mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-17 21:19:40 +03:00
c47eed6a64
- Fix 25 shell=True subprocess calls with list-based commands - Fix 49 verify=False in defensive skills (env-var override) - Add timeout to 231 HTTP/subprocess/socket calls - Fix 6 SQL injection patterns with whitelist validation - Replace 8 __import__() with standard imports - Remove 701 unused imports across 442 files - Add authorized-testing disclaimers to all offensive skills - Complete 11 incomplete skill directories - Expand 10 stub SKILL.md files with full content - Fix 2 YAML parse errors in frontmatter - Fix 5 pre-existing syntax errors - Convert 22 hardcoded paths/ports to environment variables - Back up 21 redundant skill pairs to .bak - Fix 2 global declaration errors - 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE) - 0 compile errors across all 724 agent.py files
2.7 KiB
2.7 KiB
API Reference: Kubernetes RBAC Configuration Audit
Libraries Used
| Library | Purpose |
|---|---|
kubernetes |
Official Kubernetes Python client for RBAC API |
json |
Parse and format RBAC audit results |
Installation
pip install kubernetes
Authentication
from kubernetes import client, config
config.load_kube_config()
rbac_api = client.RbacAuthorizationV1Api()
core_api = client.CoreV1Api()
RBAC API Methods
| Method | Description |
|---|---|
list_cluster_role() |
List all ClusterRoles |
list_cluster_role_binding() |
List all ClusterRoleBindings |
list_namespaced_role(namespace) |
List Roles in a namespace |
list_namespaced_role_binding(namespace) |
List RoleBindings in namespace |
Core Operations
List All ClusterRoleBindings
def list_all_bindings():
bindings = rbac_api.list_cluster_role_binding()
for b in bindings.items:
subjects = [
f"{s.kind}/{s.name}" for s in (b.subjects or [])
]
print(f"{b.metadata.name} -> {b.role_ref.name}: {subjects}")
Audit Overprivileged Roles
def audit_overprivileged():
roles = rbac_api.list_cluster_role()
findings = []
for role in roles.items:
for rule in (role.rules or []):
if rule.verbs and "*" in rule.verbs:
findings.append({
"role": role.metadata.name,
"issue": "Wildcard verbs (*) — overly permissive",
"severity": "high",
})
if rule.resources and "*" in rule.resources:
findings.append({
"role": role.metadata.name,
"issue": "Wildcard resources (*)",
"severity": "high",
})
return findings
Find Default Service Account Usage
def find_default_sa_usage():
findings = []
namespaces = core_api.list_namespace()
for ns in namespaces.items:
pods = core_api.list_namespaced_pod(ns.metadata.name)
for pod in pods.items:
sa = pod.spec.service_account_name
if sa == "default":
findings.append({
"namespace": ns.metadata.name,
"pod": pod.metadata.name,
"issue": "Using default service account",
"severity": "medium",
})
return findings
Output Format
{
"cluster_roles": 45,
"cluster_role_bindings": 38,
"findings": [
{
"role": "custom-admin",
"issue": "Wildcard verbs (*) — overly permissive",
"severity": "high"
}
]
}