mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-21 19:44:57 +00:00
6ede7bd422
Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
667 lines
21 KiB
YAML
667 lines
21 KiB
YAML
#
|
|
# Copyright (C) 2016-2018 The Falco Authors.
|
|
#
|
|
# This file is part of falco.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
trace_files: !mux
|
|
|
|
privileged_detect_k8s_audit:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP no_privileged Violation (privileged) K8s Audit": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/privileged.yaml
|
|
trace_file: trace_files/psp/privileged.json
|
|
|
|
privileged_detect_syscall:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP no_privileged Violation (privileged) System Activity": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/privileged.yaml
|
|
trace_file: trace_files/psp/privileged.scap
|
|
|
|
privileged_no_detect:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/privileged.yaml
|
|
trace_file: trace_files/psp/create_vanilla_nginx_deployment.json
|
|
|
|
host_pid_detect:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP no_host_pid Violation (hostPID)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/host_pid.yaml
|
|
trace_file: trace_files/psp/host_pid.json
|
|
|
|
host_pid_no_detect:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/host_pid.yaml
|
|
trace_file: trace_files/psp/create_vanilla_nginx_deployment.json
|
|
|
|
host_ipc_detect:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP no_host_ipc Violation (hostIPC)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/host_ipc.yaml
|
|
trace_file: trace_files/psp/host_ipc.json
|
|
|
|
host_ipc_no_detect:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/host_ipc.yaml
|
|
trace_file: trace_files/psp/create_vanilla_nginx_deployment.json
|
|
|
|
host_network_detect:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP no_host_network Violation (hostNetwork)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/host_network.yaml
|
|
trace_file: trace_files/psp/host_network.json
|
|
|
|
host_network_no_detect:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/host_network.yaml
|
|
trace_file: trace_files/psp/create_vanilla_nginx_deployment.json
|
|
|
|
host_network_ports_detect:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP host_ports_100_200_only Violation (hostPorts)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/host_network_ports.yaml
|
|
trace_file: trace_files/psp/host_network_ports.json
|
|
|
|
host_network_ports_no_detect:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/host_network_ports.yaml
|
|
trace_file: trace_files/psp/create_vanilla_nginx_deployment.json
|
|
|
|
volumes_detect:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP only_secret_volumes Violation (volumes)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/volumes.yaml
|
|
trace_file: trace_files/psp/mount_etc_using_host_path.json
|
|
|
|
volumes_no_detect:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/volumes.yaml
|
|
trace_file: trace_files/psp/create_vanilla_nginx_deployment.json
|
|
|
|
allowed_host_paths_detect:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP only_mount_host_usr Violation (allowedHostPaths)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/allowed_host_paths.yaml
|
|
trace_file: trace_files/psp/mount_etc_using_host_path.json
|
|
|
|
allowed_host_paths_no_detect:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/allowed_host_paths.yaml
|
|
trace_file: trace_files/psp/create_vanilla_nginx_deployment.json
|
|
|
|
allowed_flex_volumes_detect:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP only_lvm_cifs_flex_volumes Violation (allowedFlexVolumes)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/flex_volumes.yaml
|
|
trace_file: trace_files/psp/flex_volumes.json
|
|
|
|
allowed_flex_volumes_no_detect:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/flex_volumes.yaml
|
|
trace_file: trace_files/psp/create_vanilla_nginx_deployment.json
|
|
|
|
fs_group_must_run_as_with_unset:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP fs_group_must_run_as_30 Violation (fsGroup)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/fs_group_must_run_as.yaml
|
|
trace_file: trace_files/psp/create_vanilla_nginx_deployment.json
|
|
|
|
fs_group_must_run_as:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP fs_group_must_run_as_30 Violation (fsGroup)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/fs_group_must_run_as.yaml
|
|
trace_file: trace_files/psp/fs_group.json
|
|
|
|
fs_group_may_run_as:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP fs_group_may_run_as_30 Violation (fsGroup)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/fs_group_may_run_as.yaml
