCOL |     COMMAND     | POD/SVC/IP | PORT | NAMESPACE | LABELS |
+----------+-----------------+------------+------+-----------+--------+
| TCPv6    | /knoxAutoPolicy | 127.0.0.1  | 9089 |           |        |
+----------+-----------------+------------+------+-----------+--------+


Egress connections
+----------+-----------------+----------------+------+-----------+-----------------------------------------+
| PROTOCOL |     COMMAND     |   POD/SVC/IP   | PORT | NAMESPACE |                 LABELS                  |
+----------+-----------------+----------------+------+-----------+-----------------------------------------+
| TCP      | /knoxAutoPolicy | svc/kubernetes | 443  | default   | component=apiserver,provider=kubernetes |
+----------+-----------------+----------------+------+-----------+-----------------------------------------+


karmor summary -n explorer --agg

  Pod Name        knoxautopolicy-8587dfd464-mrz6b  
  Namespace Name  explorer                         
  Cluster Name    default                          
  Container Name  knoxautopolicy                   
  Labels          container=knoxautopolicy         

File Data
+-----------------+-----------------------+-------+------------------------------+--------+
|   SRC PROCESS   | DESTINATION FILE PATH | COUNT |      LAST UPDATED TIME       | STATUS |
+-----------------+-----------------------+-------+------------------------------+--------+
| /knoxAutoPolicy |                       | 61    | Thu Oct  6 06:24:01 UTC 2022 | Allow  |
+-----------------+-----------------------+-------+------------------------------+--------+


Ingress connections
+----------+-----------------+------------+------+-----------+--------+
| PROTOCOL |     COMMAND     | POD/SVC/IP | PORT | NAMESPACE | LABELS |
+----------+-----------------+------------+------+-----------+--------+
| TCPv6    | /knoxAutoPolicy | 127.0.0.1  | 9089 |           |        |
+----------+-----------------+------------+------+-----------+--------+


Egress connections
+----------+-----------------+----------------+------+-----------+-----------------------------------------+
| PROTOCOL |     COMMAND     |   POD/SVC/IP   | PORT | NAMESPACE |                 LABELS                  |
+----------+-----------------+----------------+------+-----------+-----------------------------------------+
| TCP      | /knoxAutoPolicy | svc/kubernetes | 443  | default   | component=apiserver,provider=kubernetes |
+----------+-----------------+----------------+------+-----------+-----------------------------------------+

According to the help it should aggregate based on the destination files/folder

karmor summary -h               
Discovery engine keeps the telemetry information from the policy enforcement engines and the karmor connects to it to provide this as observability data

Usage:
  karmor summary [flags]

Flags:
      --agg                Aggregate destination files/folder path

karmor version   
karmor version 0.9.9 linux/amd64 BuildDate=2022-09-29T06:37:07Z
current version is the latest
kubearmor image (running) version kubearmor/kubearmor:stable
@vishnusomank vishnusomank changed the title karmor summary showing imcomplete data when used with --agg flag karmor summary showing incomplete data when used with --agg flag Oct 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vishnusomank