Tripwire Install in Kubernetes about tripwire-open-source HOT 3 CLOSED

That's an interesting question. I'm not a big Kubernetes expert and don't know much about creating pods, so I would have to do some more research on the subject. A few thoughts based on what little I know, & some experience with Docker:

• It sounds like what you want to do is a reasonable approach. At present, OST needs to be in the same mount namespace as the files you want to monitor, which I understand pods will do for you w/o having to package OST in the same image as your app. (You could probably scan a container from the host level by using OST with nsenter, although I have never actually tried this.)

• In your OST image, you'll want to include the program binaries, obviously, plus your key, config, and policy files. You'll probably also want to init your OST database when your pod is in a known-good state, and either add the db to your existing image, or to a new image derived from it. The latter might be useful if your app changes periodically. Having a pre-initialized database means you're able to detect changes as soon as your pod starts.

• If you need to keep your OST report files around after the container goes away, you'll want to set REPORTFILE in tw.cfg to a path where this can happen, like a Docker data volume or bind mount. If you don't want to do that & just need readable results, OST can be configured to send email reports and/or write scan results to syslog.

• One interesting thing you could do here with a little scripting would be, if OST detects an unwanted change, simply restart the app's container, or maybe delete the whole pod, if you're able to do that from inside the pod.

from tripwire-open-source.

Thanks for the detailed explanation, this helps. I will surely comment here if I am stuck.

from tripwire-open-source.

Closing this issue as it's been > 90 days without any further activity.

from tripwire-open-source.