-
Notifications
You must be signed in to change notification settings - Fork 46
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
STIG for Ubuntu - KubeArmor host policies (#1047)
* STIG for Ubuntu policies Signed-off-by: JayJersan <[email protected]> * Update stigs/system/hsp-audit-stig-ubuntu-20-010161-sudo.yaml Co-authored-by: Barun Acharya <[email protected]> Signed-off-by: JayJersan <[email protected]> * Update stigs/system/hsp-audit-stig-ubuntu-20-010162-sudoedit.yaml Co-authored-by: Barun Acharya <[email protected]> Signed-off-by: JayJersan <[email protected]> * Update hsp-audit-stig-ubuntu-20-010163-chsh.yaml Signed-off-by: JayJersan <[email protected]> * Update hsp-audit-stig-ubuntu-20-010164-newgrp.yaml Signed-off-by: JayJersan <[email protected]> * Update hsp-audit-stig-ubuntu-20-010165-chcon.yaml Signed-off-by: JayJersan <[email protected]> * Update and rename hsp-audit-stig-ubuntu-20-010173-passwd.yaml to hsp-audit-stig-ubuntu-20-010173-unix-update.yaml Signed-off-by: JayJersan <[email protected]> * Changed unmount to umount Signed-off-by: JayJersan <[email protected]> --------- Signed-off-by: JayJersan <[email protected]> Co-authored-by: Barun Acharya <[email protected]>
- Loading branch information
1 parent
4d13eb9
commit 7dc11dc
Showing
26 changed files
with
489 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig ubuntu-20-010137-chfn | ||
| spec: | ||
| severity: 5 | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010137", "audit"] | ||
| message: "Alert! chfn command execution detected" | ||
| process: | ||
| matchPaths: | ||
| - path: /usr/bin/chfn | ||
| action: | ||
| Audit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010136-su | ||
| spec: | ||
| severity: 5 | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010136", "Audit"] | ||
| message: "Alert! su binary execution attempted" | ||
| process: | ||
| matchPaths: | ||
| - path: /bin/su | ||
| action: | ||
| Audit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010138-mount | ||
| spec: | ||
| severity: 5 | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010138", "audit", "mount"] | ||
| message: "Alert! mount command execution detected" | ||
| process: | ||
| matchPaths: | ||
| - path: /usr/bin/mount | ||
| action: | ||
| Audit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010139-umount | ||
| spec: | ||
| severity: 5 | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010139", "audit", "umount"] | ||
| message: "Alert! umount command execution detected" | ||
| process: | ||
| matchPaths: | ||
| - path: /usr/bin/umount | ||
| action: | ||
| Audit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010148-chown | ||
| spec: | ||
| severity: 5 | ||
| tags: ["STIG", "Ubuntu, "UBTU-20-010148", "SysCalls"] | ||
| message: "Alert! chown syscalls was detected" | ||
| syscalls: | ||
| matchSyscalls: | ||
| - syscall: | ||
| - chown | ||
| - fchown | ||
| - fchownat | ||
| - lchown | ||
| action: | ||
| Audit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010161-sudo | ||
| spec: | ||
| severity: 5 | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010161", "sudo"] | ||
| message: "Alert! sudo execution was detected" | ||
| process: | ||
| matchPaths: | ||
| - path: /usr/bin/sudo | ||
| - path: /bin/sudo | ||
| action: | ||
| Audit |
17 changes: 17 additions & 0 deletions
17
stigs/system/hsp-audit-stig-ubuntu-20-010162-sudoedit.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010162-sudoedit | ||
| spec: | ||
| severity: 5 | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010162", "sudoedit"] | ||
| message: "Alert! sudoedit binary execution detected" | ||
| process: | ||
| matchPaths: | ||
| - path: /usr/bin/sudoedit | ||
| action: | ||
| Audit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010163-chsh | ||
| spec: | ||
| severity: 5 | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010163", "chsh"] | ||
| message: "Alert! chsh binary execution detected" | ||
| process: | ||
| matchPaths: | ||
| - path: /usr/bin/chsh | ||
| action: | ||
| Audit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010164-newgrp | ||
| spec: | ||
| severity: 5 | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010164", "newgrp"] | ||
| message: "Alert! newgrp binary execution detected" | ||
| process: | ||
| matchPaths: | ||
| - path: /usr/bin/newgrp | ||
| action: | ||
| Audit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010165-chcon | ||
| spec: | ||
| severity: 5 | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010165", "chcon"] | ||
| message: "Alert! chcon binary execution detected" | ||
| process: | ||
| matchPaths: | ||
| - path: /usr/bin/chcon | ||
| action: | ||
| Audit |
17 changes: 17 additions & 0 deletions
17
stigs/system/hsp-audit-stig-ubuntu-20-010166-apparmor-parser.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010166-apparmor-parser | ||
| spec: | ||
| severity: 5 | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010166", "apparmor_parser"] | ||
| message: "Alert! apparmor_parser command execution detected" | ||
| process: | ||
| matchPaths: | ||
| - path: /sbin/apparmor_parser | ||
| action: | ||
| Audit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010168-chacl | ||
| spec: | ||
| severity: 5 | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010168", "chacl"] | ||
| message: "Alert! chacl binary execution detected" | ||
| process: | ||
| matchPaths: | ||
| - path: /usr/bin/chacl | ||
| action: | ||
| Audit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010172-passwd | ||
| spec: | ||
| severity: 5 | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010172", "passwd"] | ||
| message: "passwd binary executed" | ||
| process: | ||
| matchPaths: | ||
| - path: /usr/bin/passwd | ||
| action: | ||
| Audit |
17 changes: 17 additions & 0 deletions
17
stigs/system/hsp-audit-stig-ubuntu-20-010173-unix-update.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010173-passwd | ||
| spec: | ||
| severity: 5 | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010173", "unix_update"] | ||
| message: "Alert! unix_update command executed" | ||
| process: | ||
| matchPaths: | ||
| - path: /sbin/unix_update | ||
| action: | ||
| Audit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010174-gpasswd | ||
| spec: | ||
| severity: 5 | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010174", "gpasswd"] | ||
| message: "Alert! gpasswd binary execution detected" | ||
| process: | ||
| matchPaths: | ||
| - path: /usr/bin/gpasswd | ||
| action: | ||
| Audit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010175-chage | ||
| spec: | ||
| severity: 5 | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010175", "chage"] | ||
| message: "Alert! chage binary execution detected" | ||
| process: | ||
| matchPaths: | ||
| - path: /usr/bin/chage | ||
| action: | ||
| Audit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010176-usermod | ||
| spec: | ||
| severity: 5 | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010176", "usermod"] | ||
| message: "Alert! usermod binary executed" | ||
| process: | ||
| matchPaths: | ||
| - path: /usr/bin/usermod | ||
| action: | ||
| Audit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010177-crontab | ||
| spec: | ||
| severity: 5 | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010177", "crontab"] | ||
| message: "Alert! crontab binary execution detected" | ||
| process: | ||
| matchPaths: | ||
| - path: /usr/bin/crontab | ||
| action: | ||
| Audit |
18 changes: 18 additions & 0 deletions
18
stigs/system/hsp-audit-stig-ubuntu-20-010178-pam-timestamp.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010178-pam-timestamp | ||
| spec: | ||
| severity: 5 | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010178", "pam_timestamp_check"] | ||
| message: "Alert! pam_timestamp_check execution detected" | ||
| process: | ||
| matchPaths: | ||
| - path: /usr/sbin/pam_timestamp_check | ||
| - path: /sbin/pam_timestamp_check | ||
| action: | ||
| Audit |
21 changes: 21 additions & 0 deletions
21
stigs/system/hsp-audit-stig-ubuntu-20-010267-sensitive-syscall.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010267-sensitive-syscall | ||
| spec: | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010267", "syscalls"] | ||
| message: "Alert! Sensitive syscall detected" | ||
| syscalls: | ||
| severity: 1 | ||
| matchSyscalls: | ||
| - syscall: | ||
| - unlink | ||
| - unlinkat | ||
| - rename | ||
| - renameat | ||
| - rmdir | ||
| action: Audit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # KubeArmor is an open source software that enables you to protect your cloud workload at run-time. | ||
| # To learn more about KubeArmor visit: | ||
| # https://www.accuknox.com/kubearmor/ | ||
|
|
||
| apiVersion: security.kubearmor.com/v1 | ||
| kind: KubeArmorHostPolicy | ||
| metadata: | ||
| name: hsp-audit-stig-ubuntu-20-010297-kmod | ||
| spec: | ||
| tags: ["STIG", "Ubuntu", "UBTU-20-010297", "kmod"] | ||
| message: "Alert! Execution of kmod detected" | ||
| process: | ||
| severity: 1 | ||
| matchPaths: | ||
| - path: /usr/bin/kmod | ||
| - path: /bin/kmod | ||
| action: Audit |
Oops, something went wrong.