KubeArmor icon indicating copy to clipboard operation
KubeArmor copied to clipboard

Published 20 hours ago verified publisher icon kubearmor

Alert Policy for KubeArmor

Open daemon1024 opened this issue 9 months ago • 3 comments

Feature Request

As a User I want an alert when

  1. ppid = 0
  2. tty != null

Is your feature request related to a problem? Please describe the use case.

As a User I want to identify kubectl exec calls

Describe the solution you'd like

TBD

daemon1024 avatar May 08 '24 09:05 daemon1024

/assign @Ayush9026 @daemon1024 sir i will solve this issue.

Ayush9026 avatar May 08 '24 13:05 Ayush9026

/assign

yp969803 avatar Jul 24 '24 20:07 yp969803

@daemon1024 shoudn't the PPID=1, as the container entrypoint process (pid=1 wrt the container) starts the kubectl exec process?

yp969803 avatar Jul 25 '24 03:07 yp969803