Kubernetes Security Tools
This post lists out popular K8s security tools. The list will be updated regularly.
1A. Default Setting
- Command Logging = Enabled
- Console Logging = Disabled
- Session Logging = Disabled
msf5 > show options
Global Options:
===============
Option Current Setting Description
------ --------------- -----------
ConsoleLogging false Log all console input and output
LogLevel 0 Verbosity of logs (default 0, max 3)
MeterpreterPrompt meterpreter The meterpreter prompt string
MinimumRank 0 The minimum rank of exploits that will run without explicit confirmation
Prompt msf5 The prompt string
PromptChar > The prompt character
PromptTimeFormat %Y-%m-%d %H:%M:%S Format for timestamp escapes in prompts
SessionLogging false Log all input and output for sessions
TimestampOutput false Prefix all console output with a timestamp
1B. Enable  Logging
# Console Logging
msf5 > set ConsoleLogging true
Console logging is now enabled.
ConsoleLogging => true
# Session Logging
msf5 > set SessionLogging true
Session logging will be enabled for future sessions.
SessionLogging => true
2A. Command Logging
- Enabled by default
- Location: /home/<USER_ID>/.msf4/history or /root/.msf4/history
set ConsoleLogging true
exit
use exploit/multi/handler
set LHOST 10.10.75.1
set LPORT 8080
exploit
exit
2B. Console Logging
- Need to enable manually
- Location: /home/<USER_ID>/.msf4/logs/console.log
[*] Console logging started: 2020-09-18 13:10:38 -0700
ConsoleLogging => true
msf5 > exit
[*] Console logging started: 2020-09-18 13:13:43 -0700
msf5 > use exploit/multi/handler
msf5 exploit(multi/handler) > set LHOST 10.10.75.1
LHOST => 10.10.75.1
msf5 exploit(multi/handler) > set LPORT 8080
LPORT => 8080
msf5 exploit(multi/handler) > exploit
[-] exploit: Interrupted
msf5 exploit(multi/handler) > exit
2C. Session Logging
- Need to enable manually
- Location: /home/<USER_ID>/.msf4/logs/sessions/*.log
3. Automate enabling Logging
Logging Configuration doesn't persistent if no Metasploit database is available
$ msfconsole
[-] ***Rting the Metasploit Framework console...\
[-] * WARNING: No database support: could not connect to server: Connection refused
Is the server running on host "localhost" (::1) and accepting
TCP/IP connections on port 5432?
could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5432?
=[ metasploit v5.0.73-dev ]
+ -- --=[ 1965 exploits - 1095 auxiliary - 337 post ]
+ -- --=[ 558 payloads - 45 encoders - 10 nops ]
+ -- --=[ 7 evasion ]
msf5 > set ConsoleLogging true
Console logging is now enabled.
ConsoleLogging => true
msf5 > exit
================================================
$ msfconsole
[-] ***rting the Metasploit Framework console...-
[-] * WARNING: No database support: could not connect to server: Connection refused
Is the server running on host "localhost" (::1) and accepting
TCP/IP connections on port 5432?
could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5432?
=[ metasploit v5.0.73-dev ]
+ -- --=[ 1965 exploits - 1095 auxiliary - 337 post ]
+ -- --=[ 558 payloads - 45 encoders - 10 nops ]
+ -- --=[ 7 evasion ]
msf5 > show options
Global Options:
===============
Option Current Setting Description
------ --------------- -----------
ConsoleLogging false Log all console input and output
LogLevel 0 Verbosity of logs (default 0, max 3)
MeterpreterPrompt meterpreter The meterpreter prompt string
MinimumRank 0 The minimum rank of exploits that will run without explicit confirmation
Prompt msf5 The prompt string
PromptChar > The prompt character
PromptTimeFormat %Y-%m-%d %H:%M:%S Format for timestamp escapes in prompts
SessionLogging false Log all input and output for sessions
TimestampOutput false Prefix all console output with a timestamp
msf5 > exit