mirror of
https://github.com/falcosecurity/falco.git
synced 2025-07-10 05:03:37 +00:00
add eks:node-manager to allowed_k8s_users list
eks:node-manager is an Amazon EKS internal service role that performs specific operations for managed node groups and Fargate. Reference: https://github.com/awsdocs/amazon-eks-user-guide/blob/master/doc_source/logging-monitoring.md Related falco log ``` {"output":"10:56:31.181308928: Warning K8s Operation performed by user not in allowed list of users (user=eks:node-manager target=aws-auth/configmaps verb=get uri=/api/v1/namespaces/kube-system/configmaps/aws-auth?timeout=19s resp=200)","priority":"Warning","rule":"Disallowed K8s User","time":"2021-01-26T10:56:31.181308928Z", "output_fields": {"jevt.time":"10:56:31.181308928","ka.response.code":"200","ka.target.name":"aws-auth","ka.target.resource":"configmaps","ka.uri":"/api/v1/namespaces/kube-system/configmaps/aws-auth?timeout=19s","ka.user.name":"eks:node-manager","ka.verb":"get"}} ``` Signed-off-by: ismailyenigul <ismailyenigul@gmail.com>
This commit is contained in:
parent
19fe7240e2
commit
959811a503
@ -50,7 +50,8 @@
|
||||
vertical_pod_autoscaler_users,
|
||||
cluster-autoscaler,
|
||||
"system:addon-manager",
|
||||
"cloud-controller-manager"
|
||||
"cloud-controller-manager",
|
||||
"eks:node-manager"
|
||||
]
|
||||
|
||||
- rule: Disallowed K8s User
|
||||
|
Loading…
Reference in New Issue
Block a user