Skip to content

Instantly share code, notes, and snippets.

@Vyom-Yadav
Created March 2, 2023 06:21
Show Gist options
  • Save Vyom-Yadav/97e10453166340fee4caa00162a27af7 to your computer and use it in GitHub Desktop.
Save Vyom-Yadav/97e10453166340fee4caa00162a27af7 to your computer and use it in GitHub Desktop.
karmor recommend
❯ ./karmor recommend
INFO[0000] Found outdated version of policy-templates Current Version=v0.0.1
INFO[0000] Downloading latest version [v0.1.9]
INFO[0002] policy-templates updated Updated Version=v0.1.9
INFO[0002] pulling image image="accuknox/knoxautopolicy:stable"
stable: Pulling from accuknox/knoxautopolicy
Digest: sha256:f0faa8950563e09f8a6880774bf8e9b2a9c25e2d4d380d61c052dbb15be5d975
Status: Image is up to date for accuknox/knoxautopolicy:stable
INFO[0007] dumped image to tar tar=/tmp/karmor249792473/YSqOziIe.tar
Distribution ubuntu
INFO[0007] No runtime policy generated for accuknox-agents/discovery-engine/accuknox/knoxautopolicy:stable
created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-automount-service-account-token.yaml ...
created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-maint-tools-access.yaml ...
created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-trusted-cert-mod.yaml ...
created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-system-owner-discovery.yaml ...
created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-write-under-bin-dir.yaml ...
created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-write-under-dev-dir.yaml ...
created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-cronjob-cfg.yaml ...
created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-pkg-mngr-exec.yaml ...
created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-k8s-client-tool-exec.yaml ...
created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-remote-file-copy.yaml ...
created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-write-in-shm-dir.yaml ...
created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-write-etc-dir.yaml ...
created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-shell-history-mod.yaml ...
created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-file-system-mounts.yaml ...
created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-access-ctrl-permission-mod.yaml ...
created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-system-network-env-mod.yaml ...
created policy out/accuknox-agents-discovery-engine/accuknox-knoxautopolicy-stable-file-integrity-monitoring.yaml ...
INFO[0015] pulling image image="registry.k8s.io/coredns/coredns:v1.9.3"
v1.9.3: Pulling from coredns/coredns
Digest: sha256:8e352a029d304ca7431c6507b56800636c321cb52289686a581ab70aaa8a2e2a
Status: Image is up to date for registry.k8s.io/coredns/coredns:v1.9.3
INFO[0016] dumped image to tar tar=/tmp/karmor327830587/JjpYPruT.tar
INFO[0016] No runtime policy generated for kube-system/coredns/registry.k8s.io/coredns/coredns:v1.9.3
created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-automount-service-account-token.yaml ...
created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-maint-tools-access.yaml ...
created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-trusted-cert-mod.yaml ...
created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-system-owner-discovery.yaml ...
created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-write-under-bin-dir.yaml ...
created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-write-under-dev-dir.yaml ...
created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-cronjob-cfg.yaml ...
created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-pkg-mngr-exec.yaml ...
created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-k8s-client-tool-exec.yaml ...
created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-remote-file-copy.yaml ...
created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-write-in-shm-dir.yaml ...
created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-write-etc-dir.yaml ...
created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-shell-history-mod.yaml ...
created policy out/kube-system-coredns/registry-k8s-io-coredns-coredns-v1-9-3-file-integrity-monitoring.yaml ...
INFO[0020] pulling image image="gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0"
v0.8.0: Pulling from kubebuilder/kube-rbac-proxy
Digest: sha256:db06cc4c084dd0253134f156dddaaf53ef1c3fb3cc809e5d81711baa4029ea4c
Status: Image is up to date for gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
INFO[0022] dumped image to tar tar=/tmp/karmor2264446606/CwdAEkwU.tar
Distribution debian
INFO[0022] No runtime policy generated for kube-system/kubearmor-annotation-manager/gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-automount-service-account-token.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-maint-tools-access.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-trusted-cert-mod.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-system-owner-discovery.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-write-under-bin-dir.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-write-under-dev-dir.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-cronjob-cfg.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-pkg-mngr-exec.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-k8s-client-tool-exec.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-remote-file-copy.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-write-in-shm-dir.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-write-etc-dir.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-shell-history-mod.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-system-network-env-mod.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-8-0-file-integrity-monitoring.yaml ...
INFO[0026] pulling image image="kubearmor/kubearmor-annotation-manager:latest"
latest: Pulling from kubearmor/kubearmor-annotation-manager
Digest: sha256:039fa7f71ebde4d230bffaa1b926d6c71448352e01117ea59e9606dc7df38b12
Status: Image is up to date for kubearmor/kubearmor-annotation-manager:latest
INFO[0029] dumped image to tar tar=/tmp/karmor3715264790/XXopExxF.tar
Distribution debian
INFO[0029] No runtime policy generated for kube-system/kubearmor-annotation-manager/kubearmor/kubearmor-annotation-manager:latest
created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-automount-service-account-token.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-maint-tools-access.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-trusted-cert-mod.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-system-owner-discovery.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-write-under-bin-dir.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-write-under-dev-dir.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-cronjob-cfg.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-pkg-mngr-exec.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-k8s-client-tool-exec.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-remote-file-copy.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-write-in-shm-dir.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-write-etc-dir.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-shell-history-mod.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-system-network-env-mod.yaml ...
created policy out/kube-system-kubearmor-annotation-manager/kubearmor-kubearmor-annotation-manager-latest-file-integrity-monitoring.yaml ...
INFO[0030] pulling image image="gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0"
v0.5.0: Pulling from kubebuilder/kube-rbac-proxy
Digest: sha256:e10d1d982dd653db74ca87a1d1ad017bc5ef1aeb651bdea089debf16485b080b
Status: Image is up to date for gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
INFO[0032] dumped image to tar tar=/tmp/karmor1056548796/PxeOjZTA.tar
Distribution alpine
INFO[0032] No runtime policy generated for kube-system/kubearmor-host-policy-manager/gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-automount-service-account-token.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-maint-tools-access.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-trusted-cert-mod.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-system-owner-discovery.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-write-under-bin-dir.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-write-under-dev-dir.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-cronjob-cfg.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-pkg-mngr-exec.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-k8s-client-tool-exec.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-remote-file-copy.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-write-in-shm-dir.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-write-etc-dir.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-shell-history-mod.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-cis-commandline-warning-banner.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-system-network-env-mod.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-file-integrity-monitoring.yaml ...
INFO[0039] pulling image image="kubearmor/kubearmor-host-policy-manager:latest"
latest: Pulling from kubearmor/kubearmor-host-policy-manager
Digest: sha256:2bd9aa1f087370b578d45b29011acbfb2b1c7768baa5d7246ae230c9f93a2631
Status: Image is up to date for kubearmor/kubearmor-host-policy-manager:latest
INFO[0043] dumped image to tar tar=/tmp/karmor2720873118/yXlkZdVo.tar
Distribution debian
INFO[0043] No runtime policy generated for kube-system/kubearmor-host-policy-manager/kubearmor/kubearmor-host-policy-manager:latest
created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-automount-service-account-token.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-maint-tools-access.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-trusted-cert-mod.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-system-owner-discovery.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-write-under-bin-dir.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-write-under-dev-dir.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-cronjob-cfg.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-pkg-mngr-exec.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-k8s-client-tool-exec.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-remote-file-copy.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-write-in-shm-dir.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-write-etc-dir.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-shell-history-mod.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-system-network-env-mod.yaml ...
created policy out/kube-system-kubearmor-host-policy-manager/kubearmor-kubearmor-host-policy-manager-latest-file-integrity-monitoring.yaml ...
INFO[0046] pulling image image="gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0"
v0.5.0: Pulling from kubebuilder/kube-rbac-proxy
Digest: sha256:e10d1d982dd653db74ca87a1d1ad017bc5ef1aeb651bdea089debf16485b080b
Status: Image is up to date for gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
INFO[0048] dumped image to tar tar=/tmp/karmor2720407574/SUBkDPUL.tar
Distribution alpine
INFO[0048] No runtime policy generated for kube-system/kubearmor-policy-manager/gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-automount-service-account-token.yaml ...
created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-maint-tools-access.yaml ...
created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-trusted-cert-mod.yaml ...
created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-system-owner-discovery.yaml ...
created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-write-under-bin-dir.yaml ...
created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-write-under-dev-dir.yaml ...
created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-cronjob-cfg.yaml ...
created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-pkg-mngr-exec.yaml ...
created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-k8s-client-tool-exec.yaml ...
created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-remote-file-copy.yaml ...
created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-write-in-shm-dir.yaml ...
created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-write-etc-dir.yaml ...
created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-shell-history-mod.yaml ...
created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-cis-commandline-warning-banner.yaml ...
created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-system-network-env-mod.yaml ...
created policy out/kube-system-kubearmor-policy-manager/gcr-io-kubebuilder-kube-rbac-proxy-v0-5-0-file-integrity-monitoring.yaml ...
INFO[0056] pulling image image="kubearmor/kubearmor-policy-manager:latest"
latest: Pulling from kubearmor/kubearmor-policy-manager
Digest: sha256:48fceed2567ce790eab7f81a2cf6723e3aba70083e7beaa0cea4117016745b2f
Status: Image is up to date for kubearmor/kubearmor-policy-manager:latest
INFO[0059] dumped image to tar tar=/tmp/karmor642153286/qqpCiXrI.tar
Distribution debian
INFO[0059] No runtime policy generated for kube-system/kubearmor-policy-manager/kubearmor/kubearmor-policy-manager:latest
created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-automount-service-account-token.yaml ...
created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-maint-tools-access.yaml ...
created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-trusted-cert-mod.yaml ...
created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-system-owner-discovery.yaml ...
created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-write-under-bin-dir.yaml ...
created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-write-under-dev-dir.yaml ...
created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-cronjob-cfg.yaml ...
created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-pkg-mngr-exec.yaml ...
created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-k8s-client-tool-exec.yaml ...
created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-remote-file-copy.yaml ...
created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-write-in-shm-dir.yaml ...
created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-write-etc-dir.yaml ...
created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-shell-history-mod.yaml ...
created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-system-network-env-mod.yaml ...
created policy out/kube-system-kubearmor-policy-manager/kubearmor-kubearmor-policy-manager-latest-file-integrity-monitoring.yaml ...
INFO[0062] pulling image image="kubearmor/kubearmor-relay-server:latest"
latest: Pulling from kubearmor/kubearmor-relay-server
Digest: sha256:4fa3abf7c1ce1277210818ae3dcf5a9b758412fe4414c909a088ab3601e5610a
Status: Image is up to date for kubearmor/kubearmor-relay-server:latest
INFO[0065] dumped image to tar tar=/tmp/karmor1197092599/saFGzOXn.tar
Distribution alpine
INFO[0065] No runtime policy generated for kube-system/kubearmor-relay/kubearmor/kubearmor-relay-server:latest
created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-automount-service-account-token.yaml ...
created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-maint-tools-access.yaml ...
created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-trusted-cert-mod.yaml ...
created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-system-owner-discovery.yaml ...
created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-write-under-bin-dir.yaml ...
created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-write-under-dev-dir.yaml ...
created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-cronjob-cfg.yaml ...
created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-pkg-mngr-exec.yaml ...
created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-k8s-client-tool-exec.yaml ...
created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-remote-file-copy.yaml ...
created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-write-in-shm-dir.yaml ...
created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-write-etc-dir.yaml ...
created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-shell-history-mod.yaml ...
created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-cis-commandline-warning-banner.yaml ...
created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-system-network-env-mod.yaml ...
created policy out/kube-system-kubearmor-relay/kubearmor-kubearmor-relay-server-latest-file-integrity-monitoring.yaml ...
INFO[0074] pulling image image="docker.io/kindest/local-path-provisioner:v0.0.22-kind.0"
v0.0.22-kind.0: Pulling from kindest/local-path-provisioner
Digest: sha256:d75e5f061d78b61171b594e8f9e6c46fadffd13b8be028bbb9b1c48ff2a2c259
Status: Image is up to date for kindest/local-path-provisioner:v0.0.22-kind.0
INFO[0077] dumped image to tar tar=/tmp/karmor3446573937/HwRlhcKk.tar
Distribution debian
INFO[0077] No runtime policy generated for local-path-storage/local-path-provisioner/docker.io/kindest/local-path-provisioner:v0.0.22-kind.0
created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-automount-service-account-token.yaml ...
created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-maint-tools-access.yaml ...
created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-trusted-cert-mod.yaml ...
created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-system-owner-discovery.yaml ...
created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-write-under-bin-dir.yaml ...
created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-write-under-dev-dir.yaml ...
created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-cronjob-cfg.yaml ...
created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-pkg-mngr-exec.yaml ...
created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-k8s-client-tool-exec.yaml ...
created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-remote-file-copy.yaml ...
created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-write-in-shm-dir.yaml ...
created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-write-etc-dir.yaml ...
created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-shell-history-mod.yaml ...
created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-system-network-env-mod.yaml ...
created policy out/local-path-storage-local-path-provisioner/kindest-local-path-provisioner-v0-0-22-kind-0-file-integrity-monitoring.yaml ...
output report in out/report.txt ...
