mirror of
https://github.com/falcosecurity/falco.git
synced 2025-07-16 07:47:00 +00:00
update(rules): move falco_hostnetwork_images list to k8s audit rules
Co-authored-by: Leonardo Grasso <me@leonardograsso.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
This commit is contained in:
parent
3640871725
commit
c705623f9e
@ -152,6 +152,19 @@
|
||||
source: k8s_audit
|
||||
tags: [k8s]
|
||||
|
||||
# These container images are allowed to run with hostnetwork=true
|
||||
- list: falco_hostnetwork_images
|
||||
items: [
|
||||
gcr.io/google-containers/prometheus-to-sd,
|
||||
gcr.io/projectcalico-org/typha,
|
||||
gcr.io/projectcalico-org/node,
|
||||
gke.gcr.io/gke-metadata-server,
|
||||
gke.gcr.io/kube-proxy,
|
||||
gke.gcr.io/netd-amd64,
|
||||
k8s.gcr.io/ip-masq-agent-amd64
|
||||
k8s.gcr.io/prometheus-to-sd,
|
||||
]
|
||||
|
||||
# Corresponds to K8s CIS Benchmark 1.7.4
|
||||
- rule: Create HostNetwork Pod
|
||||
desc: Detect an attempt to start a pod using the host network.
|
||||
|
Loading…
Reference in New Issue
Block a user