ElkeidUP - An Open-Source Security Tool for Cloud-Native Workloads

ElkeidUP - An Open-Source Security Tool for Cloud-Native Workloads

ElkeidUP is an open-source security solution designed for various workloads, including hosts, containers, Kubernetes, and serverless environments. This guide provides step-by-step instructions for deploying Elkeid tools using the elkeidup automation tool.

Prerequisites

  1. Backend Server Requirements:

    • Must be dedicated exclusively to Elkeid.

    • Must ensure intranet interoperability.

    • Requires root user privileges during deployment.

    • Supported operating systems:CentOS 7 and above

  2. SSH Configuration:

    • The server executing elkeidup must be able to execute ssh root@x.x.x.x without a password on any backend server.

  3. Network Configuration:

    • Use only LAN IPs; avoid using 127.0.0.1, hostnames, or public IPs.

  4. File System:

    • Do not remove the ~/.elkeidup directory after deployment.

  5. Password Management:

    • Avoid embedding user passwords in components, including the Console (Elkeid Manager).

Deployment Instructions

  1. Prepare the Environment:

    • Ensure the backend server meets all prerequisites.

    • Verify SSH access and root privileges.

  2. Download Deployment Tools:

    • Obtain the elkeidup tool and associated configuration files from the Elkeid repository.

  3. Enable Kernel Driver Auto-Download Service (Optional):

    • Elkeid includes a service to auto-download missing kernel drivers for unsupported kernel versions.

    • To enable this service during deployment:Update the 

    • If disabled, manually replace the kernel driver package (ko_1.7.0.9.tar.xz) in package/to_upload/agent/component/driver/ko.tar.xz.

  4. Execute Deployment:

    • Run the elkeidup script with appropriate configurations.

    • Ensure deployment is not interrupted manually.

  5. Post-Deployment Configuration:

    • If you need to disable the kernel driver auto-download service later, update report.enable_report to false in the elkeidup_config.yaml file and restart the manager.

Kernel Driver Management

  • Elkeid precompiles kernel drivers for major Linux distributions (3435 precompiled .ko files included).

  • If a required kernel version is missing:

    • The auto-download service informs engineers to prioritize updates.

    • Basic system information (kernel version, architecture, QPS metrics) is collected every 30 minutes if enabled.

Code References

  • The on/off switch for reporting: Located in the InitReport() function of internal/monitor/report.go.

  • Data collection logic: Defined in the heartbeatDefaultQuery structure in internal/monitor/report.go.

  • Auto-download functionality: Implemented in the SendAgentDriverKoMissedMsg() function of biz/handler/v6/ko.go.

By following these steps, you can efficiently deploy Elkeid tools while maintaining flexibility and ensuring compatibility with various Linux environments. You can learn more and Download ElkeidUP in GitHub.

Upgrade Your Cybersecurity Skills EHA: Learn 150+ Practical Cyber Security Courses Online With Life Time Access - Enroll Here

 

Back to blog