Deployment | accuknox-agents/discovery-engine
Container | accuknox/knoxautopolicy:stable
OS | linux
Arch | amd64
Distro | ubuntu
Output Directory | out/accuknox-agents-discovery-engine
policy-template version | v0.1.9
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| POLICY | SHORT DESC | SEVERITY | ACTION | TAGS |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| accuknox-knoxautopolicy-stable- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT |
| automount-service-account- | token when it is not needed | | | |
| token.yaml | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| accuknox-knoxautopolicy-stable- | Restrict access to maintenance | 1 | Audit | PCI_DSS |
| maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| accuknox-knoxautopolicy-stable- | Restrict access to trusted | 1 | Block | MITRE |
| trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials |
| | image | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| accuknox-knoxautopolicy-stable- | System Information Discovery | 3 | Block | MITRE |
| system-owner-discovery.yaml | - block system owner discovery | | | MITRE_T1082_system_information_discovery |
| | commands | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| accuknox-knoxautopolicy-stable- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 |
| write-under-bin-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| | make directory under /bin/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| accuknox-knoxautopolicy-stable- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 |
| write-under-dev-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| | make files under /dev/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| accuknox-knoxautopolicy-stable- | System and Information | 5 | Audit | NIST SI-4 |
| cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 |
| | Detect access to cronjob files | | | CIS CIS_Linux |
| | | | | CIS_5.1_Configure_Cron |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| accuknox-knoxautopolicy-stable-pkg- | System and Information | 5 | Block | NIST |
| mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) |
| | Functionality deny execution | | | SI-4 process |
| | of package manager process in | | | NIST_800-53_SI-4 |
| | container | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| accuknox-knoxautopolicy-stable-k8s- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command |
| client-tool-exec.yaml | container administration | | | MITRE_TA0002_execution |
| | service to execute commands | | | MITRE_T1610_deploy_container |
| | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 |
| | | | | NIST_800-53_SI-4 NIST |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| accuknox-knoxautopolicy-stable- | The adversary is trying to | 5 | Block | MITRE |
| remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement |
| | | | | MITRE_TA0010_exfiltration |
| | | | | MITRE_TA0006_credential_access |
| | | | | MITRE_T1552_unsecured_credentials |
| | | | | NIST_800-53_SI-4(18) NIST |
| | | | | NIST_800-53 NIST_800-53_SC-4 |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| accuknox-knoxautopolicy-stable- | The adversary is trying to | 5 | Block | MITRE_execution |
| write-in-shm-dir.yaml | write under shm folder | | | MITRE |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| accuknox-knoxautopolicy-stable- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST |
| write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 |
| | | | | MITRE_T1562.001_disable_or_modify_tools |
| | | | | MITRE_T1036.005_match_legitimate_name_or_location |
| | | | | MITRE_TA0003_persistence |
| | | | | MITRE MITRE_T1036_masquerading |
| | | | | MITRE_TA0005_defense_evasion |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| accuknox-knoxautopolicy-stable- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 |
| shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) |
| | within systems to remove | | | MITRE_T1070_indicator_removal_on_host |
| | evidence. | | | MITRE MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| accuknox-knoxautopolicy-stable- | Ensure successful file system | 5 | Audit | CIS CIS_Linux |
| file-system-mounts.yaml | mounts are collected | | | CIS_4_Logging_and_Aduditing |
| | | | | CIS_4.1.1_Data_Retention |
| | | | | CIS_4.1.14_file_system_mount |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| accuknox-knoxautopolicy-stable- | Ensure discretionary | 5 | Block | CIS CIS_Linux CIS_4_Logging_and_Aduditing |
| access-ctrl-permission-mod.yaml | access control permission | | | CIS_4.1.1_Data_Retention |
| | modification events are | | | CIS_4.1.11_system_access_control_permission |
| | collected | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| accuknox-knoxautopolicy-stable- | Ensure events that modify the | 5 | Block | CIS CIS_Linux |
| system-network-env-mod.yaml | system's network environment | | | CIS_4_Logging_and_Aduditing |
| | are collected | | | CIS_4.1.1_Data_Retention |
| | | | | CIS_4.1.7_system_network_environment |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| accuknox-knoxautopolicy-stable- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 |
| file-integrity-monitoring.yaml | | | | NIST_800-53_SI-4 MITRE |
| | | | | MITRE_T1036_masquerading |
| | | | | MITRE_T1565_data_manipulation |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
Deployment | kube-system/coredns
Container | registry.k8s.io/coredns/coredns:v1.9.3
OS | linux
Arch | amd64
Distro |
Output Directory | out/kube-system-coredns
policy-template version | v0.1.9
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| POLICY | SHORT DESC | SEVERITY | ACTION | TAGS |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| registry-k8s-io-coredns-coredns-v1- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT |
| 9-3-automount-service-account- | token when it is not needed | | | |
| token.yaml | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| registry-k8s-io-coredns-coredns-v1- | Restrict access to maintenance | 1 | Audit | PCI_DSS |
| 9-3-maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| registry-k8s-io-coredns-coredns-v1- | Restrict access to trusted | 1 | Block | MITRE |
| 9-3-trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials |
| | image | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| registry-k8s-io-coredns-coredns-v1- | System Information Discovery | 3 | Block | MITRE |
| 9-3-system-owner-discovery.yaml | - block system owner discovery | | | MITRE_T1082_system_information_discovery |
| | commands | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| registry-k8s-io-coredns-coredns-v1- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 |
| 9-3-write-under-bin-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| | make directory under /bin/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| registry-k8s-io-coredns-coredns-v1- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 |
| 9-3-write-under-dev-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| | make files under /dev/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| registry-k8s-io-coredns-coredns-v1- | System and Information | 5 | Audit | NIST SI-4 |
| 9-3-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 |
| | Detect access to cronjob files | | | CIS CIS_Linux |
| | | | | CIS_5.1_Configure_Cron |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| registry-k8s-io-coredns-coredns-v1- | System and Information | 5 | Block | NIST |
| 9-3-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) |
| | Functionality deny execution | | | SI-4 process |
| | of package manager process in | | | NIST_800-53_SI-4 |
| | container | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| registry-k8s-io-coredns-coredns-v1- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command |
