Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/dorkamotorka/kubearmor-jupyter
Securing Jupyter Notebook using KubeArmor
https://github.com/dorkamotorka/kubearmor-jupyter
Last synced: 16 days ago
JSON representation
Securing Jupyter Notebook using KubeArmor
- Host: GitHub
- URL: https://github.com/dorkamotorka/kubearmor-jupyter
- Owner: dorkamotorka
- Created: 2024-10-22T14:37:26.000Z (2 months ago)
- Default Branch: main
- Last Pushed: 2024-11-03T16:03:07.000Z (about 2 months ago)
- Last Synced: 2024-11-03T16:32:11.865Z (about 2 months ago)
- Language: Jupyter Notebook
- Size: 18.6 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Security Jupyter Notebooks using KubeArmor
The Jupyter Notebook is a web-based interactive computing platform, for interactively developing and visualizing AI and data science projects.
But, at the same time it provides elevated privileges to execute arbitrary code, which makes it vulnerable to malicious code execution in case attacker gains access.
This repository showcases, how you can configure runtime security using KubeArmor to prevent such situations.
## How to try it yourself
Jupyter Hub can be installed using:
```
helm upgrade --cleanup-on-fail --install my-jupyter jupyterhub/jupyterhub --namespace jupyter --create-namespace --values values.yaml
```Default username and password for Jupyter Auth are both `ebpfchirp`.
Since this is a public repo, please update the username and password in case you plan to run it on a public IP.
You can uninstall the helm chart afterwards using:
```
helm uninstall my-jupyter --namespace jupyter
```To enforce the runtime security first [install KubeArmor](https://docs.kubearmor.io/kubearmor/quick-links/deployment_guide) and then apply the security policy:
```
kubectl apply -f jupyter-policy.yaml
```KubeArmor by default only audits the events. If you want to block everything and just allow the actions as specified in the `jupyter-policy.yaml`, you need to execute:
```
kubectl annotate ns jupyter kubearmor-file-posture=block --overwrite
```To try it out, run the `exploit.ipynb` script, which install and executes an malicious script. You should get a `Permissions denied` error.