Quick Start
Write a configuration file
# example.yml
network:
mode: block
target: host
cidr:
allow:
- 0.0.0.0/0
domain:
deny:
- example.com
command:
allow:
- systemd-resolved
- curl
- bouheki
files:
mode: block
target: host
allow:
- '/'
deny:
- '/etc/passwd'
log:
format: json
This configuration file sets the following limits:
- Block access to example.com
- However, access allowed by specified commands with
command.allow
(such ascurl
)
- However, access allowed by specified commands with
- Block access to
/etc/passwd
For more information for configurations, see here.
Run
$ sudo bouheki --config example.yml
Docker
$ docker run --rm -it --cgroupns=host --pid=host --privileged \
-v /sys/kernel/:/sys/kernel/ \
-v /sys/fs/bpf:/sys/fs/bpf \
-v /path/to/config.yaml:/config.yaml \
--env BOUHEKI_SKIP_COMPATIBLE_CHECK=1 \
ghcr.io/mrtc0/bouheki:latest --config /config.yaml