| 9-3-k8s-client-tool-exec.yaml | container administration | | | MITRE_TA0002_execution |
| | service to execute commands | | | MITRE_T1610_deploy_container |
| | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 |
| | | | | NIST_800-53_SI-4 NIST |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| registry-k8s-io-coredns-coredns-v1- | The adversary is trying to | 5 | Block | MITRE |
| 9-3-remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement |
| | | | | MITRE_TA0010_exfiltration |
| | | | | MITRE_TA0006_credential_access |
| | | | | MITRE_T1552_unsecured_credentials |
| | | | | NIST_800-53_SI-4(18) NIST |
| | | | | NIST_800-53 NIST_800-53_SC-4 |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| registry-k8s-io-coredns-coredns-v1- | The adversary is trying to | 5 | Block | MITRE_execution |
| 9-3-write-in-shm-dir.yaml | write under shm folder | | | MITRE |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| registry-k8s-io-coredns-coredns-v1- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST |
| 9-3-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 |
| | | | | MITRE_T1562.001_disable_or_modify_tools |
| | | | | MITRE_T1036.005_match_legitimate_name_or_location |
| | | | | MITRE_TA0003_persistence |
| | | | | MITRE MITRE_T1036_masquerading |
| | | | | MITRE_TA0005_defense_evasion |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| registry-k8s-io-coredns-coredns-v1- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 |
| 9-3-shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) |
| | within systems to remove | | | MITRE_T1070_indicator_removal_on_host |
| | evidence. | | | MITRE MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| registry-k8s-io-coredns-coredns-v1- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 |
| 9-3-file-integrity-monitoring.yaml | | | | NIST_800-53_SI-4 MITRE |
| | | | | MITRE_T1036_masquerading |
| | | | | MITRE_T1565_data_manipulation |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
Deployment | kube-system/kubearmor-annotation-manager
Container | gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
OS | linux
Arch | amd64
Distro | debian
Output Directory | out/kube-system-kubearmor-annotation-manager
policy-template version | v0.1.9
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| POLICY | SHORT DESC | SEVERITY | ACTION | TAGS |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT |
| v0-8-0-automount-service-account- | token when it is not needed | | | |
| token.yaml | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Restrict access to maintenance | 1 | Audit | PCI_DSS |
| v0-8-0-maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Restrict access to trusted | 1 | Block | MITRE |
| v0-8-0-trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials |
| | image | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | System Information Discovery | 3 | Block | MITRE |
| v0-8-0-system-owner-discovery.yaml | - block system owner discovery | | | MITRE_T1082_system_information_discovery |
| | commands | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 |
| v0-8-0-write-under-bin-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| | make directory under /bin/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 |
| v0-8-0-write-under-dev-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| | make files under /dev/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Audit | NIST SI-4 |
| v0-8-0-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 |
| | Detect access to cronjob files | | | CIS CIS_Linux |
| | | | | CIS_5.1_Configure_Cron |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Block | NIST |
| v0-8-0-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) |
| | Functionality deny execution | | | SI-4 process |
| | of package manager process in | | | NIST_800-53_SI-4 |
| | container | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command |
| v0-8-0-k8s-client-tool-exec.yaml | container administration | | | MITRE_TA0002_execution |
| | service to execute commands | | | MITRE_T1610_deploy_container |
| | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 |
| | | | | NIST_800-53_SI-4 NIST |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | MITRE |
| v0-8-0-remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement |
| | | | | MITRE_TA0010_exfiltration |
| | | | | MITRE_TA0006_credential_access |
| | | | | MITRE_T1552_unsecured_credentials |
| | | | | NIST_800-53_SI-4(18) NIST |
| | | | | NIST_800-53 NIST_800-53_SC-4 |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | MITRE_execution |
| v0-8-0-write-in-shm-dir.yaml | write under shm folder | | | MITRE |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST |
| v0-8-0-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 |
| | | | | MITRE_T1562.001_disable_or_modify_tools |
| | | | | MITRE_T1036.005_match_legitimate_name_or_location |
| | | | | MITRE_TA0003_persistence |
| | | | | MITRE MITRE_T1036_masquerading |
| | | | | MITRE_TA0005_defense_evasion |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 |
| v0-8-0-shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) |
| | within systems to remove | | | MITRE_T1070_indicator_removal_on_host |
| | evidence. | | | MITRE MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Ensure events that modify the | 5 | Block | CIS CIS_Linux |
| v0-8-0-system-network-env-mod.yaml | system's network environment | | | CIS_4_Logging_and_Aduditing |
| | are collected | | | CIS_4.1.1_Data_Retention |
| | | | | CIS_4.1.7_system_network_environment |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 |
| v0-8-0-file-integrity- | | | | NIST_800-53_SI-4 MITRE |
| monitoring.yaml | | | | MITRE_T1036_masquerading |
| | | | | MITRE_T1565_data_manipulation |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
Deployment | kube-system/kubearmor-annotation-manager
Container | kubearmor/kubearmor-annotation-manager:latest
OS | linux
Arch | amd64
Distro | debian
Output Directory | out/kube-system-kubearmor-annotation-manager
policy-template version | v0.1.9
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| POLICY | SHORT DESC | SEVERITY | ACTION | TAGS |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-annotation- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT |
| manager-latest-automount-service- | token when it is not needed | | | |
| account-token.yaml | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-annotation- | Restrict access to maintenance | 1 | Audit | PCI_DSS |
| manager-latest-maint-tools- | tools (apk, mii-tool, ...) | | | MITRE |
| access.yaml | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-annotation- | Restrict access to trusted | 1 | Block | MITRE |
| manager-latest-trusted-cert- | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials |
| mod.yaml | image | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-annotation- | System Information Discovery | 3 | Block | MITRE |
| manager-latest-system-owner- | - block system owner discovery | | | MITRE_T1082_system_information_discovery |
| discovery.yaml | commands | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-annotation- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 |
| manager-latest-write-under-bin- | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| dir.yaml | make directory under /bin/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-annotation- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 |
| manager-latest-write-under-dev- | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| dir.yaml | make files under /dev/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-annotation- | System and Information | 5 | Audit | NIST SI-4 |
