C-0019 - Bash/cmd inside container

Bash/cmd inside container

Framework

MITRE, AllControls

Severity

Low

Description of the the issue

Attackers who have permissions to run a cmd/bash script inside a container can use it to execute malicious code. Note, this control is configurable. See below the details.

Related resources

CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet

What does this control test

Searching the image from pod spec in the vulnerability scan database, if the container has bash/cmd we raise an alert.Needs to add user config

Remediation

Consider removing cmd/bash from your containers.

Configuration

This control can be configured using the following parameters. Read CLI/UI documentation about how to change parameters.

Shell executable in container

listOfDangerousArtifcats
Kubescape checks if container images have the any of the these shell executables.

Example


Did this page help you?