53 lines
1.2 KiB
YAML
53 lines
1.2 KiB
YAML
|
---
|
||
|
|
apiVersion: v1
|
||
|
|
kind: ConfigMap
|
||
|
|
metadata:
|
||
|
|
name: auditbeat-config
|
||
|
|
namespace: kube-system
|
||
|
|
labels:
|
||
|
|
k8s-app: auditbeat
|
||
|
|
data:
|
||
|
|
auditbeat.yml: |-
|
||
|
|
auditbeat.config.modules:
|
||
|
|
# Mounted `auditbeat-daemonset-modules` configmap:
|
||
|
|
path: ${path.config}/modules.d/*.yml
|
||
|
|
# Reload module configs as they change:
|
||
|
|
reload.enabled: false
|
||
|
|
|
||
|
|
processors:
|
||
|
|
- add_cloud_metadata:
|
||
|
|
|
||
|
|
cloud.id: ${ELASTIC_CLOUD_ID}
|
||
|
|
cloud.auth: ${ELASTIC_CLOUD_AUTH}
|
||
|
|
|
||
|
|
output.elasticsearch:
|
||
|
|
hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
|
||
|
|
username: ${ELASTICSEARCH_USERNAME}
|
||
|
|
password: ${ELASTICSEARCH_PASSWORD}
|
||
|
|
---
|
||
|
|
apiVersion: v1
|
||
|
|
kind: ConfigMap
|
||
|
|
metadata:
|
||
|
|
name: auditbeat-daemonset-modules
|
||
|
|
namespace: kube-system
|
||
|
|
labels:
|
||
|
|
k8s-app: auditbeat
|
||
|
|
data:
|
||
|
|
system.yml: |-
|
||
|
|
- module: file_integrity
|
||
|
|
paths:
|
||
|
|
- /hostfs/bin
|
||
|
|
- /hostfs/usr/bin
|
||
|
|
- /hostfs/sbin
|
||
|
|
- /hostfs/usr/sbin
|
||
|
|
- /hostfs/etc
|
||
|
|
exclude_files:
|
||
|
|
- '(?i)\.sw[nop]$'
|
||
|
|
- '~$'
|
||
|
|
- '/\.git($|/)'
|
||
|
|
scan_at_start: true
|
||
|
|
scan_rate_per_sec: 50 MiB
|
||
|
|
max_file_size: 100 MiB
|
||
|
|
hash_types: [sha1]
|
||
|
|
recursive: true
|