block-tmp-execution
Signed-off-by: gwg313 <gwg313@pm.me>
This commit is contained in:
parent
322ba29302
commit
a2194522c5
5 changed files with 87 additions and 22 deletions
37
platform/tetragon/policies/block-tmp-execution.yaml
Normal file
37
platform/tetragon/policies/block-tmp-execution.yaml
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
apiVersion: cilium.io/v1alpha1
|
||||
kind: TracingPolicy
|
||||
metadata:
|
||||
name: block-tmp-execution
|
||||
namespace: kube-system
|
||||
spec:
|
||||
podSelector:
|
||||
matchExpressions:
|
||||
- key: "io.kubernetes.pod.namespace"
|
||||
operator: "NotIn"
|
||||
values:
|
||||
- kube-system
|
||||
- kube-public
|
||||
- kube-node-lease
|
||||
- argocd
|
||||
- kyverno
|
||||
- cilium-ingress
|
||||
- cilium-secrets
|
||||
- cert-manager
|
||||
- sealed-secrets
|
||||
- nfs-subdir-external-provisioner
|
||||
kprobes:
|
||||
- call: "sys_execve"
|
||||
syscall: true
|
||||
args:
|
||||
- index: 0
|
||||
type: "string"
|
||||
selectors:
|
||||
- matchArgs:
|
||||
- index: 0
|
||||
operator: "Prefix"
|
||||
values:
|
||||
- "/tmp/"
|
||||
- "/var/tmp/"
|
||||
- "/dev/shm/"
|
||||
matchActions:
|
||||
- action: Sigkill
|
||||
Loading…
Add table
Add a link
Reference in a new issue