mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-18 13:39:40 +03:00
c47eed6a64
- Fix 25 shell=True subprocess calls with list-based commands - Fix 49 verify=False in defensive skills (env-var override) - Add timeout to 231 HTTP/subprocess/socket calls - Fix 6 SQL injection patterns with whitelist validation - Replace 8 __import__() with standard imports - Remove 701 unused imports across 442 files - Add authorized-testing disclaimers to all offensive skills - Complete 11 incomplete skill directories - Expand 10 stub SKILL.md files with full content - Fix 2 YAML parse errors in frontmatter - Fix 5 pre-existing syntax errors - Convert 22 hardcoded paths/ports to environment variables - Back up 21 redundant skill pairs to .bak - Fix 2 global declaration errors - 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE) - 0 compile errors across all 724 agent.py files
1.4 KiB
1.4 KiB
Kubernetes RBAC Configuration Template
Namespace RBAC Matrix
| Namespace | Cluster Admin | Namespace Admin | Developer | Viewer | CI/CD SA |
|---|---|---|---|---|---|
| production | 2 users | 2 users | 0 | 5 users | 1 SA |
| staging | 2 users | 3 users | 5 users | 3 users | 1 SA |
| development | 2 users | 5 users | 10 users | 0 | 1 SA |
Role Definitions
| Role Name | Scope | Resources | Verbs | Use Case |
|---|---|---|---|---|
| namespace-admin | Namespace | * | * (within NS) | Full namespace control |
| developer | Namespace | pods, deployments, services, configmaps | get,list,create,update,delete | Workload management |
| viewer | Namespace | pods, deployments, services, configmaps | get, list, watch | Read-only monitoring |
| secret-reader | Namespace | secrets | get, list | Application secret access |
| ci-deployer | Namespace | deployments, services, configmaps | get,list,create,update,patch | CI/CD pipeline |
Service Account Inventory
| Service Account | Namespace | Bound Role | automountToken | Purpose |
|---|---|---|---|---|
Audit Policy Configuration
- Log all create/update/delete on RBAC resources (RequestResponse level)
- Log all pod exec/attach events
- Log all secret access events
- Forward audit logs to SIEM
- Alert on ClusterRoleBinding changes