Created
March 2, 2023 06:21
-
-
Save Vyom-Yadav/97e10453166340fee4caa00162a27af7 to your computer and use it in GitHub Desktop.
karmor recommend
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ❯ ./karmor recommend | |
| INFO[0000] Found outdated version of policy-templates Current Version=v0.0.1 | |
| INFO[0000] Downloading latest version [v0.1.9] | |
| INFO[0002] policy-templates updated Updated Version=v0.1.9 | |
| INFO[0002] pulling image image="accuknox/knoxautopolicy:stable" | |
| stable: Pulling from accuknox/knoxautopolicy | |
| Digest: sha256:f0faa8950563e09f8a6880774bf8e9b2a9c25e2d4d380d61c052dbb15be5d975 | |
| Status: Image is up to date for accuknox/knoxautopolicy:stable | |
| INFO[0007] dumped image to tar tar=/tmp/karmor249792473/YSqOziIe.tar | |
| Distribution ubuntu | |
| INFO[0007] No runtime policy generated for accuknox-agents/discovery-engine/accuknox/knoxautopolicy:stable | |
| created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-automount-service-account-token.yaml ... | |
| created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-maint-tools-access.yaml ... | |
| created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-trusted-cert-mod.yaml ... | |
| created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-system-owner-discovery.yaml ... | |
| created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-write-under-bin-dir.yaml ... | |
| created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-write-under-dev-dir.yaml ... | |
| created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-cronjob-cfg.yaml ... | |
| created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-pkg-mngr-exec.yaml ... | |
| created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-k8s-client-tool-exec.yaml ... | |
| created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-remote-file-copy.yaml ... | |
| created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-write-in-shm-dir.yaml ... | |
| created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-write-etc-dir.yaml ... | |
| created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-shell-history-mod.yaml ... | |
| created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-file-system-mounts.yaml ... | |
| created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-access-ctrl-permission-mod.yaml ... | |
| created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-system-network-env-mod.yaml ... | |
| created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-file-integrity-monitoring.yaml ... | |
| INFO[0015] pulling image image="registry.k8s.io/coredns/coredns:v1.9.3" | |
| v1.9.3: Pulling from coredns/coredns | |
| Digest: sha256:8e352a029d304ca7431c6507b56800636c321cb52289686a581ab70aaa8a2e2a | |
| Status: Image is up to date for registry.k8s.io/coredns/coredns:v1.9.3 | |
| INFO[0016] dumped image to tar tar=/tmp/karmor327830587/JjpYPruT.tar | |
| INFO[0016] No runtime policy generated for kube-system/coredns/registry.k8s.io/coredns/coredns:v1.9.3 | |
| created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-automount-service-account-token.yaml ... | |
| created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-maint-tools-access.yaml ... | |
| created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-trusted-cert-mod.yaml ... | |
| created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-system-owner-discovery.yaml ... | |
| created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-write-under-bin-dir.yaml ... | |
| created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-write-under-dev-dir.yaml ... | |
| created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-cronjob-cfg.yaml ... | |
| created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-pkg-mngr-exec.yaml ... | |
| created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-k8s-client-tool-exec.yaml ... | |
| created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-remote-file-copy.yaml ... | |
| created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-write-in-shm-dir.yaml ... | |
| created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-write-etc-dir.yaml ... | |
| created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-shell-history-mod.yaml ... | |
| created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-file-integrity-monitoring.yaml ... | |
| INFO[0020] pulling image image="gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0" | |
| v0.8.0: Pulling from kubebuilder/kube-rbac-proxy | |
| Digest: sha256:db06cc4c084dd0253134f156dddaaf53ef1c3fb3cc809e5d81711baa4029ea4c | |
| Status: Image is up to date for gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 | |
| INFO[0022] dumped image to tar tar=/tmp/karmor2264446606/CwdAEkwU.tar | |
| Distribution debian | |
| INFO[0022] No runtime policy generated for kube-system/kubearmor-annotation-manager/gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 | |
| created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-automount-service-account-token.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-maint-tools-access.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-trusted-cert-mod.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-system-owner-discovery.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-write-under-bin-dir.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-write-under-dev-dir.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-cronjob-cfg.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-pkg-mngr-exec.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-k8s-client-tool-exec.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-remote-file-copy.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-write-in-shm-dir.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-write-etc-dir.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-shell-history-mod.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-system-network-env-mod.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-file-integrity-monitoring.yaml ... | |
| INFO[0026] pulling image image="kubearmor/kubearmor-annotation-manager:latest" | |
| latest: Pulling from kubearmor/kubearmor-annotation-manager | |
| Digest: sha256:039fa7f71ebde4d230bffaa1b926d6c71448352e01117ea59e9606dc7df38b12 | |
| Status: Image is up to date for kubearmor/kubearmor-annotation-manager:latest | |
| INFO[0029] dumped image to tar tar=/tmp/karmor3715264790/XXopExxF.tar | |
| Distribution debian | |
| INFO[0029] No runtime policy generated for kube-system/kubearmor-annotation-manager/kubearmor/kubearmor-annotation-manager:latest | |
| created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-automount-service-account-token.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-maint-tools-access.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-trusted-cert-mod.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-system-owner-discovery.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-write-under-bin-dir.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-write-under-dev-dir.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-cronjob-cfg.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-pkg-mngr-exec.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-k8s-client-tool-exec.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-remote-file-copy.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-write-in-shm-dir.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-write-etc-dir.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-shell-history-mod.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-system-network-env-mod.yaml ... | |
| created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-file-integrity-monitoring.yaml ... | |
| INFO[0030] pulling image image="gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0" | |
| v0.5.0: Pulling from kubebuilder/kube-rbac-proxy | |
| Digest: sha256:e10d1d982dd653db74ca87a1d1ad017bc5ef1aeb651bdea089debf16485b080b | |
| Status: Image is up to date for gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 | |
| INFO[0032] dumped image to tar tar=/tmp/karmor1056548796/PxeOjZTA.tar | |
| Distribution alpine | |
| INFO[0032] No runtime policy generated for kube-system/kubearmor-host-policy-manager/gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 | |
