Skip to content

antony@notes:~/security$ cat "Manage-SUSE-NeuVector-Using-REST-API.md"

Manage SUSE NeuVector Using REST API

2023-08-11· security ·NeuVector 5.2.0

Manage SUSE NeuVector Using REST API

Preface

本篇文章會介紹,

  • 透過 Swagger 給的 API 指令與 Neuvector 溝通

可以透過點擊展開以下目錄,選擇想看的內容,跳轉至特定章節

:::warning

:::spoiler 文章目錄

[TOC]

:::

Setup Neuvector

Expose REST API

To expose the REST API for access from outside of the Kubernetes cluster, enable port 10443.

apiVersion: v1
kind: Service
metadata:
  name: neuvector-service-rest
  namespace: neuvector
spec:
  ports:
    - port: 10443
      name: controller
      protocol: TCP
  type: NodePort
  selector:
    app: neuvector-controller-pod

建立 Service

$ oc create -f  neuvector-service-rest.yaml

檢視服務狀態

$ oc get svc neuvector-service-rest

螢幕輸出 :

NAME                     TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)           AGE
neuvector-service-rest   NodePort   172.30.84.78   <none>        10443:32215/TCP   3h8m

Swagger

Install Swagger with Podman

$ podman run -d -p 80:8080 docker.io/swaggerapi/swagger-ui
  • -d,將 Container 推到背景執行
  • -p,將 Container 的 8080 Port 對應到 Host 主機的 80 Port

Access Swagger Web

打開瀏覽器連線至 Podman Host 主機的 80 Port

http://192.168.11.211/

匯入設定檔

在上方搜尋欄輸入以下網址,並點選 “Explore” 按鈕

https://raw.githubusercontent.com/neuvector/neuvector/main/controller/api/apis.yaml

Setup Authentication

Create an authentication token

在 swagger 的網站找到 Authentication 標題底下的 /v1/auth Login Authentication,點擊展開後,再點選 Try it out 按鈕,就可以對 body 的部分進行修改,

修改後點 Execute 就可以產出 Sample 指令,再根據實際環境進行修改

以下是一個實際範例,執行以下命令,生成身分驗證的 Token

curl -s -k -X 'POST' \
  'https://192.168.11.82:32215/v1/auth' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "client_ip": "",
  "password": {
    "username": "admin",
    "password": "admin"
  },
  "Token": {
    "token": "",
    "state": "",
    "redirect_endpoint": ""
  }
}' | jq -r '.token.token' > token.json

檢視 token.json 檔案內容

$ cat token.json

螢幕輸出 :

sUeU1TK648M4Y2RsScwiVceXB3zDuAPtIbzEHO_r++vMUbdriGCkjCVlcvVjZuK2dzV9hLgce_oKhJlhGXexL_4kmdJ0REtiwrTZb94uudgdjXz8QlkyzXsjbGpHVnqjMDhVqQSoJZ7WMQ+mslJOd6oHPiff476Xyl0+vwTj9tPlEkdeZkZcKjKH37aFbtbvrinCUpwIVl9kuJEV72OmL8p5kcjufydHPW0E6auxiLLmVKp46gki4hPt7CjgiSbtMG4vfanNMnOFpibmwRp9tRfDFnb4Q7z8b1iiuAouXqftJ1VMHuv2LKX_wuKTQAmj0e020_jwmR+MVgTwqVDQ5Uu0NmaeouSTuKbj39clCa+HzXWARNv735QsBDOAeoPt4r6BZTu1mPvo2A5ztcroAL77rZvtEpV0s2xTzxlVAYsXAK1Nu5asUDRqrWbtMkRJIbzXVBq6JYJE8w18+txwbo+JazJQU5vOWxIL93aQtzIveper+vmWjYHd5ieBOvHNlfjt4WJEnfxZ0A61RANPFEfb8HCNQCeFnv4heNV8GuAqstm5BxmsZVWIxW3_b+p0TFaqAl3Sfz1LlewbVFERGKoBNsWRYMsOPD5vgwgZP73r+SLJCVJGIyPbr1RugjOyackA_MFVjtjuLJzINR_IBpp6eiIctWF3Oqlj8Z2a_GhAA8HtYvcXFoM49E8V8IyQxN_KLGkSw_7HbI6LY63gKUzrAeisMuD9iBFkvqxURYEjhmu6F0UI6OFMR55S72GV4Q6afHnPRvmMiPDMuQ1h_bfZAvaGmQryhiboOu8mmcXap0mQLkp+FIBHhQgrqNmvcbC0BHkw859cxV4OOWRKdVVfSNC6mr6VG8uPxn29uLSonbmTc985pYhUfC0LAoQ+Y+gmeKfmsN_DebwMW72tVjb9EBbiTlXLTO+tj9BkdzCWb2zH1d9IBOqkaExEaw7JcMOzv44PqN1NBUy_SiO6nb7QXgNCGc7KKxoP7CrqLOSsUbxg1UxNhMQXNU0sdz3trAy8QUHP2kExTFbW_0_GVjA4hClx1b25GMt3nBhaJT1tp0aSnQMj47zsgJGz5ybxa6bAsUVcQEipA4dlA3orrkBZ0gKkQofpvBF1xAz8h2j6I5HLqbHj1RhT

Keep login session alive

$ _token_=$(cat token.json)

$ curl -s -k -X 'PATCH' \
  'https://192.168.11.82:32215/v1/auth' \
  -H 'accept: application/json' \
  -H "X-Auth-Token: $_token_"

Logout current logged in user

$ _token_=$(cat token.json)

$ curl -s -k -X 'DELETE' \
  'https://192.168.11.82:32215/v1/auth' \
  -H 'accept: application/json' \
  -H "X-Auth-Token: $_token_"

Process

檢視特定 Group 的 Process Profile Rules

$ _token_=$(cat token.json)

$ curl -s -k -X 'GET' \
  'https://192.168.11.82:32215/v1/process_profile/nv.nginx.neuvector' \
  -H 'accept: application/json' \
  -H "X-Auth-Token: $_token_"

螢幕輸出 :

{
  "process_profile": {
    "baseline": "basic",
    "group": "nv.nginx.neuvector",
    "mode": "Protect",
    "process_list": [
      {
        "action": "allow",
        "allow_update": false,
        "cfg_type": "user_created",
        "created_timestamp": 1691398024,
        "last_modified_timestamp": 1691398024,
        "name": "bash",
        "path": "/bin/bash",
        "uuid": "505a3ce0-c1c0-44a3-89ee-4bc6ed7ef675"
      },
      {
        "action": "allow",
        "allow_update": false,
        "cfg_type": "user_created",
        "created_timestamp": 1691398143,
        "last_modified_timestamp": 1691398143,
        "name": "cat",
        "path": "/bin/cat",
        "uuid": "5ff92222-1818-45ed-9b9c-9edcebdb9125"
      },
      {
        "action": "allow",
        "allow_update": false,
        "cfg_type": "user_created",
        "created_timestamp": 1691398053,
        "last_modified_timestamp": 1691398191,
        "name": "ls",
        "path": "/bin/ls",
        "uuid": "55380afb-3164-40cb-a830-ca352b9c0a2a"
      },
      {
        "action": "allow",
        "allow_update": false,
        "cfg_type": "learned",
        "created_timestamp": 1691397615,
        "last_modified_timestamp": 1691397615,
        "name": "nginx",
        "path": "/usr/sbin/nginx",
        "user": "root",
        "uuid": "3e286470-aa88-4ae6-adcc-26c60d6446c5"
      },
      {
        "action": "allow",
        "allow_update": false,
        "cfg_type": "user_created",
        "created_timestamp": 1691398031,
        "last_modified_timestamp": 1691398031,
        "name": "sh",
        "path": "/bin/sh",
        "uuid": "36de28dc-cf30-4795-920e-afd93b6af790"
      },
      {
        "action": "allow",
        "allow_update": false,
        "cfg_type": "user_created",
        "created_timestamp": 1691398216,
        "last_modified_timestamp": 1691398216,
        "name": "whoami",
        "path": "/usr/bin/whoami",
        "uuid": "b1aa8a28-1f28-4247-a4f4-f3540cf41634"
      }
    ]
  }
}
Multi Tenancy Security AAAIntroduction to NeuVector