Parameter: insecureCapabilities
insecureCapabilities
Description
You can see the list of capabilities in https://man7.org/linux/man-pages/man7/capabilities.7.html. Kubescape looks for the following capabilities in containers which might lead to attackers getting high privileges in your system.
Default values
- SETPCAP
- NET_ADMIN
- NET_RAW
- SYS_MODULE
- SYS_RAWIO
- SYS_PTRACE
- SYS_ADMIN
- SYS_BOOT
- MAC_OVERRIDE
- MAC_ADMIN
- PERFMON
- ALL
- BPF
Updated 6 months ago
Did this page help you?