| created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-automount-service-account-token.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-maint-tools-access.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-trusted-cert-mod.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-system-owner-discovery.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-write-under-bin-dir.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-write-under-dev-dir.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-cronjob-cfg.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-pkg-mngr-exec.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-k8s-client-tool-exec.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-remote-file-copy.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-write-in-shm-dir.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-write-etc-dir.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-shell-history-mod.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-cis-commandline-warning-banner.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-system-network-env-mod.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-file-integrity-monitoring.yaml ... | |
| INFO[0039] pulling image image="kubearmor/kubearmor-host-policy-manager:latest" | |
| latest: Pulling from kubearmor/kubearmor-host-policy-manager | |
| Digest: sha256:2bd9aa1f087370b578d45b29011acbfb2b1c7768baa5d7246ae230c9f93a2631 | |
| Status: Image is up to date for kubearmor/kubearmor-host-policy-manager:latest | |
| INFO[0043] dumped image to tar tar=/tmp/karmor2720873118/yXlkZdVo.tar | |
| Distribution debian | |
| INFO[0043] No runtime policy generated for kube-system/kubearmor-host-policy-manager/kubearmor/kubearmor-host-policy-manager:latest | |
| created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-automount-service-account-token.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-maint-tools-access.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-trusted-cert-mod.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-system-owner-discovery.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-write-under-bin-dir.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-write-under-dev-dir.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-cronjob-cfg.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-pkg-mngr-exec.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-k8s-client-tool-exec.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-remote-file-copy.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-write-in-shm-dir.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-write-etc-dir.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-shell-history-mod.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-system-network-env-mod.yaml ... | |
| created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-file-integrity-monitoring.yaml ... | |
| INFO[0046] pulling image image="gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0" | |
| v0.5.0: Pulling from kubebuilder/kube-rbac-proxy | |
| Digest: sha256:e10d1d982dd653db74ca87a1d1ad017bc5ef1aeb651bdea089debf16485b080b | |
| Status: Image is up to date for gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 | |
| INFO[0048] dumped image to tar tar=/tmp/karmor2720407574/SUBkDPUL.tar | |
| Distribution alpine | |
| INFO[0048] No runtime policy generated for kube-system/kubearmor-policy-manager/gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 | |
| created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-automount-service-account-token.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-maint-tools-access.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-trusted-cert-mod.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-system-owner-discovery.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-write-under-bin-dir.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-write-under-dev-dir.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-cronjob-cfg.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-pkg-mngr-exec.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-k8s-client-tool-exec.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-remote-file-copy.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-write-in-shm-dir.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-write-etc-dir.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-shell-history-mod.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-cis-commandline-warning-banner.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-system-network-env-mod.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-file-integrity-monitoring.yaml ... | |
| INFO[0056] pulling image image="kubearmor/kubearmor-policy-manager:latest" | |
| latest: Pulling from kubearmor/kubearmor-policy-manager | |
| Digest: sha256:48fceed2567ce790eab7f81a2cf6723e3aba70083e7beaa0cea4117016745b2f | |
| Status: Image is up to date for kubearmor/kubearmor-policy-manager:latest | |
| INFO[0059] dumped image to tar tar=/tmp/karmor642153286/qqpCiXrI.tar | |
| Distribution debian | |
| INFO[0059] No runtime policy generated for kube-system/kubearmor-policy-manager/kubearmor/kubearmor-policy-manager:latest | |
| created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-automount-service-account-token.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-maint-tools-access.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-trusted-cert-mod.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-system-owner-discovery.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-write-under-bin-dir.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-write-under-dev-dir.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-cronjob-cfg.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-pkg-mngr-exec.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-k8s-client-tool-exec.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-remote-file-copy.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-write-in-shm-dir.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-write-etc-dir.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-shell-history-mod.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-system-network-env-mod.yaml ... | |
| created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-file-integrity-monitoring.yaml ... | |
| INFO[0062] pulling image image="kubearmor/kubearmor-relay-server:latest" | |
| latest: Pulling from kubearmor/kubearmor-relay-server | |
| Digest: sha256:4fa3abf7c1ce1277210818ae3dcf5a9b758412fe4414c909a088ab3601e5610a | |
| Status: Image is up to date for kubearmor/kubearmor-relay-server:latest | |
| INFO[0065] dumped image to tar tar=/tmp/karmor1197092599/saFGzOXn.tar | |
| Distribution alpine | |
| INFO[0065] No runtime policy generated for kube-system/kubearmor-relay/kubearmor/kubearmor-relay-server:latest | |
| created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-automount-service-account-token.yaml ... | |
| created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-maint-tools-access.yaml ... | |
| created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-trusted-cert-mod.yaml ... | |
| created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-system-owner-discovery.yaml ... | |
| created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-write-under-bin-dir.yaml ... | |
| created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-write-under-dev-dir.yaml ... | |
| created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-cronjob-cfg.yaml ... | |
| created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-pkg-mngr-exec.yaml ... | |
| created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-k8s-client-tool-exec.yaml ... | |
| created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-remote-file-copy.yaml ... | |
| created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-write-in-shm-dir.yaml ... | |
| created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-write-etc-dir.yaml ... | |
| created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-shell-history-mod.yaml ... | |
| created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-cis-commandline-warning-banner.yaml ... | |
| created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-system-network-env-mod.yaml ... | |
| created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-file-integrity-monitoring.yaml ... | |
| INFO[0074] pulling image image="docker.io/kindest/local-path-provisioner:v0.0.22-kind.0" | |
| v0.0.22-kind.0: Pulling from kindest/local-path-provisioner | |
| Digest: sha256:d75e5f061d78b61171b594e8f9e6c46fadffd13b8be028bbb9b1c48ff2a2c259 | |
