Commits on Oct 19, 2020

1. K8s, best practice, log container.info …

   Modified rules:
   rule(Disallowed SSH Connection)
   rule(Unexpected outbound connection destination)
   rule(Unexpected inbound connection source)
   rule(Modify Shell Configuration File)
   rule(Read Shell Configuration File)
   rule(Schedule Cron Jobs)
   rule(Update Package Repository)
   rule(Read ssh information)
   rule(Write below etc)
   rule(Read sensitive file trusted after startup)
   rule(Write below rpm database)
   rule(Modify binary dirs)
   rule(Mkdir binary dirs)
   rule(System user interactive)
   rule(Terminal shell in container)
   rule(System procs network activity)
   rule(Program run with disallowed http proxy env)
   rule(Interpreted procs inbound network activity)
   rule(Interpreted procs outbound network activity)
   rule(Unexpected UDP Traffic)
   rule(User mgmt binaries)
   rule(Create files below dev)
   rule(Unexpected K8s NodePort Connection)
   rule(Netcat Remote Code Execution in Container)
   rule(Launch Suspicious Network Tool in Container)
   rule(Launch Suspicious Network Tool on Host)
   rule(Search Private Keys or Passwords)
   rule(Clear Log Activities)
   rule(Remove Bulk Data from Disk)
   rule(Create Hidden Files or Directories)
   rule(Launch Remote File Copy Tools in Container)
   rule(Create Symlink Over Sensitive Files)
   rule(Detect outbound connections to common miner pool ports)
   rule(Detect crypto miners using the Stratum protocol)
   rule(Packet socket created in container)
   rule(Network Connection outside Local Subnet)
   rule(Redirect STDOUT/STDIN to Network Connection in Container)
   
   Signed-off-by: Petr Michalec <epcim@apeliave.net>

   Petr Michalec authored and Petr Michalec committed Oct 19, 2020
   Configuration menu

   • View commit details
   • Copy full SHA for d73704f
   • Browse repository at this point

   Copy the full SHA

   d73704f View commit details

   Browse the repository at this point in the history