crown-jewel policies

apiVersion: security.kubearmor.com/v1
kind: KubeArmorPolicy
metadata:
  name: autopol-sensitive-1836005104
  namespace: default
spec:
  action: Allow
  file:
    matchDirectories:
    - action: Block
      dir: /vault/data/
      recursive: true
    - action: Allow
      dir: /vault/data/
      fromSource:
      - path: /bin/vault
      recursive: true
    - dir: /
      recursive: true
    - action: Block
      dir: /vault/config/
      recursive: true
    - action: Allow
      dir: /vault/config/
      fromSource:
      - path: /bin/cp
      recursive: true
    - action: Block
      dir: /home/vault/
      recursive: true
    - action: Allow
      dir: /home/vault/
      fromSource:
      - path: /bin/vault
      recursive: true
  message: Sensitive assets and process control policy
  process:
    matchPaths:
    - path: /bin/busybox
    - path: /usr/bin/vault
    - path: /bin/cp
    - path: /bin/sed
    - path: /bin/vault
  selector:
    matchLabels:
      app.kubernetes.io/instance: vault
      app.kubernetes.io/name: vault
      component: server
      helm.sh/chart: vault-0.24.1
  severity: 7