Manage SUSE NeuVector Using REST API
Preface
本篇文章會介紹,
- 透過 Swagger 給的 API 指令與 Neuvector 溝通
可以透過點擊展開以下目錄,選擇想看的內容,跳轉至特定章節
Setup Neuvector
Expose REST API
To expose the REST API for access from outside of the Kubernetes cluster, enable port 10443.
建立 Service
檢視服務狀態
螢幕輸出 :
Swagger
Install Swagger with Podman
-d
,將 Container 推到背景執行
-p
,將 Container 的 8080 Port 對應到 Host 主機的 80 Port
Access Swagger Web
打開瀏覽器連線至 Podman Host 主機的 80 Port
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
匯入設定檔
在上方搜尋欄輸入以下網址,並點選 "Explore" 按鈕
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
Setup Authentication
Create an authentication token
在 swagger 的網站找到 Authentication
標題底下的 /v1/auth Login Authentication
,點擊展開後,再點選 Try it out
按鈕,就可以對 body 的部分進行修改,
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
修改後點 Execute
就可以產出 Sample 指令,再根據實際環境進行修改
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
以下是一個實際範例,執行以下命令,生成身分驗證的 Token
檢視 token.json
檔案內容
螢幕輸出 :
Keep login session alive
Logout current logged in user
Process
檢視特定 Group 的 Process Profile Rules
螢幕輸出 :
{
"process_profile": {
"baseline": "basic",
"group": "nv.nginx.neuvector",
"mode": "Protect",
"process_list": [
{
"action": "allow",
"allow_update": false,
"cfg_type": "user_created",
"created_timestamp": 1691398024,
"last_modified_timestamp": 1691398024,
"name": "bash",
"path": "/bin/bash",
"uuid": "505a3ce0-c1c0-44a3-89ee-4bc6ed7ef675"
},
{
"action": "allow",
"allow_update": false,
"cfg_type": "user_created",
"created_timestamp": 1691398143,
"last_modified_timestamp": 1691398143,
"name": "cat",
"path": "/bin/cat",
"uuid": "5ff92222-1818-45ed-9b9c-9edcebdb9125"
},
{
"action": "allow",
"allow_update": false,
"cfg_type": "user_created",
"created_timestamp": 1691398053,
"last_modified_timestamp": 1691398191,
"name": "ls",
"path": "/bin/ls",
"uuid": "55380afb-3164-40cb-a830-ca352b9c0a2a"
},
{
"action": "allow",
"allow_update": false,
"cfg_type": "learned",
"created_timestamp": 1691397615,
"last_modified_timestamp": 1691397615,
"name": "nginx",
"path": "/usr/sbin/nginx",
"user": "root",
"uuid": "3e286470-aa88-4ae6-adcc-26c60d6446c5"
},
{
"action": "allow",
"allow_update": false,
"cfg_type": "user_created",
"created_timestamp": 1691398031,
"last_modified_timestamp": 1691398031,
"name": "sh",
"path": "/bin/sh",
"uuid": "36de28dc-cf30-4795-920e-afd93b6af790"
},
{
"action": "allow",
"allow_update": false,
"cfg_type": "user_created",
"created_timestamp": 1691398216,
"last_modified_timestamp": 1691398216,
"name": "whoami",
"path": "/usr/bin/whoami",
"uuid": "b1aa8a28-1f28-4247-a4f4-f3540cf41634"
}
]
}
}