| Status: Image is up to date for kindest/local-path-provisioner:v0.0.22-kind.0 | |
| INFO[0077] dumped image to tar tar=/tmp/karmor3446573937/HwRlhcKk.tar | |
| Distribution debian | |
| INFO[0077] No runtime policy generated for local-path-storage/local-path-provisioner/docker.io/kindest/local-path-provisioner:v0.0.22-kind.0 | |
| created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-automount-service-account-token.yaml ... | |
| created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-maint-tools-access.yaml ... | |
| created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-trusted-cert-mod.yaml ... | |
| created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-system-owner-discovery.yaml ... | |
| created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-write-under-bin-dir.yaml ... | |
| created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-write-under-dev-dir.yaml ... | |
| created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-cronjob-cfg.yaml ... | |
| created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-pkg-mngr-exec.yaml ... | |
| created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-k8s-client-tool-exec.yaml ... | |
| created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-remote-file-copy.yaml ... | |
| created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-write-in-shm-dir.yaml ... | |
| created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-write-etc-dir.yaml ... | |
| created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-shell-history-mod.yaml ... | |
| created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-system-network-env-mod.yaml ... | |
| created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-file-integrity-monitoring.yaml ... | |
| output report in out/report.txt ... | |
| Deployment | accuknox-agents/discovery-engine | |
| Container | accuknox/knoxautopolicy:stable | |
| OS | linux | |
| Arch | amd64 | |
| Distro | ubuntu | |
| Output Directory | out/accuknox-agents-discovery-engine | |
| policy-template version | v0.1.9 | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | POLICY | SHORT DESC | SEVERITY | ACTION | TAGS | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | accuknox-knoxautopolicy-stable- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT | | |
| | automount-service-account- | token when it is not needed | | | | | |
| | token.yaml | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | accuknox-knoxautopolicy-stable- | Restrict access to maintenance | 1 | Audit | PCI_DSS | | |
| | maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | accuknox-knoxautopolicy-stable- | Restrict access to trusted | 1 | Block | MITRE | | |
| | trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials | | |
| | | image | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | accuknox-knoxautopolicy-stable- | System Information Discovery | 3 | Block | MITRE | | |
| | system-owner-discovery.yaml | - block system owner discovery | | | MITRE_T1082_system_information_discovery | | |
| | | commands | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | accuknox-knoxautopolicy-stable- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 | | |
| | write-under-bin-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | | make directory under /bin/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | accuknox-knoxautopolicy-stable- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 | | |
| | write-under-dev-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | | make files under /dev/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | accuknox-knoxautopolicy-stable- | System and Information | 5 | Audit | NIST SI-4 | | |
| | cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 | | |
| | | Detect access to cronjob files | | | CIS CIS_Linux | | |
| | | | | | CIS_5.1_Configure_Cron | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | accuknox-knoxautopolicy-stable-pkg- | System and Information | 5 | Block | NIST | | |
| | mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) | | |
| | | Functionality deny execution | | | SI-4 process | | |
| | | of package manager process in | | | NIST_800-53_SI-4 | | |
| | | container | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | accuknox-knoxautopolicy-stable-k8s- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command | | |
| | client-tool-exec.yaml | container administration | | | MITRE_TA0002_execution | | |
| | | service to execute commands | | | MITRE_T1610_deploy_container | | |
| | | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 | | |
| | | | | | NIST_800-53_SI-4 NIST | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | accuknox-knoxautopolicy-stable- | The adversary is trying to | 5 | Block | MITRE | | |
| | remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement | | |
| | | | | | MITRE_TA0010_exfiltration | | |
| | | | | | MITRE_TA0006_credential_access | | |
| | | | | | MITRE_T1552_unsecured_credentials | | |
| | | | | | NIST_800-53_SI-4(18) NIST | | |
| | | | | | NIST_800-53 NIST_800-53_SC-4 | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | accuknox-knoxautopolicy-stable- | The adversary is trying to | 5 | Block | MITRE_execution | | |
| | write-in-shm-dir.yaml | write under shm folder | | | MITRE | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | accuknox-knoxautopolicy-stable- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST | | |
| | write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 | | |
| | | | | | MITRE_T1562.001_disable_or_modify_tools | | |
| | | | | | MITRE_T1036.005_match_legitimate_name_or_location | | |
| | | | | | MITRE_TA0003_persistence | | |
| | | | | | MITRE MITRE_T1036_masquerading | | |
| | | | | | MITRE_TA0005_defense_evasion | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | accuknox-knoxautopolicy-stable- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 | | |
| | shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) | | |
| | | within systems to remove | | | MITRE_T1070_indicator_removal_on_host | | |
| | | evidence. | | | MITRE MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | accuknox-knoxautopolicy-stable- | Ensure successful file system | 5 | Audit | CIS CIS_Linux | | |
| | file-system-mounts.yaml | mounts are collected | | | CIS_4_Logging_and_Aduditing | | |
| | | | | | CIS_4.1.1_Data_Retention | | |
| | | | | | CIS_4.1.14_file_system_mount | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | accuknox-knoxautopolicy-stable- | Ensure discretionary | 5 | Block | CIS CIS_Linux CIS_4_Logging_and_Aduditing | | |
| | access-ctrl-permission-mod.yaml | access control permission | | | CIS_4.1.1_Data_Retention | | |
| | | modification events are | | | CIS_4.1.11_system_access_control_permission | | |
| | | collected | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | accuknox-knoxautopolicy-stable- | Ensure events that modify the | 5 | Block | CIS CIS_Linux | | |
| | system-network-env-mod.yaml | system's network environment | | | CIS_4_Logging_and_Aduditing | | |
| | | are collected | | | CIS_4.1.1_Data_Retention | | |
| | | | | | CIS_4.1.7_system_network_environment | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | accuknox-knoxautopolicy-stable- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 | | |
| | file-integrity-monitoring.yaml | | | | NIST_800-53_SI-4 MITRE | | |
| | | | | | MITRE_T1036_masquerading | | |
| | | | | | MITRE_T1565_data_manipulation | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| Deployment | kube-system/coredns | |
| Container | registry.k8s.io/coredns/coredns:v1.9.3 | |
| OS | linux | |
| Arch | amd64 | |
| Distro | | |
| Output Directory | out/kube-system-coredns | |
| policy-template version | v0.1.9 | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | POLICY | SHORT DESC | SEVERITY | ACTION | TAGS | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | registry-k8s-io-coredns-coredns-v1- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT | | |
| | 9-3-automount-service-account- | token when it is not needed | | | | | |
| | token.yaml | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | registry-k8s-io-coredns-coredns-v1- | Restrict access to maintenance | 1 | Audit | PCI_DSS | | |
| | 9-3-maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | registry-k8s-io-coredns-coredns-v1- | Restrict access to trusted | 1 | Block | MITRE | | |
| | 9-3-trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials | | |
| | | image | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | registry-k8s-io-coredns-coredns-v1- | System Information Discovery | 3 | Block | MITRE | | |
| | 9-3-system-owner-discovery.yaml | - block system owner discovery | | | MITRE_T1082_system_information_discovery | | |
| | | commands | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | registry-k8s-io-coredns-coredns-v1- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 | | |
| | 9-3-write-under-bin-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | | make directory under /bin/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | registry-k8s-io-coredns-coredns-v1- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 | | |
| | 9-3-write-under-dev-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | | make files under /dev/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | registry-k8s-io-coredns-coredns-v1- | System and Information | 5 | Audit | NIST SI-4 | | |
| | 9-3-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 | | |
| | | Detect access to cronjob files | | | CIS CIS_Linux | | |
| | | | | | CIS_5.1_Configure_Cron | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | registry-k8s-io-coredns-coredns-v1- | System and Information | 5 | Block | NIST | | |
| | 9-3-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) | | |
| | | Functionality deny execution | | | SI-4 process | | |
| | | of package manager process in | | | NIST_800-53_SI-4 | | |
| | | container | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | registry-k8s-io-coredns-coredns-v1- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command | | |
| | 9-3-k8s-client-tool-exec.yaml | container administration | | | MITRE_TA0002_execution | | |
| | | service to execute commands | | | MITRE_T1610_deploy_container | | |
| | | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 | | |
| | | | | | NIST_800-53_SI-4 NIST | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | registry-k8s-io-coredns-coredns-v1- | The adversary is trying to | 5 | Block | MITRE | | |
| | 9-3-remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement | | |
| | | | | | MITRE_TA0010_exfiltration | | |
| | | | | | MITRE_TA0006_credential_access | | |
| | | | | | MITRE_T1552_unsecured_credentials | | |
| | | | | | NIST_800-53_SI-4(18) NIST | | |
| | | | | | NIST_800-53 NIST_800-53_SC-4 | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | registry-k8s-io-coredns-coredns-v1- | The adversary is trying to | 5 | Block | MITRE_execution | | |
| | 9-3-write-in-shm-dir.yaml | write under shm folder | | | MITRE | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | registry-k8s-io-coredns-coredns-v1- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST | | |
| | 9-3-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 | | |
| | | | | | MITRE_T1562.001_disable_or_modify_tools | | |
| | | | | | MITRE_T1036.005_match_legitimate_name_or_location | | |
| | | | | | MITRE_TA0003_persistence | | |
| | | | | | MITRE MITRE_T1036_masquerading | | |
| | | | | | MITRE_TA0005_defense_evasion | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | registry-k8s-io-coredns-coredns-v1- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 | | |
| | 9-3-shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) | | |
| | | within systems to remove | | | MITRE_T1070_indicator_removal_on_host | | |
| | | evidence. | | | MITRE MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | registry-k8s-io-coredns-coredns-v1- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 | | |
| | 9-3-file-integrity-monitoring.yaml | | | | NIST_800-53_SI-4 MITRE | | |
| | | | | | MITRE_T1036_masquerading | | |
| | | | | | MITRE_T1565_data_manipulation | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| Deployment | kube-system/kubearmor-annotation-manager | |
| Container | gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 | |
| OS | linux | |
| Arch | amd64 | |
| Distro | debian | |
| Output Directory | out/kube-system-kubearmor-annotation-manager | |
| policy-template version | v0.1.9 | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | POLICY | SHORT DESC | SEVERITY | ACTION | TAGS | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT | | |
| | v0-8-0-automount-service-account- | token when it is not needed | | | | | |
| | token.yaml | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Restrict access to maintenance | 1 | Audit | PCI_DSS | | |
| | v0-8-0-maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Restrict access to trusted | 1 | Block | MITRE | | |
| | v0-8-0-trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials | | |
| | | image | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | System Information Discovery | 3 | Block | MITRE | | |
| | v0-8-0-system-owner-discovery.yaml | - block system owner discovery | | | MITRE_T1082_system_information_discovery | | |
| | | commands | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 | | |
| | v0-8-0-write-under-bin-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | | make directory under /bin/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 | | |
| | v0-8-0-write-under-dev-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | | make files under /dev/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Audit | NIST SI-4 | | |
| | v0-8-0-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 | | |
| | | Detect access to cronjob files | | | CIS CIS_Linux | | |
| | | | | | CIS_5.1_Configure_Cron | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Block | NIST | | |
| | v0-8-0-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) | | |
| | | Functionality deny execution | | | SI-4 process | | |
| | | of package manager process in | | | NIST_800-53_SI-4 | | |
| | | container | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command | | |
| | v0-8-0-k8s-client-tool-exec.yaml | container administration | | | MITRE_TA0002_execution | | |
| | | service to execute commands | | | MITRE_T1610_deploy_container | | |
| | | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 | | |
| | | | | | NIST_800-53_SI-4 NIST | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | MITRE | | |
| | v0-8-0-remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement | | |
| | | | | | MITRE_TA0010_exfiltration | | |
| | | | | | MITRE_TA0006_credential_access | | |
| | | | | | MITRE_T1552_unsecured_credentials | | |
| | | | | | NIST_800-53_SI-4(18) NIST | | |
| | | | | | NIST_800-53 NIST_800-53_SC-4 | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | MITRE_execution | | |
| | v0-8-0-write-in-shm-dir.yaml | write under shm folder | | | MITRE | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST | | |
| | v0-8-0-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 | | |
| | | | | | MITRE_T1562.001_disable_or_modify_tools | | |
| | | | | | MITRE_T1036.005_match_legitimate_name_or_location | | |
| | | | | | MITRE_TA0003_persistence | | |
| | | | | | MITRE MITRE_T1036_masquerading | | |
| | | | | | MITRE_TA0005_defense_evasion | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 | | |
| | v0-8-0-shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) | | |
| | | within systems to remove | | | MITRE_T1070_indicator_removal_on_host | | |
| | | evidence. | | | MITRE MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Ensure events that modify the | 5 | Block | CIS CIS_Linux | | |
| | v0-8-0-system-network-env-mod.yaml | system's network environment | | | CIS_4_Logging_and_Aduditing | | |
| | | are collected | | | CIS_4.1.1_Data_Retention | | |
| | | | | | CIS_4.1.7_system_network_environment | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 | | |
| | v0-8-0-file-integrity- | | | | NIST_800-53_SI-4 MITRE | | |
| | monitoring.yaml | | | | MITRE_T1036_masquerading | | |
| | | | | | MITRE_T1565_data_manipulation | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| Deployment | kube-system/kubearmor-annotation-manager | |
| Container | kubearmor/kubearmor-annotation-manager:latest | |
| OS | linux | |
| Arch | amd64 | |
| Distro | debian | |
| Output Directory | out/kube-system-kubearmor-annotation-manager | |
| policy-template version | v0.1.9 | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | POLICY | SHORT DESC | SEVERITY | ACTION | TAGS | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-annotation- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT | | |
| | manager-latest-automount-service- | token when it is not needed | | | | | |
