Security
K8s security tips
Last updated
K8s security tips
Last updated
Make sure you are using the latest K8s and ETCD versions.
Block K8s ports 10250 and 10255
Use https://docs.docker.com/engine/reference/commandline/diff/ to inspect changes to files or directories on a container’s filesystem.
Split root superpowers into a series of capabilities, such as:
CAP_FOWNER (used by chmod)
CAP_CHOWN (used by chown)
CAP_NET_RAW (used by ping)
Example 01.
Example 02.
https://linux-audit.com/linux-capabilities-hardening-linux-binaries-by-removing-setuid/