C-0007 - Data Destruction
Description of the the issue
Attackers may attempt to destroy data and resources in the cluster. This includes deleting deployments, configurations, storage, and compute resources.
ClusterRole, ClusterRoleBinding, Role, RoleBinding
What does this control test
Check which subjects have delete/deletecollection RBAC permissions on workloads.
You should follow the least privilege principle and minimize the number of subjects that can delete resources.
kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: default name: pod-exec rules: - apiGroups: ["*"] resources: ["secrets","pods","services","depolyments","replicasets","deamonsets","stateflsets","jobs,"cronjobs"] # we look for one of these resources or * verbs: ["delete","deletecollection"] # we look for one of these verbs or *
Updated 2 days ago