| | account-token.yaml | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-annotation- | Restrict access to maintenance | 1 | Audit | PCI_DSS | | |
| | manager-latest-maint-tools- | tools (apk, mii-tool, ...) | | | MITRE | | |
| | access.yaml | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-annotation- | Restrict access to trusted | 1 | Block | MITRE | | |
| | manager-latest-trusted-cert- | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials | | |
| | mod.yaml | image | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-annotation- | System Information Discovery | 3 | Block | MITRE | | |
| | manager-latest-system-owner- | - block system owner discovery | | | MITRE_T1082_system_information_discovery | | |
| | discovery.yaml | commands | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-annotation- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 | | |
| | manager-latest-write-under-bin- | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | dir.yaml | make directory under /bin/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-annotation- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 | | |
| | manager-latest-write-under-dev- | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | dir.yaml | make files under /dev/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-annotation- | System and Information | 5 | Audit | NIST SI-4 | | |
| | manager-latest-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 | | |
| | | Detect access to cronjob files | | | CIS CIS_Linux | | |
| | | | | | CIS_5.1_Configure_Cron | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-annotation- | System and Information | 5 | Block | NIST | | |
| | manager-latest-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) | | |
| | | Functionality deny execution | | | SI-4 process | | |
| | | of package manager process in | | | NIST_800-53_SI-4 | | |
| | | container | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-annotation- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command | | |
| | manager-latest-k8s-client-tool- | container administration | | | MITRE_TA0002_execution | | |
| | exec.yaml | service to execute commands | | | MITRE_T1610_deploy_container | | |
| | | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 | | |
| | | | | | NIST_800-53_SI-4 NIST | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-annotation- | The adversary is trying to | 5 | Block | MITRE | | |
| | manager-latest-remote-file- | steal data. | | | MITRE_TA0008_lateral_movement | | |
| | copy.yaml | | | | MITRE_TA0010_exfiltration | | |
| | | | | | MITRE_TA0006_credential_access | | |
| | | | | | MITRE_T1552_unsecured_credentials | | |
| | | | | | NIST_800-53_SI-4(18) NIST | | |
| | | | | | NIST_800-53 NIST_800-53_SC-4 | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-annotation- | The adversary is trying to | 5 | Block | MITRE_execution | | |
| | manager-latest-write-in-shm- | write under shm folder | | | MITRE | | |
| | dir.yaml | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-annotation- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST | | |
| | manager-latest-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 | | |
| | | | | | MITRE_T1562.001_disable_or_modify_tools | | |
| | | | | | MITRE_T1036.005_match_legitimate_name_or_location | | |
| | | | | | MITRE_TA0003_persistence | | |
| | | | | | MITRE MITRE_T1036_masquerading | | |
| | | | | | MITRE_TA0005_defense_evasion | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-annotation- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 | | |
| | manager-latest-shell-history- | modify artifacts generated | | | NIST_800-53_AU-6(8) | | |
| | mod.yaml | within systems to remove | | | MITRE_T1070_indicator_removal_on_host | | |
| | | evidence. | | | MITRE MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-annotation- | Ensure events that modify the | 5 | Block | CIS CIS_Linux | | |
| | manager-latest-system-network-env- | system's network environment | | | CIS_4_Logging_and_Aduditing | | |
| | mod.yaml | are collected | | | CIS_4.1.1_Data_Retention | | |
| | | | | | CIS_4.1.7_system_network_environment | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-annotation- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 | | |
| | manager-latest-file-integrity- | | | | NIST_800-53_SI-4 MITRE | | |
| | monitoring.yaml | | | | MITRE_T1036_masquerading | | |
| | | | | | MITRE_T1565_data_manipulation | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| Deployment | kube-system/kubearmor-host-policy-manager | |
| Container | gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 | |
| OS | linux | |
| Arch | amd64 | |
| Distro | alpine | |
| Output Directory | out/kube-system-kubearmor-host-policy-manager | |
| policy-template version | v0.1.9 | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | POLICY | SHORT DESC | SEVERITY | ACTION | TAGS | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT | | |
| | v0-5-0-automount-service-account- | token when it is not needed | | | | | |
| | token.yaml | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Restrict access to maintenance | 1 | Audit | PCI_DSS | | |
| | v0-5-0-maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE | | |
| | | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Restrict access to trusted | 1 | Block | MITRE | | |
| | v0-5-0-trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials | | |
| | | image | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | System Information Discovery | 3 | Block | MITRE | | |
| | v0-5-0-system-owner-discovery.yaml | - block system owner discovery | | | MITRE_T1082_system_information_discovery | | |
| | | commands | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 | | |
| | v0-5-0-write-under-bin-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | | make directory under /bin/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 | | |
| | v0-5-0-write-under-dev-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | | make files under /dev/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Audit | NIST SI-4 | | |
| | v0-5-0-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 | | |
| | | Detect access to cronjob files | | | CIS CIS_Linux | | |
| | | | | | CIS_5.1_Configure_Cron | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Block | NIST | | |
| | v0-5-0-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) | | |
| | | Functionality deny execution | | | SI-4 process | | |
| | | of package manager process in | | | NIST_800-53_SI-4 | | |
| | | container | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command | | |
| | v0-5-0-k8s-client-tool-exec.yaml | container administration | | | MITRE_TA0002_execution | | |
| | | service to execute commands | | | MITRE_T1610_deploy_container | | |
| | | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 | | |
| | | | | | NIST_800-53_SI-4 NIST | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | MITRE | | |
| | v0-5-0-remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement | | |
| | | | | | MITRE_TA0010_exfiltration | | |
| | | | | | MITRE_TA0006_credential_access | | |
| | | | | | MITRE_T1552_unsecured_credentials | | |
| | | | | | NIST_800-53_SI-4(18) NIST | | |
| | | | | | NIST_800-53 NIST_800-53_SC-4 | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | MITRE_execution | | |
| | v0-5-0-write-in-shm-dir.yaml | write under shm folder | | | MITRE | | |
| | | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST | | |
| | v0-5-0-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 | | |
| | | | | | MITRE_T1562.001_disable_or_modify_tools | | |
| | | | | | MITRE_T1036.005_match_legitimate_name_or_location | | |
| | | | | | MITRE_TA0003_persistence | | |
| | | | | | MITRE MITRE_T1036_masquerading | | |
| | | | | | MITRE_TA0005_defense_evasion | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 | | |
| | v0-5-0-shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) | | |
| | | within systems to remove | | | MITRE_T1070_indicator_removal_on_host | | |
| | | evidence. | | | MITRE MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Command Line Warning Banners | 5 | Block | CIS CIS_Linux CIS_1.7_Warning_Banners | | |
| | v0-5-0-cis-commandline-warning- | | | | CIS_1.7.1_Command_Line_Warning_Banners | | |
| | banner.yaml | | | | | | |
| | | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Ensure events that modify the | 5 | Block | CIS CIS_Linux | | |
| | v0-5-0-system-network-env-mod.yaml | system's network environment | | | CIS_4_Logging_and_Aduditing | | |
| | | are collected | | | CIS_4.1.1_Data_Retention | | |
| | | | | | CIS_4.1.7_system_network_environment | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 | | |
| | v0-5-0-file-integrity- | | | | NIST_800-53_SI-4 MITRE | | |
| | monitoring.yaml | | | | MITRE_T1036_masquerading | | |
| | | | | | MITRE_T1565_data_manipulation | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| Deployment | kube-system/kubearmor-host-policy-manager | |
| Container | kubearmor/kubearmor-host-policy-manager:latest | |
| OS | linux | |
| Arch | amd64 | |
| Distro | debian | |
| Output Directory | out/kube-system-kubearmor-host-policy-manager | |
| policy-template version | v0.1.9 | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | POLICY | SHORT DESC | SEVERITY | ACTION | TAGS | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-host-policy- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT | | |
| | manager-latest-automount-service- | token when it is not needed | | | | | |
| | account-token.yaml | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-host-policy- | Restrict access to maintenance | 1 | Audit | PCI_DSS | | |
| | manager-latest-maint-tools- | tools (apk, mii-tool, ...) | | | MITRE | | |
| | access.yaml | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-host-policy- | Restrict access to trusted | 1 | Block | MITRE | | |
| | manager-latest-trusted-cert- | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials | | |
| | mod.yaml | image | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-host-policy- | System Information Discovery | 3 | Block | MITRE | | |
| | manager-latest-system-owner- | - block system owner discovery | | | MITRE_T1082_system_information_discovery | | |
| | discovery.yaml | commands | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-host-policy- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 | | |
| | manager-latest-write-under-bin- | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | dir.yaml | make directory under /bin/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-host-policy- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 | | |
| | manager-latest-write-under-dev- | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | dir.yaml | make files under /dev/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-host-policy- | System and Information | 5 | Audit | NIST SI-4 | | |
| | manager-latest-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 | | |
| | | Detect access to cronjob files | | | CIS CIS_Linux | | |
| | | | | | CIS_5.1_Configure_Cron | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-host-policy- | System and Information | 5 | Block | NIST | | |
| | manager-latest-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) | | |
| | | Functionality deny execution | | | SI-4 process | | |
| | | of package manager process in | | | NIST_800-53_SI-4 | | |
| | | container | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-host-policy- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command | | |
| | manager-latest-k8s-client-tool- | container administration | | | MITRE_TA0002_execution | | |
| | exec.yaml | service to execute commands | | | MITRE_T1610_deploy_container | | |
| | | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 | | |
| | | | | | NIST_800-53_SI-4 NIST | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-host-policy- | The adversary is trying to | 5 | Block | MITRE | | |
| | manager-latest-remote-file- | steal data. | | | MITRE_TA0008_lateral_movement | | |
| | copy.yaml | | | | MITRE_TA0010_exfiltration | | |
| | | | | | MITRE_TA0006_credential_access | | |
| | | | | | MITRE_T1552_unsecured_credentials | | |
| | | | | | NIST_800-53_SI-4(18) NIST | | |
| | | | | | NIST_800-53 NIST_800-53_SC-4 | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-host-policy- | The adversary is trying to | 5 | Block | MITRE_execution | | |
| | manager-latest-write-in-shm- | write under shm folder | | | MITRE | | |
| | dir.yaml | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-host-policy- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST | | |
| | manager-latest-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 | | |
| | | | | | MITRE_T1562.001_disable_or_modify_tools | | |
| | | | | | MITRE_T1036.005_match_legitimate_name_or_location | | |
| | | | | | MITRE_TA0003_persistence | | |
| | | | | | MITRE MITRE_T1036_masquerading | | |
| | | | | | MITRE_TA0005_defense_evasion | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-host-policy- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 | | |
| | manager-latest-shell-history- | modify artifacts generated | | | NIST_800-53_AU-6(8) | | |
| | mod.yaml | within systems to remove | | | MITRE_T1070_indicator_removal_on_host | | |
| | | evidence. | | | MITRE MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-host-policy- | Ensure events that modify the | 5 | Block | CIS CIS_Linux | | |
| | manager-latest-system-network-env- | system's network environment | | | CIS_4_Logging_and_Aduditing | | |
| | mod.yaml | are collected | | | CIS_4.1.1_Data_Retention | | |
| | | | | | CIS_4.1.7_system_network_environment | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-host-policy- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 | | |
| | manager-latest-file-integrity- | | | | NIST_800-53_SI-4 MITRE | | |
| | monitoring.yaml | | | | MITRE_T1036_masquerading | | |
| | | | | | MITRE_T1565_data_manipulation | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| Deployment | kube-system/kubearmor-policy-manager | |
| Container | gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 | |
| OS | linux | |
| Arch | amd64 | |
| Distro | alpine | |
| Output Directory | out/kube-system-kubearmor-policy-manager | |
| policy-template version | v0.1.9 | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | POLICY | SHORT DESC | SEVERITY | ACTION | TAGS | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT | | |
| | v0-5-0-automount-service-account- | token when it is not needed | | | | | |
| | token.yaml | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Restrict access to maintenance | 1 | Audit | PCI_DSS | | |
| | v0-5-0-maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE | | |
| | | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Restrict access to trusted | 1 | Block | MITRE | | |
| | v0-5-0-trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials | | |
| | | image | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | System Information Discovery | 3 | Block | MITRE | | |
| | v0-5-0-system-owner-discovery.yaml | - block system owner discovery | | | MITRE_T1082_system_information_discovery | | |
| | | commands | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 | | |
| | v0-5-0-write-under-bin-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | | make directory under /bin/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 | | |
| | v0-5-0-write-under-dev-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | | make files under /dev/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Audit | NIST SI-4 | | |
| | v0-5-0-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 | | |
| | | Detect access to cronjob files | | | CIS CIS_Linux | | |
| | | | | | CIS_5.1_Configure_Cron | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Block | NIST | | |
| | v0-5-0-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) | | |
| | | Functionality deny execution | | | SI-4 process | | |
| | | of package manager process in | | | NIST_800-53_SI-4 | | |
| | | container | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command | | |
| | v0-5-0-k8s-client-tool-exec.yaml | container administration | | | MITRE_TA0002_execution | | |
| | | service to execute commands | | | MITRE_T1610_deploy_container | | |
| | | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 | | |
| | | | | | NIST_800-53_SI-4 NIST | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | MITRE | | |
| | v0-5-0-remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement | | |
| | | | | | MITRE_TA0010_exfiltration | | |
| | | | | | MITRE_TA0006_credential_access | | |
| | | | | | MITRE_T1552_unsecured_credentials | | |
| | | | | | NIST_800-53_SI-4(18) NIST | | |
| | | | | | NIST_800-53 NIST_800-53_SC-4 | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | MITRE_execution | | |
| | v0-5-0-write-in-shm-dir.yaml | write under shm folder | | | MITRE | | |
| | | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST | | |
| | v0-5-0-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 | | |
| | | | | | MITRE_T1562.001_disable_or_modify_tools | | |
| | | | | | MITRE_T1036.005_match_legitimate_name_or_location | | |
| | | | | | MITRE_TA0003_persistence | | |
| | | | | | MITRE MITRE_T1036_masquerading | | |
| | | | | | MITRE_TA0005_defense_evasion | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 | | |
| | v0-5-0-shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) | | |
| | | within systems to remove | | | MITRE_T1070_indicator_removal_on_host | | |
| | | evidence. | | | MITRE MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Command Line Warning Banners | 5 | Block | CIS CIS_Linux CIS_1.7_Warning_Banners | | |
| | v0-5-0-cis-commandline-warning- | | | | CIS_1.7.1_Command_Line_Warning_Banners | | |
| | banner.yaml | | | | | | |
| | | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | Ensure events that modify the | 5 | Block | CIS CIS_Linux | | |
| | v0-5-0-system-network-env-mod.yaml | system's network environment | | | CIS_4_Logging_and_Aduditing | | |
| | | are collected | | | CIS_4.1.1_Data_Retention | | |
| | | | | | CIS_4.1.7_system_network_environment | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | gcr-io-kubebuilder-kube-rbac-proxy- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 | | |
| | v0-5-0-file-integrity- | | | | NIST_800-53_SI-4 MITRE | | |
| | monitoring.yaml | | | | MITRE_T1036_masquerading | | |
| | | | | | MITRE_T1565_data_manipulation | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| Deployment | kube-system/kubearmor-policy-manager | |
| Container | kubearmor/kubearmor-policy-manager:latest | |
| OS | linux | |
| Arch | amd64 | |
| Distro | debian | |
| Output Directory | out/kube-system-kubearmor-policy-manager | |
| policy-template version | v0.1.9 | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | POLICY | SHORT DESC | SEVERITY | ACTION | TAGS | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-policy-manager- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT | | |
| | latest-automount-service-account- | token when it is not needed | | | | | |
| | token.yaml | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-policy-manager- | Restrict access to maintenance | 1 | Audit | PCI_DSS | | |
| | latest-maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE | | |
| | | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-policy-manager- | Restrict access to trusted | 1 | Block | MITRE | | |
| | latest-trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials | | |
| | | image | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-policy-manager- | System Information Discovery | 3 | Block | MITRE | | |
| | latest-system-owner-discovery.yaml | - block system owner discovery | | | MITRE_T1082_system_information_discovery | | |
| | | commands | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-policy-manager- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 | | |
| | latest-write-under-bin-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | | make directory under /bin/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-policy-manager- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 | | |
| | latest-write-under-dev-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | | make files under /dev/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-policy-manager- | System and Information | 5 | Audit | NIST SI-4 | | |
| | latest-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 | | |
| | | Detect access to cronjob files | | | CIS CIS_Linux | | |
| | | | | | CIS_5.1_Configure_Cron | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-policy-manager- | System and Information | 5 | Block | NIST | | |
| | latest-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) | | |
| | | Functionality deny execution | | | SI-4 process | | |
| | | of package manager process in | | | NIST_800-53_SI-4 | | |
| | | container | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-policy-manager- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command | | |
| | latest-k8s-client-tool-exec.yaml | container administration | | | MITRE_TA0002_execution | | |
| | | service to execute commands | | | MITRE_T1610_deploy_container | | |
| | | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 | | |
| | | | | | NIST_800-53_SI-4 NIST | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-policy-manager- | The adversary is trying to | 5 | Block | MITRE | | |
| | latest-remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement | | |
| | | | | | MITRE_TA0010_exfiltration | | |
| | | | | | MITRE_TA0006_credential_access | | |
| | | | | | MITRE_T1552_unsecured_credentials | | |
| | | | | | NIST_800-53_SI-4(18) NIST | | |
| | | | | | NIST_800-53 NIST_800-53_SC-4 | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-policy-manager- | The adversary is trying to | 5 | Block | MITRE_execution | | |
| | latest-write-in-shm-dir.yaml | write under shm folder | | | MITRE | | |
| | | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-policy-manager- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST | | |
| | latest-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 | | |
| | | | | | MITRE_T1562.001_disable_or_modify_tools | | |
| | | | | | MITRE_T1036.005_match_legitimate_name_or_location | | |
| | | | | | MITRE_TA0003_persistence | | |
| | | | | | MITRE MITRE_T1036_masquerading | | |
| | | | | | MITRE_TA0005_defense_evasion | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-policy-manager- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 | | |
| | latest-shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) | | |
| | | within systems to remove | | | MITRE_T1070_indicator_removal_on_host | | |
| | | evidence. | | | MITRE MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-policy-manager- | Ensure events that modify the | 5 | Block | CIS CIS_Linux | | |
| | latest-system-network-env-mod.yaml | system's network environment | | | CIS_4_Logging_and_Aduditing | | |
| | | are collected | | | CIS_4.1.1_Data_Retention | | |
| | | | | | CIS_4.1.7_system_network_environment | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-policy-manager- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 | | |
| | latest-file-integrity- | | | | NIST_800-53_SI-4 MITRE | | |
| | monitoring.yaml | | | | MITRE_T1036_masquerading | | |
| | | | | | MITRE_T1565_data_manipulation | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| Deployment | kube-system/kubearmor-relay | |
| Container | kubearmor/kubearmor-relay-server:latest | |
| OS | linux | |
| Arch | amd64 | |
| Distro | alpine | |
| Output Directory | out/kube-system-kubearmor-relay | |
| policy-template version | v0.1.9 | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | POLICY | SHORT DESC | SEVERITY | ACTION | TAGS | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-relay-server- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT | | |
| | latest-automount-service-account- | token when it is not needed | | | | | |
| | token.yaml | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-relay-server- | Restrict access to maintenance | 1 | Audit | PCI_DSS | | |
| | latest-maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE | | |
| | | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-relay-server- | Restrict access to trusted | 1 | Block | MITRE | | |
| | latest-trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials | | |
| | | image | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-relay-server- | System Information Discovery | 3 | Block | MITRE | | |
| | latest-system-owner-discovery.yaml | - block system owner discovery | | | MITRE_T1082_system_information_discovery | | |
| | | commands | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-relay-server- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 | | |
| | latest-write-under-bin-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | | make directory under /bin/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-relay-server- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 | | |
| | latest-write-under-dev-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | | make files under /dev/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-relay-server- | System and Information | 5 | Audit | NIST SI-4 | | |
| | latest-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 | | |
| | | Detect access to cronjob files | | | CIS CIS_Linux | | |
| | | | | | CIS_5.1_Configure_Cron | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-relay-server- | System and Information | 5 | Block | NIST | | |
| | latest-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) | | |
| | | Functionality deny execution | | | SI-4 process | | |
| | | of package manager process in | | | NIST_800-53_SI-4 | | |
| | | container | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-relay-server- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command | | |
| | latest-k8s-client-tool-exec.yaml | container administration | | | MITRE_TA0002_execution | | |
| | | service to execute commands | | | MITRE_T1610_deploy_container | | |
| | | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 | | |
| | | | | | NIST_800-53_SI-4 NIST | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-relay-server- | The adversary is trying to | 5 | Block | MITRE | | |
| | latest-remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement | | |
| | | | | | MITRE_TA0010_exfiltration | | |
| | | | | | MITRE_TA0006_credential_access | | |
| | | | | | MITRE_T1552_unsecured_credentials | | |
| | | | | | NIST_800-53_SI-4(18) NIST | | |
| | | | | | NIST_800-53 NIST_800-53_SC-4 | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-relay-server- | The adversary is trying to | 5 | Block | MITRE_execution | | |
| | latest-write-in-shm-dir.yaml | write under shm folder | | | MITRE | | |
| | | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-relay-server- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST | | |
| | latest-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 | | |
| | | | | | MITRE_T1562.001_disable_or_modify_tools | | |
| | | | | | MITRE_T1036.005_match_legitimate_name_or_location | | |
| | | | | | MITRE_TA0003_persistence | | |
| | | | | | MITRE MITRE_T1036_masquerading | | |
| | | | | | MITRE_TA0005_defense_evasion | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-relay-server- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 | | |
| | latest-shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) | | |
| | | within systems to remove | | | MITRE_T1070_indicator_removal_on_host | | |
| | | evidence. | | | MITRE MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-relay-server- | Command Line Warning Banners | 5 | Block | CIS CIS_Linux CIS_1.7_Warning_Banners | | |
| | latest-cis-commandline-warning- | | | | CIS_1.7.1_Command_Line_Warning_Banners | | |
| | banner.yaml | | | | | | |
| | | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-relay-server- | Ensure events that modify the | 5 | Block | CIS CIS_Linux | | |
| | latest-system-network-env-mod.yaml | system's network environment | | | CIS_4_Logging_and_Aduditing | | |
| | | are collected | | | CIS_4.1.1_Data_Retention | | |
| | | | | | CIS_4.1.7_system_network_environment | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kubearmor-kubearmor-relay-server- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 | | |
| | latest-file-integrity- | | | | NIST_800-53_SI-4 MITRE | | |
| | monitoring.yaml | | | | MITRE_T1036_masquerading | | |
| | | | | | MITRE_T1565_data_manipulation | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| Deployment | local-path-storage/local-path-provisioner | |
| Container | kindest/local-path-provisioner:v0.0.22-kind.0 | |
| OS | linux | |
| Arch | amd64 | |
| Distro | debian | |
| Output Directory | out/local-path-storage-local-path-provisioner | |
| policy-template version | v0.1.9 | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | POLICY | SHORT DESC | SEVERITY | ACTION | TAGS | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kindest-local-path-provisioner-v0- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT | | |
| | 0-22-kind-0-automount-service- | token when it is not needed | | | | | |
| | account-token.yaml | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kindest-local-path-provisioner-v0- | Restrict access to maintenance | 1 | Audit | PCI_DSS | | |
| | 0-22-kind-0-maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE | | |
| | | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kindest-local-path-provisioner-v0- | Restrict access to trusted | 1 | Block | MITRE | | |
| | 0-22-kind-0-trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials | | |
| | | image | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kindest-local-path-provisioner-v0- | System Information Discovery | 3 | Block | MITRE | | |
| | 0-22-kind-0-system-owner- | - block system owner discovery | | | MITRE_T1082_system_information_discovery | | |
| | discovery.yaml | commands | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kindest-local-path-provisioner-v0- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 | | |
| | 0-22-kind-0-write-under-bin- | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | dir.yaml | make directory under /bin/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kindest-local-path-provisioner-v0- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 | | |
| | 0-22-kind-0-write-under-dev- | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | dir.yaml | make files under /dev/ | | | MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kindest-local-path-provisioner-v0- | System and Information | 5 | Audit | NIST SI-4 | | |
| | 0-22-kind-0-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 | | |
| | | Detect access to cronjob files | | | CIS CIS_Linux | | |
| | | | | | CIS_5.1_Configure_Cron | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kindest-local-path-provisioner-v0- | System and Information | 5 | Block | NIST | | |
| | 0-22-kind-0-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) | | |
| | | Functionality deny execution | | | SI-4 process | | |
| | | of package manager process in | | | NIST_800-53_SI-4 | | |
| | | container | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kindest-local-path-provisioner-v0- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command | | |
| | 0-22-kind-0-k8s-client-tool- | container administration | | | MITRE_TA0002_execution | | |
| | exec.yaml | service to execute commands | | | MITRE_T1610_deploy_container | | |
| | | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 | | |
| | | | | | NIST_800-53_SI-4 NIST | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kindest-local-path-provisioner-v0- | The adversary is trying to | 5 | Block | MITRE | | |
| | 0-22-kind-0-remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement | | |
| | | | | | MITRE_TA0010_exfiltration | | |
| | | | | | MITRE_TA0006_credential_access | | |
| | | | | | MITRE_T1552_unsecured_credentials | | |
| | | | | | NIST_800-53_SI-4(18) NIST | | |
| | | | | | NIST_800-53 NIST_800-53_SC-4 | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kindest-local-path-provisioner-v0- | The adversary is trying to | 5 | Block | MITRE_execution | | |
| | 0-22-kind-0-write-in-shm-dir.yaml | write under shm folder | | | MITRE | | |
| | | | | | | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kindest-local-path-provisioner-v0- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST | | |
| | 0-22-kind-0-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 | | |
| | | | | | MITRE_T1562.001_disable_or_modify_tools | | |
| | | | | | MITRE_T1036.005_match_legitimate_name_or_location | | |
| | | | | | MITRE_TA0003_persistence | | |
| | | | | | MITRE MITRE_T1036_masquerading | | |
| | | | | | MITRE_TA0005_defense_evasion | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kindest-local-path-provisioner-v0- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 | | |
| | 0-22-kind-0-shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) | | |
| | | within systems to remove | | | MITRE_T1070_indicator_removal_on_host | | |
| | | evidence. | | | MITRE MITRE_T1036_masquerading | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kindest-local-path-provisioner-v0- | Ensure events that modify the | 5 | Block | CIS CIS_Linux | | |
| | 0-22-kind-0-system-network-env- | system's network environment | | | CIS_4_Logging_and_Aduditing | | |
| | mod.yaml | are collected | | | CIS_4.1.1_Data_Retention | | |
| | | | | | CIS_4.1.7_system_network_environment | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| | kindest-local-path-provisioner-v0- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 | | |
| | 0-22-kind-0-file-integrity- | | | | NIST_800-53_SI-4 MITRE | | |
| | monitoring.yaml | | | | MITRE_T1036_masquerading | | |
| | | | | | MITRE_T1565_data_manipulation | | |
| +-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment