Giter Site home page Giter Site logo

klustair / klustair-frontend Goto Github PK

View Code? Open in Web Editor NEW
7.0 3.0 2.0 6.88 MB

Frontend to Klustair scanner and Anchore

PHP 71.62% Dockerfile 0.73% Shell 1.22% Blade 26.24% Vue 0.16% Procfile 0.02%
kubernetes security vulnerability-scanners anchore klustair

klustair-frontend's Introduction

KlustAIR Frontend

Deploy

The Klustair scanner scanns your Kubernetes namespaces for the used images and scan them with trivy. This frontend displays the result of the scanned namespaces and images in a report.

Demo : https://klustair.herokuapp.com/

Main Features:

  • The vulnerabilities of an images can be reviewed and whitelisted if they dont apply to any risk.
  • Auditing the configuration of your kubernetes cluster

Related Klustair projects:

Related opensource projects

  • trivy A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts
  • kubeaudit kubeaudit helps you audit your Kubernetes clusters against common security controls
  • (DEPRECATED) anchore-engine A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification


Screenshots

Find more screenshots here

vulnerabilities details




Configuration

Laravel built in authentication

ENV VAR Type value description
AUTH Boolean true|false Enables Authentication
AUTH_REGISTER Boolean true|false Allows public registration
AUTH_RESET Boolean true|false Allows password reset
AUTH_VERIFY Boolean true|false Enables E-Mail verfication


LDAP Authentication

Type value description
LDAP Boolean true|false Enables LDAP
LDAP_TYPE String OpenLDAP|ActiveDirectory Preconfigured for OpenLDAP and Active Directory
LDAP_QUERYFIELD String uid|mail|{custom} The field Klustair will try to find the User Account
LDAP_LOGGING Boolean true|false Enable logging
LDAP_CONNECTION String default Since there is only default, you want to keep this value
LDAP_HOST String openldap|custom Hostname of the LDAP Server (without Protocol ldap://)
LDAP_USERNAME String "cn=admin,dc=example,dc=org" The DN Klustair uses to connect to LDAP
LDAP_PASSWORD String The Password Klustair uses to connect to LDAP
LDAP_PORT Integer 1389|389 LDAP listening port
LDAP_BASE_DN String "ou=users,dc=example,dc=org" DN where the users are located
LDAP_TIMEOUT Integer 5 Query timeout
LDAP_SSL Boolean true|false
LDAP_TLS Boolean true|false


CLI Commands

import CWE's (Common Weakness Enumeration)

php artisan klustair:importcwe <version> [<force>]

The current latest Version is 4.3 (2020-12-10) https://cwe.mitre.org/

Manage User

php artisan klustair:user <action> [<email> [<fullname>]]

Available actions are :

  • create [<email> [<fullname>]]
  • list
  • delete[<email>]

Manage Tokens

php artisan klustair:token <action> [<name> [<email>]]

Available actions are :

  • create [<name> [<email>]]
  • list
  • delete [<name>]

Manage Init actions

php artisan klustair:init <action>]

Available actions are :

  • waitForDB

Test the LDAP Connection

php artisan ldap:test

+------------+------------+----------------------------+-------------------------+---------------+
| Connection | Successful | Username                   | Message                 | Response Time |
+------------+------------+----------------------------+-------------------------+---------------+
| default    | โœ” Yes      | cn=admin,dc=example,dc=org | Successfully connected. | 22.27ms       |
+------------+------------+----------------------------+-------------------------+---------------+


Docker

Docker images an tags can be found on hub.docker.com

  • klustair/klustair-frontend:v[VERSION]-apache
    runs apache and PHP in a combined server. This container is based on Debian and is therefore bigger and has more vulnerabilities.

  • klustair/klustair-frontend:v[VERSION]-nginx
    Alpine baes Nginx server

  • klustair/klustair-frontend:v[VERSION]-php-fpm
    Alpine based php-fpm server

Setting up your environment

Update the values for APP_KEY DB_USERNAME & DB_PASSWORD within docker/.env.example

Note APP_KEY should be a 32 character string which is then base64 encoded you can generate one via openssl rand -base64 32

For example

> openssl rand -base64 32
vtfiojf..redacted..iofE=
APP_KEY=base64:APP_KEY=vtfiojf..redacted..iofE=

Starting the Apache stack

    cd docker
    cp .env.example .env
    docker-compose up klustair-db klustair-apache

Staring the Nginx/php-fpm stack

    cd docker
    cp .env.example .env
    docker-compose up klustair-db klustair-nginx klustair-php-fpm

klustair-frontend's People

Contributors

claudio-walser avatar dependabot[bot] avatar gavinelder avatar mms-gianni avatar snyk-bot avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

gavinelder ashkanrafiee

klustair-frontend's Issues

FrontEnd errors / Framework The only supported ciphers are AES-128-CBC and AES-256-CBC

๐Ÿ‘‹ Hey first of all thanks for this project, I was wishing to give it a spin however running into some issues with both the docker-compose & Kubernetes helm deployment.

So far I have tried the following.

Numerous stack over flow and laveral threads such as the following https://stackoverflow.com/questions/39693312/the-only-supported-ciphers-are-aes-128-cbc-and-aes-256-cbc-with-the-correct-key

The process used to deploy.

Generate a random string.

date +%s | md5 | base64 | head -c 64 ; echo

helm install  --set klustairfrontend.url=your.klustair.domain.com \
--set klustairfrontend.appkey=base64:ZDYwN2Q1ZmQzZDExZjM1YTBjNjZiYjVjZDM3ZTc4OTkK 
my-klustair klustair/klustair

Any advice or pointers appreciated.

Error log.

2021-04-12 13:18:51] locallocal.ERROR: The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths. {"exception":"[object] (RuntimeException(code: 0): The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths. at /var/www/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php:43)
[stacktrace]
#0 /var/www/vendor/laravel/framework/src/Illuminate/Encryption/EncryptionServiceProvider.php(32): Illuminate\\Encryption\\Encrypter->__construct('d607d5fd3d11f35...', 'AES-256-CBC')
#1 /var/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(826): Illuminate\\Encryption\\EncryptionServiceProvider->Illuminate\\Encryption\\{closure}(Object(Illuminate\\Foundation\\Application), Array)
#2 /var/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(712): Illuminate\\Container\\Container->build(Object(Closure))
#3 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(841): Illuminate\\Container\\Container->resolve('encrypter', Array, true)
#4 /var/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(651): Illuminate\\Foundation\\Application->resolve('encrypter', Array)
#5 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(826): Illuminate\\Container\\Container->make('encrypter', Array)
#6 /var/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(980): Illuminate\\Foundation\\Application->make('encrypter')
#7 /var/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(900): Illuminate\\Container\\Container->resolveClass(Object(ReflectionParameter))
#8 /var/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(861): Illuminate\\Container\\Container->resolveDependencies(Array)
#9 /var/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(712): Illuminate\\Container\\Container->build('App\\\\Http\\\\Middle...')
#10 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(841): Illuminate\\Container\\Container->resolve('App\\\\Http\\\\Middle...', Array, true)
#11 /var/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(651): Illuminate\\Foundation\\Application->resolve('App\\\\Http\\\\Middle...', Array)
#12 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(826): Illuminate\\Container\\Container->make('App\\\\Http\\\\Middle...', Array)
#13 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(156): Illuminate\\Foundation\\Application->make('App\\\\Http\\\\Middle...')
#14 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#15 /var/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(695): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#16 /var/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(670): Illuminate\\Routing\\Router->runRouteWithinStack(Object(Illuminate\\Routing\\Route), Object(Illuminate\\Http\\Request))
#17 /var/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(636): Illuminate\\Routing\\Router->runRoute(Object(Illuminate\\Http\\Request), Object(Illuminate\\Routing\\Route))
#18 /var/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(625): Illuminate\\Routing\\Router->dispatchToRoute(Object(Illuminate\\Http\\Request))
#19 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(166): Illuminate\\Routing\\Router->dispatch(Object(Illuminate\\Http\\Request))
#20 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}(Object(Illuminate\\Http\\Request))
#21 /var/www/vendor/barryvdh/laravel-debugbar/src/Middleware/InjectDebugbar.php(60): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#22 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Barryvdh\\Debugbar\\Middleware\\InjectDebugbar->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#23 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#24 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#25 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#26 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#27 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#28 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#29 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#30 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#31 /var/www/vendor/fruitcake/laravel-cors/src/HandleCors.php(37): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#32 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Fruitcake\\Cors\\HandleCors->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#33 /var/www/vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#34 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Fideloper\\Proxy\\TrustProxies->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#35 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#36 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(141): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#37 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(110): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter(Object(Illuminate\\Http\\Request))
#38 /var/www/public/index.php(55): Illuminate\\Foundation\\Http\\Kernel->handle(Object(Illuminate\\Http\\Request))
#39 {main}
"}

FR - Klustair report per k8s cluster.

This is mainly for consensus and discussion around adding information around what Kubernetes cluster the vulnerabilities originated from.

The use case I imagine is a single klustair instance reporting for multiple k8s clusters where those reports can be filtered down to a per-cluster level.

Frontend error using helm chart to deploy

Illuminate\Database\QueryException
SQLSTATE[42P01]: Undefined table: 7 ERROR: relation "k_reports" does not exist LINE 1: select count(distinct "uid") as aggregate from "k_reports" ^ (SQL: select count(distinct "uid") as aggregate from "k_reports")

Illuminate\Database\Connection::runQueryCallback
vendor/laravel/framework/src/Illuminate/Database/Connection.php:671

I shared also here:
https://flareapp.io/share/VP6K1V07

It happens once I port forward and open the Frontend. Have never worked. I hope the details provided help!

Upgrade php Version to 7.4

7.3 is not the state of the art. And instead of building from 7.3-apache-buster i will try to use 7.4-apache

Grafana Dashboard from Klustair DB data

I started to build a Grafana Dashboard from Klustair DB data

Link: https://grafana.com/grafana/dashboards/13414
Scrennshot: https://i.imgur.com/w5idjyi.png

Is it an "improvement"? I could not find another way to categorize it, only posting here to let you aware of it :)

It's an additional option to visualize data on the same place as I have all other monitoring metrics.
Klustair Frontend UI still holds much more details, then the idea is using the dashboard side by side with the Klustair Frontend

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.