In this Quickstart post, you’ll learn about how to get Aqua Security Kube-Bench up and running.
Over the course of the past few weeks, I’ve been testing out and researching a ton of different Kubernetes security scanning tools, and kube-bench is definitely a great tool to get started with.
The Environment
To run this test, two Ubuntu servers were configured. One Ubuntu server is the Control Plane and the other is the Worker Node.
You don’t need Kubeadm to run this. Really, all you need is a Kubernetes cluster running anywhere (even Minikube). If you have a Managed Kubernetes Service in the cloud, that would work as well.
If you want to test this out in Kubeadm, you can install Kubeadm from the instructions here: https://github.com/AdminTurnedDevOps/Kubernetes-Quickstart-Environments/tree/main/Bare-Metal/kubeadm.
The purpose of running this on Kubeadm was because it’s an environment that’s fully managed by the engineer, which means the results are a direct reflection of Kubernetes not being secure out of the box.
Installation
The installation process is straightforward and typically a few commands. Of course, this is going to all depend on your Operating System. The below example is for Ubuntu.
First, download the package.
curl -L [https://github.com/aquasecurity/kube-bench/releases/download/v0.6.10/kube-bench_0.6.10_linux_amd64.deb](https://github.com/aquasecurity/kube-bench/releases/download/v0.6.2/kube-bench_0.6.2_linux_amd64.deb) -o kube-bench_0.6.10_linux_amd64.deb
Next, install kube-bench
.
sudo apt install ./kube-bench_0.6.10_linux_amd64.deb -f
Running Kube-Bench
To confirm kube-bench
is installed, test it out on the terminal.
kube-bench
You don’t need to specify any flags or switches. You can simply run kube-bench
and get an output for remediations.
When you run kube-bench
, you’ll see a lot of output. To break it down at a high level, the output is:
- All tests run on the Control Plane for each Control Plane resource (Scheduler, etcd, Controller, API server).
- You’ll see remediations for other Controllers and Kubernetes resources like RBAC.
- All remediation recommendations including how to fix the problem, links to the fix, and the actual commands you need.
- What passed and what failed in the Control Plane.
With all of the output from the kube-bench
command, you can make decisions and create remediation practices in your environment.
Top comments (0)