kubeeye/checks/insecureCapabilities.yaml

#successMessage: Container does not have any insecure capabilities
promptMessage: Container should not have insecure capabilities
category: Security
target: Container
schema:
  '$schema': http://json-schema.org/draft-07/schema
  type: object
  properties:
    securityContext:
      type: object
      properties:
        capabilities:
          type: object
          properties:
            add:
              enum:
              - CHOWN
              - DAC_OVERRIDE
              - FSETID
              - FOWNER
              - MKNOD
              - NET_RAW
              - SETGID
              - SETUID
              - SETFCAP
              - SETPCAP
              - NET_BIND_SERVICE
              - SYS_CHROOT
              - KILL
              - AUDIT_WRITE
update prompt message and diags 2020-12-25 17:20:10 +08:00			`#successMessage: Container does not have any insecure capabilities`
			`promptMessage: Container should not have insecure capabilities`
add checklists 2020-12-16 16:36:47 +08:00			`category: Security`
			`target: Container`
			`schema:`
			`'$schema': http://json-schema.org/draft-07/schema`
			`type: object`
			`properties:`
			`securityContext:`
			`type: object`
			`properties:`
			`capabilities:`
			`type: object`
			`properties:`
			`add:`
			`enum:`
			`- CHOWN`
			`- DAC_OVERRIDE`
			`- FSETID`
			`- FOWNER`
			`- MKNOD`
			`- NET_RAW`
			`- SETGID`
			`- SETUID`
			`- SETFCAP`
			`- SETPCAP`
			`- NET_BIND_SERVICE`
			`- SYS_CHROOT`
			`- KILL`
			`- AUDIT_WRITE`