Skip to content

Commit

Permalink
Revert "Terrascan K8s New categories and ruleRef ID changes (tenable#583
Browse files Browse the repository at this point in the history 
)"

This reverts commit 6bdcf0c.
  • Loading branch information
Yusuf Kanchwala committed Mar 9, 2021
1 parent a2d39ea commit 451d53b
Show file tree
Hide file tree
Showing 90 changed files with 138 additions and 138 deletions.
6 changes: 3 additions & 3 deletions ...ubernetes_ingress/AC-K8-IS-IN-M-0002.json → ...ubernetes_ingress/AC-K8-NS-IN-H-0020.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@
"prefix": "",
"suffix": ""
},
"severity": "MEDIUM",
"severity": "HIGH",
"description": "TLS disabled can affect the confidentiality of the data in transit",
"reference_id": "AC-K8-IS-IN-M-0002",
"category": "Infrastructure Security",
"reference_id": "AC-K8-NS-IN-H-0020",
"category": "Network Security",
"version": 1
}
4 changes: 2 additions & 2 deletions ...ernetes_namespace/AC-K8-SP-NS-L-0013.json → ...ernetes_namespace/AC-K8-OE-NS-L-0128.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "LOW",
"description": "No owner for namespace affects the operations",
"reference_id": "AC-K8-SP-NS-L-0013",
"category": "Security Best Practices",
"reference_id": "AC-K8-OE-NS-L-0128",
"category": "Operational Efficiency",
"version": 1
}
4 changes: 2 additions & 2 deletions ...ernetes_namespace/AC-K8-SP-NS-L-0259.json → ...amespace/accurics.kubernetes.OPS.460.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
},
"severity": "LOW",
"description": "The default namespace should not be used",
"reference_id": "AC-K8-SP-NS-L-0259",
"category": "Security Best Practices",
"reference_id": "accurics.kubernetes.OPS.460",
"category": "Operational Efficiency",
"version": 1
}
4 changes: 2 additions & 2 deletions ...ernetes_namespace/AC-K8-SP-NS-L-0461.json → ...amespace/accurics.kubernetes.OPS.461.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
},
"severity": "LOW",
"description": "The default namespace should not be used",
"reference_id": "AC-K8-SP-NS-L-0461",
"category": "Security Best Practices",
"reference_id": "accurics.kubernetes.OPS.461",
"category": "Operational Efficiency",
"version": 1
}
4 changes: 2 additions & 2 deletions ...ernetes_namespace/AC-K8-SP-NS-L-0462.json → ...amespace/accurics.kubernetes.OPS.462.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
},
"severity": "LOW",
"description": "The default namespace should not be used",
"reference_id": "AC-K8-SP-NS-L-0462",
"category": "Security Best Practices",
"reference_id": "accurics.kubernetes.OPS.462",
"category": "Operational Efficiency",
"version": 1
}
4 changes: 2 additions & 2 deletions ...8s/kubernetes_pod/AC-K8-CV-PO-H-0085.json → ...8s/kubernetes_pod/AC-K8-CA-PO-H-0165.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
},
"severity": "HIGH",
"description": "Containers Should Not Run with AllowPrivilegeEscalation",
"reference_id": "AC-K8-CV-PO-H-0085",
"category": "Compliance Validation",
"reference_id": "AC-K8-CA-PO-H-0165",
"category": "Cloud Assets Management",
"version": 1
}
4 changes: 2 additions & 2 deletions ...8s/kubernetes_pod/AC-K8-DP-PO-M-0067.json → ...8s/kubernetes_pod/AC-K8-DS-PO-M-0176.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure Kubernetes Dashboard Is Not Deployed",
"reference_id": "AC-K8-DP-PO-M-0067",
"category": "Data Protection",
"reference_id": "AC-K8-DS-PO-M-0176",
"category": "Data Security",
"version": 1
}
4 changes: 2 additions & 2 deletions ...8s/kubernetes_pod/AC-K8-DP-PO-M-0071.json → ...8s/kubernetes_pod/AC-K8-DS-PO-M-0177.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure That Tiller (Helm V2) Is Not Deployed",
"reference_id": "AC-K8-DP-PO-M-0071",
"category": "Data Protection",
"reference_id": "AC-K8-DS-PO-M-0177",
"category": "Data Security",
"version": 1
}
2 changes: 1 addition & 1 deletion ...8s/kubernetes_pod/AC-K8-IA-PO-H-0046.json → ...8s/kubernetes_pod/AC-K8-IA-PO-H-0106.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "HIGH",
"description": "Minimize the admission of privileged containers",
"reference_id": "AC-K8-IA-PO-H-0046",
"reference_id": "AC-K8-IA-PO-H-0106",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion ...8s/kubernetes_pod/AC-K8-IA-PO-M-0074.json → ...8s/kubernetes_pod/AC-K8-IA-PO-H-0137.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "HIGH",
"description": "Allowing the pod to make system level calls provide access to host/node sensitive information",
"reference_id": "AC-K8-IA-PO-M-0074",
"reference_id": "AC-K8-IA-PO-H-0137",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion ...8s/kubernetes_pod/AC-K8-IA-PO-H-0076.json → ...8s/kubernetes_pod/AC-K8-IA-PO-H-0138.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "HIGH",
"description": "Allowing hostPaths to mount to Pod arise the probability of getting access to the node's filesystem",
"reference_id": "AC-K8-IA-PO-H-0076",
"reference_id": "AC-K8-IA-PO-H-0138",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion ...8s/kubernetes_pod/AC-K8-IA-PO-H-0087.json → ...8s/kubernetes_pod/AC-K8-IA-PO-H-0168.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
},
"severity": "HIGH",
"description": "Minimize Admission of Root Containers",
"reference_id": "AC-K8-IA-PO-H-0087",
"reference_id": "AC-K8-IA-PO-H-0168",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion ...8s/kubernetes_pod/AC-K8-IA-PK-M-0045.json → ...8s/kubernetes_pod/AC-K8-IA-PO-M-0105.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Ensure that Service Account Tokens are only mounted where necessary",
"reference_id": "AC-K8-IA-PK-M-0045",
"reference_id": "AC-K8-IA-PO-M-0105",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion ...8s/kubernetes_pod/AC-K8-IA-PO-M-0073.json → ...8s/kubernetes_pod/AC-K8-IA-PO-M-0135.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "AppArmor profile not set to default or custom profile will make the container vulnerable to kernel level threats",
"reference_id": "AC-K8-IA-PO-M-0073",
"reference_id": "AC-K8-IA-PO-M-0135",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion ...8s/kubernetes_pod/AC-K8-IA-PO-M-0077.json → ...8s/kubernetes_pod/AC-K8-IA-PO-M-0139.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Unmasking the procMount will allow more information than is necessary to the program running in the containers spawned by k8s",
"reference_id": "AC-K8-IA-PO-M-0077",
"reference_id": "AC-K8-IA-PO-M-0139",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion ...8s/kubernetes_pod/AC-K8-IA-PO-M-0078.json → ...8s/kubernetes_pod/AC-K8-IA-PO-M-0140.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
},
"severity": "MEDIUM",
"description": "Container images with readOnlyRootFileSystem set as false mounts the container root file system with write permissions",
"reference_id": "AC-K8-IA-PO-M-0078",
"reference_id": "AC-K8-IA-PO-M-0140",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion ...8s/kubernetes_pod/AC-K8-IA-PO-M-0080.json → ...8s/kubernetes_pod/AC-K8-IA-PO-M-0141.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Default seccomp profile not enabled will make the container to make non-essential system calls",
"reference_id": "AC-K8-IA-PO-M-0080",
"reference_id": "AC-K8-IA-PO-M-0141",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion ...8s/kubernetes_pod/AC-K8-IA-PO-M-0081.json → ...8s/kubernetes_pod/AC-K8-IA-PO-M-0143.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
},
"severity": "MEDIUM",
"description": "Some volume types mount the host file system paths to the pod or container, thus increasing the chance of escaping the container to access the host",
"reference_id": "AC-K8-IA-PO-M-0081",
"reference_id": "AC-K8-IA-PO-M-0143",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion ...8s/kubernetes_pod/AC-K8-IA-PO-M-0082.json → ...8s/kubernetes_pod/AC-K8-IA-PO-M-0162.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
},
"severity": "MEDIUM",
"description": "Containers Should Not Share Host Process ID Namespace",
"reference_id": "AC-K8-IA-PO-M-0082",
"reference_id": "AC-K8-IA-PO-M-0162",
"category": "Identity and Access Management",
"version": 1
}
2 changes: 1 addition & 1 deletion ...8s/kubernetes_pod/AC-K8-IA-PS-M-0048.json → ...8s/kubernetes_pod/AC-K8-IA-PS-M-0112.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
},
"severity": "MEDIUM",
"description": "Minimize the admission of containers with the NET_RAW capability",
"reference_id": "AC-K8-IA-PS-M-0048",
"reference_id": "AC-K8-IA-PS-M-0112",
"category": "Identity and Access Management",
"version": 1
}
4 changes: 2 additions & 2 deletions ...8s/kubernetes_pod/AC-K8-IS-PO-H-0051.json → ...8s/kubernetes_pod/AC-K8-NS-PO-H-0117.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "HIGH",
"description": "Prefer using secrets as files over secrets as environment variables",
"reference_id": "AC-K8-IS-PO-H-0051",
"category": "Infrastructure Security",
"reference_id": "AC-K8-NS-PO-H-0117",
"category": "Network Security",
"version": 1
}
6 changes: 3 additions & 3 deletions ...8s/kubernetes_pod/AC-K8-IS-PO-M-0075.json → ...8s/kubernetes_pod/AC-K8-NS-PO-H-0170.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@
"prefix": "",
"suffix": ""
},
"severity": "MEDIUM",
"severity": "HIGH",
"description": "Do Not Use CAP_SYS_ADMIN Linux Capability",
"reference_id": "AC-K8-IS-PO-M-0075",
"category": "Infrastructure Security",
"reference_id": "AC-K8-NS-PO-H-0170",
"category": "Network Security",
"version": 1
}
4 changes: 2 additions & 2 deletions ...8s/kubernetes_pod/AC-K8-IS-PO-M-0064.json → ...8s/kubernetes_pod/AC-K8-NS-PO-M-0122.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Apply Security Context to Your Pods and Containers",
"reference_id": "AC-K8-IS-PO-M-0064",
"category": "Infrastructure Security",
"reference_id": "AC-K8-NS-PO-M-0122",
"category": "Network Security",
"version": 1
}
4 changes: 2 additions & 2 deletions ...8s/kubernetes_pod/AC-K8-IS-PO-M-0069.json → ...8s/kubernetes_pod/AC-K8-NS-PO-M-0133.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Image without digest affects the integrity principle of image security",
"reference_id": "AC-K8-IS-PO-M-0069",
"category": "Infrastructure Security",
"reference_id": "AC-K8-NS-PO-M-0133",
"category": "Network Security",
"version": 1
}
4 changes: 2 additions & 2 deletions ...8s/kubernetes_pod/AC-K8-IS-PO-M-0083.json → ...8s/kubernetes_pod/AC-K8-NS-PO-M-0163.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
},
"severity": "MEDIUM",
"description": "Containers Should Not Share Host IPC Namespace",
"reference_id": "AC-K8-IS-PO-M-0083",
"category": "Infrastructure Security",
"reference_id": "AC-K8-NS-PO-M-0163",
"category": "Network Security",
"version": 1
}
4 changes: 2 additions & 2 deletions ...8s/kubernetes_pod/AC-K8-IS-PO-M-0084.json → ...8s/kubernetes_pod/AC-K8-NS-PO-M-0164.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
},
"severity": "MEDIUM",
"description": "Containers Should Not Share the Host Network Namespace",
"reference_id": "AC-K8-IS-PO-M-0084",
"category": "Infrastructure Security",
"reference_id": "AC-K8-NS-PO-M-0164",
"category": "Network Security",
"version": 1
}
4 changes: 2 additions & 2 deletions ...8s/kubernetes_pod/AC-K8-IS-PO-M-0088.json → ...8s/kubernetes_pod/AC-K8-NS-PO-M-0171.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
},
"severity": "MEDIUM",
"description": "Restrict Mounting Docker Socket in a Container",
"reference_id": "AC-K8-IS-PO-M-0088",
"category": "Infrastructure Security",
"reference_id": "AC-K8-NS-PO-M-0171",
"category": "Network Security",
"version": 1
}
4 changes: 2 additions & 2 deletions ...8s/kubernetes_pod/AC-K8-IS-PO-M-0079.json → ...8s/kubernetes_pod/AC-K8-NS-PO-M-0182.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "MEDIUM",
"description": "Containers Should Run as a High UID to Avoid Host Conflict",
"reference_id": "AC-K8-IS-PO-M-0079",
"category": "Infrastructure Security",
"reference_id": "AC-K8-NS-PO-M-0182",
"category": "Network Security",
"version": 1
}
4 changes: 2 additions & 2 deletions ...8s/kubernetes_pod/AC-K8-CV-PK-M-0021.json → ...8s/kubernetes_pod/AC-K8-OE-PK-M-0034.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
},
"severity": "MEDIUM",
"description": "AlwaysPullImages plugin is not set",
"reference_id": "AC-K8-CV-PK-M-0021",
"category": "Compliance Validation",
"reference_id": "AC-K8-OE-PK-M-0034",
"category": "Operational Efficiency",
"version": 1
}
4 changes: 2 additions & 2 deletions ...8s/kubernetes_pod/AC-K8-SP-PK-M-0097.json → ...8s/kubernetes_pod/AC-K8-OE-PK-M-0155.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
},
"severity": "Medium",
"description": "CPU Request Not Set in config file.",
"reference_id": "AC-K8-SP-PK-M-0097",
"category": "Security Best Practices",
"reference_id": "AC-K8-OE-PK-M-0155",
"category": "Operational Efficiency",
"version": 1
}
4 changes: 2 additions & 2 deletions ...8s/kubernetes_pod/AC-K8-SP-PK-M-0098.json → ...8s/kubernetes_pod/AC-K8-OE-PK-M-0156.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
},
"severity": "Medium",
"description": "CPU Limits Not Set in config file.",
"reference_id": "AC-K8-SP-PK-M-0098",
"category": "Security Best Practices",
"reference_id": "AC-K8-OE-PK-M-0156",
"category": "Operational Efficiency",
"version": 1
}
4 changes: 2 additions & 2 deletions ...8s/kubernetes_pod/AC-K8-SP-PK-M-0099.json → ...8s/kubernetes_pod/AC-K8-OE-PK-M-0157.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
},
"severity": "Medium",
"description": "Memory Request Not Set in config file.",
"reference_id": "AC-K8-SP-PK-M-0099",
"category": "Security Best Practices",
"reference_id": "AC-K8-OE-PK-M-0157",
"category": "Operational Efficiency",
"version": 1
}
4 changes: 2 additions & 2 deletions ...8s/kubernetes_pod/AC-K8-SP-PK-M-0100.json → ...8s/kubernetes_pod/AC-K8-OE-PK-M-0158.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
},
"severity": "Medium",
"description": "Memory Limits Not Set in config file.",
"reference_id": "AC-K8-SP-PK-M-0100",
"category": "Security Best Practices",
"reference_id": "AC-K8-OE-PK-M-0158",
"category": "Operational Efficiency",
"version": 1
}
4 changes: 2 additions & 2 deletions ...8s/kubernetes_pod/AC-K8-SP-PO-L-0070.json → ...8s/kubernetes_pod/AC-K8-OE-PO-L-0129.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
},
"severity": "LOW",
"description": "No liveness probe will ensure there is no recovery in case of unexpected errors",
"reference_id": "AC-K8-SP-PO-L-0070",
"category": "Security Best Practices",
"reference_id": "AC-K8-OE-PO-L-0129",
"category": "Operational Efficiency",
"version": 1
}
4 changes: 2 additions & 2 deletions ...8s/kubernetes_pod/AC-K8-SP-PO-L-0072.json → ...8s/kubernetes_pod/AC-K8-OE-PO-L-0130.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
},
"severity": "LOW",
"description": "No readiness probe will affect automatic recovery in case of unexpected errors",
"reference_id": "AC-K8-SP-PO-L-0072",
"category": "Security Best Practices",
"reference_id": "AC-K8-OE-PO-L-0130",
"category": "Operational Efficiency",
"version": 1
}
4 changes: 2 additions & 2 deletions ...8s/kubernetes_pod/AC-K8-SP-PO-L-0068.json → ...8s/kubernetes_pod/AC-K8-OE-PO-L-0134.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
},
"severity": "LOW",
"description": "No tag or container image with :Latest tag makes difficult to rollback and track",
"reference_id": "AC-K8-SP-PO-L-0068",
"category": "Security Best Practices",
"reference_id": "AC-K8-OE-PO-L-0134",
"category": "Operational Efficiency",
"version": 1
}
Loading

0 comments on commit 451d53b

Please sign in to comment.