Publicly accessible application in a container with elevated privileges assigned to a privileged Kubernetes node

Docs > Datadog Security > OOTB Rules > Publicly accessible application in a container with elevated privileges assigned to a privileged Kubernetes node

Set up the kubernetes integration.

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Granting excessive security capabilities to a pod or container can lead to unintended lateral movement to other containers, access to the underlying Kubernetes node, or access to cloud provider resources. Assignment of the pod or container to a node with privileged roles or permissions increases the blast radius of unauthorized access to cloud resources.

Remediation

Review your Kubernetes pod or container security context configurations to ensure they provide proper isolation boundaries between containers and host resources.
Apply possible mitigations, including the use of Kubernetes Pod Security Policies, SELinux, AppArmor, or Seccomp filters.
Review the assigned cloud provider roles and permissions on the assigned node to ensure they are scoped to the principle of least privilege.