- 重要な情報
- アプリ内
- インフラストラクチャー
- アプリケーションパフォーマンス
- 継続的インテグレーション
- ログ管理
- セキュリティ
- UX モニタリング
- 管理
There are four types of monitoring that the Datadog Agent uses for Cloud Workload Security:
If you have not already, install the Datadog Agent (version 7.27+).
Add the following to the datadog
section of the values.yaml
file:
# values.yaml file
datadog:
# Add this to enable Cloud Workload Security
securityAgent:
runtime:
enabled: true
# Add this to enable the collection of CWS network events, only for Datadog Agent version 7.36
network:
enabled: true
Restart the Agent.
Optional, if Cloud SIEM is checked Follow these instructions to collect audit logs for Kubernetes.
The following command can be used to start the Runtime Security Agent and system-probe
in a Docker environment:
docker-runtime-security.sh
docker run -d --name dd-agent \
--cgroupns host \
--pid host \
--security-opt apparmor:unconfined \
--cap-add SYS_ADMIN \
--cap-add SYS_RESOURCE \
--cap-add SYS_PTRACE \
--cap-add NET_ADMIN \
--cap-add NET_BROADCAST \
--cap-add NET_RAW \
--cap-add IPC_LOCK \
--cap-add CHOWN \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v /proc/:/host/proc/:ro \
-v /sys/fs/cgroup/:/host/sys/fs/cgroup:ro \
-v /etc/passwd:/etc/passwd:ro \
-v /etc/group:/etc/group:ro \
-v /:/host/root:ro \
-v /sys/kernel/debug:/sys/kernel/debug \
-v /etc/os-release:/etc/os-release \
-e DD_RUNTIME_SECURITY_CONFIG_ENABLED=true \
-e DD_RUNTIME_SECURITY_CONFIG_NETWORK_ENABLED=true \ # to enable the collection of CWS network events
-e HOST_ROOT=/host/root \
-e DD_API_KEY=<API KEY> \
gcr.io/datadoghq/agent:7
For a package-based deployment, the Datadog package has to be deployed: run dkpg -i datadog-agent_7….deb
By default Runtime Security is disabled. To enable it, both the security-agent.yaml
and the system-probe.yaml
files need to be adapted. Run the following commands to enable these configurations:
debian-runtime-security.sh
echo "runtime_security_config.enabled: true" >> /etc/datadog-agent/security-agent.yaml
echo "runtime_security_config.enabled: true" >> /etc/datadog-agent/system-probe.yaml
systemctl restart datadog-agent
For Datadog Agent version 7.36 only, to enable the collection of CWS network events:
echo "runtime_security_config.network.enabled: true" >> /etc/datadog-agent/system-probe.yaml
Once you apply the changes, restart both the Security Agent and the system-probe.
For a package-based deployment, the Datadog package has to be deployed: run yum/dnf install datadog-agent_7….rpm
By default Runtime Security is disabled. To enable it, both the security-agent.yaml
and the system-probe.yaml
files need to be adapted. Run the following commands to enable these configurations:
fedora-centos-runtime-security.sh
echo "runtime_security_config.enabled: true" >> /etc/datadog-agent/security-agent.yaml
echo "runtime_security_config.enabled: true" >> /etc/datadog-agent/system-probe.yaml
systemctl restart datadog-agent
For Datadog Agent version 7.36 only, to enable the collection of CWS network events:
echo "runtime_security_config.network.enabled: true" >> /etc/datadog-agent/system-probe.yaml
For a package-based deployment, the Datadog package has to be deployed. Install the package with your package manager.
By default Runtime Security is disabled. To enable it, both the security-agent.yaml
and the system-probe.yaml
files need to be adapted. Run the following commands to enable these configurations:
host-runtime-security.sh
echo "runtime_security_config.enabled: true" >> /etc/datadog-agent/security-agent.yaml
echo "runtime_security_config.enabled: true" >> /etc/datadog-agent/system-probe.yaml
systemctl restart datadog-agent
For Datadog Agent version 7.36 only, to enable the collection of CWS network events:
echo "runtime_security_config.network.enabled: true" >> /etc/datadog-agent/system-probe.yaml
The following deployment can be used to start the Runtime Security Agent and system-probe
in an Amazon Elastic Beanstalk environment with multiple Docker containers:
{
"AWSEBDockerrunVersion": 2,
"volumes": [
{
"name": "docker_sock",
"host": {
"sourcePath": "/var/run/docker.sock"
}
},
{
"name": "proc",
"host": {
"sourcePath": "/proc/"
}
},
{
"name": "cgroup",
"host": {
"sourcePath": "/cgroup/"
}
},
{
"name": "debug",
"host": {
"sourcePath": "/sys/kernel/debug"
}
},
{
"name": "os_release",
"host": {
"sourcePath": "/etc/os-release"
}
},
{
"name": "etc_passwd",
"host": {
"sourcePath": "/etc/passwd"
}
},
{
"name": "etc_group",
"host": {
"sourcePath": "/etc/group"
}
}
],
"containerDefinitions": [
{
"image": "gcr.io/datadoghq/agent:7",
"environment": [
{
"name": "DD_API_KEY",
"value": "<YOUR_DD_API_KEY>"
},
{
"name": "DD_SITE",
"value": "<YOUR_DD_SITE>"
},
{
"name": "DD_TAGS",
"value": "<SIMPLE_TAG>, <KEY:VALUE_TAG>"
},
{
"name": "DD_RUNTIME_SECURITY_CONFIG_ENABLED",
"value": "true"
}
],
"memory": 256,
"dockerSecurityOptions": ["apparmor:unconfined"],
"linuxParameters": {
"capabilities": {
"add": [
"SYS_ADMIN",
"SYS_RESOURCE",
"SYS_PTRACE",
"NET_ADMIN",
"NET_BROADCAST",
"NET_RAW",
"IPC_LOCK",
"CHOWN"
]
}
},
"mountPoints": [
{
"sourceVolume": "docker_sock",
"containerPath": "/var/run/docker.sock",
"readOnly": false
},
{
"sourceVolume": "proc",
"containerPath": "/host/proc",
"readOnly": true
},
{
"sourceVolume": "cgroup",
"containerPath": "/host/sys/fs/cgroup",
"readOnly": true
},
{
"containerPath": "/sys/kernel/debug",
"sourceVolume": "debug"
},
{
"sourceVolume": "os_release",
"containerPath": "/host/etc/os-release",
"readOnly": false
},
{
"sourceVolume": "etc_passwd",
"containerPath": "/etc/passwd",
"readOnly": false
},
{
"sourceVolume": "etc_group",
"containerPath": "/etc/group",
"readOnly": false
}
]
}
]
}
お役に立つドキュメント、リンクや記事: