Created
March 27, 2023 19:03
-
-
Save Ankurk99/8cc2bd7b3aebfdfd856035b3c195e3bb to your computer and use it in GitHub Desktop.
karmor recommend for KubeArmor daemonset
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Deployment | kubearmor/kubearmor-relay | |
Container | kubearmor/kubearmor-relay-server:latest | |
OS | linux | |
Arch | amd64 | |
Distro | alpine | |
Output Directory | out/kubearmor-kubearmor-relay | |
policy-template version | v0.1.9 | |
+------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| POLICY | SHORT DESC | SEVERITY | ACTION | TAGS | | |
+------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-relay-server- | Restrict access to maintenance | 1 | Audit | PCI_DSS | | |
| latest-maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE | | |
+------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-relay-server- | Restrict access to trusted | 1 | Block | MITRE | | |
| latest-trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials | | |
| | image | | | | | |
+------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-relay-server- | System Information Discovery | 3 | Block | MITRE | | |
| latest-system-owner-discovery.yaml | - block system owner discovery | | | MITRE_T1082_system_information_discovery | | |
| | commands | | | | | |
+------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-relay-server- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 | | |
| latest-write-under-bin-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | make directory under /bin/ | | | MITRE_T1036_masquerading | | |
+------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-relay-server- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 | | |
| latest-write-under-dev-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | make files under /dev/ | | | MITRE_T1036_masquerading | | |
+------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-relay-server- | System and Information | 5 | Audit | NIST SI-4 | | |
| latest-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 | | |
| | Detect access to cronjob files | | | CIS CIS_Linux | | |
| | | | | CIS_5.1_Configure_Cron | | |
+------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-relay-server- | System and Information | 5 | Block | NIST | | |
| latest-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) | | |
| | Functionality deny execution | | | SI-4 process | | |
| | of package manager process in | | | NIST_800-53_SI-4 | | |
| | container | | | | | |
+------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-relay-server- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command | | |
| latest-k8s-client-tool-exec.yaml | container administration | | | MITRE_TA0002_execution | | |
| | service to execute commands | | | MITRE_T1610_deploy_container | | |
| | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 | | |
| | | | | NIST_800-53_SI-4 NIST | | |
+------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-relay-server- | The adversary is trying to | 5 | Block | MITRE | | |
| latest-remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement | | |
| | | | | MITRE_TA0010_exfiltration | | |
| | | | | MITRE_TA0006_credential_access | | |
| | | | | MITRE_T1552_unsecured_credentials | | |
| | | | | NIST_800-53_SI-4(18) NIST | | |
| | | | | NIST_800-53 NIST_800-53_SC-4 | | |
+------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-relay-server- | The adversary is trying to | 5 | Block | MITRE_execution | | |
| latest-write-in-shm-dir.yaml | write under shm folder | | | MITRE | | |
+------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-relay-server- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST | | |
| latest-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 | | |
| | | | | MITRE_T1562.001_disable_or_modify_tools | | |
| | | | | MITRE_T1036.005_match_legitimate_name_or_location | | |
| | | | | MITRE_TA0003_persistence | | |
| | | | | MITRE MITRE_T1036_masquerading | | |
| | | | | MITRE_TA0005_defense_evasion | | |
+------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-relay-server- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 | | |
| latest-shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) | | |
| | within systems to remove | | | MITRE_T1070_indicator_removal_on_host | | |
| | evidence. | | | MITRE MITRE_T1036_masquerading | | |
+------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-relay-server- | Command Line Warning Banners | 5 | Block | CIS CIS_Linux CIS_1.7_Warning_Banners | | |
| latest-cis-commandline-warning- | | | | CIS_1.7.1_Command_Line_Warning_Banners | | |
| banner.yaml | | | | | | |
+------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-relay-server- | Ensure events that modify the | 5 | Block | CIS CIS_Linux | | |
| latest-system-network-env-mod.yaml | system's network environment | | | CIS_4_Logging_and_Aduditing | | |
| | are collected | | | CIS_4.1.1_Data_Retention | | |
| | | | | CIS_4.1.7_system_network_environment | | |
+------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-relay-server- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 | | |
| latest-file-integrity- | | | | NIST_800-53_SI-4 MITRE | | |
| monitoring.yaml | | | | MITRE_T1036_masquerading | | |
| | | | | MITRE_T1565_data_manipulation | | |
+------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
Deployment | kubearmor/kubearmor-host-policy-manager | |
Container | gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 | |
OS | linux | |
Arch | amd64 | |
Distro | debian | |
Output Directory | out/kubearmor-kubearmor-host-policy-manager | |
policy-template version | v0.1.9 | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| POLICY | SHORT DESC | SEVERITY | ACTION | TAGS | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | Restrict access to maintenance | 1 | Audit | PCI_DSS | | |
| v0-8-0-maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | Restrict access to trusted | 1 | Block | MITRE | | |
| v0-8-0-trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials | | |
| | image | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | System Information Discovery | 3 | Block | MITRE | | |
| v0-8-0-system-owner-discovery.yaml | - block system owner discovery | | | MITRE_T1082_system_information_discovery | | |
| | commands | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 | | |
| v0-8-0-write-under-bin-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | make directory under /bin/ | | | MITRE_T1036_masquerading | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 | | |
| v0-8-0-write-under-dev-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | make files under /dev/ | | | MITRE_T1036_masquerading | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Audit | NIST SI-4 | | |
| v0-8-0-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 | | |
| | Detect access to cronjob files | | | CIS CIS_Linux | | |
| | | | | CIS_5.1_Configure_Cron | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Block | NIST | | |
| v0-8-0-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) | | |
| | Functionality deny execution | | | SI-4 process | | |
| | of package manager process in | | | NIST_800-53_SI-4 | | |
| | container | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command | | |
| v0-8-0-k8s-client-tool-exec.yaml | container administration | | | MITRE_TA0002_execution | | |
| | service to execute commands | | | MITRE_T1610_deploy_container | | |
| | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 | | |
| | | | | NIST_800-53_SI-4 NIST | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | MITRE | | |
| v0-8-0-remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement | | |
| | | | | MITRE_TA0010_exfiltration | | |
| | | | | MITRE_TA0006_credential_access | | |
| | | | | MITRE_T1552_unsecured_credentials | | |
| | | | | NIST_800-53_SI-4(18) NIST | | |
| | | | | NIST_800-53 NIST_800-53_SC-4 | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | MITRE_execution | | |
| v0-8-0-write-in-shm-dir.yaml | write under shm folder | | | MITRE | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST | | |
| v0-8-0-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 | | |
| | | | | MITRE_T1562.001_disable_or_modify_tools | | |
| | | | | MITRE_T1036.005_match_legitimate_name_or_location | | |
| | | | | MITRE_TA0003_persistence | | |
| | | | | MITRE MITRE_T1036_masquerading | | |
| | | | | MITRE_TA0005_defense_evasion | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 | | |
| v0-8-0-shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) | | |
| | within systems to remove | | | MITRE_T1070_indicator_removal_on_host | | |
| | evidence. | | | MITRE MITRE_T1036_masquerading | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | Ensure events that modify the | 5 | Block | CIS CIS_Linux | | |
| v0-8-0-system-network-env-mod.yaml | system's network environment | | | CIS_4_Logging_and_Aduditing | | |
| | are collected | | | CIS_4.1.1_Data_Retention | | |
| | | | | CIS_4.1.7_system_network_environment | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 | | |
| v0-8-0-file-integrity- | | | | NIST_800-53_SI-4 MITRE | | |
| monitoring.yaml | | | | MITRE_T1036_masquerading | | |
| | | | | MITRE_T1565_data_manipulation | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
Deployment | kubearmor/kubearmor-host-policy-manager | |
Container | kubearmor/kubearmor-host-policy-manager:latest | |
OS | linux | |
Arch | amd64 | |
Distro | debian | |
Output Directory | out/kubearmor-kubearmor-host-policy-manager | |
policy-template version | v0.1.9 | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| POLICY | SHORT DESC | SEVERITY | ACTION | TAGS | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-host-policy- | Restrict access to maintenance | 1 | Audit | PCI_DSS | | |
| manager-latest-maint-tools- | tools (apk, mii-tool, ...) | | | MITRE | | |
| access.yaml | | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-host-policy- | Restrict access to trusted | 1 | Block | MITRE | | |
| manager-latest-trusted-cert- | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials | | |
| mod.yaml | image | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-host-policy- | System Information Discovery | 3 | Block | MITRE | | |
| manager-latest-system-owner- | - block system owner discovery | | | MITRE_T1082_system_information_discovery | | |
| discovery.yaml | commands | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-host-policy- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 | | |
| manager-latest-write-under-bin- | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| dir.yaml | make directory under /bin/ | | | MITRE_T1036_masquerading | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-host-policy- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 | | |
| manager-latest-write-under-dev- | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| dir.yaml | make files under /dev/ | | | MITRE_T1036_masquerading | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-host-policy- | System and Information | 5 | Audit | NIST SI-4 | | |
| manager-latest-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 | | |
| | Detect access to cronjob files | | | CIS CIS_Linux | | |
| | | | | CIS_5.1_Configure_Cron | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-host-policy- | System and Information | 5 | Block | NIST | | |
| manager-latest-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) | | |
| | Functionality deny execution | | | SI-4 process | | |
| | of package manager process in | | | NIST_800-53_SI-4 | | |
| | container | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-host-policy- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command | | |
| manager-latest-k8s-client-tool- | container administration | | | MITRE_TA0002_execution | | |
| exec.yaml | service to execute commands | | | MITRE_T1610_deploy_container | | |
| | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 | | |
| | | | | NIST_800-53_SI-4 NIST | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-host-policy- | The adversary is trying to | 5 | Block | MITRE | | |
| manager-latest-remote-file- | steal data. | | | MITRE_TA0008_lateral_movement | | |
| copy.yaml | | | | MITRE_TA0010_exfiltration | | |
| | | | | MITRE_TA0006_credential_access | | |
| | | | | MITRE_T1552_unsecured_credentials | | |
| | | | | NIST_800-53_SI-4(18) NIST | | |
| | | | | NIST_800-53 NIST_800-53_SC-4 | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-host-policy- | The adversary is trying to | 5 | Block | MITRE_execution | | |
| manager-latest-write-in-shm- | write under shm folder | | | MITRE | | |
| dir.yaml | | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-host-policy- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST | | |
| manager-latest-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 | | |
| | | | | MITRE_T1562.001_disable_or_modify_tools | | |
| | | | | MITRE_T1036.005_match_legitimate_name_or_location | | |
| | | | | MITRE_TA0003_persistence | | |
| | | | | MITRE MITRE_T1036_masquerading | | |
| | | | | MITRE_TA0005_defense_evasion | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-host-policy- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 | | |
| manager-latest-shell-history- | modify artifacts generated | | | NIST_800-53_AU-6(8) | | |
| mod.yaml | within systems to remove | | | MITRE_T1070_indicator_removal_on_host | | |
| | evidence. | | | MITRE MITRE_T1036_masquerading | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-host-policy- | Ensure events that modify the | 5 | Block | CIS CIS_Linux | | |
| manager-latest-system-network-env- | system's network environment | | | CIS_4_Logging_and_Aduditing | | |
| mod.yaml | are collected | | | CIS_4.1.1_Data_Retention | | |
| | | | | CIS_4.1.7_system_network_environment | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-host-policy- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 | | |
| manager-latest-file-integrity- | | | | NIST_800-53_SI-4 MITRE | | |
| monitoring.yaml | | | | MITRE_T1036_masquerading | | |
| | | | | MITRE_T1565_data_manipulation | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
Deployment | kubearmor/kubearmor-policy-manager | |
Container | gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 | |
OS | linux | |
Arch | amd64 | |
Distro | debian | |
Output Directory | out/kubearmor-kubearmor-policy-manager | |
policy-template version | v0.1.9 | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| POLICY | SHORT DESC | SEVERITY | ACTION | TAGS | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | Restrict access to maintenance | 1 | Audit | PCI_DSS | | |
| v0-8-0-maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE | | |
| | | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | Restrict access to trusted | 1 | Block | MITRE | | |
| v0-8-0-trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials | | |
| | image | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | System Information Discovery | 3 | Block | MITRE | | |
| v0-8-0-system-owner-discovery.yaml | - block system owner discovery | | | MITRE_T1082_system_information_discovery | | |
| | commands | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 | | |
| v0-8-0-write-under-bin-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | make directory under /bin/ | | | MITRE_T1036_masquerading | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 | | |
| v0-8-0-write-under-dev-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | make files under /dev/ | | | MITRE_T1036_masquerading | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Audit | NIST SI-4 | | |
| v0-8-0-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 | | |
| | Detect access to cronjob files | | | CIS CIS_Linux | | |
| | | | | CIS_5.1_Configure_Cron | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Block | NIST | | |
| v0-8-0-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) | | |
| | Functionality deny execution | | | SI-4 process | | |
| | of package manager process in | | | NIST_800-53_SI-4 | | |
| | container | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command | | |
| v0-8-0-k8s-client-tool-exec.yaml | container administration | | | MITRE_TA0002_execution | | |
| | service to execute commands | | | MITRE_T1610_deploy_container | | |
| | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 | | |
| | | | | NIST_800-53_SI-4 NIST | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | MITRE | | |
| v0-8-0-remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement | | |
| | | | | MITRE_TA0010_exfiltration | | |
| | | | | MITRE_TA0006_credential_access | | |
| | | | | MITRE_T1552_unsecured_credentials | | |
| | | | | NIST_800-53_SI-4(18) NIST | | |
| | | | | NIST_800-53 NIST_800-53_SC-4 | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | MITRE_execution | | |
| v0-8-0-write-in-shm-dir.yaml | write under shm folder | | | MITRE | | |
| | | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST | | |
| v0-8-0-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 | | |
| | | | | MITRE_T1562.001_disable_or_modify_tools | | |
| | | | | MITRE_T1036.005_match_legitimate_name_or_location | | |
| | | | | MITRE_TA0003_persistence | | |
| | | | | MITRE MITRE_T1036_masquerading | | |
| | | | | MITRE_TA0005_defense_evasion | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 | | |
| v0-8-0-shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) | | |
| | within systems to remove | | | MITRE_T1070_indicator_removal_on_host | | |
| | evidence. | | | MITRE MITRE_T1036_masquerading | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | Ensure events that modify the | 5 | Block | CIS CIS_Linux | | |
| v0-8-0-system-network-env-mod.yaml | system's network environment | | | CIS_4_Logging_and_Aduditing | | |
| | are collected | | | CIS_4.1.1_Data_Retention | | |
| | | | | CIS_4.1.7_system_network_environment | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 | | |
| v0-8-0-file-integrity- | | | | NIST_800-53_SI-4 MITRE | | |
| monitoring.yaml | | | | MITRE_T1036_masquerading | | |
| | | | | MITRE_T1565_data_manipulation | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
Deployment | kubearmor/kubearmor-policy-manager | |
Container | kubearmor/kubearmor-policy-manager:latest | |
OS | linux | |
Arch | amd64 | |
Distro | debian | |
Output Directory | out/kubearmor-kubearmor-policy-manager | |
policy-template version | v0.1.9 | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| POLICY | SHORT DESC | SEVERITY | ACTION | TAGS | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-policy-manager- | Restrict access to maintenance | 1 | Audit | PCI_DSS | | |
| latest-maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE | | |
| | | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-policy-manager- | Restrict access to trusted | 1 | Block | MITRE | | |
| latest-trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials | | |
| | image | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-policy-manager- | System Information Discovery | 3 | Block | MITRE | | |
| latest-system-owner-discovery.yaml | - block system owner discovery | | | MITRE_T1082_system_information_discovery | | |
| | commands | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-policy-manager- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 | | |
| latest-write-under-bin-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | make directory under /bin/ | | | MITRE_T1036_masquerading | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-policy-manager- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 | | |
| latest-write-under-dev-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | make files under /dev/ | | | MITRE_T1036_masquerading | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-policy-manager- | System and Information | 5 | Audit | NIST SI-4 | | |
| latest-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 | | |
| | Detect access to cronjob files | | | CIS CIS_Linux | | |
| | | | | CIS_5.1_Configure_Cron | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-policy-manager- | System and Information | 5 | Block | NIST | | |
| latest-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) | | |
| | Functionality deny execution | | | SI-4 process | | |
| | of package manager process in | | | NIST_800-53_SI-4 | | |
| | container | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-policy-manager- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command | | |
| latest-k8s-client-tool-exec.yaml | container administration | | | MITRE_TA0002_execution | | |
| | service to execute commands | | | MITRE_T1610_deploy_container | | |
| | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 | | |
| | | | | NIST_800-53_SI-4 NIST | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-policy-manager- | The adversary is trying to | 5 | Block | MITRE | | |
| latest-remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement | | |
| | | | | MITRE_TA0010_exfiltration | | |
| | | | | MITRE_TA0006_credential_access | | |
| | | | | MITRE_T1552_unsecured_credentials | | |
| | | | | NIST_800-53_SI-4(18) NIST | | |
| | | | | NIST_800-53 NIST_800-53_SC-4 | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-policy-manager- | The adversary is trying to | 5 | Block | MITRE_execution | | |
| latest-write-in-shm-dir.yaml | write under shm folder | | | MITRE | | |
| | | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-policy-manager- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST | | |
| latest-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 | | |
| | | | | MITRE_T1562.001_disable_or_modify_tools | | |
| | | | | MITRE_T1036.005_match_legitimate_name_or_location | | |
| | | | | MITRE_TA0003_persistence | | |
| | | | | MITRE MITRE_T1036_masquerading | | |
| | | | | MITRE_TA0005_defense_evasion | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-policy-manager- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 | | |
| latest-shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) | | |
| | within systems to remove | | | MITRE_T1070_indicator_removal_on_host | | |
| | evidence. | | | MITRE MITRE_T1036_masquerading | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-policy-manager- | Ensure events that modify the | 5 | Block | CIS CIS_Linux | | |
| latest-system-network-env-mod.yaml | system's network environment | | | CIS_4_Logging_and_Aduditing | | |
| | are collected | | | CIS_4.1.1_Data_Retention | | |
| | | | | CIS_4.1.7_system_network_environment | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-policy-manager- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 | | |
| latest-file-integrity- | | | | NIST_800-53_SI-4 MITRE | | |
| monitoring.yaml | | | | MITRE_T1036_masquerading | | |
| | | | | MITRE_T1565_data_manipulation | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
Deployment | kubearmor/kubearmor-annotation-manager | |
Container | gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 | |
OS | linux | |
Arch | amd64 | |
Distro | debian | |
Output Directory | out/kubearmor-kubearmor-annotation-manager | |
policy-template version | v0.1.9 | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| POLICY | SHORT DESC | SEVERITY | ACTION | TAGS | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | Restrict access to maintenance | 1 | Audit | PCI_DSS | | |
| v0-8-0-maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE | | |
| | | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | Restrict access to trusted | 1 | Block | MITRE | | |
| v0-8-0-trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials | | |
| | image | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | System Information Discovery | 3 | Block | MITRE | | |
| v0-8-0-system-owner-discovery.yaml | - block system owner discovery | | | MITRE_T1082_system_information_discovery | | |
| | commands | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 | | |
| v0-8-0-write-under-bin-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | make directory under /bin/ | | | MITRE_T1036_masquerading | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 | | |
| v0-8-0-write-under-dev-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| | make files under /dev/ | | | MITRE_T1036_masquerading | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Audit | NIST SI-4 | | |
| v0-8-0-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 | | |
| | Detect access to cronjob files | | | CIS CIS_Linux | | |
| | | | | CIS_5.1_Configure_Cron | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Block | NIST | | |
| v0-8-0-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) | | |
| | Functionality deny execution | | | SI-4 process | | |
| | of package manager process in | | | NIST_800-53_SI-4 | | |
| | container | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command | | |
| v0-8-0-k8s-client-tool-exec.yaml | container administration | | | MITRE_TA0002_execution | | |
| | service to execute commands | | | MITRE_T1610_deploy_container | | |
| | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 | | |
| | | | | NIST_800-53_SI-4 NIST | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | MITRE | | |
| v0-8-0-remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement | | |
| | | | | MITRE_TA0010_exfiltration | | |
| | | | | MITRE_TA0006_credential_access | | |
| | | | | MITRE_T1552_unsecured_credentials | | |
| | | | | NIST_800-53_SI-4(18) NIST | | |
| | | | | NIST_800-53 NIST_800-53_SC-4 | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | MITRE_execution | | |
| v0-8-0-write-in-shm-dir.yaml | write under shm folder | | | MITRE | | |
| | | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST | | |
| v0-8-0-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 | | |
| | | | | MITRE_T1562.001_disable_or_modify_tools | | |
| | | | | MITRE_T1036.005_match_legitimate_name_or_location | | |
| | | | | MITRE_TA0003_persistence | | |
| | | | | MITRE MITRE_T1036_masquerading | | |
| | | | | MITRE_TA0005_defense_evasion | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 | | |
| v0-8-0-shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) | | |
| | within systems to remove | | | MITRE_T1070_indicator_removal_on_host | | |
| | evidence. | | | MITRE MITRE_T1036_masquerading | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | Ensure events that modify the | 5 | Block | CIS CIS_Linux | | |
| v0-8-0-system-network-env-mod.yaml | system's network environment | | | CIS_4_Logging_and_Aduditing | | |
| | are collected | | | CIS_4.1.1_Data_Retention | | |
| | | | | CIS_4.1.7_system_network_environment | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| gcr-io-kubebuilder-kube-rbac-proxy- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 | | |
| v0-8-0-file-integrity- | | | | NIST_800-53_SI-4 MITRE | | |
| monitoring.yaml | | | | MITRE_T1036_masquerading | | |
| | | | | MITRE_T1565_data_manipulation | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
Deployment | kubearmor/kubearmor-annotation-manager | |
Container | kubearmor/kubearmor-annotation-manager:latest | |
OS | linux | |
Arch | amd64 | |
Distro | debian | |
Output Directory | out/kubearmor-kubearmor-annotation-manager | |
policy-template version | v0.1.9 | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| POLICY | SHORT DESC | SEVERITY | ACTION | TAGS | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-annotation- | Restrict access to maintenance | 1 | Audit | PCI_DSS | | |
| manager-latest-maint-tools- | tools (apk, mii-tool, ...) | | | MITRE | | |
| access.yaml | | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-annotation- | Restrict access to trusted | 1 | Block | MITRE | | |
| manager-latest-trusted-cert- | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials | | |
| mod.yaml | image | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-annotation- | System Information Discovery | 3 | Block | MITRE | | |
| manager-latest-system-owner- | - block system owner discovery | | | MITRE_T1082_system_information_discovery | | |
| discovery.yaml | commands | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-annotation- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 | | |
| manager-latest-write-under-bin- | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| dir.yaml | make directory under /bin/ | | | MITRE_T1036_masquerading | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-annotation- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 | | |
| manager-latest-write-under-dev- | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE | | |
| dir.yaml | make files under /dev/ | | | MITRE_T1036_masquerading | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-annotation- | System and Information | 5 | Audit | NIST SI-4 | | |
| manager-latest-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 | | |
| | Detect access to cronjob files | | | CIS CIS_Linux | | |
| | | | | CIS_5.1_Configure_Cron | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-annotation- | System and Information | 5 | Block | NIST | | |
| manager-latest-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) | | |
| | Functionality deny execution | | | SI-4 process | | |
| | of package manager process in | | | NIST_800-53_SI-4 | | |
| | container | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-annotation- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command | | |
| manager-latest-k8s-client-tool- | container administration | | | MITRE_TA0002_execution | | |
| exec.yaml | service to execute commands | | | MITRE_T1610_deploy_container | | |
| | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 | | |
| | | | | NIST_800-53_SI-4 NIST | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-annotation- | The adversary is trying to | 5 | Block | MITRE | | |
| manager-latest-remote-file- | steal data. | | | MITRE_TA0008_lateral_movement | | |
| copy.yaml | | | | MITRE_TA0010_exfiltration | | |
| | | | | MITRE_TA0006_credential_access | | |
| | | | | MITRE_T1552_unsecured_credentials | | |
| | | | | NIST_800-53_SI-4(18) NIST | | |
| | | | | NIST_800-53 NIST_800-53_SC-4 | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-annotation- | The adversary is trying to | 5 | Block | MITRE_execution | | |
| manager-latest-write-in-shm- | write under shm folder | | | MITRE | | |
| dir.yaml | | | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-annotation- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST | | |
| manager-latest-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 | | |
| | | | | MITRE_T1562.001_disable_or_modify_tools | | |
| | | | | MITRE_T1036.005_match_legitimate_name_or_location | | |
| | | | | MITRE_TA0003_persistence | | |
| | | | | MITRE MITRE_T1036_masquerading | | |
| | | | | MITRE_TA0005_defense_evasion | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-annotation- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 | | |
| manager-latest-shell-history- | modify artifacts generated | | | NIST_800-53_AU-6(8) | | |
| mod.yaml | within systems to remove | | | MITRE_T1070_indicator_removal_on_host | | |
| | evidence. | | | MITRE MITRE_T1036_masquerading | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-annotation- | Ensure events that modify the | 5 | Block | CIS CIS_Linux | | |
| manager-latest-system-network-env- | system's network environment | | | CIS_4_Logging_and_Aduditing | | |
| mod.yaml | are collected | | | CIS_4.1.1_Data_Retention | | |
| | | | | CIS_4.1.7_system_network_environment | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
| kubearmor-kubearmor-annotation- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 | | |
| manager-latest-file-integrity- | | | | NIST_800-53_SI-4 MITRE | | |
| monitoring.yaml | | | | MITRE_T1036_masquerading | | |
| | | | | MITRE_T1565_data_manipulation | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+ | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment