Releases: kubearmor/policy-templates
Releases · kubearmor/policy-templates
v0.1.6
Contributors
vishnusomank
Assets 2
v0.1.5
What's Changed
- [update] policy-template release by @vishnusomank in #1027
Full Changelog: v0.1.4...v0.1.5
Contributors
vishnusomank
Assets 2
v0.1.4
Contributors
vishnusomank
Assets 2
v0.1.3
Merge pull request #1025 from vishnusomank/release metadata updation
v0.1.2
What's Changed
- metadata.yaml file for NginX workloads by @vishnusomank in #1017
Full Changelog: https://github.com/kubearmor/policy-templates/commits/v0.1.2
Contributors
vishnusomank
Assets 2
v0.1.1
What's Changed
- Create ksp-redis-hardening-rule-audit-xautoclaim-command.yaml by @AbhinavCSY in #950
- ksp-redis-hardening-rule-audit-redis-dangerous-command.yaml by @AbhinavCSY in #944
- Create cnp-ingress-deny-traffic-to-port-6379.yaml by @AbhinavCSY in #951
- ksp-redis-hardening-rule-audit-redis-log-files.yaml by @AbhinavCSY in #945
- Create cnp-python-hardening-policy-allow-only-port-70.yaml by @vishnusomank in #963
- Create cnp-python-hardening-policy-allow-only-port-23.yaml by @vishnusomank in #962
- Create cnp-python-hardening-policy-allow-only-port-80.yaml by @vishnusomank in #961
- Create cnp-python-hardening-policy-allow-only-port-119.yaml by @vishnusomank in #960
- Create cnp-python-hardening-policy-allow-only-port-20.yaml by @vishnusomank in #959
- Create cnp-python-hardening-policy-allow-only-port-25.yaml by @vishnusomank in #958
- Create cnp-python-hardening-policy-allow-only-port-110.yaml by @vishnusomank in #957
- Create cnp-python-hardening-policy-allow-only-port-143.yaml by @vishnusomank in #956
- Create ksp-django-audit-tcp-connection-from-pod.yaml by @vishnusomank in #955
- Create cnp-egress-django-allow-only-tcp-80.yaml by @vishnusomank in #954
- Create cnp-egress-django-allow-only-udp-53.yaml by @vishnusomank in #953
- Create cnp-egress-django-allow-only-tcp-443.yaml by @vishnusomank in #952
- Create ksp-django-hardening-rule-audit-pip.yaml by @vishnusomank in #949
- Create ksp-django-hardening-rule-audit-python-cache.yaml by @vishnusomank in #948
- Create ksp-django-hardening-rule-audit-settings-file.yaml by @vishnusomank in #947
- Create ksp-django-hardening-rule-audit-urlconf-file.yaml by @vishnusomank in #946
- ksp-block-mariadb-v-10-6-3-cve-2022-27456.yaml by @yasin-cs-ko-ak in #940
- ksp-block-mariadb-v-10-6-3-cve-2022-27457.yaml by @yasin-cs-ko-ak in #939
- ksp-block-mariadb-v-10-9-cve-2022-27447.yaml by @yasin-cs-ko-ak in #938
- ksp-audit-elastic-cve-2021-22145.yaml by @rohitrishim in #942
- ksp-audit-elastic-exposed-panel by @rohitrishim in #941
- ksp-block-mariadb-v-10-9-cve-2022-27444.yaml by @yasin-cs-ko-ak in #971
- ksp-block-mariadb-v-10-9-cve-2022-27448.yaml by @yasin-cs-ko-ak in #970
- ksp-block-mariadb-v-10-9-cve-2022-27451.yaml by @yasin-cs-ko-ak in #969
- ksp-block-mariadb-v-10-9-cve-2022-27452.yaml by @yasin-cs-ko-ak in #968
- Update ksp-block-mariadb-v-10-9-cve-2022-27447.yaml by @yasin-cs-ko-ak in #967
- Update ksp-block-mariadb-v-10-6-3-cve-2022-27457.yaml by @yasin-cs-ko-ak in #966
- Update ksp-block-mariadb-v-10-6-3-cve-2022-27456.yaml by @yasin-cs-ko-ak in #965
- ksp-block-mariadb-v-10-6-3-cve-2022-27455.yaml by @yasin-cs-ko-ak in #964
- Create cnp-ingress-nginx-hardening-policy-allow-only-get-on-port-80.yaml by @vishnusomank in #982
- Create cnp-ingress-nginx-hardening-policy-allow-only-post-on-port-80 by @vishnusomank in #981
- Create cnp-ingress-nginx-hardening-policy-allow-only-head-on-port-80 by @vishnusomank in #972
- Create cnp-egress-nginx-hardening-rule-allow-only-port-123.yaml by @vishnusomank in #973
- Create cnp-egress-nginx-hardening-rule-allow-only-port-25.yaml by @vishnusomank in #974
- Create ksp-nginx-hardening-rule-audit-nginx-reload.yaml by @vishnusomank in #984
- Create ksp-nginx-hardening-rule-audit-nginx-stop.yaml by @vishnusomank in #983
- Create ksp-django-hardening-rule-audit-django-admin-inspectdb.yaml by @vishnusomank in #980
- Create ksp-django-hardening-rule-audit-django-admin-dumpdata.yaml by @vishnusomank in #979
- Create ksp-django-hardening-rule-audit-django-admin-dbshell.yaml by @vishnusomank in #978
- Create ksp-django-hardening-rule-audit-django-admin-check.yaml by @vishnusomank in #977
- Create cnp-egress-django-hardening-policy-allow-only-default-port.yaml by @vishnusomank in #976
- ksp-nist-sc-6-audit-resource-allocation.yaml by @rohitrishim in #996
- ksp-block-mariadb-v-10-7-cve-2022-27386.yaml by @yasin-cs-ko-ak in #989
- Nist 800 53 sa by @salman-accuknox in #997
- Create ksp-nginx-hardening-rule-monitor-cache-access.yaml by @vishnusomank in #993
- Create ksp-nginx-hardening-rule-deny-iptable-binary.yaml by @vishnusomank in #995
- cnp-nist-sc-7-5 by @rohitrishim in #999
- cnp-nist-sc-7-11-ingress-deny-all-inbound-commincation by @rohitrishim in #1001
- Update ksp-audit-cis-mysql-1-4.yaml by @harshaccuknox in #988
- Create ksp-sc-4-2-unauthorized-information-transfer.yaml by @harshaccuknox in #991
- ksp-audit-nist-sc-23-session-authenticity.yaml by @yasin-cs-ko-ak in #1004
- ksp-nist-39-2-process-isolation by @rohitrishim in #1005
- Adding NIST SC-11 tag by @vishnusomank in #1003
- Adding SA tags and changed message if needed by @salman-accuknox in #990
- ksp-audit-cis-centos-8-1-1-1-3.yaml by @yasin-cs-ko-ak in #772
- ksp-audit-cis-centos-8-1-1-2-1.yaml by @yasin-cs-ko-ak in #773
- ksp-audit-cis-centos-8-1-1-1-1.yaml by @yasin-cs-ko-ak in #770
- ksp-audit-cis-centos-8-1-1-1-2.yaml by @yasin-cs-ko-ak in #771
- ksp-block-cis-centos-8-1-1-4-1.yaml by @yasin-cs-ko-ak in #774
- Create metadata.yaml by @vishnusomank in #1008
- Update metadata.yaml by @vishnusomank in #1009
- removing ksp-redis-hardening-rule-audit-redis-dangerous-command.yaml by @vishnusomank in #1011
Full Changelog: v0.1.0...v0.1.1
Contributors
vishnusomank, harshaccuknox, and 4 other contributors
Assets 2
v0.1.0
What's Changed
- Defense evasion clear linux system logs by @HariHaran246 in #19
- Credential-access-pswd(/etc/passwd and /etc/shadow) by @HariHaran246 in #18
- Revert "Defense evasion clear linux system logs" by @simran-munot in #21
- [Rule] Execution - Shell Access inside a container by @simran-munot in #20
- updated the structure for mysql by @simran-munot in #22
- unsecured_credentials_access_private_keys by @tamilmaran-7 in #15
- Update README.md by @simran-munot in #23
- discovery_account_discovery_local_account by @AshokAccuknox in #17
- Manage keys and certificate in both NSS databases and other NSS tokens by @praveen-accuknox in #10
- discovery_process_discovery by @AshokAccuknox in #9
- persistence_create_or_modify_system_process_systemd_service by @AshokAccuknox in #8
- Execution-scheduled task_job-crontab-audit-process by @rohitrishim in #3
- dns-egress by @rohitrishim in #2
- Execution-scheduled Task Job at-process-audit by @rohitrishim in #4
- Net-cat audit by @praveen-accuknox in #11
- Kernel modules by @praveen-accuknox in #12
- persistence_boot_or_logon_IS_rc_script by @AshokAccuknox in #26
- Persistence-create-account-local-account by @tamilmaran-7 in #30
- postgresql-config-dir by @AshokAccuknox in #29
- postgresql-pg-dump-password-dumping by @rohitrishim in #32
- Boot-or-Logon-Autostart-Execution by @tamilmaran-7 in #34
- Defense Evasion: Deobfuscate [base16/32 encoding or decoding] by @Harshit-Anand in #36
- file-analysis by @Harshsoni0 in #31
- persistence-external-remote-services by @tamilmaran-7 in #41
- postgres-pg-ctl-audit by @rohitrishim in #40
- Cilium Network Policy to limit MySql pod communications by @vishnusomank in #37
- Boot-or-Logon-Autostart-Execution by @tamilmaran-7 in #35
- Persistence: Event Triggered Execution [Bash config] by @Harshit-Anand in #39
- Privilege Escalation: Process Injection (Shared object) by @Harshit-Anand in #38
- defense-evasion-modify-system-image by @HariHaran246 in #42
- defense-evasion-root-certificate by @HariHaran246 in #44
- system-file-analysis.yml by @deepakcys in #43
- cilium network policy to restrict the MySQL external communication by @vishnusomank in #46
- scheduled-job-analysis by @deepakcys in #24
- Defence Evasion-Impair Defences by @Krimaspec in #54
- postgres-network-ingress by @AshokAccuknox in #51
- persistence_boot_or_logon_IS_rc_script_host by @AshokAccuknox in #53
- Create proc-memory.yaml by @simran-munot in #58
- hiddenfile by @Krimaspec in #33
- [RULE] Privilege Escalation - setuid-setgid-audit.yaml by @simran-munot in #63
- [Rule] Privilege Escalation - Sudo Caching by @simran-munot in #65
- Correction on yaml and folder structure by @vishnusomank in #71
- Re-adding rule of Ashok by @simran-munot in #72
- [Rule] Privilege Escalation - Ptrace Syscall by @simran-munot in #73
- Redefining the structure. by @simran-munot in #75
- Redefining the structure by @simran-munot in #77
- Redefining Policy Structure as per Salman's Instruction by @simran-munot in #78
- mitre-tactic-s-bit by @rohitrishim in #79
- MySQL stig v235146 cilium policy to block unused or unnecessary ports by @vishnusomank in #85
- NIST Access Control | LEAST PRIVILEGE | AC-6(10) by @vishnusomank in #103
- hsp-mitre-persistence-bash-profile-audit by @yasin-cs-ko-ak in #99
- hsp-mitre-create-modify-system-process-systemd-service by @yasin-cs-ko-ak in #98
- hsp-create-account-create-local-account by @yasin-cs-ko-ak in #97
- mysql-stig-V-235169 by @deepakcys in #96
- Create mitre-t1571-generic.yaml by @salman-accuknox in #94
- Limit access to database files v 235153 by @AshokAccuknox in #91
- system-owner-user-discovery by @tamilmaran-7 in #88
- cs-restrict-access-mysql-config-policy by @yasin-cs-ko-ak in #86
- Pci dss 3 by @AshokAccuknox in #83
- pci-dss-2 by @tamilmaran-7 in #104
- Pci dss 7 by @AshokAccuknox in #82
- Private keys stored by postgresql by @AshokAccuknox in #92
- psql-block-postgresql by @AshokAccuknox in #106
- mitre-t1210 policy to block Access to tiller endpoint on port 44134 by @vishnusomank in #112
- mitre-t1210 policy by @vishnusomank in #111
- mitre-t1210 policy by @vishnusomank in #110
- application-layer-protocol-ftp-egress by @tamilmaran-7 in #115
- application-layer-protocol-ftp-ingress by @tamilmaran-7 in #114
- nist-sc-17-public-key-infrastructure-certificates by @tamilmaran-7 in #109
- Create au-10-non-repudiation1.yaml by @salman-accuknox in #117
- Salman accuknox mitre 01 by @salman-accuknox in #118
- ra-5-4-vs-discoverable-information-os-block by @yasin-cs-ko-ak in #116
- non-application-layer.yaml by @deepakcys in #102
- pg-sv-233616r617333_rule by @deepakcys in #89
- listing of services running on node level by @praveen-accuknox in #125
- To monitor creation or deletion of user accounts node level by @praveen-accuknox in #122
- listing of services running on remote hosts, by @praveen-accuknox in #124
- To monitor creation or deletion of user accounts by @praveen-accuknox in #120
- Create cm-7(4)-least-functionality-nist.yaml by @harshaccuknox in #126
- ksp-mitre-T1543-002 by @AshokAccuknox in #152
- ksp-mitre-T1057 by @AshokAccuknox in #153
- ksp-mitre-T1087-001 by @AshokAccuknox in #154
- cnp-alertsservice-port-external-access by @AshokAccuknox in #163
- ksp-postgresql-config by @AshokAccuknox in #155
- ksp-mysql-files-access-limit by @AshokAccuknox in #159
- ksp-mitre-t1037-004 by @AshokAccuknox in #156
- ksp-pci-dss-7 by @AshokAccuknox in #157
- ksp-pci-dss-3 by @AshokAccuknox in #158
- ksp-postgresql-private-ke...
Contributors
nyrahul, Harshit-Anand, and 20 other contributors