|
|
trace_file: trace_files/psp/fs_group.json
|
|
|
|
fs_group_may_run_as_with_unset:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/fs_group_may_run_as.yaml
|
|
trace_file: trace_files/psp/create_vanilla_nginx_deployment.json
|
|
|
|
fs_group_run_as_any:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/fs_group_run_as_any.yaml
|
|
trace_file: trace_files/psp/fs_group.json
|
|
|
|
fs_group_run_as_any_with_unset:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/fs_group_run_as_any.yaml
|
|
trace_file: trace_files/psp/create_vanilla_nginx_deployment.json
|
|
|
|
read_only_root_fs_detect:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP read_only_root_fs Violation (readOnlyRootFilesystem) K8s Audit": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/read_only_root_fs.yaml
|
|
trace_file: trace_files/psp/create_vanilla_nginx_deployment.json
|
|
|
|
read_only_root_fs_detect_syscall:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP read_only_root_fs Violation (readOnlyRootFilesystem) System Activity": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/read_only_root_fs.yaml
|
|
trace_file: trace_files/psp/write_tmp_test.scap
|
|
|
|
read_only_root_fs_no_detect:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/read_only_root_fs.yaml
|
|
trace_file: trace_files/psp/read_only_root_fs.json
|
|
|
|
user_must_run_as_with_unset:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP user_must_run_as_30 Violation (runAsUser=MustRunAs) K8s Audit": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/user_must_run_as.yaml
|
|
trace_file: trace_files/psp/create_vanilla_nginx_deployment.json
|
|
|
|
user_must_run_as_detect:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP user_must_run_as_30 Violation (runAsUser=MustRunAs) K8s Audit": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/user_must_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_user_1000_container.json
|
|
|
|
user_must_run_as_detect_syscall:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP user_must_run_as_30 Violation (runAsUser=MustRunAs) System Activity": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/user_must_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_user_65534_container.scap
|
|
|
|
user_must_run_as_not_detect:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/user_must_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_user_30_container.json
|
|
|
|
user_must_run_as_detect_sec_ctx:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP user_must_run_as_30 Violation (runAsUser=MustRunAs) K8s Audit": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/user_must_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_user_1000_sec_ctx.json
|
|
|
|
user_must_run_as_not_detect_sec_ctx:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/user_must_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_user_30_sec_ctx.json
|
|
|
|
user_must_run_as_detect_both:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP user_must_run_as_30 Violation (runAsUser=MustRunAs) K8s Audit": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/user_must_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_user_30_sec_ctx_1000_container.json
|
|
|
|
user_must_run_as_not_detect_both:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/user_must_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_user_1000_sec_ctx_30_container.json
|
|
|
|
user_must_run_as_non_root_detect:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP user_must_run_as_non_root Violation (runAsUser=MustRunAsNonRoot) K8s Audit": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/user_must_run_as_non_root.yaml
|
|
trace_file: trace_files/psp/run_as_user_0_container.json
|
|
|
|
user_must_run_as_non_root_detect_syscall:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP user_must_run_as_non_root Violation (runAsUser=MustRunAsNonRoot) System Activity": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/user_must_run_as_non_root.yaml
|
|
trace_file: trace_files/psp/run_as_user_0_container.scap
|
|
|
|
user_must_run_as_non_root_no_detect:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/user_must_run_as_non_root.yaml
|
|
trace_file: trace_files/psp/run_as_user_1000_container.json
|
|
|
|
user_must_run_as_non_root_detect_sec_ctx:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP user_must_run_as_non_root Violation (runAsUser=MustRunAsNonRoot) K8s Audit": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/user_must_run_as_non_root.yaml
|
|
trace_file: trace_files/psp/run_as_user_0_sec_ctx.json
|
|
|
|
user_must_run_as_non_root_no_detect_sec_ctx:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/user_must_run_as_non_root.yaml
|
|
trace_file: trace_files/psp/run_as_user_1000_sec_ctx.json
|
|
|
|
user_must_run_as_non_root_detect_both:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP user_must_run_as_non_root Violation (runAsUser=MustRunAsNonRoot) K8s Audit": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/user_must_run_as_non_root.yaml
|
|
trace_file: trace_files/psp/run_as_user_1000_sec_ctx_0_container.json
|
|
|
|
user_must_run_as_non_root_no_detect_both:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/user_must_run_as_non_root.yaml
|
|
trace_file: trace_files/psp/run_as_user_0_sec_ctx_1000_container.json
|
|
|
|
group_must_run_as_with_unset:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP group_must_run_as_30 Violation (runAsGroup=MustRunAs) K8s Audit": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/group_must_run_as.yaml
|
|
trace_file: trace_files/psp/create_vanilla_nginx_deployment.json
|
|
|
|
group_must_run_as_detect:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP group_must_run_as_30 Violation (runAsGroup=MustRunAs) K8s Audit": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/group_must_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_group_1000_container.json
|
|
|
|
group_must_run_as_detect_syscall:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP group_must_run_as_30 Violation (runAsGroup=MustRunAs) System Activity": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/group_must_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_user_65534_container.scap
|
|
|
|
group_must_run_as_not_detect:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/group_must_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_group_30_container.json
|
|
|
|
group_must_run_as_detect_sec_ctx:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP group_must_run_as_30 Violation (runAsGroup=MustRunAs) K8s Audit": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/group_must_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_group_1000_sec_ctx.json
|
|
|
|
group_must_run_as_not_detect_sec_ctx:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/group_must_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_group_30_sec_ctx.json
|
|
|
|
group_must_run_as_detect_both:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP group_must_run_as_30 Violation (runAsGroup=MustRunAs) K8s Audit": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/group_must_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_group_30_sec_ctx_1000_container.json
|
|
|
|
group_must_run_as_not_detect_both:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/group_must_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_group_1000_sec_ctx_30_container.json
|
|
|
|
group_may_run_as_with_unset:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/group_may_run_as.yaml
|
|
trace_file: trace_files/psp/create_vanilla_nginx_deployment.json
|
|
|
|
group_may_run_as_detect:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP group_may_run_as_30 Violation (runAsGroup=MayRunAs)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/group_may_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_group_1000_container.json
|
|
|
|
group_may_run_as_not_detect:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/group_may_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_group_30_container.json
|
|
|
|
group_may_run_as_detect_sec_ctx:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP group_may_run_as_30 Violation (runAsGroup=MayRunAs)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/group_may_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_group_1000_sec_ctx.json
|
|
|
|
group_may_run_as_not_detect_sec_ctx:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/group_may_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_group_30_sec_ctx.json
|
|
|
|
group_may_run_as_detect_both:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP group_may_run_as_30 Violation (runAsGroup=MayRunAs)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/group_may_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_group_30_sec_ctx_1000_container.json
|
|
|
|
group_may_run_as_not_detect_both:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/group_may_run_as.yaml
|
|
trace_file: trace_files/psp/run_as_group_1000_sec_ctx_30_container.json
|
|
|
|
supplemental_groups_must_run_as_with_unset:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP supplemental_groups_must_run_as_30 Violation (supplementalGroups=MustRunAs)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/supplemental_groups_must_run_as_30_40.yaml
|
|
trace_file: trace_files/psp/create_vanilla_nginx_deployment.json
|
|
|
|
supplemental_groups_must_run_as_no_overlap:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP supplemental_groups_must_run_as_30 Violation (supplementalGroups=MustRunAs)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/supplemental_groups_must_run_as_30_40.yaml
|
|
trace_file: trace_files/psp/supplemental_groups_10_20.json
|
|
|
|
supplemental_groups_must_run_as_partial_overlap:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP supplemental_groups_must_run_as_30_10 Violation (supplementalGroups=MustRunAs)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/supplemental_groups_must_run_as_30_40_10_15.yaml
|
|
trace_file: trace_files/psp/supplemental_groups_10_20.json
|
|
|
|
supplemental_groups_must_run_as_overlap:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/supplemental_groups_must_run_as_10_20.yaml
|
|
trace_file: trace_files/psp/supplemental_groups_10_20.json
|
|
|
|
supplemental_groups_must_run_as_overlap_multiple_ranges:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/supplemental_groups_must_run_as_10_40_10_20.yaml
|
|
trace_file: trace_files/psp/supplemental_groups_10_20.json
|
|
|
|
supplemental_groups_may_run_as_with_unset:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/supplemental_groups_may_run_as_30_40.yaml
|
|
trace_file: trace_files/psp/create_vanilla_nginx_deployment.json
|
|
|
|
supplemental_groups_may_run_as_no_overlap:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP supplemental_groups_may_run_as_30 Violation (supplementalGroups=MayRunAs)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/supplemental_groups_may_run_as_30_40.yaml
|
|
trace_file: trace_files/psp/supplemental_groups_10_20.json
|
|
|
|
supplemental_groups_may_run_as_partial_overlap:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP supplemental_groups_may_run_as_30_10 Violation (supplementalGroups=MayRunAs)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/supplemental_groups_may_run_as_30_40_10_15.yaml
|
|
trace_file: trace_files/psp/supplemental_groups_10_20.json
|
|
|
|
supplemental_groups_may_run_as_overlap:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/supplemental_groups_may_run_as_10_20.yaml
|
|
trace_file: trace_files/psp/supplemental_groups_10_20.json
|
|
|
|
supplemental_groups_may_run_as_overlap_multiple_ranges:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/supplemental_groups_may_run_as_10_40_10_20.yaml
|
|
trace_file: trace_files/psp/supplemental_groups_10_20.json
|
|
|
|
privilege_escalation_privilege_escalation_detect:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP no_privilege_escalation Violation (allowPrivilegeEscalation)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/privilege_escalation.yaml
|
|
trace_file: trace_files/psp/privilege_escalation.json
|
|
|
|
allowed_capabilities_detect:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP allow_capability_sys_nice Violation (allowedCapabilities)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/allowed_capabilities.yaml
|
|
trace_file: trace_files/psp/capability_add_sys_time.json
|
|
|
|
allowed_capabilities_no_detect:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/allowed_capabilities.yaml
|
|
trace_file: trace_files/psp/create_vanilla_nginx_deployment.json
|
|
|
|
allowed_capabilities_match:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/allowed_capabilities.yaml
|
|
trace_file: trace_files/psp/capability_add_sys_nice.json
|
|
|
|
allowed_proc_mount_types_detect:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP allow_default_proc_mount_type Violation (allowedProcMountTypes)": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/allowed_proc_mount_types.yaml
|
|
trace_file: trace_files/psp/proc_mount_type_unmasked.json
|
|
|
|
allowed_proc_mount_types_no_detect:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/allowed_proc_mount_types.yaml
|
|
trace_file: trace_files/psp/create_vanilla_nginx_deployment.json
|
|
|
|
allowed_proc_mount_types_match:
|
|
detect: False
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/allowed_proc_mount_types.yaml
|
|
trace_file: trace_files/psp/proc_mount_type_default.json
|
|
|
|
psp_name_with_dashes:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP no_privileged Violation (privileged) System Activity": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/privileged_name_with_dashes.yaml
|
|
trace_file: trace_files/psp/privileged.scap
|
|
|
|
psp_name_with_spaces:
|
|
detect: True
|
|
detect_level: WARNING
|
|
detect_counts:
|
|
- "PSP no_privileged Violation (privileged) System Activity": 1
|
|
rules_file: []
|
|
conf_file: confs/psp.yaml
|
|
psp_file: psps/privileged_name_with_spaces.yaml
|
|
trace_file: trace_files/psp/privileged.scap
|