Introduction Intro 2.0 to 2.2.1 2.4 - 2.6 Beyond Outro Prometheus Deep Dive Monitoring. At scale. Richard Hartmann & Frederic Branczyk @TwitchiH & @fredbrancz 2018-12-12 Richard Hartmann & Frederic environments in mind It’s the second project to ever join CNCF and the de facto standard in cloud-native monitoring Kubelets, sidecars, microservices, ALL the cloud-native But it’s a monolithic application . What do you need for operations? Power and cooling Network connectivity Observability, a.k.a. Monitoring The rest you can fix Richard Hartmann & Frederic Branczyk @TwitchiH & @fredbrancz Prometheus

Zero instrumentation monitoring with your first steps in eBPF Beatriz Martínez, Isovalent - @beatrizmrg October 28, 2020 2 What will we be doing? 3 How are we going to do it? 4 Demo time 5 Tracing easier: ○ First approach: C, LLVM/CLANG, tc ○ Second approach: gobpf, bcc ● Non-instrumentation monitoring http://34.70.147.68 $curl 34.70.147.68:8083 Let’s represent the attendees in the map! https://github

Identity Aware Threat Detection and Network Monitoring by using eBPF Natalia Reka Ivanko, Isovalent October 28, 2020 ● ● ○ ● ○ ○ ○ ○ ● ● ● ● ● ● ● ● ○ ● ○ ○ ○ ● ● ● ○ ● ○ ○ ● ●

collaboration Host VM Container shim QEMU process rexec server Rexec cross-host startup and monitoring DPU Management-plane processes libvirtd dockerd virsh client Kubernetes Server 011 openEuler drives. • The capabilities of the management plane are insufficient, and device management or I/O monitoring methods are absent. Project Introduction Applications (VM, CSD) SCM NVMe SSD HDD SSD Ceph server various storage media. • Storage management: provides functions such as device management, I/O monitoring, and maintenance and test tools to manage devices. Efficient Concurrency and Ultimate Performance

.......................................................................................... 50 Monitoring the Data Usage ............................................................................... ......................................................................... 69 Network Security Monitoring .............................................................................................. without pre- defined monitoring database)  (AIDE with security monitoring database pre-defined) Intrusion Prevention  (Fail2ban)  (Fail2ban) Network Security Monitoring  (Zeek)  (Zeek)

Development, Cybersecurity, and Operations throughout the software lifecycle, embracing a continuous monitoring approach in parallel instead of waiting to apply each skill set sequentially.  Security risks traffic management, a zero-trust model, a whitelist, Role-Based Access Control (RBAC), continuous monitoring, signature-based continuous scanning using Common Vulnerabilities and Exposures (CVEs), runtime detection. This can also be used to send notifications when there is anomalous behavior. 4. Vulnerability Management 5. A service mesh proxy to connect to the service mesh 6. Zero Trust down to

ARM64 environment supports 32-bit applications. 16. Memory System Resource Partitioning and Monitoring (MPAM): Cache QoS and memory bandwidth control can be applied on the ARM64 architecture. 17 openEuler 21.03 Technical White Paper Live Kernel Upgrade A live kernel upgrade, including CVE vulnerability fixes and security kernel replacement, does not interrupt ongoing services. Before a live kernel logs The HA cluster solution provides complete logs and debugging information to facilitate the monitoring and management by system administrators. Application Scenarios Application scenario 1: service

. . . . 54 9.3 Directory traversal vulnerability/ LFI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 9.4 Arbitary file write vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 9.5 Remote code execution (RCE) vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 9.6 Remove access to system’s tmp directory . VARIANT="Cloud Edition" VARIANT_ID=cloud 9.3 Directory traversal vulnerability/ LFI Directory traversal or Local File inclusion is the first vulnerability we are going to look into. A GET request to /filename will

Vulnerabilities in the application Directory traversal vulnerability/ LFI Arbitary file write vulnerability Remote code execution (RCE) vulnerability Remove access to system’s tmp directory Protecting home VARIANT_ID=cloud Directory traversal vulnerability/ LFI Directory traversal [https://portswigger.net/web-security/file-path-traversal] or Local File inclusion is the first vulnerability we are going to look into or password details for any other application running in the same system. Arbitary file write vulnerability The attacker can also write to any file using POST request to /filename API endpoint. Thus they

it is important to be aware that it is possible to make a series of requests, and to exploit a vulnerability on an origin webserver such that the attacker can entirely control the content retrieved by the attacks trying to exploit the Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability, the second example will list the ten last denied clients, for example: [Thu Jul 11 17:18:39 variables on headers, which is provided by mod_setenvif. --disable-status Enable the process/thread monitoring, which is provided by mod_status. --disable-userdir Disable the mapping of requests to user-specific