49 lines
1.7 KiB
YAML
49 lines
1.7 KiB
YAML
id: k8s-root-user-id
|
|
|
|
info:
|
|
name: Pods run with root user ID
|
|
author: princechaddha
|
|
severity: low
|
|
description: Checks for pods running with the user ID of the root user, increasing security risks.
|
|
impact: |
|
|
Running pods with the root user ID can allow malicious entities to gain unnecessary privileges, leading to potential compromises in the Kubernetes environment.
|
|
remediation: Configure pods to run with a non-root user ID by setting the 'securityContext' for each container and the pod itself.
|
|
reference:
|
|
- https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
tags: cloud,devops,kubernetes,security,devsecops,pods
|
|
|
|
flow: |
|
|
code(1);
|
|
for (let pod of template.items) {
|
|
set("pod", pod)
|
|
javascript(1);
|
|
}
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: kubectl get pods --all-namespaces --output=json
|
|
extractors:
|
|
- type: json
|
|
name: items
|
|
internal: true
|
|
json:
|
|
- '.items[] | {pod: .metadata.name, containers: .spec.containers}'
|
|
|
|
javascript:
|
|
- code: |
|
|
let podData = JSON.parse(template.pod);
|
|
podData.containers.forEach(container => {
|
|
if (container.securityContext && container.securityContext.runAsUser === 0) {
|
|
let result = (`Container '${container.name}' in pod '${podData.pod}' is running with root user ID.`);
|
|
Export(result);
|
|
}
|
|
});
|
|
|
|
extractors:
|
|
- type: dsl
|
|
dsl:
|
|
- response
|
|
# digest: 4a0a00473045022100c1eee5714a5bba3549ccef97ba37cc178ad76f7786c90732ff49d211d1d4153802204dae0cd7ef2c634e85d3d27a7feb5c9508f4066a91f7ef56f861ed86af5bb420:366f2a24c8eb519f6968bd8801c08ebe |