TestDrive

TestDrive  /  SPL-TD-CB-04  /  Compromising Container: Generate Violation Alerts

Violation Alert Generation

Updated on

In this section, we will compromise a container by gaining 'exec' access and generate violation alerts on CBC Cloud Console.

49. Compromising a Container

Apply the compromised container yaml file:

kubectl apply -f https://raw.githubusercontent.com/octarinesec/security-demo/master/compromised-container/installation.yaml

50. Create Local Proxy

Create a local proxy to reach the exposed dashboard service:

kubectl port-forward -n myapp service/dashboard 8080:8080

51. Launch myapp UI

Visit the dashboard by opening http://localhost:8080 on your browser from within the VMware Tanzu Horizon Desktop

52. List myapp Pod

Hit Ctrl + C twice to exit out of the running proxy.

List the myapp pod. Copy the App name (Highlighted in screenshot below) by using Right Click or Ctrl + C

kubectl get pods -n myapp

53. Access myapp Container

Replace <dashboard-name> in the below command with the App name copied in previous step

kubectl exec -it <dashboard-name> -n myapp -c dashboard -- bash

54. List running processes

List all running processes

ps aux

55. Exit myapp Container

Finally, let's exit out of the dashboard using the 'exit' command

exit
Previous Article Configure CBC Security
Next Article Policy Action Violation Restriction

SPL-TD-CB-04

Introduction 1
Quick Walkthrough of Carbon Black Cloud 1
Deploy Tanzu Kubernetes Cluster 1
Deploy CBC Container Security 1
Configure CBC Container Security 1
Compromising Container: Generate Violation Alerts 1
Compromising Container: Restrict Policy Violation Actions 1
Additional Support 1

Other Resources