mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-16 12:45:17 +03:00
c47eed6a64
- Fix 25 shell=True subprocess calls with list-based commands - Fix 49 verify=False in defensive skills (env-var override) - Add timeout to 231 HTTP/subprocess/socket calls - Fix 6 SQL injection patterns with whitelist validation - Replace 8 __import__() with standard imports - Remove 701 unused imports across 442 files - Add authorized-testing disclaimers to all offensive skills - Complete 11 incomplete skill directories - Expand 10 stub SKILL.md files with full content - Fix 2 YAML parse errors in frontmatter - Fix 5 pre-existing syntax errors - Convert 22 hardcoded paths/ports to environment variables - Back up 21 redundant skill pairs to .bak - Fix 2 global declaration errors - 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE) - 0 compile errors across all 724 agent.py files
1.6 KiB
1.6 KiB
API Reference: Kubernetes RBAC Audit
Python Kubernetes Client
from kubernetes import client, config
config.load_kube_config()
rbac = client.RbacAuthorizationV1Api()
core = client.CoreV1Api()
RBAC API Calls
| Method | Description |
|---|---|
rbac.list_cluster_role() |
List all ClusterRoles |
rbac.list_cluster_role_binding() |
List all ClusterRoleBindings |
rbac.list_namespaced_role(ns) |
List Roles in namespace |
rbac.list_namespaced_role_binding(ns) |
List RoleBindings in namespace |
ClusterRole Rule Structure
role.rules[0].verbs # ["get", "list", "watch"]
role.rules[0].resources # ["pods", "secrets"]
role.rules[0].api_groups # ["", "apps"]
Dangerous RBAC Permissions
| Permission | Risk |
|---|---|
* / * (all verbs, resources) |
Full cluster admin |
create on pods/exec |
Remote code execution |
get on secrets |
Credential theft |
bind on clusterroles |
Privilege escalation |
impersonate on users |
Identity spoofing |
escalate on roles |
Self-privilege escalation |
Subject Types
| Kind | Description |
|---|---|
| User | Human user identity |
| Group | User group (e.g., system:authenticated) |
| ServiceAccount | Pod identity |
Risky Groups
| Group | Risk |
|---|---|
system:unauthenticated |
Anonymous access |
system:authenticated |
Any authenticated user |
system:masters |
Full cluster admin |
kubectl RBAC Commands
kubectl auth can-i --list
kubectl get clusterrolebindings -o json
kubectl auth can-i create pods --as=system:serviceaccount:default:default