| manager-latest-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 |
| | Detect access to cronjob files | | | CIS CIS_Linux |
| | | | | CIS_5.1_Configure_Cron |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-annotation- | System and Information | 5 | Block | NIST |
| manager-latest-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) |
| | Functionality deny execution | | | SI-4 process |
| | of package manager process in | | | NIST_800-53_SI-4 |
| | container | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-annotation- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command |
| manager-latest-k8s-client-tool- | container administration | | | MITRE_TA0002_execution |
| exec.yaml | service to execute commands | | | MITRE_T1610_deploy_container |
| | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 |
| | | | | NIST_800-53_SI-4 NIST |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-annotation- | The adversary is trying to | 5 | Block | MITRE |
| manager-latest-remote-file- | steal data. | | | MITRE_TA0008_lateral_movement |
| copy.yaml | | | | MITRE_TA0010_exfiltration |
| | | | | MITRE_TA0006_credential_access |
| | | | | MITRE_T1552_unsecured_credentials |
| | | | | NIST_800-53_SI-4(18) NIST |
| | | | | NIST_800-53 NIST_800-53_SC-4 |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-annotation- | The adversary is trying to | 5 | Block | MITRE_execution |
| manager-latest-write-in-shm- | write under shm folder | | | MITRE |
| dir.yaml | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-annotation- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST |
| manager-latest-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 |
| | | | | MITRE_T1562.001_disable_or_modify_tools |
| | | | | MITRE_T1036.005_match_legitimate_name_or_location |
| | | | | MITRE_TA0003_persistence |
| | | | | MITRE MITRE_T1036_masquerading |
| | | | | MITRE_TA0005_defense_evasion |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-annotation- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 |
| manager-latest-shell-history- | modify artifacts generated | | | NIST_800-53_AU-6(8) |
| mod.yaml | within systems to remove | | | MITRE_T1070_indicator_removal_on_host |
| | evidence. | | | MITRE MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-annotation- | Ensure events that modify the | 5 | Block | CIS CIS_Linux |
| manager-latest-system-network-env- | system's network environment | | | CIS_4_Logging_and_Aduditing |
| mod.yaml | are collected | | | CIS_4.1.1_Data_Retention |
| | | | | CIS_4.1.7_system_network_environment |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-annotation- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 |
| manager-latest-file-integrity- | | | | NIST_800-53_SI-4 MITRE |
| monitoring.yaml | | | | MITRE_T1036_masquerading |
| | | | | MITRE_T1565_data_manipulation |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
Deployment | kube-system/kubearmor-host-policy-manager
Container | gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
OS | linux
Arch | amd64
Distro | alpine
Output Directory | out/kube-system-kubearmor-host-policy-manager
policy-template version | v0.1.9
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| POLICY | SHORT DESC | SEVERITY | ACTION | TAGS |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT |
| v0-5-0-automount-service-account- | token when it is not needed | | | |
| token.yaml | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Restrict access to maintenance | 1 | Audit | PCI_DSS |
| v0-5-0-maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE |
| | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Restrict access to trusted | 1 | Block | MITRE |
| v0-5-0-trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials |
| | image | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | System Information Discovery | 3 | Block | MITRE |
| v0-5-0-system-owner-discovery.yaml | - block system owner discovery | | | MITRE_T1082_system_information_discovery |
| | commands | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 |
| v0-5-0-write-under-bin-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| | make directory under /bin/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 |
| v0-5-0-write-under-dev-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| | make files under /dev/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Audit | NIST SI-4 |
| v0-5-0-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 |
| | Detect access to cronjob files | | | CIS CIS_Linux |
| | | | | CIS_5.1_Configure_Cron |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Block | NIST |
| v0-5-0-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) |
| | Functionality deny execution | | | SI-4 process |
| | of package manager process in | | | NIST_800-53_SI-4 |
| | container | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command |
| v0-5-0-k8s-client-tool-exec.yaml | container administration | | | MITRE_TA0002_execution |
| | service to execute commands | | | MITRE_T1610_deploy_container |
| | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 |
| | | | | NIST_800-53_SI-4 NIST |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | MITRE |
| v0-5-0-remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement |
| | | | | MITRE_TA0010_exfiltration |
| | | | | MITRE_TA0006_credential_access |
| | | | | MITRE_T1552_unsecured_credentials |
| | | | | NIST_800-53_SI-4(18) NIST |
| | | | | NIST_800-53 NIST_800-53_SC-4 |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | MITRE_execution |
| v0-5-0-write-in-shm-dir.yaml | write under shm folder | | | MITRE |
| | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST |
| v0-5-0-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 |
| | | | | MITRE_T1562.001_disable_or_modify_tools |
| | | | | MITRE_T1036.005_match_legitimate_name_or_location |
| | | | | MITRE_TA0003_persistence |
| | | | | MITRE MITRE_T1036_masquerading |
| | | | | MITRE_TA0005_defense_evasion |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 |
| v0-5-0-shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) |
| | within systems to remove | | | MITRE_T1070_indicator_removal_on_host |
| | evidence. | | | MITRE MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Command Line Warning Banners | 5 | Block | CIS CIS_Linux CIS_1.7_Warning_Banners |
| v0-5-0-cis-commandline-warning- | | | | CIS_1.7.1_Command_Line_Warning_Banners |
| banner.yaml | | | | |
| | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Ensure events that modify the | 5 | Block | CIS CIS_Linux |
| v0-5-0-system-network-env-mod.yaml | system's network environment | | | CIS_4_Logging_and_Aduditing |
| | are collected | | | CIS_4.1.1_Data_Retention |
| | | | | CIS_4.1.7_system_network_environment |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 |
| v0-5-0-file-integrity- | | | | NIST_800-53_SI-4 MITRE |
| monitoring.yaml | | | | MITRE_T1036_masquerading |
| | | | | MITRE_T1565_data_manipulation |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
Deployment | kube-system/kubearmor-host-policy-manager
Container | kubearmor/kubearmor-host-policy-manager:latest
OS | linux
Arch | amd64
Distro | debian
Output Directory | out/kube-system-kubearmor-host-policy-manager
policy-template version | v0.1.9
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| POLICY | SHORT DESC | SEVERITY | ACTION | TAGS |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-host-policy- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT |
| manager-latest-automount-service- | token when it is not needed | | | |
| account-token.yaml | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-host-policy- | Restrict access to maintenance | 1 | Audit | PCI_DSS |
