diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..e60e421 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,30 @@ +.idea/ +__pycache__/ +*.py[cod] +*$py.class +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST +Makefile +Dockerfile +README.md +docker-compose.yaml +entrypoint.sh +test.py +register_agent.py__ +wazuh-daemonset.yaml diff --git a/.flake8 b/.flake8 new file mode 100644 index 0000000..f6b1232 --- /dev/null +++ b/.flake8 @@ -0,0 +1,28 @@ +[flake8] +jobs = auto +verbose = 1 +quiet = 0 +tee = True +exclude = + # git folder + .git, + # python cache + __pycache__, + test, + eggs +filename = + *.py + +disable-noqa = False + +max-line-length = 120 +max-complexity = 10 +ignore = + F401 + C901 + W504 + W503 + F841 + F811 + F524 + E501 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d387e46 --- /dev/null +++ b/.gitignore @@ -0,0 +1,12 @@ +.idea/ +__pycache__/ +build/ +.DS_Store +.env +venv/ +main.py +*.json +src/ +register_agent.py__ +test.py +docker-compose.yaml diff --git a/.pep8 b/.pep8 new file mode 100644 index 0000000..992ca8a --- /dev/null +++ b/.pep8 @@ -0,0 +1,2 @@ +[pep8] +exclude = .git,__pycache__,*/migrations/*,node_modules/* diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..7fd4f45 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,69 @@ +repos: +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v2.3.0 + hooks: + - id: check-yaml + - id: end-of-file-fixer + - id: trailing-whitespace + - id: check-docstring-first + - id: check-merge-conflict + - id: mixed-line-ending + args: [--fix=lf] +- repo: https://github.com/ambv/black + rev: stable + hooks: + - id: black +- repo: https://github.com/ambv/black + rev: stable + hooks: + - id: black + language_version: python3.8 +- repo: https://github.com/motet-a/jinjalint + rev: '' + hooks: + - id: jinjalint +- repo: https://github.com/pre-commit/pygrep-hooks + rev: v1.7.1 # Use the ref you want to point at + hooks: + - id: python-use-type-annotations + - id: python-check-blanket-noqa + - id: python-no-eval + - id: python-check-mock-methods + - id: rst-backticks + - id: text-unicode-replacement-char +- repo: https://github.com/jumanjihouse/pre-commit-hooks + rev: master # or specific git tag + hooks: + - id: bundler-audit + - id: check-mailmap + - id: fasterer + - id: forbid-binary + - id: git-check + - id: markdownlint + - id: reek + - id: require-ascii + - id: rubocop + - id: script-must-have-extension + - id: script-must-not-have-extension + - id: shellcheck + - id: shfmt +- repo: https://github.com/jorisroovers/gitlint + rev: 'v0.15.0' + hooks: + - id: gitlint +- repo: local + hooks: + - id: flake8 + name: flake8 + stages: [commit] + language: system + entry: flake8 + types: [python] +- repo: https://github.com/Lucas-C/pre-commit-hooks-safety + rev: v1.2.1 + hooks: + - id: python-safety-dependencies-check +- repo: https://github.com/PyCQA/bandit + rev: '1.7.0' + hooks: + - id: bandit diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..fc9ab69 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,36 @@ +FROM bitnami/minideb:latest +LABEL maintainer="medvedev.yp@gmail.com" +LABEL version="4.0.4" +LABEL description="Wazuh Docker Agent" +ENV JOIN_MANAGER_MASTER_HOST="" +ENV JOIN_MANAGER_WORKER_HOST="" +ENV VIRUS_TOTAL_KEY="" +ENV JOIN_MANAGER_PROTOCOL="https" +ENV JOIN_MANAGER_USER = "" +ENV JOIN_MANAGER_PASSWORD="" +ENV JOIN_MANAGER_API_PORT="55000" +ENV HEALTH_CHECK_PROCESSES="" +ENV FLASK_APP="register_agent.py" +ENV FLASK_ENV="development" +ENV FLASK_DEBUG=0 +ENV FLASK_BIND=0.0.0.0 +RUN install_packages \ + procps curl apt-transport-https gnupg2 inotify-tools python-docker python3-pip python3-setuptools python3-dev gcc && \ + curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - && \ + echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list && \ + install_packages wazuh-agent && \ + echo "deb http://security.debian.org/debian-security stretch/updates main" >> /etc/apt/sources.list && \ + mkdir -p /usr/share/man/man1 && \ + install_packages openjdk-8-jdk +COPY . /var/ossec/ +WORKDIR /var/ossec/ +RUN pip3 --no-cache-dir install -r /var/ossec/requirements.txt && \ + rm -rf /var/ossec/requirements.txt && \ + chmod +x /var/ossec/register_agent.py && \ + apt-get remove --purge -y python3-dev gcc && \ + apt-get clean autoclean && \ + apt-get autoremove -y && \ + rm -rf /var/lib/{apt,dpkg,cache,log}/ && \ + rm -rf /tmp/* /var/tmp/* /var/log/* +EXPOSE 5000 +ENTRYPOINT ["./register_agent.py"] diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..9f6d08b --- /dev/null +++ b/Makefile @@ -0,0 +1,14 @@ +VERSION ?= v4.0.4 + +all: docker + +docker: + docker build -t kennyopennix/wazuh-agent:latest . && \ + docker build -t kennyopennix/wazuh-agent:$(VERSION) . + +docker-run: + docker run kennyopennix/wazuh-agent:$(VERSION) + +docker-push: + docker push kennyopennix/wazuh-agent:latest && \ + docker push kennyopennix/wazuh-agent:$(VERSION) diff --git a/README.md b/README.md new file mode 100644 index 0000000..ee76839 --- /dev/null +++ b/README.md @@ -0,0 +1,109 @@ + +# docker-wazuh-agent + +Wazuh is a free, open source and enterprise-ready security monitoring +solution for threat detection, integrity monitoring, incident response and compliance. + +## Description + +Wazuh Agent as Docker Image with auto registration on Wazuh server. + +As well as local docker You can deploy the image to Kubernetes as DaemonSet. + +Current agent version is `4.0.4` + +## Environments + +`JOIN_MANAGER_PROTOCOL` - http or https, default `https` + +`JOIN_MANAGER_MASTER_HOST` - Ip address or Domain name of Wazuh server + +`JOIN_MANAGER_WORKER_HOST` - Ip address or Domain name of Wazuh worker + +`JOIN_MANAGER_USER` - Username for authorization on Wazuh server + +`JOIN_MANAGER_PASSWORD` - Password for authorization + +`JOIN_MANAGER_API_PORT` - Wazuh server api port, default `55000` + +`JOIN_MANAGER_PORT` - Wazuh server port for communication between agent and server, +defaul `1514` + +`NODE_NAME` - Node name if not present image will use `HOSTNAME` system variable + +`HEALTH_CHECK_PROCESSES` - process list for health checks determinate by comma + +`VIRUS_TOTAL_KEY` - Api key for VirusTotal integration + +`FLASK_DEBUG` - Switch on Flask debug, default `0` + +## Run as docker image + +The Simplest way of running the container + +```shell +docker run --rm kennyopennix/wazuh-agent:latest +``` + +Advanced usage + +```bash +docker run -d --name wazuh -v /:/rootfs:ro --net host --hostname ${HOSTNAME} \ +-e JOIN_MANAGER_MASTER_HOST=172.17.0.1 -e JOIN_MANAGER_WORKER_HOST=172.17.0.1 \ +-e JOIN_PASSWORD=test123 -e JOIN_MANAGER_USER=user \ +-v /etc/os-release:/etc/os-release -v /var/run/docker.sock:/var/run/docker.sock \ + kennyopennix/wazuh-agent:latest + +``` + +## Run as Kubernetes DaemonSet + +Setup environments in `wazuh-daemon-sets.yaml` like above. + +Example: + +```yaml +env: + - name: JOIN_MANAGER + value: "wazuh.wazuh.svc.cluster.local" + - name: JOIN_MANAGER_MASTER_HOST + value: "wazuh.wazuh.svc.cluster.local" + - name: JOIN_MANAGER_WORKER_HOST + value: "wazuh-workers.wazuh.svc.cluster.local" + - name: JOIN_MANAGER_PROTOCOL + value: "https" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: WAZUH_GROUPS + value: default + - name: JOIN_PASSWORD + value: password + - name: JOIN_MANAGER_USER + valueFrom: + secretKeyRef: + name: wazuh-api-cred + key: username + - name: JOIN_MANAGER_PASSWORD + valueFrom: + secretKeyRef: + name: wazuh-api-cred + key: password + - name: JOIN_MANAGER_API_PORT + value: "55000" + - name: JOIN_MANAGER_PORT + value: "1514" + - name: HEALTH_CHECK_PROCESSES + value: "ossec-execd,ossec-syscheckd,ossec-logcollector,wazuh-modulesd,ossec-authd" + +``` + +And apply template ```kubectl -f wazuh-daemon-sets.yaml``` +DaemonSet will deploy to wazuh namespace. + +## Build docker image + +```bash +docker build . -t wazuh-agent:latest +``` diff --git a/local_internal_options.jinja2 b/local_internal_options.jinja2 new file mode 100644 index 0000000..99b85e8 --- /dev/null +++ b/local_internal_options.jinja2 @@ -0,0 +1 @@ +wazuh_command.remote_commands=1 diff --git a/ossec.jinja2 b/ossec.jinja2 new file mode 100644 index 0000000..dfa8593 --- /dev/null +++ b/ossec.jinja2 @@ -0,0 +1,268 @@ + + + +
{{ join_manager_hostname }}
+ {{ join_manager_port | default('1514', true) }} + + + ubuntu, ubuntu20, ubuntu20.04, ubuntu16, ubuntu16.04, centos, windows + 10 + 30 + yes + aes + + + + yes + no + yes + 0 + yes + + + + + no + 5000 + 500 + + + + + no + yes + yes + yes + yes + yes + yes + yes + + + 43200 + + /var/ossec/etc/shared/rootkit_files.txt + /var/ossec/etc/shared/rootkit_trojans.txt + + yes + + + + + no + 10 + yes + 5m + + + + no + 1800 + 1d + yes + + + xccdf_org.ssgproject.content_profile_pci-dss + xccdf_org.ssgproject.content_profile_common + + + + + no + 600 + 15m + yes + + /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin + wodles/ciscat + + + xccdf_org.cisecurity.benchmarks_profile_Level_2_-_Server + + + + + + + virustotal + {{ virus_total_key }} + syscheck + json + + + + + no + 1h + yes + yes + yes + yes + yes + yes + yes + + + + yes + yes + 12h + yes + + + yes + 5m + yes + + yes + 1h + + + yes + 2010 + 1h + + + yes + 1h + + + yes + 1h + + + + + no + + + 900 + + yes + + + /etc,/usr/bin,/usr/sbin + /bin,/sbin,/boot + /media/user/software + /home + /etc + + + /etc/mtab + /etc/hosts.deny + /etc/mail/statistics + /etc/random-seed + /etc/random.seed + /etc/adjtime + /etc/httpd/logs + /etc/utmpx + /etc/wtmpx + /etc/cups/certs + /etc/dumpdates + /etc/svc/volatile + + + .log$|.swp$ + + + /etc/ssl/private.key + + yes + yes + yes + yes + + + 10 + + + 100 + + + + yes + 5m + 1h + 10 + + + + + no + 1000000 + + + + + + apache + /var/log/nginx/access.log + + + + apache + /var/log/nginx/error.log + + + + syslog + /var/ossec/logs/active-responses.log + + + + syslog + /var/log/auth.log + + + + syslog + /var/log/syslog + + + + syslog + /var/log/dpkg.log + + + + syslog + /var/log/kern.log + + + + command + df -P + 360 + + + + full_command + netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d + netstat listening ports + 360 + + + + full_command + last -n 20 + 360 + + + + /var/log/*.log + syslog + + + + + no + /var/ossec/etc/wpk_root.pem + yes + + + + + plain + + + diff --git a/register_agent.py b/register_agent.py new file mode 100644 index 0000000..f8e7e28 --- /dev/null +++ b/register_agent.py @@ -0,0 +1,271 @@ +#!/usr/bin/env python3 + +import json +import os +import sys +from subprocess import PIPE, Popen # nosec + +import psutil +import urllib3 +from base64 import b64encode +from flask import Flask +from healthcheck import HealthCheck, EnvironmentDump +from jinja2 import Template +from loguru import logger + +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) +try: + import requests +except ModuleNotFoundError as e: + logger.error("No module 'requests' found. Install: pip install requests") + sys.exit(1) + +app = Flask(__name__) +health = HealthCheck() +envs = EnvironmentDump() + + +def create_config_file(): + with open("ossec.jinja2") as file_: + template = Template(file_.read()) + config = template.render( + join_manager_hostname=join_manager_worker, + join_manager_port=join_manager_port, + virus_total_key=virus_total_key, + ) + wazuh_config_file = open("/var/ossec/etc/ossec.conf", "w") + wazuh_config_file.write(f"{config} \n") + wazuh_config_file.close() + open("/var/ossec/etc/local_internal_options.conf", "wb").write( + open("local_internal_options.jinja2", "rb").read() + ) + + +def req(method, resource, data=None): + login_headers = { + "Content-Type": "application/json", + "Authorization": f"Basic {b64encode(auth).decode()}", + } + response = requests.get(login_url, headers=login_headers, verify=False) # nosec + token = json.loads(response.content.decode())["data"]["token"] + requests_headers = { + "Content-Type": "application/json", + "Authorization": f"Bearer {token}", + } + url = f"{base_url}/{resource}" + try: + requests.packages.urllib3.disable_warnings() + + if method.lower() == "post": + r = requests.post( + url, headers=requests_headers, data=json.dumps(data), verify=verify + ) + elif method.lower() == "put": + r = requests.put(url, headers=requests_headers, data=data, verify=verify) + elif method.lower() == "delete": + r = requests.delete(url, headers=requests_headers, data=data, verify=verify) + else: + r = requests.get(url, headers=requests_headers, params=data, verify=verify) + + code = r.status_code + res_json = r.json() + + except Exception as exception: + logger.error(f"Error: {resource}") + sys.exit(1) + + return code, res_json + + +def application_data(): + return dict(maintainer="Yuriy Medvedev", git="https://github.com/pyToshka") + + +def check_ossec_agentd(): + process_name = health_checks.split(",") + processes_name_list = {} + for proc in psutil.process_iter(): + for process in process_name: + if process in proc.name(): + processes_name_list[process] = "ok" + return True, f"{processes_name_list}" + + +def check_self(): + process_name = os.path.basename(__file__) + for proc in psutil.process_iter(): + for process in process_name: + if process in proc.name(): + return True, "register_agent ok" + + +health.add_check(check_ossec_agentd) +health.add_check(check_self) +envs.add_section("application", application_data) +app.add_url_rule("/healz", "healthcheck", view_func=lambda: health.run()) +app.add_url_rule("/envs", "environment", view_func=lambda: envs.run()) + + +def code_desc(http_status_code): + return requests.status_codes._codes[http_status_code][0] + + +def add_agent(agt_name, agt_ip=None): + if agt_ip: + status_code, response = req( + "post", "agents", {"name": agt_name, "ip": agt_ip, "force_time": 1} + ) + else: + status_code, response = req( + "post", "agents", {"name": str(agt_name), "force_time": 1} + ) + + if status_code == 200 and response["error"] == 0: + r_id = response["data"]["id"] + r_key = response["data"]["key"] + return r_id, r_key + else: + msg = json.dumps(response, indent=4, sort_keys=True) + code = f"Status: {status_code} - {code_desc(status_code)}" + logger.error(f"ERROR - ADD AGENT:\n{code}\n{msg}") + exit(1) + + +def info_agent(agt_name, pretty=None): + if pretty: + status_code, response = req("get", f"agents?pretty=true&q=name={agt_name}") + else: + status_code, response = req("get", f"agents?q=name={agt_name}") + if status_code == 200 and response["error"] == 0: + for items in response["data"]["affected_items"]: + name = items["name"] + status = items["status"] + return name, status + else: + msg = json.dumps(response, indent=4, sort_keys=True) + code = f"Status: {status_code} - {code_desc(status_code)}" + logger.error(f"ERROR - ADD AGENT:\n{code}\n{msg}") + exit(1) + + +def import_key(agent_key): + cmd = "/var/ossec/bin/manage_agents" + std_out, std_err, r_code = execute([cmd, "-i", agent_key], "y\n\n") + if r_code != 0: + logger.error(f"ERROR - Import key:{std_err}") + exit(1) + else: + logger.info(f"INFO - Key has been imported {std_out}") + + +def execute(cmd_list, stdin=None): + p = Popen( + cmd_list, + stdin=PIPE, + stdout=PIPE, + stderr=PIPE, + encoding="utf8", + shell=False, # nosec + ) + std_out, std_err = p.communicate(stdin) + return_code = p.returncode + return std_out, std_err, return_code + + +def restart_ossec(): + cmd = "/var/ossec/bin/ossec-control" + std_out, std_err, r_code = execute([cmd, "restart"]) + restarted = False + + for line_output in std_out.split(os.linesep): + if "Completed." in line_output: + restarted = True + logger.info("INFO - Restart completed") + break + + if not restarted: + logger.error(f"ERROR - Restarting OSSEC:{std_err}") + exit(1) + + +def status_ossec(): + cmd = "/var/ossec/bin/ossec-control" + std_out, std_err, r_code = execute([cmd, "status"]) + status = False + for line_output in std_out.split(os.linesep): + if "running." in line_output: + status = True + logger.info("INFO - OSSEC up and running") + break + if not status: + logger.error(f"ERROR - OSSEC STATUS:{std_err}") + exit(1) + + +if __name__ == "__main__": + try: + protocol = os.environ.get("JOIN_MANAGER_PROTOCOL") + host = os.environ.get("JOIN_MANAGER_MASTER_HOST") + user = os.environ.get("JOIN_MANAGER_USER") + password = os.environ.get("JOIN_MANAGER_PASSWORD") + node_name = os.environ.get("NODE_NAME") + port = os.environ.get("JOIN_MANAGER_API_PORT") + join_manager_port = os.environ.get("JOIN_MANAGER_PORT") + groups = os.environ.get("WAZUH_GROUPS") + health_checks = os.environ.get("HEALTH_CHECK_PROCESSES") + virus_total_key = os.environ.get("VIRUS_TOTAL_KEY") + join_manager_worker = os.environ.get("JOIN_MANAGER_WORKER_HOST") + flask_bind = os.environ.get("FLASK_BIND") + if "," not in groups: + groups = "default," + group_list = list(groups.split(",")) + else: + group_list = list(groups.split(",")) + if not node_name: + node_name = os.environ.get("HOSTNAME") + if not protocol: + protocol = "https" + if not ( + protocol and host and user and node_name and join_manager_port, + groups, + join_manager_worker, + ): + raise KeyError + + except KeyError as error: + logger.error(f"Please check system variable {error}") + exit(2) + + login_endpoint = "security/user/authenticate" + base_url = f"{protocol}://{host}:{port}" + login_url = f"{protocol}://{host}:{port}/{login_endpoint}" + auth = f"{user}:{password}".encode() + + verify = False + logger.info(f"Adding agent with name {node_name}") + agent_id, agent_key = add_agent(node_name) + logger.info(f"Agent '{node_name}' with ID '{agent_id}' added.") + logger.info(f"Importing authentication key for agent {node_name}") + import_key(agent_key.encode()) + logger.info(f"Create OSSEC configuration for agent {node_name}") + create_config_file() + logger.info(f"Restarting. Agent {node_name}.....") + restart_ossec() + logger.info(f"Getting status of OSSEC processes for agent {node_name}......") + status_ossec() + status = True + while status: + agent_name, agent_status = info_agent(node_name) + if agent_status == "active": + logger.info( + f"Agent '{agent_name}' is ready and connected, status - '{agent_status}......" + ) + logger.info( + f"Agent {agent_name} has been connected to server {join_manager_worker}......" + ) + status = False + else: + logger.info( + f"Waiting for agent {agent_name} become ready current status is {agent_status}......" + ) + app.run(host=flask_bind) diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..2f73d01 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,7 @@ +requests==2.25.1 +Jinja2==2.11.3 +urllib3==1.26.3 +py-healthcheck==1.10.1 +Flask==1.1.2 +psutil==5.8.0 +loguru==0.5.3 diff --git a/wazuh-daemonset.yaml b/wazuh-daemonset.yaml new file mode 100644 index 0000000..5a2e76b --- /dev/null +++ b/wazuh-daemonset.yaml @@ -0,0 +1,133 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: wazuh-agent + namespace: wazuh +spec: + selector: + matchLabels: + app: wazuh-agent + template: + metadata: + labels: + app: wazuh-agent + name: wazuh-agent + spec: + hostPID: true + hostIPC: true + containers: + - name: wazuh-agent + image: kennyopennix/wazuh-agent:latest + livenessProbe: + httpGet: + path: /healz + port: 5000 + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 10 + failureThreshold: 3 + + ports: + - name: agent-http + containerPort: 5000 + protocol: TCP + imagePullPolicy: Always + securityContext: + privileged: true + resources: + limits: + memory: 512Mi + env: + - name: JOIN_MANAGER + value: "wazuh.wazuh.svc.cluster.local" + - name: JOIN_MANAGER_MASTER_HOST + value: "wazuh.wazuh.svc.cluster.local" + - name: JOIN_MANAGER_WORKER_HOST + value: "wazuh-workers.wazuh.svc.cluster.local" + - name: JOIN_MANAGER_PROTOCOL + value: "https" + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: WAZUH_GROUPS + value: default + - name: JOIN_PASSWORD + value: password + - name: JOIN_MANAGER_USER + valueFrom: + secretKeyRef: + name: wazuh-api-cred + key: username + - name: JOIN_MANAGER_PASSWORD + valueFrom: + secretKeyRef: + name: wazuh-api-cred + key: password + - name: JOIN_MANAGER_API_PORT + value: "55000" + - name: JOIN_MANAGER_PORT + value: "1514" + - name: HEALTH_CHECK_PROCESSES + value: "ossec-execd,ossec-syscheckd,ossec-logcollector,wazuh-modulesd,ossec-authd" + volumeMounts: + - mountPath: /var/run + name: var-run + - mountPath: /host/dev + name: dev + - mountPath: /host/sys + name: sys + readOnly: true + - mountPath: /host/proc + name: proc + readOnly: true + - mountPath: /host/etc + name: etc + readOnly: true + - mountPath: /var/run/docker.sock + name: docker-socket-mount + - mountPath: /host/var/run/docker.sock + name: docker-socket-mount + - mountPath: /host/boot + name: boot + readOnly: true + - mountPath: /host/usr + name: usr + readOnly: true + - mountPath: /host/lib/modules + name: modules + readOnly: true + - mountPath: /host/var/log + name: log + readOnly: true + volumes: + - name: docker-socket-mount + hostPath: + path: /var/run/docker.sock + - name: var-run + hostPath: + path: /var/run + - name: dev + hostPath: + path: /dev + - name: sys + hostPath: + path: /sys + - name: proc + hostPath: + path: /proc + - name: etc + hostPath: + path: /etc + - name: boot + hostPath: + path: /boot + - name: usr + hostPath: + path: /usr + - name: modules + hostPath: + path: /lib/modules + - name: log + hostPath: + path: /var/logs