mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-17 13:15:16 +03:00
1.2 KiB
1.2 KiB
API Reference: Detecting Privilege Escalation in Kubernetes Pods
Security Context Checks
| Check | Risk | Description |
|---|---|---|
| privileged: true | CRITICAL | Full host access |
| allowPrivilegeEscalation | HIGH | setuid escalation |
| runAsUser: 0 | HIGH | Running as root |
| hostPID: true | CRITICAL | Host PID namespace |
| hostNetwork: true | HIGH | Host network access |
Dangerous Capabilities
| Capability | Risk |
|---|---|
| SYS_ADMIN | Container escape |
| SYS_PTRACE | Process debugging |
| SYS_MODULE | Kernel module loading |
| NET_ADMIN | Network manipulation |
kubectl Audit Commands
kubectl get pods -A -o json | jq '.items[] | select(.spec.containers[].securityContext.privileged==true)'
kubectl auth can-i --list --as=system:serviceaccount:ns:sa
Pod Security Standards
apiVersion: v1
kind: Namespace
metadata:
labels:
pod-security.kubernetes.io/enforce: restricted
Falco Rules
- rule: Pod with Privileged Container
condition: kevt and kcreate and container.privileged=true
priority: CRITICAL
CLI Usage
python agent.py --namespace default
python agent.py --json-file pods.json