Security Context

Pods privilegiados

jq -r '
  .items[]
  | select(
      (.spec.containers[]?.securityContext.privileged == true)
      or (.spec.initContainers[]?.securityContext.privileged == true)
    )
  | [.metadata.namespace, .metadata.name] | @tsv' pods.json

Usuario root

jq -r '
  .items[]
  | select(
      (.spec.containers[]?.securityContext.runAsUser == 0)
      or (.spec.containers[]?.securityContext.runAsNonRoot == false)
    )
  | [.metadata.namespace, .metadata.name] | @tsv'

Perfil Seccomp

jq -r '
  .items[]
  | select(
    .spec.securityContext?.seccompProfile != null) 
  | [.metadata.namespace, .metadata.name] | @tsv'

Pods con escalada de privilegios

jq -r '
  .items[]
  | select(
      (.spec.containers[]?.securityContext.allowPrivilegeEscalation == true)
      or (.spec.initContainers[]?.securityContext.allowPrivilegeEscalation == true)
    )
  | [.metadata.namespace, .metadata.name] | @tsv'

Pods con capabilities añadidas

Especialmente las capabilities inseguras

jq -r '
  .items[]
  | select(
      (.spec.containers[]?.securityContext.capabilities.add? | length > 0)
      or (.spec.initContainers[]?.securityContext.capabilities.add? | length > 0)
    )
  | [.metadata.namespace, .metadata.name,
     (.spec.containers[]?.securityContext.capabilities.add // []) | join(",")]
  | @tsv'

Pods privilegiados​

Usuario root​

Perfil Seccomp​

Pods con escalada de privilegios​

Pods con capabilities añadidas​

Pods privilegiados

Usuario root

Perfil Seccomp

Pods con escalada de privilegios

Pods con capabilities añadidas