DVWA installation here.
KubeArmor policy to allow specific operations for dvwa web app i.e., allow apache2, ping, dash.
Deny access to /etc/shadow for all processes.
PHP code for remote command injection.
- Create new namespace for installing dvwa:
kubectl create ns dvwa
- Install DVWA application:
kubectl apply -f https://raw.githubusercontent.com/nyrahul/src/master/dvwa/dvwa-deploy.yaml -n dvwa
- Install karmor cli tool:
curl -sfL http://get.kubearmor.io/ | sudo sh -s -- -b /usr/local/bin
- Get recommended policies for dvwa app:
karmor recommend -n dvwa
- Get behavioural policies for dvwa app:
karmor discover -n dvwa
- Get network segmentation policies for dvwa app:
karmor discover -n dvwa -p NetworkPolicy