| manager-latest-maint-tools- | tools (apk, mii-tool, ...) | | | MITRE |
| access.yaml | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-host-policy- | Restrict access to trusted | 1 | Block | MITRE |
| manager-latest-trusted-cert- | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials |
| mod.yaml | image | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-host-policy- | System Information Discovery | 3 | Block | MITRE |
| manager-latest-system-owner- | - block system owner discovery | | | MITRE_T1082_system_information_discovery |
| discovery.yaml | commands | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-host-policy- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 |
| manager-latest-write-under-bin- | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| dir.yaml | make directory under /bin/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-host-policy- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 |
| manager-latest-write-under-dev- | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| dir.yaml | make files under /dev/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-host-policy- | System and Information | 5 | Audit | NIST SI-4 |
| manager-latest-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 |
| | Detect access to cronjob files | | | CIS CIS_Linux |
| | | | | CIS_5.1_Configure_Cron |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-host-policy- | System and Information | 5 | Block | NIST |
| manager-latest-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) |
| | Functionality deny execution | | | SI-4 process |
| | of package manager process in | | | NIST_800-53_SI-4 |
| | container | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-host-policy- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command |
| manager-latest-k8s-client-tool- | container administration | | | MITRE_TA0002_execution |
| exec.yaml | service to execute commands | | | MITRE_T1610_deploy_container |
| | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 |
| | | | | NIST_800-53_SI-4 NIST |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-host-policy- | The adversary is trying to | 5 | Block | MITRE |
| manager-latest-remote-file- | steal data. | | | MITRE_TA0008_lateral_movement |
| copy.yaml | | | | MITRE_TA0010_exfiltration |
| | | | | MITRE_TA0006_credential_access |
| | | | | MITRE_T1552_unsecured_credentials |
| | | | | NIST_800-53_SI-4(18) NIST |
| | | | | NIST_800-53 NIST_800-53_SC-4 |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-host-policy- | The adversary is trying to | 5 | Block | MITRE_execution |
| manager-latest-write-in-shm- | write under shm folder | | | MITRE |
| dir.yaml | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-host-policy- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST |
| manager-latest-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 |
| | | | | MITRE_T1562.001_disable_or_modify_tools |
| | | | | MITRE_T1036.005_match_legitimate_name_or_location |
| | | | | MITRE_TA0003_persistence |
| | | | | MITRE MITRE_T1036_masquerading |
| | | | | MITRE_TA0005_defense_evasion |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-host-policy- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 |
| manager-latest-shell-history- | modify artifacts generated | | | NIST_800-53_AU-6(8) |
| mod.yaml | within systems to remove | | | MITRE_T1070_indicator_removal_on_host |
| | evidence. | | | MITRE MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-host-policy- | Ensure events that modify the | 5 | Block | CIS CIS_Linux |
| manager-latest-system-network-env- | system's network environment | | | CIS_4_Logging_and_Aduditing |
| mod.yaml | are collected | | | CIS_4.1.1_Data_Retention |
| | | | | CIS_4.1.7_system_network_environment |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-host-policy- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 |
| manager-latest-file-integrity- | | | | NIST_800-53_SI-4 MITRE |
| monitoring.yaml | | | | MITRE_T1036_masquerading |
| | | | | MITRE_T1565_data_manipulation |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
Deployment | kube-system/kubearmor-policy-manager
Container | gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
OS | linux
Arch | amd64
Distro | alpine
Output Directory | out/kube-system-kubearmor-policy-manager
policy-template version | v0.1.9
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| POLICY | SHORT DESC | SEVERITY | ACTION | TAGS |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT |
| v0-5-0-automount-service-account- | token when it is not needed | | | |
| token.yaml | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Restrict access to maintenance | 1 | Audit | PCI_DSS |
| v0-5-0-maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE |
| | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Restrict access to trusted | 1 | Block | MITRE |
| v0-5-0-trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials |
| | image | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | System Information Discovery | 3 | Block | MITRE |
| v0-5-0-system-owner-discovery.yaml | - block system owner discovery | | | MITRE_T1082_system_information_discovery |
| | commands | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 |
| v0-5-0-write-under-bin-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| | make directory under /bin/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 |
| v0-5-0-write-under-dev-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| | make files under /dev/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Audit | NIST SI-4 |
| v0-5-0-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 |
| | Detect access to cronjob files | | | CIS CIS_Linux |
| | | | | CIS_5.1_Configure_Cron |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | System and Information | 5 | Block | NIST |
| v0-5-0-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) |
| | Functionality deny execution | | | SI-4 process |
| | of package manager process in | | | NIST_800-53_SI-4 |
| | container | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command |
| v0-5-0-k8s-client-tool-exec.yaml | container administration | | | MITRE_TA0002_execution |
| | service to execute commands | | | MITRE_T1610_deploy_container |
| | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 |
| | | | | NIST_800-53_SI-4 NIST |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | MITRE |
| v0-5-0-remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement |
| | | | | MITRE_TA0010_exfiltration |
| | | | | MITRE_TA0006_credential_access |
| | | | | MITRE_T1552_unsecured_credentials |
| | | | | NIST_800-53_SI-4(18) NIST |
| | | | | NIST_800-53 NIST_800-53_SC-4 |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | MITRE_execution |
| v0-5-0-write-in-shm-dir.yaml | write under shm folder | | | MITRE |
| | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST |
| v0-5-0-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 |
| | | | | MITRE_T1562.001_disable_or_modify_tools |
| | | | | MITRE_T1036.005_match_legitimate_name_or_location |
| | | | | MITRE_TA0003_persistence |
| | | | | MITRE MITRE_T1036_masquerading |
| | | | | MITRE_TA0005_defense_evasion |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 |
| v0-5-0-shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) |
| | within systems to remove | | | MITRE_T1070_indicator_removal_on_host |
| | evidence. | | | MITRE MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Command Line Warning Banners | 5 | Block | CIS CIS_Linux CIS_1.7_Warning_Banners |
| v0-5-0-cis-commandline-warning- | | | | CIS_1.7.1_Command_Line_Warning_Banners |
| banner.yaml | | | | |
| | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | Ensure events that modify the | 5 | Block | CIS CIS_Linux |
| v0-5-0-system-network-env-mod.yaml | system's network environment | | | CIS_4_Logging_and_Aduditing |
| | are collected | | | CIS_4.1.1_Data_Retention |
| | | | | CIS_4.1.7_system_network_environment |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| gcr-io-kubebuilder-kube-rbac-proxy- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 |
| v0-5-0-file-integrity- | | | | NIST_800-53_SI-4 MITRE |
| monitoring.yaml | | | | MITRE_T1036_masquerading |
| | | | | MITRE_T1565_data_manipulation |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
Deployment | kube-system/kubearmor-policy-manager
Container | kubearmor/kubearmor-policy-manager:latest
OS | linux
Arch | amd64
Distro | debian
Output Directory | out/kube-system-kubearmor-policy-manager
policy-template version | v0.1.9
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| POLICY | SHORT DESC | SEVERITY | ACTION | TAGS |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-policy-manager- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT |
| latest-automount-service-account- | token when it is not needed | | | |
| token.yaml | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-policy-manager- | Restrict access to maintenance | 1 | Audit | PCI_DSS |
| latest-maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE |
| | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-policy-manager- | Restrict access to trusted | 1 | Block | MITRE |
| latest-trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials |
| | image | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-policy-manager- | System Information Discovery | 3 | Block | MITRE |
| latest-system-owner-discovery.yaml | - block system owner discovery | | | MITRE_T1082_system_information_discovery |
| | commands | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-policy-manager- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 |
| latest-write-under-bin-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| | make directory under /bin/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-policy-manager- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 |
| latest-write-under-dev-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| | make files under /dev/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-policy-manager- | System and Information | 5 | Audit | NIST SI-4 |
| latest-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 |
| | Detect access to cronjob files | | | CIS CIS_Linux |
| | | | | CIS_5.1_Configure_Cron |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-policy-manager- | System and Information | 5 | Block | NIST |
| latest-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) |
| | Functionality deny execution | | | SI-4 process |
| | of package manager process in | | | NIST_800-53_SI-4 |
| | container | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-policy-manager- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command |
| latest-k8s-client-tool-exec.yaml | container administration | | | MITRE_TA0002_execution |
| | service to execute commands | | | MITRE_T1610_deploy_container |
| | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 |
| | | | | NIST_800-53_SI-4 NIST |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-policy-manager- | The adversary is trying to | 5 | Block | MITRE |
| latest-remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement |
| | | | | MITRE_TA0010_exfiltration |
| | | | | MITRE_TA0006_credential_access |
| | | | | MITRE_T1552_unsecured_credentials |
| | | | | NIST_800-53_SI-4(18) NIST |
| | | | | NIST_800-53 NIST_800-53_SC-4 |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-policy-manager- | The adversary is trying to | 5 | Block | MITRE_execution |
| latest-write-in-shm-dir.yaml | write under shm folder | | | MITRE |
| | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-policy-manager- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST |
| latest-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 |
| | | | | MITRE_T1562.001_disable_or_modify_tools |
| | | | | MITRE_T1036.005_match_legitimate_name_or_location |
| | | | | MITRE_TA0003_persistence |
| | | | | MITRE MITRE_T1036_masquerading |
| | | | | MITRE_TA0005_defense_evasion |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-policy-manager- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 |
| latest-shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) |
| | within systems to remove | | | MITRE_T1070_indicator_removal_on_host |
| | evidence. | | | MITRE MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-policy-manager- | Ensure events that modify the | 5 | Block | CIS CIS_Linux |
| latest-system-network-env-mod.yaml | system's network environment | | | CIS_4_Logging_and_Aduditing |
| | are collected | | | CIS_4.1.1_Data_Retention |
| | | | | CIS_4.1.7_system_network_environment |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-policy-manager- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 |
| latest-file-integrity- | | | | NIST_800-53_SI-4 MITRE |
| monitoring.yaml | | | | MITRE_T1036_masquerading |
| | | | | MITRE_T1565_data_manipulation |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
Deployment | kube-system/kubearmor-relay
Container | kubearmor/kubearmor-relay-server:latest
OS | linux
Arch | amd64
Distro | alpine
Output Directory | out/kube-system-kubearmor-relay
policy-template version | v0.1.9
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| POLICY | SHORT DESC | SEVERITY | ACTION | TAGS |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-relay-server- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT |
| latest-automount-service-account- | token when it is not needed | | | |
| token.yaml | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-relay-server- | Restrict access to maintenance | 1 | Audit | PCI_DSS |
| latest-maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE |
| | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-relay-server- | Restrict access to trusted | 1 | Block | MITRE |
| latest-trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials |
| | image | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-relay-server- | System Information Discovery | 3 | Block | MITRE |
| latest-system-owner-discovery.yaml | - block system owner discovery | | | MITRE_T1082_system_information_discovery |
| | commands | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-relay-server- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 |
| latest-write-under-bin-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| | make directory under /bin/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-relay-server- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 |
| latest-write-under-dev-dir.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| | make files under /dev/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-relay-server- | System and Information | 5 | Audit | NIST SI-4 |
| latest-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 |
| | Detect access to cronjob files | | | CIS CIS_Linux |
| | | | | CIS_5.1_Configure_Cron |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-relay-server- | System and Information | 5 | Block | NIST |
| latest-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) |
| | Functionality deny execution | | | SI-4 process |
| | of package manager process in | | | NIST_800-53_SI-4 |
| | container | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-relay-server- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command |
| latest-k8s-client-tool-exec.yaml | container administration | | | MITRE_TA0002_execution |
| | service to execute commands | | | MITRE_T1610_deploy_container |
| | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 |
