Vulnerabilities
Misconfiguration
Runtime Security
Compliance
Compliance >

Kubernetes

no-password-reuse

no-password-reuse

no-policy-wildcards

no-public-ingress-sgr

no-public-log-access

no-public-log-access

no-root-access-keys

no-root-access-keys

no-user-attached-policies

no-user-attached-policies

Non-root containers

Pod and/or namespace Selectors usage

Prefer using secrets as files over secrets as environment variables (Manual)

Preventing privileged containers

Privilege Escalation

Privileged Containers

Privileged Containers

Protecting Pod service account tokens

remove-expired-certificates

require-bucket-access-logging

require-bucket-access-logging

require-cloud-trail-change-alarm

require-cloud-trail-change-alarm

require-cmk-disabled-alarm

require-cmk-disabled-alarm

require-config-configuration-changes-alarm

require-config-configuration-changes-alarm

require-console-login-failures-alarm

require-console-login-failures-alarm

require-iam-policy-change-alarm

require-iam-policy-change-alarm

require-lowercase-in-passwords

require-mfa-delete

require-nacl-changes-alarm

require-nacl-changes-alarm

require-network-gateway-changes-alarm

require-network-gateway-changes-alarm

require-network-gateway-changes-alarm

require-network-gateway-changes-alarm

require-non-mfa-login-alarm

require-non-mfa-login-alarm

require-numbers-in-passwords

require-org-changes-alarm

require-root-user-usage-alarm

require-root-user-usage-alarm

require-s3-bucket-policy-change-alarm

require-s3-bucket-policy-change-alarm

require-sg-change-alarms

require-sg-change-alarms

require-support-role

require-symbols-in-passwords

require-unauthorised-api-call-alarm

require-unauthorised-api-call-alarm

require-uppercase-in-passwords

require-vpc-changes-alarm

require-vpc-changes-alarm

Restrict a container's access to resources with AppArmor

restrict-all-in-default-sg

Restricts escalation to root privileges

rotate-access-keys

rotate-access-keys

Run with root privileges or with root group membership

Running as Non-root

Running as Non-root user

Seccomp

Seccomp

Seccomp

SELinux

SELinux

set-max-password-age

set-minimum-password-length

set-minimum-password-length

Sets the seccomp profile used to sandbox containers.

Sets the SELinux context of the container

Share containers process namespaces

Share host process namespaces

Sysctls

Sysctls

The default namespace should not be used

Use CNI plugin that supports NetworkPolicy API (Manual)

Use LimitRange policies to limit resources

Use ResourceQuota policies to limit resources

Use the host network

Verify that the --read-only-port argument is set to 0

Verify that the RotateKubeletServerCertificate argument is set to true

Volume Types
<< Prev
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2023 Aqua Security Software Ltd.   Privacy Policy | Terms of Use