49 lines
1.7 KiB
YAML
49 lines
1.7 KiB
YAML
id: k8s-root-user-id
|
|
|
|
info:
|
|
name: Pods run with root user ID
|
|
author: princechaddha
|
|
severity: low
|
|
description: Checks for pods running with the user ID of the root user, increasing security risks.
|
|
impact: |
|
|
Running pods with the root user ID can allow malicious entities to gain unnecessary privileges, leading to potential compromises in the Kubernetes environment.
|
|
remediation: Configure pods to run with a non-root user ID by setting the 'securityContext' for each container and the pod itself.
|
|
reference:
|
|
- https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
tags: cloud,devops,kubernetes,devsecops,pods,k8s,k8s-cluster-security
|
|
|
|
flow: |
|
|
code(1);
|
|
for (let pod of template.items) {
|
|
set("pod", pod)
|
|
javascript(1);
|
|
}
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: kubectl get pods --all-namespaces --output=json
|
|
extractors:
|
|
- type: json
|
|
name: items
|
|
internal: true
|
|
json:
|
|
- '.items[] | {pod: .metadata.name, containers: .spec.containers}'
|
|
|
|
javascript:
|
|
- code: |
|
|
let podData = JSON.parse(template.pod);
|
|
podData.containers.forEach(container => {
|
|
if (container.securityContext && container.securityContext.runAsUser === 0) {
|
|
let result = (`Container '${container.name}' in pod '${podData.pod}' is running with root user ID.`);
|
|
Export(result);
|
|
}
|
|
});
|
|
|
|
extractors:
|
|
- type: dsl
|
|
dsl:
|
|
- response
|
|
# digest: 4a0a004730450220517a362ea6e79742e15c12dcf13275a23e3507c4a8c72f25f0a5620100cce53a022100d04b0c6d1bf0da1801dc9c6c9bea05701fa7e0e43570cd5b8ad9fb90294aa44c:922c64590222798bb761d5b6d8e72950 |