In Docker, the daemon log provides insight into events at the daemon and container service level. Monitor commands and arguments executed by container services. Įnforce authentication and role-based access control on the container service to restrict users to the least privileges required. In Kubernetes environments, consider defining a Pod Security Policy that prevents pods from running privileged containers. Įnsure containers are not running as root by default. Require secure port access to communicate with the APIs over TLS by disabling unauthenticated access to the Docker API and Kubernetes API Server. Limit communications with the container service to local Unix sockets or remote access via SSH. Use read-only containers, read-only file systems, and minimal images when possible to prevent the execution of commands.
TeamTNT executed Hildegard through the kubelet API run command and by executing commands on running containers. Siloscape can send kubectl commands to victim clusters through an IRC channel and can run kubectl locally to spread once within a victim cluster. Peirates can use kubectl or the Kubernetes API to run commands. Kinsing was executed with an Ubuntu container entry point that runs shell scripts. Hildegard was executed through the kubelet API run command and by executing commands on running containers.
0 kommentar(er)
