Skip to content

Commit

Permalink
Merge branch 'dev' of github.com:kubescape/regolibrary into dev
Browse files Browse the repository at this point in the history
  • Loading branch information
@YiscahLevySilas1
YiscahLevySilas1 committed Apr 23, 2023
2 parents 96863d5 + 659d47d commit 82160b6
Show file tree
Hide file tree
Showing 12 changed files with 9,925 additions and 12,970 deletions.
438 changes: 229 additions & 209 deletions releaseDev/ControlID_RuleName.csv
View file

Large diffs are not rendered by default.

340 changes: 198 additions & 142 deletions releaseDev/FWName_CID_CName.csv
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion releaseDev/allcontrols.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3764,7 +3764,7 @@
"description": "",
"remediation": "",
"ruleQuery": "armo_builtins",
"rule": "package armo_builtins\n\nimport data.cautils as cautils\n\n# Check if encryption in etcd is enabled for native k8s\ndeny[msga] {\n\tapiserverpod := input[_]\n\tcmd := apiserverpod.spec.containers[0].command\n\tenc_command := [command | command := cmd[_]; contains(command, \"--encryption-provider-config=\")]\n\tcount(enc_command) < 1\n\tpath := \"spec.containers[0].command\"\n\n\tmsga := {\n\t\t\"alertMessage\": \"etcd encryption is not enabled\",\n\t\t\"alertScore\": 9,\n\t\t\"packagename\": \"armo_builtins\",\n\t\t\"failedPaths\": [path],\n\t\t\"fixPaths\": [],\n\t\t\"alertObject\": {\"k8sApiObjects\": [apiserverpod]},\n\t}\n}\n"
"rule": "package armo_builtins\n\nimport data.cautils as cautils\n\n# Check if encryption in etcd is enabled for native k8s\ndeny[msga] {\n\tapiserverpod := input[_]\n\tcmd := apiserverpod.spec.containers[0].command\n\tenc_command := [command | command := cmd[_]; contains(command, \"--encryption-provider-config=\")]\n\tcount(enc_command) < 1\n\tfixpath := {\"path\":sprintf(\"spec.containers[0].command[%d]\", [count(cmd)]), \"value\": \"--encryption-provider-config=YOUR_VALUE\"}\n\n\tmsga := {\n\t\t\"alertMessage\": \"etcd encryption is not enabled\",\n\t\t\"alertScore\": 9,\n\t\t\"packagename\": \"armo_builtins\",\n\t\t\"failedPaths\": [],\n\t\t\"fixPaths\": [fixpath],\n\t\t\"alertObject\": {\"k8sApiObjects\": [apiserverpod]},\n\t}\n}\n"
}
]
},
Expand Down
2 changes: 1 addition & 1 deletion releaseDev/armobest.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2153,7 +2153,7 @@
"description": "",
"remediation": "",
"ruleQuery": "armo_builtins",
"rule": "package armo_builtins\n\nimport data.cautils as cautils\n\n# Check if encryption in etcd is enabled for native k8s\ndeny[msga] {\n\tapiserverpod := input[_]\n\tcmd := apiserverpod.spec.containers[0].command\n\tenc_command := [command | command := cmd[_]; contains(command, \"--encryption-provider-config=\")]\n\tcount(enc_command) < 1\n\tpath := \"spec.containers[0].command\"\n\n\tmsga := {\n\t\t\"alertMessage\": \"etcd encryption is not enabled\",\n\t\t\"alertScore\": 9,\n\t\t\"packagename\": \"armo_builtins\",\n\t\t\"failedPaths\": [path],\n\t\t\"fixPaths\": [],\n\t\t\"alertObject\": {\"k8sApiObjects\": [apiserverpod]},\n\t}\n}\n"
"rule": "package armo_builtins\n\nimport data.cautils as cautils\n\n# Check if encryption in etcd is enabled for native k8s\ndeny[msga] {\n\tapiserverpod := input[_]\n\tcmd := apiserverpod.spec.containers[0].command\n\tenc_command := [command | command := cmd[_]; contains(command, \"--encryption-provider-config=\")]\n\tcount(enc_command) < 1\n\tfixpath := {\"path\":sprintf(\"spec.containers[0].command[%d]\", [count(cmd)]), \"value\": \"--encryption-provider-config=YOUR_VALUE\"}\n\n\tmsga := {\n\t\t\"alertMessage\": \"etcd encryption is not enabled\",\n\t\t\"alertScore\": 9,\n\t\t\"packagename\": \"armo_builtins\",\n\t\t\"failedPaths\": [],\n\t\t\"fixPaths\": [fixpath],\n\t\t\"alertObject\": {\"k8sApiObjects\": [apiserverpod]},\n\t}\n}\n"
}
]
},
Expand Down
64 changes: 32 additions & 32 deletions releaseDev/attack_tracks.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"apiVersion": "regolibrary.kubescape/v1alpha1",
"kind": "AttackTrack",
"metadata": {
"name": "container"
"name": "node"
},
"spec": {
"version": null,
Expand All @@ -14,23 +14,13 @@
"name": "Execution",
"subSteps": [
{
"name": "Privilege escalation"
"name": "Persistence"
},
{
"name": "Credential access",
"subSteps": [
{
"name": "Impact - service access"
},
{
"name": "Impact - K8s API access",
"subSteps": [
{
"name": "Defense evasion - KubeAPI"
}
]
}
]
"name": "Credential access"
},
{
"name": "Defense evasion"
},
{
"name": "Discovery"
Expand All @@ -39,15 +29,15 @@
"name": "Lateral movement"
},
{
"name": "Impact - Data access in container"
"name": "Impact - data theft"
},
{
"name": "Persistence"
"name": "Impact - data destruction"
},
{
"name": "Impact - service injection"
}
]
},
{
"name": "Impact - service destruction"
}
]
}
Expand Down Expand Up @@ -96,7 +86,7 @@
"apiVersion": "regolibrary.kubescape/v1alpha1",
"kind": "AttackTrack",
"metadata": {
"name": "node"
"name": "container"
},
"spec": {
"version": null,
Expand All @@ -107,13 +97,23 @@
"name": "Execution",
"subSteps": [
{
"name": "Persistence"
},
{
"name": "Credential access"
"name": "Privilege escalation"
},
{
"name": "Defense evasion"
"name": "Credential access",
"subSteps": [
{
"name": "Impact - service access"
},
{
"name": "Impact - K8s API access",
"subSteps": [
{
"name": "Defense evasion - KubeAPI"
}
]
}
]
},
{
"name": "Discovery"
Expand All @@ -122,15 +122,15 @@
"name": "Lateral movement"
},
{
"name": "Impact - data theft"
},
{
"name": "Impact - data destruction"
"name": "Impact - Data access in container"
},
{
"name": "Impact - service injection"
"name": "Persistence"
}
]
},
{
"name": "Impact - service destruction"
}
]
}
Expand Down
2 changes: 1 addition & 1 deletion releaseDev/cis-eks-t1.2.0.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -282,7 +282,7 @@
"description": "",
"remediation": "",
"ruleQuery": "armo_builtins",
"rule": "package armo_builtins\n\nimport data.cautils as cautils\n\n# Check if encryption in etcd is enabled for native k8s\ndeny[msga] {\n\tapiserverpod := input[_]\n\tcmd := apiserverpod.spec.containers[0].command\n\tenc_command := [command | command := cmd[_]; contains(command, \"--encryption-provider-config=\")]\n\tcount(enc_command) < 1\n\tpath := \"spec.containers[0].command\"\n\n\tmsga := {\n\t\t\"alertMessage\": \"etcd encryption is not enabled\",\n\t\t\"alertScore\": 9,\n\t\t\"packagename\": \"armo_builtins\",\n\t\t\"failedPaths\": [path],\n\t\t\"fixPaths\": [],\n\t\t\"alertObject\": {\"k8sApiObjects\": [apiserverpod]},\n\t}\n}\n"
"rule": "package armo_builtins\n\nimport data.cautils as cautils\n\n# Check if encryption in etcd is enabled for native k8s\ndeny[msga] {\n\tapiserverpod := input[_]\n\tcmd := apiserverpod.spec.containers[0].command\n\tenc_command := [command | command := cmd[_]; contains(command, \"--encryption-provider-config=\")]\n\tcount(enc_command) < 1\n\tfixpath := {\"path\":sprintf(\"spec.containers[0].command[%d]\", [count(cmd)]), \"value\": \"--encryption-provider-config=YOUR_VALUE\"}\n\n\tmsga := {\n\t\t\"alertMessage\": \"etcd encryption is not enabled\",\n\t\t\"alertScore\": 9,\n\t\t\"packagename\": \"armo_builtins\",\n\t\t\"failedPaths\": [],\n\t\t\"fixPaths\": [fixpath],\n\t\t\"alertObject\": {\"k8sApiObjects\": [apiserverpod]},\n\t}\n}\n"
}
],
"manual_test": "Using the etcdctl commandline, read that secret out of etcd:\n\n \n```\nETCDCTL_API=3 etcdctl get /registry/secrets/default/secret1 [...] | hexdump -C\n\n```\n where [...] must be the additional arguments for connecting to the etcd server.\n\n Verify the stored secret is prefixed with k8s:enc:aescbc:v1: which indicates the aescbc provider has encrypted the resulting data.",
Expand Down
Loading

0 comments on commit 82160b6

Please sign in to comment.