Red Hat Advanced Cluster Security for Kubernetes (RHACS) provides the ability to audit the processes that are listening on ports in your secured clusters and filter this data by deployment, namespace, or cluster.
You can view information about processes and ports that they are listening on by using the following methods:
In the RHACS web portal, go to Network → Listening Endpoints.
Connect to the ListeningEndpointsService
object in the API. For more information on the API, go to Help → API reference in the RHACS web portal.
The page provides a list of processes by deployment, with the following information displayed for each process on the list:
Deployment name
Cluster
Namespace
Count, or the number of processes listening on the ports in the deployment
You can further filter the information displayed on the page by using the filter field and entering individual deployments, namespaces, and clusters.
Click the expand icon at the top of the list to expand all sections for all deployments listed, or click the expand icon on a single deployment line to view additional information about that deployment. The following information is provided:
Exec file path: Location of the process
PID: System ID of the process
Port: Port on which the process is listening
Protocol: Protocol in use by the process
Pod ID: Name of the pod where the process is contained
Container name: Name of the container in which the process that is listening is located
Clicking on a deployment name brings you to the Risk page in the RHACS web portal, where you can view information about the deployment, including risk indicators such as policy violations and additional deployment details.