| | | | | NIST_800-53_SI-4 NIST |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-relay-server- | The adversary is trying to | 5 | Block | MITRE |
| latest-remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement |
| | | | | MITRE_TA0010_exfiltration |
| | | | | MITRE_TA0006_credential_access |
| | | | | MITRE_T1552_unsecured_credentials |
| | | | | NIST_800-53_SI-4(18) NIST |
| | | | | NIST_800-53 NIST_800-53_SC-4 |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-relay-server- | The adversary is trying to | 5 | Block | MITRE_execution |
| latest-write-in-shm-dir.yaml | write under shm folder | | | MITRE |
| | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-relay-server- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST |
| latest-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 |
| | | | | MITRE_T1562.001_disable_or_modify_tools |
| | | | | MITRE_T1036.005_match_legitimate_name_or_location |
| | | | | MITRE_TA0003_persistence |
| | | | | MITRE MITRE_T1036_masquerading |
| | | | | MITRE_TA0005_defense_evasion |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-relay-server- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 |
| latest-shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) |
| | within systems to remove | | | MITRE_T1070_indicator_removal_on_host |
| | evidence. | | | MITRE MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-relay-server- | Command Line Warning Banners | 5 | Block | CIS CIS_Linux CIS_1.7_Warning_Banners |
| latest-cis-commandline-warning- | | | | CIS_1.7.1_Command_Line_Warning_Banners |
| banner.yaml | | | | |
| | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-relay-server- | Ensure events that modify the | 5 | Block | CIS CIS_Linux |
| latest-system-network-env-mod.yaml | system's network environment | | | CIS_4_Logging_and_Aduditing |
| | are collected | | | CIS_4.1.1_Data_Retention |
| | | | | CIS_4.1.7_system_network_environment |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kubearmor-kubearmor-relay-server- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 |
| latest-file-integrity- | | | | NIST_800-53_SI-4 MITRE |
| monitoring.yaml | | | | MITRE_T1036_masquerading |
| | | | | MITRE_T1565_data_manipulation |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
Deployment | local-path-storage/local-path-provisioner
Container | kindest/local-path-provisioner:v0.0.22-kind.0
OS | linux
Arch | amd64
Distro | debian
Output Directory | out/local-path-storage-local-path-provisioner
policy-template version | v0.1.9
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| POLICY | SHORT DESC | SEVERITY | ACTION | TAGS |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kindest-local-path-provisioner-v0- | Don't mount service account | N/A | Audit | AUTOMOUNT SERVICEACCOUNT |
| 0-22-kind-0-automount-service- | token when it is not needed | | | |
| account-token.yaml | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kindest-local-path-provisioner-v0- | Restrict access to maintenance | 1 | Audit | PCI_DSS |
| 0-22-kind-0-maint-tools-access.yaml | tools (apk, mii-tool, ...) | | | MITRE |
| | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kindest-local-path-provisioner-v0- | Restrict access to trusted | 1 | Block | MITRE |
| 0-22-kind-0-trusted-cert-mod.yaml | certificated bundles in the OS | | | MITRE_T1552_unsecured_credentials |
| | image | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kindest-local-path-provisioner-v0- | System Information Discovery | 3 | Block | MITRE |
| 0-22-kind-0-system-owner- | - block system owner discovery | | | MITRE_T1082_system_information_discovery |
| discovery.yaml | commands | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kindest-local-path-provisioner-v0- | System and Information | 5 | Block | NIST NIST_800-53_AU-2 |
| 0-22-kind-0-write-under-bin- | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| dir.yaml | make directory under /bin/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kindest-local-path-provisioner-v0- | System and Information | 5 | Audit | NIST NIST_800-53_AU-2 |
| 0-22-kind-0-write-under-dev- | Integrity - System Monitoring | | | NIST_800-53_SI-4 MITRE |
| dir.yaml | make files under /dev/ | | | MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kindest-local-path-provisioner-v0- | System and Information | 5 | Audit | NIST SI-4 |
| 0-22-kind-0-cronjob-cfg.yaml | Integrity - System Monitoring | | | NIST_800-53_SI-4 |
| | Detect access to cronjob files | | | CIS CIS_Linux |
| | | | | CIS_5.1_Configure_Cron |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kindest-local-path-provisioner-v0- | System and Information | 5 | Block | NIST |
| 0-22-kind-0-pkg-mngr-exec.yaml | Integrity - Least | | | NIST_800-53_CM-7(4) |
| | Functionality deny execution | | | SI-4 process |
| | of package manager process in | | | NIST_800-53_SI-4 |
| | container | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kindest-local-path-provisioner-v0- | Adversaries may abuse a | 5 | Block | MITRE_T1609_container_administration_command |
| 0-22-kind-0-k8s-client-tool- | container administration | | | MITRE_TA0002_execution |
| exec.yaml | service to execute commands | | | MITRE_T1610_deploy_container |
| | within a container. | | | MITRE NIST_800-53 NIST_800-53_AU-2 |
| | | | | NIST_800-53_SI-4 NIST |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kindest-local-path-provisioner-v0- | The adversary is trying to | 5 | Block | MITRE |
| 0-22-kind-0-remote-file-copy.yaml | steal data. | | | MITRE_TA0008_lateral_movement |
| | | | | MITRE_TA0010_exfiltration |
| | | | | MITRE_TA0006_credential_access |
| | | | | MITRE_T1552_unsecured_credentials |
| | | | | NIST_800-53_SI-4(18) NIST |
| | | | | NIST_800-53 NIST_800-53_SC-4 |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kindest-local-path-provisioner-v0- | The adversary is trying to | 5 | Block | MITRE_execution |
| 0-22-kind-0-write-in-shm-dir.yaml | write under shm folder | | | MITRE |
| | | | | |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kindest-local-path-provisioner-v0- | The adversary is trying to | 5 | Block | NIST_800-53_SI-7 NIST |
| 0-22-kind-0-write-etc-dir.yaml | avoid being detected. | | | NIST_800-53_SI-4 NIST_800-53 |
| | | | | MITRE_T1562.001_disable_or_modify_tools |
| | | | | MITRE_T1036.005_match_legitimate_name_or_location |
| | | | | MITRE_TA0003_persistence |
| | | | | MITRE MITRE_T1036_masquerading |
| | | | | MITRE_TA0005_defense_evasion |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kindest-local-path-provisioner-v0- | Adversaries may delete or | 5 | Block | NIST NIST_800-53 NIST_800-53_CM-5 |
| 0-22-kind-0-shell-history-mod.yaml | modify artifacts generated | | | NIST_800-53_AU-6(8) |
| | within systems to remove | | | MITRE_T1070_indicator_removal_on_host |
| | evidence. | | | MITRE MITRE_T1036_masquerading |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kindest-local-path-provisioner-v0- | Ensure events that modify the | 5 | Block | CIS CIS_Linux |
| 0-22-kind-0-system-network-env- | system's network environment | | | CIS_4_Logging_and_Aduditing |
| mod.yaml | are collected | | | CIS_4.1.1_Data_Retention |
| | | | | CIS_4.1.7_system_network_environment |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
| kindest-local-path-provisioner-v0- | File Integrity Monitoring | 1 | Block | NIST NIST_800-53_AU-2 |
| 0-22-kind-0-file-integrity- | | | | NIST_800-53_SI-4 MITRE |
| monitoring.yaml | | | | MITRE_T1036_masquerading |
| | | | | MITRE_T1565_data_manipulation |
+-------------------------------------+--------------------------------+----------+--------+---------------------------------------------------+
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment