kube-apiserver audit policy: /etc/kubernetes/audit-policy.yaml
kube-apiserver audit log: /etc/kubernetes/log/audit.log
Total hits per IP (IP, count): /visuals/combined_ip_results.json
Total hits per IP (lat., long., count): /visuals/combined_ip_results.json
On AWS, expose the following inbound rules on the EC2's security group:
- Custom TCP Traffic, Port 22, Allow Anywhere
- Custom TCP Traffic, Port 6443, Allow Anywhere
- Custom TCP Traffic, Port 2379, Allow Anywhere
- Custom TCP Traffic, Port 2380, Allow Anywhere
(1) SSH into the EC2:
$ ssh ubuntu@$SERVER_IP -i $PRIV_KEY(2) Switch to the user root:
$ sudo su(3) Perform setup installation:
$ ./init_setup(4) Verify that the setup was successful:
$ kubectl version --client
$ kubelet --version
$ kubeadm version(5) Start kubernetes:
$ kubeadm init --ignore-preflight-errors=NumCPU --v=5 --config config_kubeadm.yaml(6) Drop back to the user ubuntu:
$ exit(7) Configure the current setup for ubuntu:
$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/configTo view cluster information:
$ kubectl cluster-info(1) Filter out uninteresting logs from the .log files to produce a results .json:
$ python3 parse_kube.py
$ python3 parse_etcd.py(2) [Optional] Condense multiple .json results into one file:
$ python3 condense_kube.py(3) Extract the IPs from kubernetes and etcd logs, then query for geolocation (also populates visual.html):
$ python3 process_ips.py
$ python3 query_ipstack.py(4) Interpret request URIs and time frequencies (only to stdout):
$ python3 process_request_uri.py
$ python3 process_time_freq.py(5) View interactive map:
- Add your Google GeoCharts API key to
mapApiKeyinvisual.html - Ensure
visuals/combined_ip_coordinates.jsonis properly populated with coordinates - Open
visual.htmlin Google Chrome
See webcrawlers.txt for some research into the web crawlers we saw activity from.