-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Redis metadata.yaml #1021
Open
rohitrishim
wants to merge
17
commits into
kubearmor:release
Choose a base branch
from
rohitrishim:redis
base: release
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Redis metadata.yaml #1021
Changes from all commits
Commits
Show all changes
17 commits
Select commit
Hold shift + click to select a range
e03f415
Create metadata.yaml
rohitrishim fae629f
Update metadata.yaml
rohitrishim 1947afa
Create ksp-cp-10-2-system-recovery-and-reconstitution.yaml
rohitrishim 0a9416e
Create ksp-mitre-t1082-tactic-discovery-system-owner-user-discovery.yaml
rohitrishim 5f3be80
Create ksp-nist-si-4-mkdir-bin-dir.yaml
rohitrishim bb065f5
Create ksp-nist-si-4-create-file-in-dev-dir.yaml
rohitrishim c315c54
Create ksp-nist-si-4-detect-acess-to-cron-job-files.yaml
rohitrishim 01d2d1c
Create ksp-nist-execute-package-management-process-in-container.yaml
rohitrishim 4989d57
Update ksp-nist-si-4-mkdir-bin-dir.yaml
rohitrishim 4e3a49e
Update ksp-nist-execute-package-management-process-in-container.yaml
rohitrishim ff9f3a4
Update ksp-cp-10-2-system-recovery-and-reconstitution.yaml
rohitrishim 3e2769d
Update metadata.yaml
rohitrishim 274beb2
Delete ksp-mitre-t1082-tactic-discovery-system-owner-user-discovery.yaml
rohitrishim 7d415b1
Delete ksp-nist-execute-package-management-process-in-container.yaml
rohitrishim 00901b8
Delete ksp-nist-si-4-create-file-in-dev-dir.yaml
rohitrishim 5f8e064
Delete ksp-nist-si-4-detect-acess-to-cron-job-files.yaml
rohitrishim bac3fa9
Delete ksp-nist-si-4-mkdir-bin-dir.yaml
rohitrishim File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
26 changes: 26 additions & 0 deletions
26
redis/system/ksp-cp-10-2-system-recovery-and-reconstitution.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
# KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
# To learn more about KubeArmor visit: | ||
# https://www.accuknox.com/kubearmor/ | ||
|
||
apiVersion: security.kubearmor.com/v1 | ||
kind: KubeArmorPolicy | ||
metadata: | ||
name: ksp-cp-10-2-system-recovery-and-reconstitution | ||
namespace: default # Change your namespace | ||
spec: | ||
tags: ["NIST", "Cp-10-2", "Redis"] | ||
message: "Database Manager System Paths is Audited" | ||
selector: | ||
matchLabels: | ||
pod: test #change pod: test to match your label | ||
file: | ||
severity: 5 | ||
matchDirectories: | ||
- dir: /var/lib/redis/ | ||
recursive: true | ||
- dir: /etc/redis/ | ||
recursive: true | ||
- dir: /var/log/redis/ | ||
recursive: true | ||
action: | ||
Audit | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
version: v0.1.2 | ||
policyRules: | ||
- name: system-recovery-and-reconstitution | ||
precondition: | ||
- /usr/local/bin/redis-cli | ||
- /usr/local/bin/redis-server | ||
- /usr/local/bin/redis | ||
description: | ||
refs: | ||
- name: NIST-CP-10-2 | ||
url: | ||
- https://csf.tools/reference/nist-sp-800-53/r4/cp/cp-10/cp-10-2/ | ||
tldr: Database Manager System Paths is Audited. | ||
detailed: Transaction-based information systems include, for example, database management | ||
systems and transaction processing systems. Mechanisms supporting transaction recovery include, for example, | ||
transaction rollback and transaction journaling. | ||
yaml: ksp-cp-10-2-system-recovery-and-reconstitution.yaml | ||
- name: system-owner-discovery | ||
precondition: | ||
- /usr/local/bin/redis-cli | ||
- /usr/local/bin/redis-server | ||
- /usr/local/bin/redis | ||
description: | ||
refs: | ||
- name: MITRE-TTP-T1082 | ||
url: | ||
- https://attack.mitre.org/techniques/T1082/ | ||
tldr: System Information Discovery - block system owner discovery commands | ||
detailed: An adversary may attempt to get detailed information about the operating system and hardware, including | ||
version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System | ||
Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the | ||
adversary fully infects the target and/or attempts specific actions. | ||
yaml: generic/system/ksp-mitre-system-owner-user-discovery.yaml | ||
- name: system-monitoring-mkdir-under-bin-directory | ||
precondition: | ||
- /usr/local/bin/redis-cli | ||
- /usr/local/bin/redis-server | ||
- /usr/local/bin/redis | ||
description: | ||
refs: | ||
- name: NIST-SI-4 | ||
url: | ||
- https://csf.tools/reference/nist-sp-800-53/r5/si/si-4/ | ||
tldr: System and Information Integrity - System Monitoring make directory under /bin/ | ||
detailed: System monitoring includes external and internal monitoring. External monitoring | ||
includes the observation of events occurring at system boundaries. Internal monitoring | ||
includes the observation of events occurring within the system. Organizations monitor systems, | ||
for example, by observing audit activities in real time or by observing other system aspects | ||
such as access patterns, characteristics of access, and other actions. | ||
yaml: generic/system/ksp-nist-si-4-mkdir-bin-dir.yaml | ||
- name: system-monitoring-create-file-in-dev-dir | ||
precondition: | ||
- /usr/local/bin/redis-cli | ||
- /usr/local/bin/redis-server | ||
- /usr/local/bin/redis | ||
description: | ||
refs: | ||
- name: NIST-SI-4 | ||
url: | ||
- https://csf.tools/reference/nist-sp-800-53/r5/si/si-4/ | ||
tldr: System and Information Integrity - System Monitoring make files under /dev/ | ||
detailed: System monitoring includes external and internal monitoring. External monitoring | ||
includes the observation of events occurring at system boundaries. Internal monitoring | ||
includes the observation of events occurring within the system. Organizations monitor systems, | ||
for example, by observing audit activities in real time or by observing other system aspects | ||
such as access patterns, characteristics of access, and other actions. | ||
yaml: generic/system/ksp-nist-si-4-create-file-in-dev-dir.yaml | ||
- name: system-monitoring-detect-access-to-cronjob-files | ||
precondition: | ||
- /usr/local/bin/redis-cli | ||
- /usr/local/bin/redis-server | ||
- /usr/local/bin/redis | ||
description: | ||
refs: | ||
- name: NIST-SI-4 | ||
url: | ||
- https://csf.tools/reference/nist-sp-800-53/r5/si/si-4/ | ||
tldr: System and Information Integrity - System Monitoring Detect access to cronjob files | ||
detailed: System monitoring includes external and internal monitoring. External monitoring | ||
includes the observation of events occurring at system boundaries. Internal monitoring | ||
includes the observation of events occurring within the system. Organizations monitor systems, | ||
for example, by observing audit activities in real time or by observing other system aspects | ||
such as access patterns, characteristics of access, and other actions. | ||
yaml: generic/system/ksp-nist-si-4-detect-access-to-cron-job-files.yaml | ||
- name: least-functionality-execute-package-management-process-in-container | ||
precondition: | ||
- /usr/local/bin/redis-cli | ||
- /usr/local/bin/redis-server | ||
- /usr/local/bin/redis | ||
description: | ||
refs: | ||
- name: NIST-CM-7-5 | ||
url: | ||
- https://csf.tools/reference/nist-sp-800-53/r5/cm/cm-7/cm-7-5/ | ||
tldr: System and Information Integrity - Least Functionality deny execution of package manager process in container | ||
detailed: Authorized software programs can be limited to specific versions or from a specific source. To facilitate | ||
a comprehensive authorized software process and increase the strength of protection for attacks that bypass | ||
application level authorized software, software programs may be decomposed into and monitored at different | ||
levels of detail. These levels include applications, application programming interfaces, application modules, | ||
scripts, system processes, system services, kernel functions, registries, drivers, and dynamic link libraries. | ||
yaml: generic/system/ksp-nist-si-4-execute-package-management-process-in-container.yaml |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This policy is useless since it would generate barage of audit alerts.