16
可能引起 K8S 集群故障的安全软件
source link: https://chanjarster.github.io/post/k8s/bad-security-daemons/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
可能引起 K8S 集群故障的安全软件
ds_agent
qaxsafed
,奇安信,查下 qax 看看有没有其他的secdog
,也查下 dog 和 secsangfor_watchdog
,这个不影响,但是有它基本是深信服的虚拟化环境,会和flannel的8472端口冲突,见这篇文章YDservice
Symantec
start360su_safed
,推荐 ps aux | grep safe 先查下,再查 360 字样gov_defence_service
gov_defence_guard
wsssr_defence_daemon
,奇安信服务器安全加固系统,和下面是一起的。目前遇到过影响 socat 运行和容器进程访问另一个机器上的mysql端口wsssr_defence_service
wsssr_defence_agent
,影响pod网络ics_agent
/opt/nubosh/vmsec-host/intedrity/bin/icsintedrity
,docker -p 的都无法访问/opt/nubosh/vmsec-host/file/bin/icsfilesec
edr_sec_plan
,深信服的 edr ,这个会下发 iptables 规则,配置错了会影响 node 之间,以及 pod 和 pod 之间通信titanagent
,青藤云安全软件
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK