PrivilegedContainer 의 사용환경에 대한 탐지
apiVersion: v1
kind: Pod
metadata:
name: privileged-container
labels:
role: privileged-container
namespace: default
spec:
containers:
- image: busybox
command:
- sleep
- "3600"
imagePullPolicy: IfNotPresent
name: privileged-container
securityContext:
privileged: true
restartPolicy: Always
YAML
복사
kubectl apply -f privileged-container.yaml
Shell
복사
민감정보가 있는 볼륨을 마운트했을 때 위협으로 감지
apiVersion: apps/v1
kind: Deployment
metadata:
name: sensitive-mount-container
spec:
selector:
matchLabels:
app: sensitive-mount-container
replicas: 1
template:
metadata:
labels:
app: sensitive-mount-container
spec:
containers:
- name: sensitive-mount-container
image: nginx
securityContext:
privileged: true
volumeMounts:
- mountPath: /test-pd
name: test-volume
volumes:
- name: test-volume
hostPath:
path: /etc
type: Directory
YAML
복사
kubectl apply -f sensitive-mount-container.yaml
Shell
복사
익명접근을 허용하는 위협을 탐지
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: anonymous-admin
subjects:
- kind: User
name: system:anonymous
namespace: default
roleRef:
kind: ClusterRole
name: view
apiGroup: rbac.authorization.k8s.io
YAML
복사
kubectl apply -f anonymous.yaml
Shell
복사
Admin 권한을 부여했을 때의 위협을 탐지
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: default-service-acct-admin
subjects:
- kind: ServiceAccount
name: default
namespace: default
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
YAML
복사
kubectl apply -f AdminAccessToDefaultServiceAccount.yaml
Shell
복사
