openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-06 15:46:57 +01:00
Code Issues Releases Activity
Files
eb21424e97d48118fd1ff8c8b4dff94de2dd3b1c
openshift-docs/modules/file-integrity-node-status-failure.adoc
Andrea Hoffer 96d74833d0 Terminology style updates for security book
2020-11-19 13:47:12 +00:00

115 lines
3.2 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * security/file_integrity_operator/file-integrity-operator-understanding.adoc
[id="file-integrity-node-status-failure_{context}"]
= `FileIntegrityNodeStatus` failure status example
To simulate a failure condition, modify one of the files AIDE tracks. For
example, modify `/etc/resolv.conf` on one of the worker nodes:
[source,terminal]
----
$ oc debug node/ip-10-0-130-192.ec2.internal
----
.Example output
[source,terminal]
----
Creating debug namespace/openshift-debug-node-ldfbj ...
Starting pod/ip-10-0-130-192ec2internal-debug ...
To use host binaries, run `chroot /host`
Pod IP: 10.0.130.192
If you don't see a command prompt, try pressing enter.
sh-4.2# echo "# integrity test" >> /host/etc/resolv.conf
sh-4.2# exit
Removing debug pod ...
Removing debug namespace/openshift-debug-node-ldfbj ...
----
After some time, the `Failed` condition was reported in the results array of the
corresponding `FileIntegrityNodeStatus`. The previous `Succeeded` condition is
retained, which allows you to pinpoint the time the check failed.
[source,terminal]
----
$ oc get fileintegritynodestatuses.fileintegrity.openshift.io/worker-fileintegrity-ip-10-0-130-192.ec2.internal -ojsonpath='{.results}' | jq -r
----
Alternatively, if you are not mentioning the object name, run:
[source,terminal]
----
$ oc get fileintegritynodestatuses.fileintegrity.openshift.io -ojsonpath='{.items[*].results}' | jq
----
.Example output
[source,terminal]
----
[
{
"condition": "Succeeded",
"lastProbeTime": "2020-09-15T12:54:14Z"
},
{
"condition": "Failed",
"filesChanged": 1,
"lastProbeTime": "2020-09-15T12:57:20Z",
"resultConfigMapName": "aide-ds-worker-fileintegrity-ip-10-0-130-192.ec2.internal-failed",
"resultConfigMapNamespace": "openshift-file-integrity"
}
]
----
The `Failed` condition points to a config map that gives more details about what
exactly failed and why:
[source,terminal]
----
$ oc describe cm aide-ds-worker-fileintegrity-ip-10-0-130-192.ec2.internal-failed
----
.Example output
[source,terminal]
----
Name: aide-ds-worker-fileintegrity-ip-10-0-130-192.ec2.internal-failed
Namespace: openshift-file-integrity
Labels: file-integrity.openshift.io/node=ip-10-0-130-192.ec2.internal
file-integrity.openshift.io/owner=worker-fileintegrity
file-integrity.openshift.io/result-log=
Annotations: file-integrity.openshift.io/files-added: 0
file-integrity.openshift.io/files-changed: 1
file-integrity.openshift.io/files-removed: 0
Data
integritylog:
------
AIDE 0.15.1 found differences between database and filesystem!!
Start timestamp: 2020-09-15 12:58:15
Summary:
Total number of files: 31553
Added files: 0
Removed files: 0
Changed files: 1
---------------------------------------------------
Changed files:
---------------------------------------------------
changed: /hostroot/etc/resolv.conf
---------------------------------------------------
Detailed information about changes:
---------------------------------------------------
File: /hostroot/etc/resolv.conf
SHA512 : sTQYpB/AL7FeoGtu/1g7opv6C+KT1CBJ , qAeM+a8yTgHPnIHMaRlS+so61EN8VOpg
Events: <none>
----
View Git Blame Copy Permalink