• Summary Checklist for Run-Time Kubernetes Security


    Here is a convenient checklist summary of the security protections to review

    for securing Kubernetes deployments during run-time. This list does not cover

    the build phase vulnerability scanning and registry protection requirements.

    PRE-PRODUCTION

    ❏ Use namespaces

    ❏ Restrict Linux capabilities

    ❏ Enable SELinux

    ❏ Utilize Seccomp

    ❏ Configure Cgroups

    ❏ Use R/O Mounts

    ❏ Use a minimal Host OS

    ❏ Update system patches

    ❏ Conduct security auditing and compliance checks with CIS benchmark tests

    RUN-TIME

    ❏ Enforce isolation by application / service

    ❏ Inspect network connections for application attacks

    ❏ Monitor containers for suspicious process or file system activity

    ❏ Protect worker nodes from host privilege escalations, suspicious processes or

    file system activity

    ❏ Capture packets for security events

    ❏ Quarantine or remediate compromised containers

    ❏ Scan containers & hosts for vulnerabilities

    ❏ Alert, log, and respond in real-time to security incidents

    ❏ Conduct security auditing and compliance checks with CIS benchmark tests

    KUBERNETES SYSTEM

    ❏ Review all RBACs

    ❏ Protect the API Server

    ❏ Restrict Kubelet permissions

    ❏ Secure external ports

    ❏ Whitelist non-authenticated services

    ❏ Limit/restrict console access

    ❏ Monitor system container connections and processes in production

  • 相关阅读:
    HTML多余字符省略号显示,获取jstl表达式传过来的值(内容)
    去除layui表头右边的功能键
    常用正则表达式
    layui注册页面
    怎样将写入到input框中的数据显示到页面上
    layui 添加功能
    python3 -- 去除字符串头尾字符 strip()
    Linux -- tar 命令
    PyMySql -- 常用方法
    MySQL -- 目录
  • 原文地址:https://www.cnblogs.com/dhcn/p/10641498.html
Copyright © 2020-2023  润新知